Creditors (Suppliers and Contractors) and Debtors

This Privacy Notice is designed to help you understand how and why we use your information if you are Creditor (Supplier or Contractor) or Debtor of Avon Fire Authority (AFA), who is the Data Controller.

A Supplier is an organisation or an individual that supplies goods to AFA under a fixed term contract or a one off purchase, whereas a Contractor is an organisation or an individual (including a consultant) that performs services or works (such as building/maintenance works) for AFA either under a fixed term contract or a one off purchase. This also includes bespoke fixed term contracts as well as goods, services and works procured under the AFA Standard Terms and Conditions for Goods, Works and Services (a copy of which is available on our website https://www.avonfire.gov.uk/information-for-suppliers ), framework agreements or joint procurement agreements.

Suppliers and Contractors (including consultants) are typically creditors who we owe money to, which we typically pay on receipt of an invoice, usually by BACS, or using a procurement/credit card.

Debtors are people or organisations who owe money to Avon Fire Authority. This could be someone that we have provided a service to.  

The categories of the information that we collect, process, hold and share

All Creditors

In order to facilitate the transaction process we require the following details: 

  • Trading Name
  • Trading Address
  • Contact details, including names of staff
  • Bank account details

If we are not supplied with the information set out above, we may not be able to make payments to you.

Contractors 

In addition to the above, and depending on the type of contract being procured, we may collect the following, particularly for those Contractors and their staff that are required to visit / perform work on our sites:

  • Name of individual visiting site
  • Contact details for individual (may be a mobile)
  • DBS check numbers only (actual DBS content is not disclosed to us)
  • Work location
  • Work times
  • Car registration numbers
  • Individual will be captured on our site CCTV
  • Data captured by our premises’ door access control systems
  • Experience, qualifications and skills of those carrying out the work/service
  • Individuals that are contracted to work out of the joint Police and Fire Service HQ, will be subject to the Police vetting procedure (which is data processed by them as the Data Controller)

The above will form part of the terms and conditions of the contract to supply, and in the event that you are unable to provide the information required, we may not be able to award and maintain the contract with you.  The personal information that we require will be attributed to the specific terms of the contract in question.

Debtors 

In order to facilitate the transaction process we require the following details: 

  • Trading Name / individual name
  • Trading Address / individual name
  • Contact details, including names of staff
  • Bank account details

Why we collect and use this information

  • In order for us to fulfil the creditor/debtor transaction process
  • For the performance of a contract or the intention of entering into a contract
  • To support the creditor/debtor relationship
  • General administration purposes
  • To manage the security of our sites
  • To facilitate health and safety requirements for site visitors
  • To defend ourselves in the event of a legal claim or dispute

The lawful basis on which we use this information

We collect and use personal information relating to our creditors and debtors under the following lawful basis:

  • To meet the legal requirements of Section 112 of the Local Government Finance Act 1988, which falls under Section 6 (1) (c) of the General Data Protection Legislation (GDPR).
  • To enable the performance of a contract or to take steps to enter into a contract whereby we or you have agreed to pay for goods or services, that falls under the Section 6 (1) (b) of the GDPR.
  • Site security is a legitimate interest pursued by us as the Data Controller, except where such interests are overridden by the interests, rights and freedoms of the data subject, which falls under Section 6(1) (f) of the GDPR.
  • In order to defend ourselves in the event of a legal claim or dispute, where there is a legitimate interest pursued by us as the Data Controller, except where such interests are overridden by the interests, rights and freedoms of the data subject, which falls under Section 6(1) (f) of the GDPR.

In the event that we are required to collect and process special categories of data (sensitive personal data), this will only be done if a suitable lawful condition can be met under the GDPR and the Data Protection Act 2018.

Collecting this information

Any personal information collected as part of the order/payment process, would be either provided by the organisation/individual during the tender process, awarding of the Contract, or general correspondence for providing goods and services to us.  

Storing this information 

We store the information in the following formats, which is held subject to our Service Records Retention Schedule:

  • New supplier forms held electronically
  • Purchase Ledger system (managed by Bristol City Council)
  • Information held on paper, scanned and other electronic invoices.
  • Contracts and other procurement documents
  • Contract database held by our procurement department
  • Other supplier contract lists and correspondence held locally by departments, including emails
  • Site CCTV footage, which is maintained as per our Service’s CCTV Policy. 

Who we share this information with and why

The following are examples of when we share this information.  Please note this is not an exhaustive list:

  • Budget holders and members of the finance and procurement teams for the ordering and payment process for goods, works and services, and other general administration
  • Members of staff involved in the tender process
  • Bristol City Council (who are under contract to provide us with our Financial Services provision and who are a Data Processor)
  • Internal and external Auditors for audit purposes
  • Government’s National Fraud Initiative (NFI) for the detection and prevention of fraud
  • Crown Commercial Services (CCS) for framework agreements
  • Other public sectors bodies who we might have a joint procurement with
  • Any other third party appointed by the AFA to facilitate in the contract process, such as consultants, insurance companies and legal advisors.

We publish procurement information on our website under the Local Government Transparency Code https://www.avonfire.gov.uk/transparency-code , any personal data is considered and redacted as necessary.  Names of sole traders and consultants will be published if they are used as a trading name.  The same will also apply to requests for information published under the Freedom of Information Act 2000.

Further Information

Please refer to our main Privacy Notice information on our website https://www.avonfire.gov.uk/privacy-and-cookies  regarding your data protection rights, which includes details for our Data Protection Officer and how you can raise concerns.

Information about the GDPR and Data Protection Act can be obtained from the ICO’s website www.ico.org.uk and how AFA (operationally known as Avon Fire & Rescue Service), complies with the data protection legislation, please refer to our website pages https://www.avonfire.gov.uk/guide-to-published-information/data-protection-act.

This Privacy Notice will be regularly reviewed and updated. 

It was last updated on 08.08.2018.