Creditors (Suppliers and Contractors) and Debtors

This Privacy Notice is designed to help you understand how and why we use your information if you are Creditor (Supplier or Contractor) or Debtor of Avon Fire Authority (AFA), who is the Data Controller.

A Supplier is an organisation or an individual that supplies goods to AFA under a fixed term contract or a one off purchase, whereas a Contractor is an organisation or an individual (including a consultant) that performs services or works (such as building/maintenance works) for AFA either under a fixed term contract or a one off purchase. This also includes bespoke fixed term contracts as well as goods, services and works procured under the AFA Standard Terms and Conditions for Goods, Works and Services (a copy of which is available on our website https://www.avonfire.gov.uk/information-for-suppliers ), framework agreements or joint procurement agreements.

Suppliers and Contractors (including consultants) are typically creditors who we owe money to, which we typically pay on receipt of an invoice, usually by BACS, or using a procurement/credit card.

Debtors are people or organisations who owe money to Avon Fire Authority. This could be someone that we have provided a service to.

The categories of the information that we collect, process, hold and share

All Creditors

In order to facilitate the transaction process we require the following details:

Trading Name
Trading Address
Contact details, including names of staff
Bank account details

If we are not supplied with the information set out above, we may not be able to make payments to you.

Contractors

In addition to the above, and depending on the type of contract being procured, we may collect the following, particularly for those Contractors and their staff that are required to visit / perform work on our sites:

Name of individual visiting site
Contact details for individual (may be a mobile)
DBS check numbers only (actual DBS content is not disclosed to us)
Work location
Work times
Car registration numbers
Individual will be captured on our site CCTV
Data captured by our premises’ door access control systems
Experience, qualifications and skills of those carrying out the work/service
Individuals that are contracted to work out of the joint Police and Fire Service HQ, will be subject to the Police vetting procedure (which is data processed by them as the Data Controller)

The above will form part of the terms and conditions of the contract to supply, and in the event that you are unable to provide the information required, we may not be able to award and maintain the contract with you. The personal information that we require will be attributed to the specific terms of the contract in question.

Debtors

In order to facilitate the transaction process we require the following details:

Trading Name / individual name
Trading Address / individual name
Contact details, including names of staff
Bank account details

Why we collect and use this information

In order for us to fulfil the creditor/debtor transaction process
For the performance of a contract or the intention of entering into a contract
To support the creditor/debtor relationship
General administration purposes
To manage the security of our sites
To facilitate health and safety requirements for site visitors
To defend ourselves in the event of a legal claim or dispute

The lawful basis on which we use this information

We collect and use personal information relating to our creditors and debtors under the following lawful basis:

To meet the legal requirements of Section 112 of the Local Government Finance Act 1988, which falls under Section 6 (1) (c) of the General Data Protection Legislation (GDPR).
To enable the performance of a contract or to take steps to enter into a contract whereby we or you have agreed to pay for goods or services, that falls under the Section 6 (1) (b) of the GDPR.
Site security is a legitimate interest pursued by us as the Data Controller, except where such interests are overridden by the interests, rights and freedoms of the data subject, which falls under Section 6(1) (f) of the GDPR.
In order to defend ourselves in the event of a legal claim or dispute, where there is a legitimate interest pursued by us as the Data Controller, except where such interests are overridden by the interests, rights and freedoms of the data subject, which falls under Section 6(1) (f) of the GDPR.

In the event that we are required to collect and process special categories of data (sensitive personal data), this will only be done if a suitable lawful condition can be met under the GDPR and the Data Protection Act 2018.

Collecting this information

Any personal information collected as part of the order/payment process, would be either provided by the organisation/individual during the tender process, awarding of the Contract, or general correspondence for providing goods and services to us.

Storing this information

We store the information in the following formats, which is held subject to our Service Records Retention Schedule:

New supplier forms held electronically
Purchase Ledger system (managed by Bristol City Council)
Information held on paper, scanned and other electronic invoices.
Contracts and other procurement documents
Contract database held by our procurement department
Other supplier contract lists and correspondence held locally by departments, including emails
Site CCTV footage, which is maintained as per our Service’s CCTV Policy.

Who we share this information with and why

The following are examples of when we share this information. Please note this is not an exhaustive list:

Budget holders and members of the finance and procurement teams for the ordering and payment process for goods, works and services, and other general administration
Members of staff involved in the tender process
Bristol City Council (who are under contract to provide us with our Financial Services provision and who are a Data Processor)
Internal and external Auditors for audit purposes
Government’s National Fraud Initiative (NFI) for the detection and prevention of fraud
Crown Commercial Services (CCS) for framework agreements
Other public sectors bodies who we might have a joint procurement with
Any other third party appointed by the AFA to facilitate in the contract process, such as consultants, insurance companies and legal advisors.

We publish procurement information on our website under the Local Government Transparency Code https://www.avonfire.gov.uk/transparency-code , any personal data is considered and redacted as necessary. Names of sole traders and consultants will be published if they are used as a trading name. The same will also apply to requests for information published under the Freedom of Information Act 2000.

Further Information

Please refer to our main Privacy Notice information on our website https://www.avonfire.gov.uk/privacy-and-cookies regarding your data protection rights, which includes details for our Data Protection Officer and how you can raise concerns.

Information about the GDPR and Data Protection Act can be obtained from the ICO’s website www.ico.org.uk and how AFA (operationally known as Avon Fire & Rescue Service), complies with the data protection legislation, please refer to our website pages https://www.avonfire.gov.uk/guide-to-published-information/data-protection-act.

This Privacy Notice will be regularly reviewed and updated.

It was last updated on 08.08.2018.

Privacy

Our plans and strategies

Read our Service Plan and supporting strategies

Did you know?

1,200 children in the UK aged under 11 are injured, and 35 are killed, in fires in the home every year.