We hold the names and contact details of individuals acting in their capacity as representatives of their organisations, across the business. If this relates to interactions regarding our regulatory functions, the legal basis is article 6(1)(e) of the GDPR. If the interactions relate to suppliers, contracts, buildings management, IT services etc., the legal basis is article 6(1)(c) of the GDPR for any legal obligation or article 6(1)(f) because the processing is within our legitimate interests as a business.

As a contracting authority, the ICO are obliged by law to carry out tenders via an e–procurement portal. Any personal information provided to us as part of the tendering process will be held in this e-procurement portal. We use Delta eSourcing for this and their privacy notice can be viewed here.