Procurement Privacy Policy

Procurement Privacy Policy


The Procurement Department may, on occasion, hold personal data relating to suppliers.  This can be in the form of CVs, telephone numbers, e-mail addresses, dates of birth and home addresses.

Identity of controller

Abertay University

Purpose for collection/processing

To evaluate tender responses

Order processing

Legal basis

Article 6(1)(b) processing is necessary for the performance of a contract

Whose information is being collected/processed

Supplier and supplier employee information which may be submitted in the form of personal data

What information is being collected

Personal CVs and date of birth of bidder representative in relation to tender responses

Personal data such as name, e-mail address, telephone number, home address, where these details are captured on a new supplier form

How is the information collected

Personal CVs are collected via tender responses via PCS-T or PCS System and may be downloaded to procurement shared or other drive

New Supplier Form via e-mail

Who is the information shared with outside the University

Tender responses may be shared with external consultants  

How is the information kept securely

Information is kept securely on University equipment in line with University information security and data protection policies.

How is the information kept up to date

No requirement to update CV Information

Supplier form information is updated on the system if we are informed of changes by the supplier to the information submitted

How long is the information kept

The University will retain your personal data in line with the University data retention policy

Will the information be used for any automated decision making


Is the information transferred outside the European Union?


Your rights

As a Data Subject you have a number of rights under the Act including the right to:
 •Access  the personal data the University holds about you
 •Have inaccurate data corrected
 •Prevent processing of information which may cause you harm or distress
 •Prevent unsolicited marketing
 •Prevent automated decision making


If you would like to exercise any of your rights above or if you have any questions, please
contact the University’s Data Protection Officer (“DPO”):

Data Protection Officer
Academic Registry
Abertay University
Kydd Building
Bell Street
Dundee DD1 1HG
Tel: 01382 308000 email:

You will not have to pay a fee to exercise any of your rights. However, the University may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. You are also entitled to contact the Information Commissioner’s Office (the “ICO”) ( about any concerns about the way the University has handled your personal data. The University would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Data protection enquiries

Enquiries relating to data protection should be made to the University’s Data Protection Officer

Pause carousel

Play carousel