The General Data Protection Regulation (GDPR), effective from 25 May 2018, governs the processing of personal information.
We have audited and updated our processes to ensure we comply with the requirements of GDPR.
GDPR does not require Total Tenders customers to stop using or to change how they use our services if what was being done before was lawful.
What is PECR ?
The Privacy and Electronic Communications Regulations (PECR) are based on the European Directive 2002/58/EC and combine with the GDPR. PECR set out more specific privacy rights in relation to electronic communications. Total Tenders is compliant with this legislation. PECR differentiate between corporate and individual subscribers and explicitly allows unsolicited marketing to corporate subscribers without prior consent, so long as recipients can easily unsubscribe or opt-out.
Does Total Tenders collect personal data ?
Total Tenders collects data in relation to the delivery of our tender alert services and the marketing of related services.
For our marketing activities, we differentiate between corporate and individual subscribers in accordance with the PECR. Under PECR, the need to have prior consent arises for individual subscribers unless certain conditions are met in which case prior consent is not required (also known as the “soft opt-in”). However, prior consent is not required for contacting corporate subscribers so long as an option to unsubscribe or opt-out is provided.
Total Tenders – tender information and tender alert services
We process and publish content on tenders and contract awards under the lawful basis of legitimate interest (Article 6 of the GDPR) whereby we are developing engagement between buyers and suppliers. In turn, this is in the interests of both the buyers and the suppliers. Buyers are in control of what information they publish within tender notices and other related information and, where buyers do publish personal information within these documents, it is with a view to enabling suppliers to engage with them more effectively in the pursuit of procurement activities. They can therefore reasonably assume that their information will be used in this way, there is minimal impact on the individual, and their rights and freedoms are not adversely affected – indeed there is a benefit to them as their tender notices are reaching a wider audience and therefore bringing benefit to their procurement exercises.
Customers are responsible for their own data practices and for how that personal information is processed post-delivery. Customers must ensure their own compliance, which could include their own legitimate interest assessment.
For customers to make use of Total Tenders in a Business-to-Business context, prior consent is not required. Although GDPR requires consent to be specific, informed and positively given, this applies only where consent is relied upon as a lawful basis for processing.
Do we need to obtain prior opt-in consent ?
Under the GDPR, prior consent is only one of six lawful bases for using data. An alternative lawful basis for using Total Tenders data in this way is that of legitimate interest. While GDPR Recital 47 states that the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest, the PECR establish a lawful basis to complement the legitimate interest of targeted marketing to corporate subscribers without prior consent where the aim is to enhance engagement between buyers and suppliers in a Business-to-Business context.