Common use of Privacy Requirements Clause in Contracts

Privacy Requirements. 2.4.1 IDPs must demonstrate how their assurance regime and operational capability will support a privacy model and customer consent process, ensuring that the customer has an understanding of how the service will use the information provided by the customer respecting their consent to use the service. In particular the solution must have the ability to include a privacy notice acceptance process within a registration process. IDPs must demonstrate how principles outlined in paragraph 1.2 are reflected in their proposed service. 2.4.2 IDPs must ensure that no data relating to a customer’s relationship with HMG is held by the IDP (including any sub-contractors or partners). IDPs are required to demonstrate how they will comply with this requirement throughout the supply chain. 2.4.3 Successful IDPs must demonstrate in their response how their service will comply with the elimination of storage of any partial/full personal information in any part of their systems that could possibly link the customer with DWP and/or any OGD and does not leave any HMG service-related ‘footprint’ on the customer’s records held by the IDPs. 2.4.4 It is recognised that IDPs will need to retain activity-related information (not customer specific) for billing and payment purposes. IDPs will need to demonstrate how they can accurately record this information. 2.4.5 For evaluation purposes, Key Criteria 2 refers (see Annex B).