Data Protection regulations are extremely important to ensure that personal data is kept securely and used only for the right purposes. The Trustees and their advisers have been complying with the current laws since they came into force in 1998, and which were updated in 2018 to include the “General Data Protection Regulations”.
This notice sets out how your personal data is used, who has access to it and what rights you have.
The Trust’s member data that our administrators and other advisers hold on our behalf is never sold on to other organisations and is never used so that other organisations can sell you their products or services.
Under the regulations (the “General Data Protection Regulation”) the Trustees are a “Data Controller”. This means that they decide how and why your data is used and it is therefore the Trustees who need to inform you about this.
As a Data Controller, the Trustees collect and process your personal data for the purposes of complying with their legal obligations under trust law and their responsibilities and legislative and regulatory requirements affecting pension schemes. The Trustees also have a legitimate interest in processing personal data to ensure the proper administration of the Trust and to enable it to calculate and make payments.
As part of running the Trust, the Trustees may also need to hold and process particularly sensitive information about you and/or your dependants and beneficiaries (known as “sensitive personal data”). Under data protection legislation, details relating to health, racial or ethnic origin, religious or other similar beliefs, sexual orientation and political affiliations are regarded as “sensitive personal data”. Except where the legislation allows it, this information cannot be processed or passed to a third party without your explicit consent.
This is information that could be used to identify you as an individual and could be any of the following-
- personal details such as your name, gender, age, date of birth, contact details (e.g. your address and postcode, email, telephone and mobile numbers), and identifiers such as your National Insurance number, pension or member reference number and employee number (where applicable);
- details of your family, lifestyle and social circumstances. This could include details about your current marriage or civil partnership, any previous relationships and details of your family and dependants;
- employment details such as your earnings, length of service, employment and career history, recruitment and termination details, absence record, job title and job responsibilities;
- other financial details such as any other income, other pension arrangements, bank account details (e.g. to process pension payments) and your tax code;
- information about your physical or mental health (where there is a legal basis for the processing of such data under the data protection laws); and
- information about criminal convictions if these relate to money owed to the Trust's employers in circumstances where they are entitled to be reimbursed from your benefits.
In order to properly administer the Trust and to calculate and make payments, we may also need to hold other information about you from time to time.
The administrator, XPS Administration, who looks after your member record and calculates your payments, is the organisation that holds the complete records of all the members of the Trust. The Trust Consultant (from XPS Pensions Group) needs access to some of that data to provide advice to the Trustees, and information to members. From time to time, other organisations will also need access to your data, for example, the Trust’s Auditor will see limited amounts of personal data to ensure the Trust’s finances are in order and it is making the correct payments out. The Trust’s may need to consult a legal adviser on individual cases. If you are a pensioner, we have to provide information to Her Majesty’s Revenue and Customs (HMRC) so they know what tax has been deducted from your income payments.
Where you have asked us to, the Trustees will share your personal data with your financial adviser so they can advise you on your retirement options, and/or an annuity broker to advise you on the annuities that may be available to you.
If your employer requests us to, and it is appropriate for us to do so, (for example if the information would help your employer to provide a total reward statement) the Trustees may share your personal data in relation to the Trust with your employer. In such circumstances, we would always ensure your employer has the right protections in place to ensure the security of your personal data.
All of the organisations that need access to your personal data will have to comply with the new data protection regulations but the Trustees and their advisers will also check to make sure that they are confident that your data will be secure. You can find a full list of the organisations we share your data with at the end of this notice. Where these organisations are data controllers a copy of their Privacy Notice is available to you on request.
Where we have information of proposed beneficiaries, who may become eligible to a payment on a member’s death, we will advise the individual of their data protection rights if a payment becomes due.
The reason we hold individual member records (that contain personal data) is so that the correct payments can be calculated and paid. The Trustees' advisers will need access to that information to ensure that everyone receives the correct amount and in the event of the member's death that dependants are also paid the correct amount.
We will need to hold personal data for as long as such data is needed to administer your savings for you or your dependants. This means we are likely to hold your data for many years, probably until long after your own death. In practice, we will continue to hold your personal data for the life of the Trust.
You already have the right to see your own pension scheme records (this is known as a Subject Access Request) and you can require that we rectify any errors in data that we hold about you, but in addition, you will (under certain limited circumstances) have the right to be forgotten or have your personal information deleted. However, as far as the Trust is concerned, the Trustees can override these rights in certain circumstances and without your personal information the administrator would not be able to calculate the value of your savings and make payments.
If you are asked to provide consent (e.g. to agree that another organisation can have access to your data, or for us to use especially sensitive information such as information about your health) then you have a right to withdraw that consent at any time. However, if we do not hold all of the data to administer your savings, we may not be able to pay out the savings you are entitled to.
If you are unhappy with the way your data has been used you can complain to the Information Commissioner’s Office (ICO). Their address is shown below:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
As we explained at the start of this notice, the Trustees and their advisers have been complying with the current Data Protection laws and you will therefore only see minimal changes to the wording on letters and information that are usually sent to you in the normal course of events such as when you take an income or upon leaving the Trust.
In future, if any significant changes are made to the way the Trust operates or projects are carried out that require us to use your personal data, we will explain in more detail why it is being used and whether you need to consent to that particular use of your data.
Your savings are not affected and you do not need to take any action as a result of receiving this communication. However, if you have a question please contact the Trust helpline on 0118 918 5118 or email [email protected] or alternatively write to us at the address shown below.
PO Box 205
We will only share your data with third parties if it is necessary to administer your account. This means that your information may be shared with:
- XPS Pensions Group plc as secretary to the Trustees, trust pension consultant, investment adviser and scheme administrator;
- Equiniti Group for the provision of website services;
- Investment managers, legal and financial advisers, in order that they may provide advice to the Trustees. The Trust’s legal advisers are currently Pinsent Masons LLP;
- Investment providers holding the Trust assets;
- The Trust’s bank provider(s);
- The Trust’s auditor who is currently RSM UK Audit LLP;
- The Trust’s insurers;
- Any other person who is authorised to act on your behalf;
- Law enforcement agencies (subject to any request being legally made);
- Fraud prevention agencies so that we may comply with money laundering and financial crime prevention laws;
- Regulators as required (including HMRC, the Pensions Regulator, the Financial Conduct Authority and the Information Commissioners Office);
- Certain approved suppliers used by XPS Pensions Group. These may include suppliers of computer services and software, printing and mailing services, offsite storage;
- Other pension schemes of which you are a member (should you wish to transfer benefits into or out of the trust);
- Any relevant ombudsman, dispute resolution body or the courts; and
- If the Trust, or the relevant part of XPS Pensions Group's workplace pensions business, were acquired by a third party, personal data held by the Trustees about the Trust's members could be shared with that third party.
The entities listed above may also share personal data with their own business suppliers, for example in relation to the operation of IT systems or where they outsource part of their services.
We would notify you or ask for your consent (or that of your personal representative if appropriate), before we share your data with anybody else.
Your data will not be transferred to anyone outside of the UK and the European Economic Area.