Data Privacy Notice
Secured unfunded EFRBS etc - May 2018
This statement has been prepared by The Law Debenture Pension Trust Corporation p.l.c. and its associated companies (together referred to as ‘we’ or ‘us’ in this notice). It relates to any secured unfunded employer financed retirement benefits scheme or other employment related security arrangement to which we are appointed as trustee (referred to as ‘the Scheme’ in this notice).
Why we're telling you about data privacy
We are responsible for fulfilling our obligations under the Scheme’s rules and/or other governing documents (referred to as ‘the Scheme’s rules’ in this notice) for the benefit of the Scheme’s members and beneficiaries (referred to as 'you' or 'your' in this notice).
We take your privacy very seriously. This privacy statement explains how we'll use the personal data we collect from you or that we receive from other sources, such as your employer or former employer under the Scheme (referred to as ‘the employer’ in this notice).
We have measures and controls in place to help keep your personal data secure and to protect it from unlawful use, accidental loss, destruction or damage. This is in order to comply with our obligations under data protection laws including the General Data Protection Regulation (the GDPR) from 25 May 2018. We, the employer, the security provider (if different from the employer) and any scheme actuary are each a data controller in relation to our and their respective roles in relation to the Scheme. Our role as trustee principally involves holding the security for members’ benefits and seeking to ensure that it is adjusted as required by the Scheme’s rules. It is the employer (or its administrator) who pays the benefits and we would only do so ourselves if the employer had defaulted or become insolvent such that we had had to enforce the security.
We may change this privacy statement from time to time. If changes are made the updated version will be available from our website: https://www.lawdebenture.com/our-services/united-kingdom/pension-trusteeship/data-protection-framework/data-privacy-notice-secured-unfunded-efrbs-etc/
As a data controller, we may collect and process your personal data so that we can fulfill our legal duties in line with the Scheme’s rules and overriding legal obligations. For most of the personal data we hold, we do not need your explicit consent to do this.
We will only process certain types of sensitive personal data (also known as special categories of personal data) with your explicit consent. This will only apply in certain limited circumstances and, if we ask you for any of this type of data, we'll ask you to complete a consent form explaining why we need it, at the time.
The principles we'll follow
We are committed to respecting your privacy and to complying with data protection and privacy laws.
- We'll only collect and use your data where we have lawful grounds and/or legitimate reasons to do so.
- We'll tell you how we'll collect and use your data.
- We won't ask for more data than we need.
- We'll observe your rights under privacy and data protection laws and ensure that, if you have a query about privacy issues, it is dealt with promptly and transparently.
- We'll check that any organisations we share your personal data with are aware of their privacy obligations (and, if they act as data processors for us, that they have appropriate security measures in place to protect your data).
Data we hold about you and how we use it
The personal data we hold about you may include:
- details that identify and locate you such as name, address, date of birth and NI number or tax reference;
- your benefits under the Scheme and related information such as details of salary, service dates and bank account; and
- details of your other pension arrangements, tax residency status, PAYE coding and HMRC tax protection status.
We may receive personal data about you from the employer. Such data may include any of the details above plus employment details.
We may also receive personal data from a number of other parties, including: the employer's payroll and HR providers, the Scheme actuary, our professional advisers and service providers (if any), other schemes you have been a member of; data analytics companies (e.g for member tracing, identity and existence checking); regulatory authorities; and government departments.
We may use your personal data for any of the purposes below. In some cases this might only be after enforcement of the security.
- To administer the Scheme and establish if you qualify for benefits.
- To exercise a discretion where benefits are paid at the discretion of the Trustee e.g. following your death.
- To provide you with data that you request from us or which outlines your choices and options at a particular stage of membership.
- To provide targeted communications relevant to your stage of membership and information about services which can be accessed by Scheme members - which may be offered by other parties, e.g. retirement guidance and/or advice resources.
- To consider and respond to a concern or dispute you have raised.
- To communicate with you about the Scheme.
To comply with our legal obligations (including our obligations under anti-money laundering legislation).
How long we’ll keep your personal data
Pension benefits are earned and paid over a long period. We will store and process your personal data for as long as necessary to comply with our legal obligations, hold and adjust the security for members’ benefits, if applicable pay benefits in line with the Scheme’s rules and deal with queries about your benefits or those of your beneficiaries after your death. Our service providers and advisers will typically retain your personal data after our agreement ends with them. This is to enable them to deal with queries into the future and protect themselves against legal claims.
Who we share your data with
To comply with our obligations in relation to the operation of the Scheme, we may need to share your data with third parties involved in running the Scheme.
The third parties we may share your data with include:
- The employer, the security provider (if different) and their professional advisers and administrators and other service providers.
- Any actuary, any legal advisers and any other professional advisers appointed in relation to the Scheme.
- Third-party service providers who use your personal data to provide services to us, for example administrators and auditors appointed following (or in anticipation of) enforcement of the security.
- The Pensions Regulator and/or other regulatory bodies, such as HM Revenue & Customs, where we are required by law to do this.
- Third parties to whom we may need to disclose personal data in order to comply with a statutory obligation (for example, in response to a court order or a law enforcement agency's request).
- Any third party where you've given your consent.
- Your dependants, beneficiaries and legal personal representatives after your death.
The employer, the security provider (if different) and any actuary and legal advisers appointed in relation to the Scheme are data controllers in their own right rather than data processors for us.
We require any third-party service provider who acts as a data processor for us to comply with privacy principles as part of our contract with them. These service providers may, with our agreement, sub-contract certain processing activities, for example to external printing companies, data analytics providers or software providers. Before doing so, they must check that the sub-contracted service provider has adequate security measures in place.
Keeping your personal data secure
Once we receive your data, we use appropriate procedures and security features to prevent unauthorised access. We require any third party service providers who act as data processors for us to do so too. If they do so outside the European Economic Area, we require them to apply appropriate safeguards in compliance with data protection laws.
However, please be aware that providing data to us or our service providers via email or the internet is not completely secure and we cannot guarantee the security of data you send in this way. This is done at your own risk.
Your rights to access and correct the data we hold about you
Most of your personal data in relation to the Scheme is held by the employer and/or its administrators. If you want to have access to such data or to change, correct or complete it, please would you address your request to the employer or the administrators.
You may also have the right to ask for the personal data we hold about you to be erased, to restrict the way we process it or object to its processing. You may also withdraw your consent where we have asked you to give it explicitly in connection with certain types of sensitive personal data. However, exercising this right may limit our ability to administer your benefits. To exercise these rights, please address your request to the employer or the administrators.
Some final things to consider
Expression of wishes in the event of your death: You may also tell us who you would like the Trustee to consider when exercising discretion over payment of death benefits (where applicable). We assume that you have their consent to share this information.
Third party websites: Scheme communications and our website may, from time to time, contain links to third-party websites. These websites have their own data privacy policies and we don't accept any responsibility or liability for those policies. You should check those policies before you submit any personal data to these websites.
Contact details, questions and concerns
You can send any queries or comments about this statement (or any concern you have about the way we or anyone else handles your personal data in relation to the Scheme) by email to firstname.lastname@example.org.
If you believe our handling of your personal data does not comply with data protection law, you can contact the Information Commissioner’s Office (ICO) or raise a complaint at www.ico.org.uk/concerns or call its helpline on 0303 123 1113. Alternatively, you can write to Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF