This privacy notice describes what personal data 20-20 Trustees Limited and 20-20 Trustee Services Limited “2020 Trustees” collect about those whose personal data may be provided to 2020 Trustees in connection with membership of a pension scheme.
This privacy notice also describes how we process (i.e. handle) your personal data, the basis upon which we process it, with whom it is shared, how it is stored and certain other important information relating to the protection of your personal data.
Please read this privacy notice carefully as it contains important information.
What personal data do we collect about Scheme members and how?
We collect personal data from members in a number of different ways:
· A member may share information with us (for example, when he/she joins the Scheme or when they apply for benefits from the Scheme);
· We may collect certain personal data from third parties (for example, a member’s current or former employer);
· We may also generate certain personal data in our running of the Scheme (for example, information relating to a members contributions and benefits).
We collect personal data from the following third parties:
· A member’s current or former employer;
· Any financial or other adviser or representative acting on a member’s behalf and, if a member wants to transfer benefits, the trustees or managers of other pension schemes of which he/she is or has been a member;
· Providers of services that allow us to verify the accuracy of personal data (for example, to trace current addresses or to verify continuing existence); and
· Government agencies (for example, HM Revenue and Customs or the National Insurance Contributions Office).
In certain circumstances, we may ask a member for information relating to health; for example, if a member is applying for ill health benefits. We will only ask for as much health information as we need. We will explain at the time why we need that information and how we intend to use it. When we need to, we will ask the member for consent to use their health information. There are some cases in which we do not need consent to use health information; in those cases, we will still explain how we intend to use it.
A member may also need to provide us with personal data relating to other people (for example, spouse, civil partner or dependants). When this is provided, a member will need to check with them that they are happy for their data to be shared with us and for us to use it in accordance with this privacy notice.
How do we use a member’s personal data?
We primarily use a member’s personal data for the purposes of operating the Scheme; for example, to process any application to join the Scheme, to calculate and pay benefits, to communicate with members and to make decisions about Scheme entitlements (as well as about the Scheme more generally).
We will also use a member’s personal data for the purposes of complying with any laws, procedures and regulations which apply to us and to establish, exercise or defend our legal rights.
We may also use member’s personal data for risk management purposes. This may include, but is not limited to, longevity modelling, managing the Scheme assets, insurance solutions and member option exercises.
We will occasionally use a members’ personal data for the purposes of statistical analysis or to respond to government surveys (for example, questionnaires sent to us by the Pensions Regulator or the Office of National Statistics) but this is usually completed on an anonymous basis.
If we wish to use a member’s personal data for any other purpose, we will update this privacy notice.
What is our lawful basis for using a member’s personal data?
Under laws which are designed to protect personal data, we need to have what is called a lawful basis each time we use, share or otherwise process personal data.
We have certain duties and powers which are conferred on us by law or by the Scheme’s governing documents. In most cases, our processing of personal data is necessary for the performance of those duties and exercise of those powers.
Certain uses of personal data, or other processing activities, will not be strictly necessary to perform our legal duties, or to exercise our powers; however, they will be necessary for the purposes of our legitimate interests or the legitimate interests of a third party. They may also be in a member’s interests.
When we say “legitimate interests”, we mean ours (or a third party’s) interests in operating the Scheme as efficiently and securely as possible. For example, we may choose to use a third party to store your personal data; we may do this in part because our use of that service means that your personal data is more secure.
If we are processing personal data in a certain way because it is in ours (or a third party’s) legitimate interests (not, for example, because it is necessary for the performance of our legal duties), you have the right to object to this processing.
In certain circumstances, we will need consent to collect and use personal data; this is most likely where we are collecting information relating to health (for example, in applying for ill health benefits) or where we obtain information that may reveal your racial or ethnic origin, religious or similar beliefs, sex life or sexual orientation for the payment of death benefits (for example, an expression of wishes form or an application for pension sharing on divorce or dissolution of civil partnership). If we have asked for consent, this may be withdrawn at any time. However, withdrawing this consent may influence your ability to receive certain benefits from the Scheme.
In what circumstances do we share a member’s personal data?
We may share personal data with the following categories of third parties:
· A member’s current or former employer and other members of the employer’s group with responsibilities to the Scheme – for the purposes of operating the Scheme;
· The Scheme administrators – we delegate some of our duties to the Scheme administrators; they are effectively responsible for the day-to-day running of the Scheme;
· The Scheme actuary – this is an actuary that is personally appointed to the Scheme to provide us with advice on the funding of the Scheme. The actuary will be supported by an actuarial team who will also have access to your personal data;
· Our benefit consultants (if relevant) – they provide advice on all aspects of running the Scheme, including the level and form of benefits to be provided to members of the Scheme, investment, member communication and strategies for managing and mitigating the risks associated with the Scheme;
· Our insurers (if relevant) – they provide insurance cover for the payment of death benefits and / or provide annuity policies securing the Scheme benefits;
· Our investment managers, AVC and other money purchase providers – they invest the Scheme assets on our behalf;
· Our annuity broker / retirement advice / support service
· Our auditors – they prepare the Scheme’s annual accounts and audit them for us; our lawyers – they advise us on all legal issues affecting the Scheme;
· Our covenant advisers – they advise us on the financial support that your current or former employer may be able to provide to the Scheme;
· Our payroll agents (if relevant) – they arrange payment of pensions;
· Our indemnity insurers;
· Any staff we employ and other companies that provide services to us (or to the Scheme administrators or our other suppliers), such as communications consultants, printers, suppliers of data cleansing, verification and tracing services and information technology systems suppliers and support, including providers of data storage, email archiving, back-up and disaster recovery and cyber security services;
· Any financial adviser appointed to advise in relation to transferring your benefits to another pension scheme (and the trustees or managers of the pension schemes you transfer or your benefits are transferred to);
· Government agencies in connection with contracted-out benefits (for example, HM Revenue and Customs, and the National Insurance Contributions Office);
· The Pension Protection Fund, if required in connection with the Scheme’s eligibility for entry into the Pension Protection Fund;
· Any other advisors who may be appointed by the Trustees from time to time; and
· Any individuals or corporate trustees who are appointed to act alongside or in place of the Trustees.
Details of all of the main advisers to the Scheme are available in the Scheme’s annual report and accounts which are available on request by writing to us.
Some of these third parties may process your personal data in countries which are outside of the European Economic Area (EEA).
We will also disclose your personal data to third parties:
· If we are under a duty to disclose or share personal data in order to comply with any legal obligation, or any lawful request from any legal or regulatory authority; or
· To respond to any claims, and to establish, exercise or defend our legal rights.
Most third parties with whom we share personal data are limited (by law and by contract) in their ability to use personal data for the specific purposes identified by us.
Certain third parties (most notably, the Scheme actuary and other professional advisers) are themselves subject to certain legal or regulatory obligations (including professional codes of practice). They will be responsible for their own processing of personal data to the extent that processing is subject to, or relates to, those obligations.
We will always ensure that any third parties with whom we share personal data are subject to privacy and security obligations consistent with this privacy notice and applicable laws.
Do we transfer personal data outside the UK and the EEA?
In certain circumstances, personal data may be processed outside of the UK and the EEA.
If we (or our service providers) process personal data outside of the UK and the EEA, we will take appropriate measures to ensure that personal data is adequately protected in a manner which is consistent with this privacy notice and in accordance with applicable laws.
Further details on the steps we take to protect personal data in these cases are available on request by writing to us.
How long do we retain personal data?
We keep personal data for no longer than is necessary for the purposes set out above.
We will need to keep most of a member’s personal data for as long as he/she is a member of the Scheme. If they die, we will continue to hold personal data because we may need to pay benefits to a spouse, civil partner, partner or dependants. If a spouse or dependants subsequently die or the benefits are transferred out of the Scheme during your lifetime, we may also keep the member’s personal data for a period of at least six years for the purposes of defending any future claims or establishing, exercising or defending our legal rights.
What are a member’s rights in relation to their personal data?
You have certain rights in relation to your personal data; those rights will not necessarily apply in all cases or to all personal data which is processed by us. For example, certain rights will not apply where we need to process personal data to comply with our legal duties.
Scheme members have the right to request that we:
· Provide them with a copy of any personal data which we hold about them;
· Update any personal data which is out of date or incorrect;
· Delete any personal data which we hold, although in these circumstances it would be difficult to provide you with continued Scheme membership;
· Restrict the way that we process personal data;
· Consider any valid objections which they have to our use of their personal data; or
· Provide personal data to a third party provider of services.
We will consider all such requests (including whether they apply in a particular case) and provide our response within 30 days of receipt of the request, unless there is a good reason for delay.
When a member makes a request, we may ask he/she to provide us with some further information to allow us to confirm their identity.
How do we keep personal data secure?
We are committed to protecting personal data from loss, misuse, disclosure, alteration, unauthorised access and destruction. We take all reasonable precautions to safeguard the confidentiality of personal data.
Although we make every effort to protect the personal data which is provided to us, the transmission of information over the internet is not completely secure. As such, you acknowledge that we cannot guarantee the security of personal data transmitted to us over the internet, and that any such transmission is at your own risk.
Once we have received personal data, we will use strict procedures and security features to prevent unauthorised access (and take steps to ensure that any third parties with whom we share your personal data do the same).
Where we have given you (or where you have chosen) a password which enables you to access an account relating to your membership of the Scheme, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Changes to this privacy notice
We may amend this privacy notice from time to time. Any changes we make to our privacy notice in the future will be notified to Scheme members in the next communication from us to you.
Further questions or making a complaint
If you have any queries or complaints about how we handle personal data, or if you wish to exercise any of your rights in relation to your personal data, please write to us.
We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of personal data.
If you are not satisfied with our response, you may also make a complaint to the UK Information Commissioner’s Office (https://ico.org.uk/), the UK’s data protection regulator.
Personal data we process
We may collect and use the following types of personal data about Scheme members and, in some circumstances, their spouse, civil partner, partner or dependants:
– National insurance number;
– Date of birth;
– Home address, telephone number and personal e-mail address;
– Marital status and family / dependants;
– Dates on which a member joined and left pensionable service, including details of any adjustments that may be required to this service (eg any periods of part-time service, or any periods of absence/leave);
– Salary information and history of contributions into the Scheme;
– Information relating to a member’s health (for example, if they request ill health benefits);
– Information relating to any pension sharing or earmarking order (if a marriage or civil partnership ends);
– Information related to other pension entitlements;
– Tax information including income tax band and any protections in relation to a member’s pension benefits;
– Bank account details; and
– Copies of other personal documents (eg birth/marriage certificates, passports)
In this privacy notice, the following terms have the following meanings:
Scheme means the relevant pension Scheme which a member participates in; and
2020 Trustees, us, we or our means the trustee of the Scheme, being 20-20 Trustees Limited or 20-20 Trustee Services Limited;