Data protection privacy notice
New standards of data protection regulations came into force on 25 May 2018 called the General Data Protection Regulations (GDPR), now supplemented in UK legislation under the Data Protection Act 2018. Like many organisations in the UK who hold personal data, Shropshire County Pension Fund has put in place plans to ensure we are compliant.
As part of this process we have prepared a privacy notice in our capacity as the administering authority and data controller of your pension benefits, which gives details of our responsibilities and obligations including what information is held, who it is shared with and what your rights are in relation to accessing this data.
Below is an overview of the type of information contained in the notice:
Why we hold information about you?
The fund, in our capacity as the administering authority and data controller, needs to hold certain personal data about you so that we can contact you, calculate and pay your benefits, create statistical and financial modelling for investments, manage its liabilities and administer the fund generally.
The legal basis for holding your information will usually be for one or more of the following reasons:
- we need to process your personal data to satisfy legal obligations as the administering authority of the fund;
- we need to process your personal data to carry out a task in the public interest or in the exercise of official authority in its capacity as a public body;
- we need to process your personal data for the legitimate interests of administering and managing the fund and liabilities under it, calculating, securing and paying benefits and performing our obligations and exercising any rights, duties and discretions the administering authority has in relation to the fund;
- because we need to process your personal data to meet our contractual obligations to you in relation to the fund (for example, under an agreement that you will pay additional voluntary contributions to the fund), or to take steps, at your request, before entering into a contract
What personal data we hold, and how we obtain it?
The types of personal data the fund holds and processes about you can include:
- Contact details, including your name, address, telephone numbers and email address
- Identifying details, including your date of birth, national insurance number and employee and membership numbers
- Length of service or membership and salary information
- Financial information
- Information about your family, dependents or personal circumstances
- Information about your health
This data may be obtained directly from you or your family members, current employer, past employers and a variety of other sources including databases, advisers and government and regulatory bodies.
Extra protections will apply where we obtain data in relation to “special categories” including health records. This kind of data will only be processed if we have your consent, or if we can lawfully process the data as per the relevant legislation.
You may withdraw your consent at any time by notifying us in writing, but be mindful that we may not be able to process the information, and therefore your payments, if we cannot make a fully informed decision.
Where you have made an expression of wish nomination, or provided details about family members for example, please ensure that those individuals are aware of the information contained in the notice.
How we will use your personal data
The fund will use your personal data to deal with all matters relating to the fund, including its administration and management.
We may use your personal data including in the following instances:
- To contact you
- To assess eligibility
- For statistical and modelling purposes
- To comply with its legal and regulatory obligations
- To respond to any actual or potential disputes concerning the Fund
- To comply with the management of the Fund’s liabilities
Who we may share your personal data with
From time to time the fund will share your personal data with advisers and service providers so that they can help us carry out our duties, rights and discretions in relation to the fund.
Some of those organisations will simply process your personal data on our behalf and in accordance with our instructions. Other organisations will be responsible to you directly for their use of personal data that we share with them. These are referred to as data controllers and include internal and external auditors, advisers and government bodies such as the Department for Work and Pensions, the Government Actuary’s Department and HMRC. These government bodies will use your data to carry our their legal functions.
We may also from time to time provide some of your data to your employer and their relevant subsidiaries for the purposes of enabling your employer to understand their liabilities to the scheme.
We will only share information to the extent that we consider the information is reasonably required for these purposes.
The organisations and government bodies we share your data with will use your data to perform their functions in relation to the fund, as well as for statistical and
financial modelling, business administration and regulatory purposes. Where they consider the information being reasonably required for a legitimate purpose, they may also pass your personal data to other third parties.
In some cases these recipients may be outside the UK. This means your personal data may be transferred outside the EEA to a jurisdiction that may not offer an equivalent level of protection as is required by EEA countries. If this occurs, we are obliged to verify that appropriate safeguards are implemented with a view to protecting your data in accordance with applicable laws.
How long we keep your personal data
The fund will only keep your personal data for as long as we need to in order to fulfil the purpose(s) for which it was collected and for so long afterwards as we consider may be required to deal with any questions or complaints that we may receive about our administration of the fund, unless we elect to retain your data for a longer period to comply with our legal and regulatory obligations.
In practice, this means that your personal data will be retained for such period as you (or any beneficiary who receives benefits after your death) are entitled to benefits from the fund and for a period of 100 years after those benefits stop being paid. For the same reason, your personal data may also need to be retained where you have received a transfer, or refund, from the Fund in respect of your benefit entitlement.
You have a right to access and obtain a copy of the personal data that the administering authority holds about you and to ask the administering authority to correct your personal data if there are any errors or it is out of date. In some circumstances you may also have a right to ask the administering authority to restrict the processing of your personal data until any errors are corrected, to object to processing or to transfer or (in very limited circumstances) erase your personal data. You can obtain further information about these rights from the Information Commissioner’s Office at: www.ico.org.uk or via their telephone helpline (0303 123 1113).
If you wish to exercise any of these rights or have any queries or concerns regarding the processing of your personal data, please contact the fund administrator. You also have the right to lodge a complaint in relation to this privacy notice or the administering authority’s processing activities with the Information Commissioner’s Office which you can do through the website above or their telephone helpline.
The personal data we hold about you is used to administer your fund benefits and we may from time to time ask for further information from you for this purpose. If you do not provide such information, or ask that the personal data we already hold is deleted or restricted this may affect the payment of benefits to you (or your beneficiaries) under the fund. In some cases it could mean the administering authority is unable to put your pension into payment or has to stop your pension (if already in payment).