The auto-enrolment solution for Northern Ireland

Privacy Policy

What is this privacy policy about?

This privacy policy explains how Workers Pension Trust Limited (‘the Trustee’, ‘we’, ‘us’ or ‘our’) use any personal data we collect from you and how we comply with data protection law.
 
The Trustee as the data controller, is required by data protection law to notify you about the collection, holding, use, disclosure and transfer (collectively known as ‘processing’) of personal information or data relating to you. The Trustee is the ‘Controller’ of the personal data you provide to the Scheme and ensures that the Scheme is run in the best interests of its members.
 
Accordingly, we process your data to comply with our legal obligations under the Scheme's governing documents and pensions law and otherwise for the purposes of our legitimate interest in ensuring the proper and efficient administration of the Scheme in order to provide benefits for you.
 
We are committed to protecting and respecting your privacy. This Privacy Policy has been developed to let you know:

  • Why we collect and process personal information;
  • What types of personal information we collect and where we obtain it;
  • How you can help keep your personal information up to date;
  • When and why we share it with third-parties;
  • How long we will keep it for;
  • How we safeguard it; and
  • The rights you have regarding your personal information.

Who does this privacy policy apply to?

This Policy applies to all members (both active and deferred), former members, employers, advisers, payroll providers, beneficiaries and other individuals who contact or interact with Workers Pension Trust (‘the Scheme’).

Why do we collect and process personal information?

We use your data to provide our pension service. We collect and process the information about you:

  • To calculate and pay benefits. This includes providing you with details of your benefits and options under the Scheme and dealing with any queries that you have about these.
  • To carry out our obligations arising from any arrangement that we have with, or concerning, you and to provide you with the information, benefits and services that you request from us, or to notify you of any changes.
  • To notify you about services provided to members of the Scheme and any changes to those services or to enable you to access those services e.g. to facilitate online access to your account.
  • To enable our service providers to provide aspects of our services to you.
  • To analyse and improve the services we provide.
  • For internal record keeping.
  • To comply with our legal obligations, any relevant industry or professional rules and regulations or any applicable voluntary codes.
  • To comply with demands or requests made by any relevant regulators, government departments and law enforcement or tax authorities or in connection with any disputes or litigation.
  • In connection with any sale, merger, acquisition, disposal, reorganisation or similar change of the Scheme.

We will not collect any personal data from you that we do not need in order to provide and oversee our service to you. We will not use your data for marketing purposes.

What personal information do we collect and where do we obtain it?

Members

We generally collect your personal information from your employer, their representative/adviser or directly from you. We may also receive information about you from third parties including:

  • Payroll providers chosen by your employer, if any.
  • Another pension scheme if you transfer your benefits into Workers Pension Trust.
  • Third party tracing services when trying to find you when we have lost contact with you.
  • Third parties relating to an event affecting you as a member (such as information provided by your doctor in case of ill health).

We generally only collect the following types of personal data about you:

  • Your name, address, date of birth, email address, phone number and National Insurance Number.
  • Details of your employer who has chosen the Scheme as their pension provider and your salary.
  • Your bank account details in order to make a payment to you.

In some cases, we may also collect:

  • Information about your health if it is relevant, for example, in the case of early payment of retirement benefits from the Scheme due to ill health.
  • Unique identifiers such as your driver’s licence and passport number which help to confirm your identity.

Beneficiaries

If you are a beneficiary nominated by a member to receive benefits in the event of their death, your personal data will have been provided to us by the member. We hold contact details for you, including your address and your relationship to the member. In the event of the death of the member, we may request additional information from you to enable us to pay the entitlement to you.

Employers, advisers and payroll provider contacts and other individuals

You may be an employer, adviser or payroll provider contact who has enrolled employees into the Scheme or looks after the account, or an individual who has contacted us for any purpose.  We generally only collect the following types of personal data about you:

  • Contact name, company address and job title, email and phone number.

How can you help to keep your personal information up to date?

We need to ensure your personal data is accurate and up to date. Please let us know if your details change, for example, if you move address (see section below ‘How to contact us’).

Who do we share information with and why?

Third parties

We may pass your information to third parties such as our service providers, professional advisers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example, the Scheme uses a third party to invest pension contributions, process annual statements, process payments and to send mailings).

Service providers who we may share your personal data with include the following:

  • our pensions administrators;
  • providers who issue email and survey communications to members and employers;
  • IT providers (including suppliers of systems, software, maintenance, rectification and hosting services);
  • from time to time, specialist advisers and auditors (but usually on an anonymised and aggregated basis);
  • providers of investigation services in relation to “gone away” members; and
  • providers of data cleanse services to improve the quality and accuracy of the data held.

Our service providers may also share personal data with their own business suppliers, for example where they outsource part of their services.

When we use third party providers, we disclose only the personal information that is necessary to deliver the service.  We have contracts in place that require providers and advisers to keep your information secure and not to use it for their own marketing purposes.  Please be reassured that we will not release your information to other third parties unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

For the purposes of IT hosting and maintenance, personal data is located on servers within the European Union. All processors in the European Economic Area (EEA) are obliged to comply with the General Data Protection Regulations (GDPR).  There may be instances when information is transferred outside of the EEA, as described below.

Transfer of your information abroad

The use and disclosure of your information, including for the purpose referred to within this notice, may involve transferring your information outside of the EEA. For example, under the terms of our contract with our current third-party administrator,  Mercer, your personal data will be processed in India as well as the UK and for our IT Provider, Equiniti, personal data may be transferred to India for the purposes of testing and upgrading our systems.

The Trustee requires any data processor who transfers personal data outside the EEA to put in place appropriate safeguards (*) before doing so to make sure that your personal data is adequately protected in accordance with applicable laws, such as use of model clause agreements that have been approved by relevant regulators. We have confirmed that the appropriate legal mechanisms are in place to protect the data e.g. Standard Contractual Clauses and Binding Corporate Rules.  The EU-US Privacy Shield is not relied upon.

For example, our current third-party administrator, Mercer, offshores certain infrastructure support tasks to their affiliated company, Marsh McLennan Global Service Limited. The way in which data is processed within Marsh McLennan Global Service Limited is the same as within the UK, the same standards and regulations apply.

(*) Including but not restricted to:

  • not transferring personal data outside of the EEA until appropriate checks have been made; and
  • ensuring administrators have processes in place to consider data protection whenever a Scheme member or beneficiary requests an overseas transfer.

Further details of these transfers including copies of any data transfer agreements we use are available from us on request.

Additional data sharing obligations

Other than the circumstances detailed above, we will not disclose your personal information to any third parties, except:

  • to the extent that we are required to do so by law, by a government body, by regulatory bodies (such as the Information Commissioner's Office (ICO), the Pensions Regulator), by a law enforcement agency, or for crime prevention purposes;
  • in connection with any legal proceedings (including prospective legal proceedings);
  • in order to establish or defend our legal rights;
  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • if we, or substantially all of our assets, are acquired by a third party, we may disclose your personal data to that third party in connection with the acquisition; and
  • to share your information with the Pensions Ombudsman or other appropriate persons if the need arises, with your consent.

How do we keep your personal information safe?

We have a range of security measures in place to protect your data from loss, alteration, or unauthorised disclosure.  These are maintained by us and any third party service providers involved in processing or maintaining your pension.

All our employees and any third party service providers we engage to process data are obliged to respect the confidentiality of personal data provided to us, as required under applicable data protection or other legislation.

However, where you have a username and password which enables you to access your account, you are responsible for keeping this password confidential and it is essential that you do not share your password with anyone.

How long do we keep your personal information?

We keep your personal data for so long as any benefit is secured or payable under the Scheme to or in respect of a member or beneficiary.  The Trustee will only retain the personal data as is necessary to ensure that benefits can be paid correctly.

Where benefits cease to be payable or secured under the Scheme, e.g. in the case of a transfer out, a pension benefit buy-out or benefits being otherwise discharged, we will continue to hold such personal data as the Trustee considers necessary to fulfil the purposes of the Scheme and/or deal with any complaint or dispute in relation to any benefit entitlement.

We will never process or hold on to data for longer than the life of the Scheme plus 15 years.

Your rights in relation to your personal information

The following section explains your rights. The various rights are not absolute and each is subject to certain exceptions or qualifications. We will grant your request only to the extent that it follows from our assessment of your request that we are allowed and required to do so under data protection laws.

  Rights What this means
1. Right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this privacy policy.
2 Right of access You have the right to obtain a copy of your information (if we are processing it), and other information (similar to that provided in this information notice) about how it is used. This is so you are aware and can check that we are using your information in accordance with data protection law. We can refuse to provide information where to do so may reveal personal data about another person or would otherwise negatively impact another person’s rights.

We may request that you specify the information you require using a Subject Access Request Form available from the Scheme.
3. Right of rectification (correction) You have a right to ask for your personal data to be corrected if it is inaccurate and or incomplete e.g. if we have the wrong date of birth or name for you.
4. Right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, for example, to comply with a legal obligation or where we need to use the information in defence of a legal claim.
5. Right to restrict processing You have a right to ‘block’ or suppress further use of your information when we are assessing a request for rectification or as an alternative to erasure. Your request does not automatically lead to a requirement for the processing to stop, if, for example the Trustee has to comply with a legal obligation.
6. Right to data portability You have rights to obtain and reuse certain personal data for your own purposes across different organisations. For example, if you decide to move services, this enables you to move, copy or transfer your information easily between different service providers (or directly to yourself) safely and securely, without affecting its usability. This only applies to your information that you have provided that is being processed with your consent (if relevant) or to perform a contract that you are a party to, which is being processed by automated means. We do not expect this right to be relevant in the context of the services that we provide.
7. Right to object You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by us. We will be allowed to continue to process the information if we can demonstrate “compelling legitimate grounds for the processing which override [your] interests, rights and freedoms” or we need this to establish, exercise or defend legal claims.

Changes to this Privacy Policy

We keep this Privacy Policy under regular review and may change it from time to time to comply with law or to meet changing business requirements. Any changes we may make to our Privacy Policy in the future will be posted on this page. Please check frequently to see any update or changes to this Policy. This Policy was last updated in April 2021.

Any complaints?

You have the right to make a complaint at any time to the Information Commissioner’s Officer (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to handle your concerns before you approach the ICO so please contact us in the first instance.

How to contact us

Questions, comments, and requests regarding this privacy policy are welcomed. You can contact us at info@workerspensiontrust.co.uk or Workers Pension Trust Limited, 4th Floor, State Buildings, 2 Arthur Place, Belfast, BT1 4HG.