The auto-enrolment solution for Northern Ireland
The Trustee as the data controller, is required by data protection law to notify you about the collection, holding, use, disclosure and transfer (collectively known as ‘processing’) of personal information or data relating to you. The Trustee is the ‘Controller’ of the personal data you provide to the Scheme and ensures that the Scheme is run in the best interests of its members.
Accordingly, we process your data to comply with our legal obligations under the Scheme's governing documents and pensions law and otherwise for the purposes of our legitimate interest in ensuring the proper and efficient administration of the Scheme in order to provide benefits for you.
This Policy applies to all members (both active and deferred), former members, employers, advisers, payroll providers, beneficiaries and other individuals who contact or interact with Workers Pension Trust (‘the Scheme’).
We use your data to provide our pension service. We collect and process the information about you:
We will not collect any personal data from you that we do not need in order to provide and oversee our service to you. We will not use your data for marketing purposes.
We generally collect your personal information from your employer, their representative/adviser or directly from you. We may also receive information about you from third parties including:
We generally only collect the following types of personal data about you:
In some cases, we may also collect:
If you are a beneficiary nominated by a member to receive benefits in the event of their death, your personal data will have been provided to us by the member. We hold contact details for you, including your address and your relationship to the member. In the event of the death of the member, we may request additional information from you to enable us to pay the entitlement to you.
You may be an employer, adviser or payroll provider contact who has enrolled employees into the Scheme or looks after the account, or an individual who has contacted us for any purpose. We generally only collect the following types of personal data about you:
We need to ensure your personal data is accurate and up to date. Please let us know if your details change, for example, if you move address (see section below ‘How to contact us’).
We may pass your information to third parties such as our service providers, professional advisers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example, the Scheme uses a third party to invest pension contributions, process annual statements, process payments and to send mailings).
Service providers who we may share your personal data with include the following:
Our service providers may also share personal data with their own business suppliers, for example where they outsource part of their services.
When we use third party providers, we disclose only the personal information that is necessary to deliver the service. We have contracts in place that require providers and advisers to keep your information secure and not to use it for their own marketing purposes. Please be reassured that we will not release your information to other third parties unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
For the purposes of IT hosting and maintenance, personal data is located on servers within the European Union. All processors in the European Economic Area (EEA) are obliged to comply with the General Data Protection Regulations (GDPR). There may be instances when information is transferred outside of the EEA, as described below.
The use and disclosure of your information, including for the purpose referred to within this notice, may involve transferring your information outside of the EEA. For example, under the terms of our contract with our current third-party administrator, Mercer, your personal data will be processed in India as well as the UK and for our IT Provider, Equiniti, personal data may be transferred to India for the purposes of testing and upgrading our systems.
The Trustee requires any data processor who transfers personal data outside the EEA to put in place appropriate safeguards (*) before doing so to make sure that your personal data is adequately protected in accordance with applicable laws, such as use of model clause agreements that have been approved by relevant regulators. We have confirmed that the appropriate legal mechanisms are in place to protect the data e.g. Standard Contractual Clauses and Binding Corporate Rules. The EU-US Privacy Shield is not relied upon.
For example, our current third-party administrator, Mercer, offshores certain infrastructure support tasks to their affiliated company, Jardine Lloyd Thompson India Private Limited (JLTI). JLTI is a sub processor of Mercer. The way in which data is processed within JLTI is the same as within the UK, the same standards and regulations apply.
(*) Including but not restricted to:
Further details of these transfers including copies of any data transfer agreements we use are available from us on request.
Other than the circumstances detailed above, we will not disclose your personal information to any third parties, except:
We have a range of security measures in place to protect your data from loss, alteration, or unauthorised disclosure. These are maintained by us and any third party service providers involved in processing or maintaining your pension.
All our employees and any third party service providers we engage to process data are obliged to respect the confidentiality of personal data provided to us, as required under applicable data protection or other legislation.
However, where you have a username and password which enables you to access your account, you are responsible for keeping this password confidential and it is essential that you do not share your password with anyone.
We keep your personal data for so long as any benefit is secured or payable under the Scheme to or in respect of a member or beneficiary. The Trustee will only retain the personal data as is necessary to ensure that benefits can be paid correctly.
Where benefits cease to be payable or secured under the Scheme, e.g. in the case of a transfer out, a pension benefit buy-out or benefits being otherwise discharged, we will continue to hold such personal data as the Trustee considers necessary to fulfil the purposes of the Scheme and/or deal with any complaint or dispute in relation to any benefit entitlement.
We will never process or hold on to data for longer than the life of the Scheme plus 15 years.
The following section explains your rights. The various rights are not absolute and each is subject to certain exceptions or qualifications. We will grant your request only to the extent that it follows from our assessment of your request that we are allowed and required to do so under data protection laws.
|Rights||What this means|
|2||Right of access||You have the right to obtain a copy of your information (if we are processing it), and other information (similar to that provided in this information notice) about how it is used. This is so you are aware and can check that we are using your information in accordance with data protection law. We can refuse to provide information where to do so may reveal personal data about another person or would otherwise negatively impact another person’s rights.
We may request that you specify the information you require using a Subject Access Request Form available from the Scheme.
|3.||Right of rectification (correction)||You have a right to ask for your personal data to be corrected if it is inaccurate and or incomplete e.g. if we have the wrong date of birth or name for you.|
|4.||Right to erasure||This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, for example, to comply with a legal obligation or where we need to use the information in defence of a legal claim.|
|5.||Right to restrict processing||You have a right to ‘block’ or suppress further use of your information when we are assessing a request for rectification or as an alternative to erasure. Your request does not automatically lead to a requirement for the processing to stop, if, for example the Trustee has to comply with a legal obligation.|
|6.||Right to data portability||You have rights to obtain and reuse certain personal data for your own purposes across different organisations. For example, if you decide to move services, this enables you to move, copy or transfer your information easily between different service providers (or directly to yourself) safely and securely, without affecting its usability. This only applies to your information that you have provided that is being processed with your consent (if relevant) or to perform a contract that you are a party to, which is being processed by automated means. We do not expect this right to be relevant in the context of the services that we provide.|
|7.||Right to object||You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by us. We will be allowed to continue to process the information if we can demonstrate “compelling legitimate grounds for the processing which override [your] interests, rights and freedoms” or we need this to establish, exercise or defend legal claims.|
You have the right to make a complaint at any time to the Information Commissioner’s Officer (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to handle your concerns before you approach the ICO so please contact us in the first instance.