The auto-enrolment solution for Northern Ireland
The Trustees of Workers Pension Trust Limited ('The Trustee') as the data controller, are required by the European General Data Protection Regulation (‘GDPR') to notify you about the collection, holding, use, disclosure and transfer (collectively known as ‘processing’) of personal information or data relating to you. Workers Pension Trust Limited is the ‘Controller’ of the personal data you provide to us. We generally only collect basic personal data about you. This includes your name, address, date of birth, email address and National Insurance Number.
We need to know your basic personal data in order to provide you with your workplace pension scheme. We will use your data to send your annual statement and general information about your pension with the Scheme. We will not collect any personal data from you that we do not need in order to provide and oversee this service to you. Accordingly, we process your data to comply with our legal obligations under the Scheme's governing documents and pensions law and otherwise for the purposes of our legitimate interest in promoting the proper and efficient administration of the Scheme in order to provide benefits for you and your dependents.
We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example, the Scheme uses a third party to invest your pension contributions, process your annual statements, process payments and to send you mailings).
When we use third party service providers, we disclose only the personal information that is necessary to deliver the service. We have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to other third parties unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
For the purposes of IT hosting and maintenance personal data is located on servers within the European Union. All processors in the European Economic Area (EEA) are obliged to comply with GDPR. There may be instances when information is transferred outside of the EEA, as described below.
The use and disclosure of your information, including for the purpose referred to within this notice, may involve transferring your information outside of the EEA. For example, under the terms of our contract with our current third-party administrator, JLT Employee Benefits, your personal data will be processed in India as well as the UK and for our IT Provider, Equiniti, personal data may be transferred to India for the purposes of testing and upgrading our systems.
In those cases, except where the relevant country has been determined by the relevant public authority to ensure an adequate level of data protection, we will ensure that the transferred information is protected, for example by a data transfer agreement in the appropriate standard form approved for this purpose by the European Commission or (where applicable) relevant authority in the United Kingdom.
The Trustees will require any data processor who transfers personal data outside the EEA to put in place appropriate safeguards (*) before doing so to make sure that your personal data is adequately protected in accordance with applicable laws, such as use of model clause agreements that have been approved by relevant regulators. In the case of JLT, they offshore certain infrastructure support tasks to their JLT India operation. JLT India is a sub processor of JLT. JLT use HCL as IT infrastructure support and are a sub processor of JLT.
(*) Including but not restricted to:
Further details of these transfers including copies of any data transfer agreements we use are available from us on request.
The way in which data is processed within JLT India is the same as within the UK, the same standards and regulations apply.
We keep your personal data for so long as any benefit is secured or payable under the Scheme to or in respect of a member or beneficiary. The Trustee will only retain the personal data as is necessary to ensure that benefits can be paid correctly.
Where benefits cease to be payable or secured under the Scheme, e.g. in the case of transfer out, a pension benefit buy-out or benefits being otherwise discharged, we will continue to hold such personal data as the Trustee considers necessary to fulfil the purposes of the Scheme and/or deal with any complaint or dispute in relation to any benefit entitlement.
We will never process or hold on to data for longer than the life of the Scheme plus 15 years.
If at any point you believe your information is incorrect you may request to see this information, and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us at Workers Pension Trust Limited, 143 Malone Road, Belfast, BT9 6SX. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).