In 2018, the law changed in the UK to provide greater protection to individuals when dealing with companies or organisations that use their personal information (or “data”). It has always been important to prevent others from seeing Fund members’ personal information, and the TWIL Group Pension Fund (“the Fund”) has taken great care to keep members’ data secure (whether on computer files or on paper). The 2018 changes built on the existing legal protections to reflect the fact that more and more people, firms (and the Government) transact business and communications online.
The Trustee of the Fund (the “Trustee”) could not run the Fund without member data, and this policy covers how the Trustee gathers data about members, what it is used for, and how it is kept safe.
The Trustee holds data about members which it has collected from a variety of sources, including members themselves, records from members’ employer(s) and from public authorities.
The personal information held includes a member’s contact details: name, address, telephone number and (sometimes) e-mail address. The Trustee also holds identifying information about members such as their date of birth, National Insurance number, employee reference number. The Fund needs this information to identify members, and to be able to contact members about their benefits and any changes to the Fund.
The Trustee also has information about members’ earnings history and how long they worked for their employer. This is needed to work out how much pension members are due from the Fund.
If members are receiving a pension, the Fund will hold bank details and tax information so that the correct payments can be made. The Trustee may also hold details about a member’s marital status and family circumstances to work out who should receive benefits on a member’s death.
Where it is appropriate, the Fund may have to obtain information about a member’s health (to determine whether benefits connected with ill health are payable). Information like this is defined as “sensitive data” and the Trustee will ask for a member’s consent before processing it, wherever possible.
The Trustee also gathers information about all the membership as a whole to enable it to plan for the future and work out how well the Fund is funded for its long-term needs. The information is used to help plan investment strategy and might assist (for example) with the purchase of insurance products to help secure benefits in the future.
The Trustee is a “Data Controller” because the Fund is registered with the Information Commissioner as an organisation that holds and processes data. The Trustee, like any Data Controller, must have a legal reason to use members’ personal information. It does so:
The Fund’s Actuary, and his organisation (Mercer Ltd) are also Data Controllers for the purposes of administering the Fund and providing advice to the Trustee.
Yes, the Trustee has to share members’ information with other individuals and organisations, but it does so extremely carefully. Those individuals and organisations include:
The Trustee might also share information with independent financial advisors, solicitors, or other pension schemes if a member makes enquiries to them about their benefits – but only with the member’s express permission in advance.
The Fund has measures in place to protect the security of members’ personal information and keep it confidential. The Trustee reviews these measures regularly to make sure they remain appropriate.
When sharing members’ data with other parties, there are measures in place to protect it, keep it confidential and to ensure that third parties commit to only using the information for the purposes agreed. The Trustee takes special measures to ensure compliance where any data is transferred outside the European Economic Area (EEA) which are not always subject to an equivalent level of statutory protection to those within it.
Personal information will be kept as long as it is needed for the Trustee to fulfil its obligations to Fund members. When deciding how long to keep members’ personal information after that date, the Trustee will take into account their legal obligations and the expectations of the Pensions Regulator. The Trustee may also retain records to investigate or defend potential legal claims.
Members have rights concerning their personal information including the right to access, correct or transfer it. In certain circumstances a member might have a right to ask for it to be deleted, or to restrict or object to the Trustee’s use of it. If a member makes any such request, the Trustee may need to understand more about the reasons for asking them to do that before being able to comply (since it might mean they cannot meet their obligations to make pension or other benefit payments to members or their family).
The Trustee encourages members to notify the Fund if any personal information changes, or if they think any information held by the Fund is out of date. Members should also let family members, who might benefit from the Fund in future, know about the contents of this Policy.
Members can obtain more information about their rights from the Office of the Information Commissioner (www.ico.org.uk, telephone 0303 123 1113).
The TWIL Group Pension Fund was established to provide pensions and other benefits to employees of Tinsley Wire Industries and the TWIL Group