Data Privacy Notice

Data Privacy Notice

Introduction.
HAT Trustees Limited processes certain personal data in respect of members and other beneficiaries of the pension schemes for which HAT acts as a trustee. This means that we collect, use, retain, use and protect the personal data that we hold. This notice explains how we manage data protection and privacy.

If you have provided us with personal data about other individuals, (for example, family members, dependants or other potential beneficiaries under your scheme) it is important, to make sure that those individuals are aware of the information contained within this Notice.

Who uses and has access to your data?

HAT Trustees Limited, together with any other trustees associated with your pension scheme are known as the “data controller”. This means the trustees are responsible for deciding how and why your data is used. We have to ensure that it is used in compliance with the rules of your pension scheme.

The trustees engage a number of third party advisers to help them manage your pension scheme. For example the trustees engage administrators to look after member records and calculate pension benefits. They are called “data processors” and they act on the trustees’ instructions. Other third parties with whom the trustees may share your personal data with will include:

• the scheme actuary and actuarial consultants
• the scheme’s investment manager and consultants
• the scheme’s insurers and, if applicable, medical advisers
• the sponsors/employers associated with your scheme
• the scheme’s legal adviser
• a payroll processor, and
• regulatory bodies such as HMRC or the Pensions Ombudsman.

The trustees have agreed engagement terms with each of their service providers which include complying with data protection requirements.

In some instances the third parties are required to meet their own legal obligations in relation to their appointment to the scheme which means they may be joint data controllers with the trustees or separate data controllers in their own right.

Your personal data is not shared outside the European Economic Area (EEA). If it is necessary to do so with other service providers any such transfers will comply with the trustees’ data protection obligations, including using contracts approved by the European Commission .

What data do we hold and why?

Your data is collected and used to administer your benefits within the pension scheme. This includes calculating and paying your benefit entitlements and communicating with you and, where applicable, your dependants. The trustees use the data to help them efficiently manage the scheme.

Your personal data will only be processed by the trustees to comply with their legal obligations under the governing documentation of the pension scheme and pensions and trust law requirements. It will be used for the purpose of the trustees’ legitimate interest in promoting the proper and efficient administration of the pension scheme in order to provide benefits, for the purpose of establishing, exercising and defending a legal claim in respect of the scheme or where necessary for the purpose of the legislate interest of a third party, (for example, the sponsoring employers of the scheme)

The trustees hold data relating to:

1. your identity, address and contact details
2. your date of birth
3. your salary details, and service history
4. your tax and bank account details
5. your national insurance number
6. your wishes in some cases regarding the distribution of any lump sum death benefit data concerning your health (if relevant for insurance purposes or for assessing your entitlement to benefits). This is known as sensitive or “special category” personal data and may relate to your race, ethnicity and sexual orientation

The data the trustees hold is mainly provided by you or your employer. Some data may have been obtained from regulatory bodies, such as HMRC, or through a tracing agency, for example if the trustees have lost contact with you.

How do we use the information collected and how long will we keep it?

The reason trustees hold personal data about you, in their role as data controller, is so that the correct pension benefits can be calculated when members retire and once retired, continue to be paid the correct benefits. The trustees advisers will need access to that information to ensure that everyone receives the correct benefits and in the event of a member’s death that beneficiaries are also paid the correct benefits.

The trustees and third parties work to ensure your data is kept secure using contracts and agreements to clarify each party’s responsibilities, IT security (including measures such as password protection and encryption of data), staff training and regular monitoring of all policies.

The member data that adviser hold on the trustees’ behalf is never sold to other organisations and is never used so that other organisations can sell you their products or services.
No automated decision making is undertaken in relation to your data and benefits in the scheme.

Trustees will need to hold personal data for many years, as in practical terms, there are often occasions when a review of historical member information is necessary. If there is a change of trustees or advisers, your data will be passed by them to the new trustees and advisers. It may necessary for the former trustees and advisers to store your data securely for a time thereafter in order to continue to meet their legal obligations in relation to past services and for the establishment, exercise or defence of legal claims.

What are your rights?

You have the following rights:

1. Right to be informed – to know what personal data is held about you, who holds it and how it is processed
2. Right of access – to access the personal data held about you and have a copy provided to you (or someone else on your behalf)
3. Right to rectification – if you believe the personal data held is inaccurate, you can ask for the error to be corrected
4. Right to be forgotten – you can request that your personal data is deleted or removed altogether if there is no compelling reason for it to continue to be processed. The trustees can override such a request in certain circumstances
5. Right to restrict processing – you can ask the trustees that the processing of your personal data is limited in certain situations. The trustees can override such a request in certain circumstances
6. The right to object to processing – as legitimate interests are part of the reason for processing, you can object to your personal data being processed, although the trustees can override your objection in certain instances
7. Withdrawing Consent – where you have consented to the processing of your personal data, you may withdraw the consent at any time by notifying the trustees. Withdrawing consent does not affect past processing of any personal data and it may be possible for the Trustees to continue processing your personal data where it is legally justified.
   You should be aware that if you opt to take any of the above actions, it may impact the payment of your pension benefits, your participation in the Plan, and/or the ability for questions relating to your benefits to be answered.

If you are unhappy with the way your data has been used you can complain to the Information Commissioner’s Office. Their address is show below:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel. 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

You can find out more about the ICO on its website (https://ico.org.uk/).

Contact details

If you have any queries about this privacy notice, or wish to exercise any of your data rights, please contact Andrew Ashley Taylor. His email address is andrew@hattrustees.co.uk or telephone us on the telephone number stated on this website.