Privacy policy
Personal information and what we do with it
The Trustees of the Scheme, need personal information about you to run the Scheme and pay benefits. Similarly, other parties involved in running the Scheme will sometimes need to make decisions independently from the Trustees about how your personal information will be used. In particular this will include the Scheme Actuary who is currently Matt Farraker of Mercer.
In legal terms, the Trustees and the Scheme Actuary are both ‘controllers’ and are separate and distinct from each other.
In this notice, you will see information about what the Trustees do with your personal information.
What personal information we have
The Trustees normally hold some or all of the following types of personal information:
- Your name, date of birth, national insurance number and bank account information.
- Your sex/gender (we use this to understand how long you are likely to receive your pension for and as part of your addressee details if we write to you e.g. ‘Mr., Mrs., Ms.’)
- Contact details (including your address, phone number and email address).
- Your employer when you were building up benefits in the Scheme, how long you worked for them and your salary throughout this period of employment.
- Whether you are married or in a civil partnership and other information we might need to pay any benefits due in relation to you.
- Any information you have provided about who you would like to receive any benefits due on your death.
- If your benefits from the Scheme form part of a divorce settlement, details of that settlement.
- Details of any contributions paid by you or on your behalf to the Scheme, including any additional voluntary contributions (AVCs).
- Details of any benefits earned in a previous pension arrangement, if you have transferred these into the Scheme.
- Correspondence received about you from HMRC, relating to periods of service when you may have been contracted out of the upper tier of the state pension.
- Correspondence that we may have received about you from your appointed independent financial adviser.
The Trustees may sometimes use other information about you. This could include information about your health where it is relevant to, for example, early payment of benefits from the Scheme, or details about personal relationships to determine who should receive benefits on your death. The Trustees might also, very rarely, have information about criminal convictions and offences, but only where it is relevant to the payment of Scheme benefits.
We also have a legal obligation to carry out due diligence checks in the event of a pension transfer request, which may mean that we are obliged to ask you for additional information. For instance:
- If you wish to transfer to an occupational pension scheme, we have to request evidence that demonstrates an “employment link”. This could include a letter from your employer confirming your employment, a schedule of contributions, payslips and bank statements (the bank account detail on your payslip might be different from the bank details we hold for you).
- If you request a transfer to an overseas pension scheme, we are legally obliged to check that you are resident in the same country as that scheme. This evidence might include utility bills, TV subscriptions, insurance documents relating to your overseas home, address, bank account and credit card statements, evidence of local tax being paid and registration of address with local doctors.
Where we get personal information from
Some of the information the Trustees have comes directly from you. In addition, Buck Pensions UK (previously Conduent HR Services) who administers the Scheme on behalf of the Trustees, may have obtained information from you and passed it to the Trustees. The Trustees may then in turn pass information about you to the Scheme Actuary or may instruct the administrator to do so. The Trustees are the source of the personal information which the Scheme Actuary has about you.
Sometimes the Trustees get information from other sources: for example, from your Scheme employer (for information such as your salary and length of service); from another scheme if you have transferred benefits from that scheme; from government departments such as HMRC and DWP; and from publicly accessible sources (e.g. the electoral roll) if the Trustees have lost touch with you and are trying to find you. Again, the Trustees may in turn pass this to the Scheme Actuary.
If the Trustees ask you for other information in the future (for example, about your health), they will explain whether you have a choice about providing it and the consequences for you if you do not do so.
Why we hold personal information and how we share it
The Trustees must by law provide benefits in accordance with the Scheme’s governing documentation and must also meet other legal requirements in relation to the running of the Scheme.
The Trustees will use your personal information to comply with these legal obligations, to establish and defend their legal rights, and to prevent and detect crimes such as fraud. The Trustees may need to share your personal information with other organisations for this reason, such as courts and law enforcement agencies.
The Trustees have a legal responsibility to administer the Scheme properly. We can only do so by using your Personal Information which is part of the Trustees’ legitimate interests. This includes: paying benefits as they fall due; managing existing insurance contracts, purchasing insurance contracts; communicating with you; and ensuring that correct levels of contributions are paid, benefits are correctly calculated and the expected standards of Scheme governance are met (including standards set out in Pensions Regulator guidance).
In order to achieve this, the Trustees may share your personal information with various other organisations and individual people as necessary. This may include: any new trustees; the Scheme employers; the Scheme administrator; the Scheme Actuary; the Trustees’ other professional advisers; auditors; insurers; HMRC; the Pensions Ombudsman; the Pensions Regulator; the Information Commissioner’s Office (“ICO”); and IT and data storage providers and other service providers, such as printers who help the Trustee prepare communications which the Trustee sends to members, and tracking and tracing services. If your benefits are transferred to another scheme, the Trustees will also need to provide the administrators of that scheme with information about you.
If the Trustees need to use information about your health, we may ask for your consent. However, sometimes there may be reasons of public interest or law which enable the Trustees to use information about your health (or other very personal information, such as details about personal relationships relevant to who should receive benefits on your death) without consent, and we will do so where that is necessary to run the Scheme in a sensible way. You can withdraw your consent at any time by contacting the Trustees using the contact details given below. This may affect what the Trustees can do for you, unless they have another lawful reason for using your information. For example, if you apply for ill health early retirement and consent to the Trustee processing your health data for that, but then you withdraw that consent, the Trustee will usually be unable to consider your application. If you withdraw consent after our processing, this will not retrospectively affect the processing that has already happened.
Sometimes the Trustee needs to use your personal data, including special categories of personal data, in order to establish, exercise or defend legal claims.
The Trustees may also share your personal information with another party where you have given your consent. For example, where you transfer your benefits out of the Scheme.
The Scheme’s employers may also have a legitimate interest in contacting you about your benefits under the Scheme, and any additional options which may be available to you in relation to those benefits. In such circumstances, the Trustees may share your personal information with the employers and their advisers so that they can contact you for that purpose.
The Trustees may need to share personal data with insurers in relation to the purchase and pricing of insurance contracts called ‘annuities’ (unless that can happen based on anonymised data). Insurers will use that data to verify the assets and liabilities of the Scheme. The Trustees may write to you before purchasing an annuity to ask for up-to-date information about your spouse/partner/children/other dependants, for this purpose. The Trustees will share your personal data when we purchase the annuity, and at that stage the insurer will typically share information with its chosen re-insurer. Sometimes the insurer’s privacy notice will mention who its re-insurer is and how to see its privacy notice (either giving you a link to it online or explaining where it can be seen or by providing a copy of it). The Trustees will usually need to write to members to explain about the particular annuity and who the insurer is. In this way you can know who holds your personal data and how to exercise your rights against them. The following categories of personal data would typically be shared with insurers: Scheme membership ID number; marital status and details about spouse/partner; date of birth; information about annual pensions increases; pension/benefit amounts payable; age at retirement; service length and retirement date.
Scheme Actuary
The Scheme Actuary is Matt Farraker of Mercer. The Scheme Actuary is appointed by the Trustees to value the Scheme benefits and, together with Mercer, carry out other calculations in relation to your Scheme benefits. He will use your personal information for this purpose and have a legitimate interest in doing so. He will also use your personal information to comply with his own legal obligations, and may need to share your details with other organisations for legal reasons, such as courts and law enforcement agencies. He may also share it with his own professional advisers, auditors and insurers, IT and data storage providers and other service providers.
The Scheme Actuary processes your personal information, separately from the Trustees, for the legitimate reasons above and for compliance with his own legal obligations as an advisor to the Scheme.
You can find, appended to this notice, more information about what the Scheme Actuary and Mercer do with your personal information.
Sometimes, your information may be used by the Trustees and the Scheme Actuary for statistical research, but only in a form that no longer identifies you personally. In some circumstances the Scheme Actuary may also be able to fulfil the purpose mentioned above using information which the Trustees have anonymised before sharing with them.
How to contact the other people we give your personal information to
Some of the people mentioned above just use your personal information in the way we tell them. However, others (including the Scheme Actuary) may make their own decisions about the way they use this information to provide their services, perform their functions, or comply with their regulatory requirements. In such a case, they have responsibilities as controllers in their own right. This means that they are subject to the same legal obligations as us in relation to your information, and the rights you have in relation to your information apply to them, too.
You should contact the Trustees if you wish to exercise rights against the Scheme Actuary. The Scheme Actuary and the Trustees have agreed how to deal with such requests in their contractual arrangements. If you want any more information from the Scheme Actuary or from any other third party who receives your personal information from us, or to exercise any rights in relation to the information they hold, please contact the Trustees and they will put you in touch with them as appropriate.
How long we keep your personal information for
We need to keep your personal information long enough to make sure that we can satisfy our legal obligations in relation to the Scheme and pay any benefits due to or in respect of you.
The Trustees keep your information for long enough to ensure that, if a query arises in the future about your benefits, they have enough information to deal with it where they have a legal obligation to do so. To meet this aim, the Trustees will keep your information for as long as is necessary to deal with queries (from you or your beneficiaries/other persons who might ask the trustee if they are entitled to payments), complaints (from you or them), and our legal obligations.
Your rights in relation to your personal information
You have rights in relation to the personal information we have about you. You have the right to:
- make a request to have your personal information corrected if it is inaccurate, and completed if it is incomplete;
- in particular circumstances, restrict the processing of your information;
- in particular circumstances, ask to have your information erased;
- request access to your information and to obtain information about how we process it;
- in particular circumstances, move, copy or transfer your information;
- in particular circumstances, object to us processing your information;
- not be subject to automated decision-making including profiling where it produces legal or other significant effects on you.
You can exercise all of these rights free of charge except in some very limited circumstances, and we will explain these to you where they are relevant.
To exercise these rights, please use the Trustees’ contact details, which are set out below. The Trustees can also supply more information about these rights to you, on request.
If you would like more information from the Scheme Actuary, or to exercise your rights against the Scheme Actuary, please contact the Trustees via the Scheme administrator (details below) in the first instance.
Keeping your information safe (including disclosures to third parties and transfers outside the UK)
When we pass your information to a third party, we seek to ensure that they have appropriate security measures in place to keep your information safe and to comply with general principles in relation to data protection. This means (amongst other things) that written terms are needed with them about what they do with the data upon receipt (whether they are processor or controller for their services to the Trustees).
Some of the people we share your information with may process it overseas and if they are not in countries with adequate data protection laws, safeguards will be needed such as the UK’s international data transfer agreement or international addendum to the EU’s standard contractual clauses. There is a transfer that is happening. Mercer and the Scheme Actuary transfer personal information to their group affiliate Marsh McLennan Global Services India Private Limited (“MMGS”) in India for support with the scheme actuarial services. In accordance with UK data protection laws, an adequate safeguard must be in place for the transfer of your personal data to India. Mercer has in place Binding Corporate Rules (“BCR”) with MMGS to protect your personal data. A copy of the BCR can be found online here: http://www.uk.mercer.com/data-protection.html
The UK regulator, the ICO, has approved the BCRs in place. The approval can be found here: https://ico.org.uk/for-organisations/binding-corporate-rules/. The list of parties to the BCRs is available here: https://www.marshmclennan.com/privacy-statement/bcr-entities1.html.
You can contact us for more information about these safeguards including how to obtain a copy of them.
Queries and further information
If you want more information about what we do with your information and what your rights are, please contact the Trustees via the Scheme administrator, Buck, at 0330 123 0355 (phone) and RaytheonPensions@buck.com (email).
If you have concerns about the way we handle your personal information, you can contact the Information Commissioner’s Office or raise a complaint at www.ico.org.uk/concerns, or call its helpline on 0303 123 1113.
Mercer and the Scheme Actuary’s processing activities as controller
- Mercer and the Scheme Actuary collect and Process the following categories of Personal Data (including special categories of data) as controllers:
Details such as a member’s name, date of birth, gender, address, email address, telephone number, employer name, employment and pensionable service periods, salary, nature and details of current and historic pension arrangements, pension amounts, pension contributions, employee benefits, marital status, beneficiary details, bank details, national insurance number, medical records and/or ill-health status in relation to current, former and potential members of Client’s pension scheme; beneficiaries of current, former and potential members of Client’s pension scheme; and representatives of the Client.
- Depending on the scope of its engagement, Mercer (and the Scheme Actuary) will Process Personal Data to provide actuarial services, to comply with its statutory and regulatory obligations, to maintain accounts and records and to conduct analysis in order to improve its products and services.
- Except where Mercer (and the Scheme Actuary) must rely on Client obtaining Data Subjects’ consent to the Processing, the legal grounds Mercer (and the Scheme Actuary) relies on in order to undertake such Processing are the “legitimate interests” ground or “necessary for performance of a contract” ground.
- Mercer and the Scheme Actuary shall retain Personal Data that it Processes in accordance with its document retention and deletion policies and as required by law or in order to defend any actual or possible legal claims.
- Mercer is an affiliate of Marsh & McLennan Companies, Inc. “MMC”, and “MMC Group” shall mean the corporate group of MMC. MMC has adopted processor binding corporate rules in the form of the Processor standard (the “Standard”) in order to provide adequate safeguards for transfers of Personal Data from certain MMC Group Affiliates to certain non-EEA MMC Group Affiliates. The Standard will be made available at https://www.uk.mercer.com//data-protection.html.
- The transfer of Personal Data outside of the UK as providing an adequate level of protection for personal data, shall be covered by a framework recognised by the relevant authorities or courts as providing an adequate level of protection for Personal Data, including but not limited to BCRs, Standard Contractual Clauses or the EU-US Privacy Shield Framework.