At the Coats Pension Plan, we are committed to ensuring that your privacy is protected and the personal data we hold about you is handled appropriately. The information we hold about you is treated as confidential and is held and processed in accordance with current legislation. This Privacy Notice explains the kinds of data we hold, why we hold it, what we do with it, and your rights in respect of your data. Please read it carefully.
By being a member of the Coats Pension Plan or otherwise providing information to us, you agree to our privacy practices as set out in this Privacy Notice. We may change this Privacy Notice from time to time. You should check this policy frequently to ensure you are aware of the most recent version.
This policy was last updated in May 2018.
If you have any questions regarding this Privacy Notice or about our privacy practices, please contact us at email@example.com or by writing to us at the relevant address set out below in ‘Contact Us’ and marking your query for the attention of the Data Protection Champion.
Who are we?
We are a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
For the purposes of that legislation, the data controller is Coats Pensions Trustee Limited (company number 00837601) of 1 The Square, Stockley Park, Uxbridge, Middlesex, UB11 1TD, acting in its capacity as the trustee of the Coats Pension Plan.
Why do we need to use personal data?
We have a duty to ensure that the Plan is administered properly and that benefits are paid to the members and beneficiaries who are entitled to receive them. We could not do this properly without using personal data. We therefore use your personal data in order to achieve one or more of the following purposes:
- To establish and maintain records of who is eligible to receive benefits from the Plan, including death benefits if a member dies;
- To calculate and pay those benefits, including any tax that may be payable to HMRC; and
- To confirm the identity of people receiving benefits, to ensure we pay the right person.
In addition, we may also need to use personal data to:
- Allow the Plan’s sponsoring employers to understand the make-up of the Plan and how it can manage its liabilities;
- Better understand the Plan’s long-term funding requirements;
- Issue communications and information (whether through us or through third parties);
- Respond to member and third party queries and disputes;
- Prepare the Plan accounts, audits and our reports to the Pensions Regulator;
- Carry out actuarial valuations and calculations for the Plan;
- Decide or advise upon the investment of the Plan’s assets and to implement investment decisions;
- Demonstrate our past compliance with our duties;
- Ensure the Plan’s records are backed-up and new administrative processes are tested before they are put in place; and
- Carry out the general administration of the Plan (for example, to back up data, or ensure trustee directors are properly appointed and conflicts of interest are managed).
Who do we hold personal data about?
Personal data is information that can be used to identify a person. You are reading this Privacy Notice because we hold personal data about you. This means you will fall into one of the following categories of persons about whom we hold data:
- deferred pensioners;
- pensioners (including those in receipt of dependants’ or spouses’ pensions);
- former members/pensioners with no further entitlement under the Plan;
- ex-spouse participants;
- non-members who will or may receive benefits from the Plan (for example, on the death or divorce of a member);
- non-members who have received benefits from the Plan and have no further entitlement;
- non-members who have submitted enquiries; and
- current and former trustee directors.
What personal data do we use?
Depending on the purpose for which we are using it, the personal data we have about you may include:
- Personal details such as your name, national insurance number, date of birth, contact details (e.g. address, phone number or email), marital status and gender;
- Information used to verify your identity such as utility bills, bank statements or government documents (e.g. a council tax bill);
- Employment details such as your employment history, pensionable service records, salary information, contribution records and additional voluntary contribution contract;
- Financial details such as your bank account and tax information; and
- Personal details such as information about family members you have nominated to receive benefits if you die.
We may also use information about what are called ‘special categories’ of your personal data. This is information that data protection legislation says must be treated with extra safeguards given its sensitivity.
The ‘special category’ of your personal data that we may hold is information about your health, including any medical conditions (for example, if you apply for ill-health early retirement). This special category of personal data will only be processed for the purpose of establishing eligibility for benefits, the calculation and payment of those benefits and demonstrating our past compliance with our duties.
How do we collect your personal data?
The data we hold about you may have been collected from you directly, such as when you:
- Applied to join the Plan;
- Write to, phone or e-mail us with a query or complaint;
- Provide us with any additional information, for example through the on-line portal; or
- When you are appointed as a trustee director or as a Plan service provider.
We may also collect data about you from other parties, such as from:
- The Plan’s employers;
- Another pension scheme, if you have transferred benefits into the Plan;
- An existing member of the Plan who gives your details in an expression of wish form or who was your former spouse;
- Your legal representatives/guardian; or
- Service providers who help us trace members with whom we have lost contact.
We also collect data from regulatory authorities (such as The Pensions Regulator) or government departments (such as HMRC or the Department for Work and Pensions).
Who might we share your information with?
In order to achieve the purposes we have outlined above, we may from time-to-time share your personal data with third parties. We will not share your information except when it is appropriate to do so and will always ensure appropriate protections are in place. The categories of recipients of your personal data may include the Plan’s:
- Sponsoring employers and their staff and professional advisers;
- Payroll provider;
- Software providers;
- Auditors and accountants;
- Legal advisers;
- Investment advisers and managers;
- Communications advisers;
- Medical advisers; and
- Other professional service providers, such as pensions consultancies or tracing services.
We may also pass your personal data to third parties with whom you have put us in contact such as another pension scheme to which you wish to transfer, your financial adviser or your GP.
We also share information with official organisations where we are obliged to do so, such as HMRC, the Pensions Regulator and the Pensions Ombudsman.
We do not pass your personal data to any recipient outside of the European Economic Area, with the exception of a small number of partners. We would ensure that any such transfers are carried out with appropriate safeguards in place and in accordance with current data protection legislation.
What legal basis do we have for processing your personal data?
Under data protection legislation, we can only use your personal data if we have a lawful basis for doing so. Subject to certain exceptions (see below), the lawful basis on which we use your personal data is that it is necessary for us to do so to comply with our legal obligation as trustee to administer the Plan so that you can receive the benefits you are entitled to. We may also use your personal data to pursue the legitimate interests we or the Company have in properly running the Plan and understanding how it is made up and its potential future development. We also have a legitimate interest to provide our members with a high quality service.
The law is more restrictive about the lawful bases on which we can use ‘special category’ personal data. To the extent that we use such data, we will do so on the basis of your explicit consent, unless there are other bases on which we may do so (for example, where we are obliged to on the grounds of public interest or in order to comply with our legal obligations). Where we are relying on your consent to process your data, you are free to withdraw this at any time.
What rights to do you have in respect of your personal data?
You have a number of rights. If you have any queries about any of these rights, please contact us using the details set out below in the ‘Contact Us’ section. If you exercise any of these rights, we may ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge except in exceptional circumstances.
If you wish to raise a complaint in relation to our processing of your personal data, you can contact us using the details set out below in the ‘Contact Us’ section. If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law you have the right to lodge a complaint with the data protection regulator, the Information Commissioner’s Office, if you have concerns about how we use your personal information. You can contact the Information Commissioner’s Office at: https://ico.org.uk/global/contact-us/.
Your rights may include:
- transparency over how we use your data and to make a subject access request (right of access);
- a right to have your personal data updated and corrected (right of correction/rectification);
- a right to ask us to delete your information (right to be forgotten);
- a right to ask us to stop processing your information (right to restriction);
- a right to object to processing based on our legitimate interests or automated decision making and profiling (right to object);
- a right ask for a copy of your information, or have this sent to a third party (right to data portability); and
- a right to claim compensation for material or non-material damage caused if we breach the data protection rules (right to compensation).
Please note, for example, where your personal data is required in order to administer the Plan or pay any benefits due to you we would not be obliged to act on a request to delete your information and may continue to process such personal data.
If you would like to find out more about your rights, you can visit the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr).
How long will we keep your personal data for?
We currently retain your personal data indefinitely to allow for the effective administration of your pension and the Plan. We will take reasonable steps to ensure your personal data is adequately protected and processed in accordance with this Privacy Notice.
All information you provide to us is stored on our secure servers.
Communication by email and via our website
For ease of use and compatibility, our email communications (other than payments where applicable) will not be sent in an encrypted form unless you require it and provide the certification to enable us to communicate with you in that way. E-mail, unless encrypted, is not a fully secure means of communication. Whilst we endeavour to keep our systems and communications protected against viruses and other harmful effects we cannot bear responsibility for all communications being virus-free.
Where you have a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. Any transmission is at your own risk.
If you use the feedback (e-mail) facility of our website, information such as your name, e-mail address, type of feedback and other information will be used to respond to you and may be stored for future correspondence. If you do not wish this information to be used in this way, you should not use the feedback facility.
When you visit the website we may collect information such as the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We may also collect information about your visit including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
Our website may, from time to time, contain links to websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these websites. Please check the privacy notices before you submit any personal data to these websites.
If you have a query or any concerns in relation to how we use your personal data, or would like to exercise any of the your rights, please contact our Data Protection Champion by writing to Coats Pensions Office, Cornerstone, 107 West Regent Street, Glasgow, G2 2BA or firstname.lastname@example.org
Privacy Notice review
We regularly review this privacy notice. If you think we’ve got something wrong or missed something out, or you would like more information, please let us know at the above address.
For further information on data protection, please either contact us directly or refer to the ICO’s website https://ico.org.uk
PLEASE READ THIS PRIVACY NOTICE IN CONJUNCTION WITH OUR WEBSITE’S COOKIES POLICY AND TERMS AND CONDITIONS, BOTH OF WHICH CAN BE FOUND IN OUR LEGAL SECTION.