Under General Data Protection Regulation (GDPR) you have the right to control the information we have about you and how it is used. This page sets out your statutory rights under GDPR and the processes adopted by Peninsula Pensions in compliance of those rights.
The right to be informed
This is your right to know how your information is used and who it will be shared with.
We will publish on our website a privacy notice which outlines what personal information that we will hold, who we will share it with and for how long the information will be held.
Should you feel that the information supplied in the Notice is inadequate or that it doesn’t inform you about the how your information is used by us, please contact the Devon County Council’s Data Protection Officer for more information.
The right of access
This is your right to obtain:
- confirmation that your data is being processed
- access to your personal data
- access to policies and information held by Peninsula Pensions about how it uses data
This right enables you to verify that we are using your data appropriately as well as providing you access to obtain copies of the information we hold about you.
You are entitled to see the information we hold about you and can request a copy by making a subject access request.
Copies of the information held will be provided within one month of receiving your request, however, should your request be more complex, we may write to you informing you that your request may take longer confirming the date when the information will be provided.
The right to rectification
You have a right to have your information amended or rectified if you believe it is inaccurate or incomplete.
If you believe any information we hold about you to be incorrect, please use our contact us and we will check the information and amend as necessary.
Alternatively, we have a Member Self-Service Portal for members on our website where you can upload changes to their personal details and request information from us.
The right to erasure/right to be forgotten
This right allows individuals to request a company or body to delete any or all information they hold about them.
However, the right to erasure does not provide an absolute ‘right to be forgotten’.
Individuals have a right to have personal data erased and to prevent processing in specific circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When the individual withdraws consent.
- When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed (ie otherwise in breach of the GDPR).
- The personal data has to be erased in order to comply with a legal obligation.
Peninsula Pensions, in providing statutory duties under the various regulations has determined that it cannot permanently delete a member’s record.
Member details and documentation are required to be retained to enable us to comply with statutory and legal obligations.
However, if a request is made to delete member details or documentation, it will be considered on a case-by-case basis. Please refer to our Privacy Notices page with regards to our ‘Retention Policy’.
The right to restrict processing
You have a right to limit how we use your data, including who we share it with.
A request for your information to be used for limited purposes will not delete the information we hold about you.
Peninsula Pensions has published a privacy notice which outlines how we use your data and who we share it with.
Should you wish us to limit how we use your data please email the Data Protection Officer with the reasons for your request.
The right to data portability
This right enables you to obtain copies of the information we hold about you in a format that is easily transferred to either yourself or another organisation.
This is particularly relevant to members who may choose to transfer out of the pension scheme to another pension provider.
We will provide some of the information we hold about you to your new pension provider in a format that they can use. The transfer would not take place without your consent.
The right to object
In addition to the right to limit the use of your data, you also have a right to object to the use of your data for certain actions.
Peninsula Pensions may share your information with third parties, for example where we outsource our print to mail documents. Under GDPR you can object to us sharing your data with these third parties.
Should you exercise your right to object, it will not limit the information you receive from us, as we may still be required by law to provide you with certain information.
In cases such as this we will take appropriate steps to ensure your request is complied with but that it also fulfils any legal obligation it has to provide you with information or supply services.
The General Data Protection Regulations specifically ensure the protection of children’s data as children may be less aware of the risks and consequences associated with the processing of their personal data.
Any information held by ourselves which relates to the personal data of a child under 13 is held with the consent of the parent or the person with parental responsibility.
Children aged 13 – 16 are generally regarded as having the appropriate level of understanding to provide their own consent for the use of their data, provided the privacy notice has been written in a way they can understand.
What data do we hold?
Peninsula Pensions are required to hold information about its members to enable its management and administration of their pension benefits.
We will not hold any information unless it is necessary for the administration of your pension benefits.
For more information on common and conditional data held by us please visit the Pension Regulator’s website.
Personal data we may hold
Personal data we may hold includes:
- Salary and salary information
- Date of birth
- Criminal records
- Contact details
- Service history
- Employment history
- Marital status
- Dependant details
- Reference number
- Bank details
- Medical records
The personal details that we are required to hold are determined by law and we will not hold any information which is not necessary to the management of member benefits.
The Pension Schemes are regulated by the Pensions Regulator who has adopted Codes of Practice outlining the specific scheme data which is required for us to manage and administer pension benefits.
This data is divided as Common Data (Data all Funds are required to hold about their members) and Conditional Data (Data which is specific to the relevant pension scheme).
Common data includes:
- Date of Birth
- National Insurance Number
- The Date employment began with an eligible employer
- Expected retirement date
- Membership status (Active, Deferred, Retired member)
Conditional data includes:
- Salary and Earnings (including casual hours and overtime)
- Date of joining or leaving the pension scheme
- Date of Retirement (if applicable)
- Contribution history
- Partner history including any pension sharing orders
Who is a data subject?
The General Data Protection Regulation (GDPR) defines individuals whose data we hold as data subjects, we have identified the following types of members as data subjects:
- Active members.
- Potential beneficiaries.
- Former members.
- Deferred members.
Where is my data stored?
We collect and hold records about scheme members’ identities and their time in the scheme in order to calculate and pay out benefits. Record keeping is a vital part of running a scheme and failure to maintain complete and accurate records means administrators are at risk of failing to meet its legal obligations. Crucially, it can affect our ability to complete basic functions such as paying members the right amount at the right time and issuing annual benefit statements as required under the various Pension Scheme Regulations that we must adhere to when managing the pension schemes that we have responsibility for. Your data is stored in:
- computer hardware/software
- cloud-based storage
To assist in the management of data Peninsula Pensions has procured a software management system from providers Heywood. The ALTAIR system is used by ourselves to manage and administer pension benefits, including the calculation and payment of pension payments.
Employers may have access to view their records and member data. Devon County Council support the management of its computer systems and all software is managed in connection with the Council’s information security.
What is your data being used for?
Peninsula Pensions will only use members’ data for the purposes of administering pension benefits. In order to administer those benefits, we are required to undertake certain statutory duties.
Data may be being used for:
- scheme administration
- pensioner payroll administration
- preparing accounts
- actuarial valuations
- exercising discretionary powers
- preventing fraud
Who is processing your data?
In order to comply with our statutory duty to provide pension benefits, there are certain occasions when we are required to share your data with third parties, these may include:
- internal and external auditors
- third-party contractors
- investment advisers
- legal advisers
- actuarial advisers
Your data will be shared in limited circumstances in compliance with our legal duties.