GDPR.

DATA PROTECTION PRIVACY NOTICE

October  2018

Ross Corporate Services is appointed as Secretariat and Pension Manager support to a large number of pension schemes.  It is a data processor in relation to the personal data it receives and processes about scheme members and beneficiaries.

 

Separate scheme privacy notices have been sent to all members and beneficiaries of the schemes to which we are appointed.  This notice explains what we, at Ross Corporate Services, do with member data which we receive and why.

 

What we do with personal data

 

As a data processor, Ross Corporate Services receives and processes personal data from scheme members and beneficiaries for the purposes of complying with its  professional duties in providing Secretariat and Pension Manager support to the Trustee, who will administer the schemes to which they are appointed.  There are also other legitimate purposes for Ross Corporate Services to hold personal data relating to the operation of those schemes, such as providing data to the sponsoring employers to consider the benefit design of their pension schemes and risk management issues.

 

Whilst much of the data Ross Corporate Services holds has been provided by members themselves, it also receives and process data provided by the scheme advisers, sponsoring employers, HMRC, the DWP and regulatory bodies and by tracing organisations.

 

Ross Corporate Services may also receive information from members about their proposed beneficiaries, who may be eligible to receive benefits on their death.  It is important members have obtained the consent of those beneficiaries before providing their data and Ross Corporate Services operates on the basis that this consent has been sought and given.  It would not be possible for us to verify this with the beneficiaries concerned as to do so is likely to seriously impair our ability to properly pay the benefits due under the Schemes.

 

What data do we hold?

 

The data we hold is to assist the Schemes to which we are appointed, with calculating and paying the benefits to which pension scheme members are entitled to.  This includes:

 

  • personal details such as your name, gender, age, date of birth, contact details (e.g. your address and postcode, email, telephone and mobile numbers), and identifiers such as your passport number, National Insurance number, pension or member reference number and employee number (where applicable);
  • details of your family, lifestyle and social circumstances. This could include details about your current marriage or civil partnership, any previous relationships and details of your family and dependants;
  • employment details such as your earnings, length of service, employment and career history, recruitment and termination details, attendance record, health and safety record, job title and job responsibilities;
  • other financial details such as income, salary, assets and investments, bank account details (e.g. to process pension payments), benefits, grants and insurance details; and
  • a description of your physical or mental health (where there is a legal basis for the processing of such data, see below).

Ross Corporate Services  may also hold some special categories or “sensitive” data about individuals for the purposes of administering the schemes (for example in relation to ill-health or death benefits). In most circumstances it processes this data in the performance of its legal obligations in connection with employment, social security and social protection (as allowed by legislation). We may also, typically if considering claims under the schemes’ complaints procedure, process any sensitive data for the purposes of establishing, exercising or defending legal claims.  It may sometimes be necessary to obtain member’s explicit consent to collect this information (even if provided by the member themselves).  If there are any occasions where explicit consent to process sensitive data is obtained, that consent can be withdrawn at any time.

 

 

Who else processes personal data?

 

Ross Corporate Services  may  be instructed to  share your personal data with certain third parties involved in running the schemes, for example, the pensions administrator, the actuary to the relevant pension scheme, legal advisers, the sponsoring employers, the auditor.  All such parties will have been properly selected and formally appointed under terms which safeguard members’ data.

 

In some circumstances those third parties will be a joint data controller, with the Trustees (typically with the actuary to the relevant pension scheme and legal adviser).  Those organisations will process personal data to comply with their professional duties as advisers to the Trustees.  The sponsoring employer, who holds personal data to comply with its legal obligations as the sponsoring employer of the Schemes, will also be a data controller in relation to that personal data. The Employer has a legitimate interest in the Schemes being run in a cost effective way and may have an interest in offering certain options to members and the Trustee will share information with the Employer and its auditors and advisers for this purpose.

 

It is possible that some of these advisers or the employers will, from time to time, transfer data to other countries, including outside the European Economic Area.  Where such transfers are made, the parties involved will ensure adequate safeguards are in place.

 

Storage of personal data

 

Pension benefits are paid over a long period and a member’s right to benefits is often based on information which may go back many years.  Each scheme will have a data policy which stipulates how long personal data will be retained. However, in almost all cases data will be retained at least until the member (or beneficiary) is no longer a member of the scheme or has passed away.  Data will continue to be held for a further appropriate period where it is appropriate to ensure benefits were paid correctly and to deal with any queries which may arise following cessation of membership or death.

 

Data subject rights

 

Anyone on whom Ross Corporate Services holds personal data has the right to access that personal data and require that Ross Corporate Services:

  • rectifies any errors in the data that is held, or
  • erases their personal data (though where the data is required in order to meet Ross Corporate Services  legal obligations, this may be challenged);
  • (in some circumstances) restrict the way personal data is processed;
  • object to its processing or request a copy of personal data held for the purposes of transmitting elsewhere.

Where consent has been provided, that consent may be withdrawn at any time. However if Ross Corporate Services does not hold all the data needed to administer scheme benefits, you may not receive all the benefits to which you are entitled.

Contact details

 

If you have any questions about this notice please contact Ross Corporate Services on:

 

Email: info@rosscorporateservices.com

Address: Ross Trustees – 25 Southampton Buildings, London WC2A 1AL

Tel: 0203 709 9035

 

What if you have a complaint?

 

To make a complaint about how Ross Corporate Services has handled your information, please contact us using the contact details set out above.

If you are not satisfied with the response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office.

Its contact details are:

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone number: 0303 123 1113 or 01625 545 745