Norfolk Pension Fund Full Privacy Notice
Full Privacy Notice for Members and Beneficiaries of the Norfolk Pension Fund (Issue 1, May 2018)
This privacy notice is for members and beneficiaries (who will be referred to as "you") of the Norfolk Pension Fund (the "Fund"). It has been prepared by Norfolk County Council (the "Administering Authority", or "we") in its capacity as the administering authority of the Fund and to provide information on how the Fund uses your information. By ‘use’ we mean the various ways it may be processed including storing and sharing the information and is explained further in the sections below.
We also provide further details regarding who we are, how long we use your information for, your rights under the GDPR and how to exercise them on the Norfolk County Council website, which can be viewed by clicking here. Both the Norfolk County Council General Privacy Notice, and this privacy notice, are also available in printed format by contacting the Norfolk Pension Fund on 01603 495923 or by emailing [email protected]
Why we are providing this notice to you
As the Administering Authority of the Fund we hold certain information about you ("personal data") which we use to administer the Fund and to pay benefits from it. This privacy notice is designed to give you information about the data we hold about you, why we have it, where it comes from, how we use it, your rights in relation to it and the safeguards in place to protect it.
The technical bit
The Administering Authority holds personal data about you in its capacity as data controller for the proper handling of all matters relating to the Fund, including its administration and management. This includes the need to process your data to contact you, to calculate, secure and pay your benefits, for statistical and financial modelling and for reference purposes (for example, when we assess how much money is needed to provide members’ benefits and how that money should be invested), and to manage liabilities and administer the Fund generally. Further information about how we use your personal data is provided below.
The legal basis for our use of your personal data will generally be one or more of the following:
a) we need to process your personal data to satisfy our legal obligations as the Administering Authority of the Fund; and
b) we need to process your personal data to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body; and
c) we need to process your personal data for the legitimate interests of administering and managing the Fund and liabilities under it, calculating, securing and paying benefits and performing our obligations and exercising any rights, duties and discretions the Administering Authority has in relation to the Fund; and
d) because we need to process your personal data to meet our contractual obligations to you in relation to the Fund (for example, under an agreement that you will pay additional voluntary contributions to the Fund), or to take steps, at your request, before entering into a contract.
What personal data we hold, and how we obtain it
The types of personal data we hold and process about you can include:
• Contact details, including name, address, telephone numbers and email address.
• Identifying details, including date of birth, national insurance number and employee and membership numbers.
• Information that isused to calculate and assess eligibility for benefits, for example, length of service or membership and salary information.
• Financial information relevant to the calculation or payment of benefits, for example, bank account and tax details.
• Information about your family, dependents or personal circumstances, for example, marital status and information relevant to the distribution and allocation of benefits payable on death.
• Information about your health, for example, to assess eligibility for benefits payable on ill health, or where your health is relevant to a claim for benefits following the death of a member of the Fund.
• Information about a criminal conviction if this has resulted in you owing money to your employer or the Fund and the employer or Fund may be reimbursed from your benefits.
We obtain some of this personal data directly from you. We may also obtain data (for example, salary information) from your current or past employer(s) or companies that succeeded them in business, from a member of the Fund (where you are or could be a beneficiary of the Fund as a consequence of that person’s membership of the Fund) and from a variety of other sources including public databases (such as the Register of Births, Deaths and Marriages), our advisers and government or regulatory bodies, including those in the list of organisations that we may share your personal data with set out below.
Where we obtain information concerning certain "special categories" of particularly sensitive data, such as health information or criminal convictions, extra protections apply under the data protection legislation. We will only process your personal data falling within one of the special categories with your consent, unless we can lawfully process this data for another reason permitted by that legislation. You have the right to withdraw your consent to the processing at any time by notifying the Administering Authority in writing. However, if you do not give consent, or subsequently withdraw it, the Administering Authority may not be able to process the relevant information to make decisions based on it, including decisions regarding the paymentof your benefits.
Where you have provided us with personal data about other individuals, such as family members, dependants or potential beneficiaries under the Fund, please ensure that those individuals are aware of the information contained within this notice.
How we will use your personal data
We will use this data to deal with all matters relating to the Fund, including its administration and management and administer any in house AVC’s. This can include the processing of your personal data for all or any of the following purposes:
• to contact you.
• to assess eligibility for, calculate and provide you (and, if you are a member of the Fund, your beneficiaries upon your death) with benefits.
• to identify your potential or actual benefit options.
• for statistical and financial modelling and reference purposes (for example, when we assess how much money is needed to provide members’ benefits and how that money should be invested).
• to comply with our legal and regulatory obligations as the administering authority of the Fund.
• to address queries from members and other beneficiaries and to respond to any actual or potential disputes concerning the Fund.
• the management of the Fund’s liabilities, including the entering into of insurance arrangements and selection of Fund investments.
• in connection with the sale, merger or corporate reorganisation of or transfer of a business by the employers that participate in the Fund and their group companies.
Organisations that we may share your personal data with
From time to time we will share your personal data with advisers and service providers so that they can help us carry out our duties, rights and discretions in relation to the Fund. Some of those organisations will simply process your personal data on our behalf and in accordance with our instructions. Other organisations will be responsible to you directly for their use of personal data that we share with them. They are referred to as data controllers and we have highlighted them in the table below. You will be able to find out about their own data protection policies (which will apply to their use of your data) on their websites or by contacting them directly.
These organisations include the Fund's:
• Tracing bureaus for mortality screening and locating members – (currently Lexis Nexis)
• Overseas payments provider to transmit payments to scheme member with non-UK accounts - (currently Citibank)
• Printing companies - (currently Norse and Adare)
• Pensions software provider - (currently Heywood and Civica)
• Suppliers of IT, document production and distribution services - (currently Adare)
• Investment adviser – (currently Hymans)
• Additional Voluntary Contribution providers – (currently Prudential, Clerical Medical and Equitable Life)
• Fund Actuary – (currently Hymans)
• Statutory auditor – (currently Ernst & Young)
• External auditor – (currently Ernst & Young)
• Internal auditor – (currently Norfolk Audit Services)
• LGPS National Insurance database – (South Yorkshire Pensions Authority)
• The Department for Work and Pensions
• The Government Actuary’s Department
• The Cabinet Office – for the purposes of the National Fraud Initiative
• The Courts of England and Wales – for the purpose of processing pension sharing orders on divorce
In each case we will only do this to the extent that we consider the information is reasonably required for these purposes.
In addition, where we make Fund investments or seek to provide benefits for Fund members in other ways, such as through the use of insurance, then we may need to share personal data with providers of investments, insurers and other pension scheme operators. In each case we will only do this to the extent that we consider the information is reasonably required for these purposes.
From time to time we may provide some of your data to your employer and their relevant subsidiaries (and potential purchasers of their businesses) and advisers for the purposes of enabling your employer to understand its liabilities to the Scheme. Your employer would generally be a controller of the personal data shared with it in those circumstances. For example, where your employment is engaged in providing services subject to an outsourcing arrangement, the Administering Authority may provide information about your pension benefits to your employer and to potential bidders for that contract when it ends or is renewed.
Where requested or if we consider that it is reasonably required, we may also provide your data to government bodies and dispute resolution and law enforcement organisations, including those listed above, the Pensions Regulator, the Pensions Ombudsman and Her Majesty’s Revenue and Customs (HMRC). They may then use the data to carry out their legal functions.
The organisations referred to in the paragraphs above may use the personal data to perform their functions in relation to the Fund as well as for statistical and financial modelling (such as calculating expected average benefit costs and mortality rates) and planning, business administration and regulatory purposes. They may also pass the data to other third parties (for example, insurers may pass personal data to other insurance companies for the purpose of obtaining reinsurance), to the extent they consider the information is reasonably required for a legitimate purpose.
In some cases these recipients may be outside the UK. This means your personal data may be transferred outside the EEA to a jurisdiction that may not offer an equivalent level of protection as is required by EEA countries. If this occurs, we are obliged to verify that appropriate safeguards are implemented with a view to protecting your data in accordance with applicable laws. Please use the contact details below if you want more information about the safeguards that are currently in place.
We do not use your personal data for marketing purposes and will not share this data with anyone for the purpose of marketing to you or any beneficiary.
How long we keep your personal data
We will only keep your personal data for as long as we need to in order to fulfil the purpose(s) for which it was collected and for so long afterwards as we consider may be required to deal with any questions or complaints we may receive about our administration of the Fund, unless we elect to retain your data for a longer period to comply with our legal and regulatory obligations. In practice, this means your personal data will be retained for such period as you (or any beneficiary who receives benefits after your death) are entitled to benefits from the Fund and for a minimum period of 15 years after those benefits stop being paid. For the same reason, your personal data may also need to be retained where you have received a transfer, or refund, from the Fund in respect of your benefit entitlement.
The personal data we hold about you is used to administer your Fund benefits and we may from time to time ask for further information from you for this purpose. If you do not provide such information, or ask that the personal data we already hold is deleted or restricted this may affect the payment of benefits to you (or your beneficiaries) under the Fund. In some cases it could mean the Administering Authority is unable to put your pension into payment or has to stop your pension (if already in payment).
We may update this notice periodically. Where we do this, we will inform you of the changes and the date on which the changes take effect.
Please contact the Norfolk Pension Fund for further information at:
Norfolk Pension Fund
5 St Andrews Hill
Telephone 01603 495923
Email [email protected]
MEMORANDUM OF UNDERSTANDING REGARDING COMPLIANCE WITH DATA PROTECTION LAW
Please click here to view the ‘Memorandum of Understanding regarding Compliance with Data Protection Law, which sets out the respective rights and obligations of participating employers regarding Norfolk Pension Fund member data.