Pension scheme members, beneficiaries and client’s employees
Although much of our work does not involve processing personal data, Sacker & Partners LLP (“We / us/ Sackers”) are, from time to time, given access by our clients to personal data relating to a range of individuals so that we can use it to provide our advice.
We generally process such personal data on our clients’ behalf, and in accordance with their instructions, as a “Data Processor”. This is because it is our client that determines the purpose and means for which such personal data is collected and used.
However, we may on occasion, when advising, act as a “Data Controller”. We could also become a Data Controller in respect of such personal data if we need to retain it as part of our client files and documentation after the end of our engagement with a client for legal, regulatory, compliance or risk management reasons.
This privacy notice is intended to provide information about how we use such personal data when acting as a Data Controller.
Who might we hold personal data about?
We may hold personal data about a range of individuals where this is relevant to our clients’ matters.
For example, we may hold personal data about:
- members, former members, and prospective members of a pension scheme and their dependants and other beneficiaries;
- potential beneficiaries of survivors’ pensions or lump sum death benefits;
- persons claiming to be members of a pension scheme or to have entitlement to pension benefits;
- client’s current or former employees or workers;
- persons representing any of the above.
Where we advise employers, we may also hold personal data about their current or former employees or workers.
What personal data do we hold?
The types of personal data we are given depends on the context for which it has been provided. However, it could include many of the types of personal data that would be held by a pension scheme or employer for pension purposes.
For example, we may hold some or all of the following information about a relevant individual:
- name, date of birth, contact details (including postal and email address), gender, age and marital status;
- NI number and relevant tax information;
- information relating to employment and scheme membership history, salary and benefit entitlements;
- information about dependants, beneficiaries and nominees including details of their dates of birth, financial situation and relationship with a member where this is potentially relevant to their eligibility for benefits.
We may in some circumstances hold sensitive personal data (known as special categories of data) such as information which relates to an individual’s health or sexual orientation or criminal activity where this is relevant to their pension and associated benefit arrangements.
What do we use this personal data for?
We use this personal data where this is necessary for us to provide legal services to our clients, to maintain appropriate records of that advice and where relevant, to comply with our legal, regulatory and compliance requirements or for risk management reasons.
We may also use it, where appropriate, for the purposes of defending against legal claims.
What is our legal basis for processing this personal data?
Where we process personal data as a Data Controller for the purpose of providing advice to a client, this processing is necessary for the performance of our contract with our client.
However, we may also process personal data as a Data Controller in order to comply with our own legal or regulatory obligations or where we have a legitimate interest in doing so for the purposes of managing our business or dealing with a complaint or defending a claim.
How do we obtain this personal data?
This personal data is generally provided to us by our clients (either directly or on their behalf). They will therefore be responsible for ensuring it is collected in accordance with relevant data protection requirements and that they have notified the relevant individual, through their privacy information, that the personal data will be shared with us.
We may also occasionally receive it directly from the individual or from third parties such as the courts, the Pensions Ombudsman or an individual’s independent financial adviser or solicitor.
Who has access to this personal data?
Personal data will be shared with our personnel where this is necessary for them to perform their roles. It may also be shared with third parties that we deal with in the operation of our business from time to time. For example, organisations who provide our email, document management and time recording systems and confidential waste disposal and archiving services.
We may also share such personal data with our relevant clients’ other advisers, or representatives, or with external organisations who are involved in the relevant matter. For example, the courts or Pensions Ombudsman.
Will this personal data be shared outside the European Economic Area (EEA)?
In most circumstances personal data will not be transferred to countries outside the European Economic Area. However, this may occur occasionally where our personnel are accessing the data outside of the EEA on company-issued or company-approved devices that have appropriate and adequate security, where this is in respect of temporary travel outside of the UK.
How do we protect this personal data?
We take the security of personal data very seriously and have measures in place to protect it and to limit access to it. If we share personal data outside Sackers, we will require the recipient to comply with applicable data protection requirements.
How long will we keep this personal data?
We will keep personal data on our client files and related documentation for as long as it is appropriate for us to do so in order for us to advise the relevant client and refer back to that advice and the information that relates to it.
The long-term nature of pension schemes and pension benefits and the potential for advice to be revisited many years later, means that personal data sent to us by clients for the purposes of our advice may be retained over the long term.
If we are retaining personal data held within former client files for our own record keeping purposes we will ensure that this personal data is appropriately protected and only used if it is necessary to refer back to those files at any point.
What rights do individuals have in relation to this personal data?
Individuals will have certain rights in relation to the personal data we hold.
They can ask for a copy of the personal data we hold about them or require us to change it if it is incorrect, incomplete or out of date. In some circumstances, they can also object to processing of their personal data or ask us to restrict processing or to delete their personal data. In some circumstances we may be able to refuse or resist a request. Information will generally be provided free of charge but we reserve the right to charge a reasonable fee in some instances.
More information about data rights can be found at https://ico.org.uk.
If you would like to exercise any of these rights, please email firstname.lastname@example.org.
Who can individuals contact if they have any questions, concerns or complaints about how we handle their personal data?
If individuals have any questions, concerns or complaints about how we handle their personal data they can contact us at email@example.com.
Individuals can also make a complaint to the Information Commissioner using their helpline on 0303 123 1113 or through their website https://ico.org.uk.