UGPP Privacy Notice

DATA PROTECTION – PRIVACY NOTICE

1. Introduction and General Terms

(a) This Privacy Notice sets out how United Glass Pension Plan Trustee Limited, the trustee of the United Glass Pension Plan, (“Trustee”, “we”, “us”, “our”) obtains, uses and protects any personal information that you provide to us, or that is otherwise obtained or generated by us, and which relates to you or to any individual connected with you.

(b) This Privacy Notice is effective from 01 December 2019.

Paragraph 2 – what information we may collect about you;

Paragraph 3 – what we may use your information for;

Paragraph 4 – how long we retain your records;

Paragraph 5 – with whom we may share your information;

Paragraph 6 – your rights regarding the personal information you provide to us;

Paragraph 7 – what if you do not provide us with your personal information;

Paragraph 8 – keeping your information safe;

Paragraph 9 – changes to our Privacy Notice;

Paragraph 10 – how to contact us;

(d) When you, any of your dependants or relatives or your employer provides us with your personal information, we will process that information as outlined in this Privacy Notice.

(e) The data controller of your personal information is United Glass Pension Plan Trustee Limited, a company registered in England under number 2392335 whose registered office is at PO Box 6068, Edinburgh Way, Harlow, Essex CM20 2UG

(f) In some circumstances the actuary to the Plan, Paul Houghton of Barnett Waddingham, and Barnett Waddingham will also be data controllers in relation to the personal data you provided. The role of the Plan actuary is to assist the Trustee to determine how much money it needs to fund the Plan and also to calculate certain member benefits. The Plan actuary and Barnett Waddingham (where applicable) will process your personal data in accordance with this Privacy Notice. Other professional advisers, such as Allen & Overy LLP, the Plan’s legal advisers, and Ernst & Young, the auditors to the Plan, may also be the data controllers in relation to your personal information and have to comply with their own legal obligations, industry codes and standards when processing your data. Where these organisations are data controllers a copy of their privacy notice is available on request to you.

Contact details:

Barnett Waddingham LLP: Barnett Waddingham LLP, a company registered in England under number OC307678 whose registered office is at 2 London Wall Place, London, EC2Y 5AU.

Plan actuary: Paul Houghton, Barnett Waddingham LLP, Decimal Place, Chiltern Avenue, Amersham HP6 5FG.

2. Information we may collect about you

What types of personal information may we collect about you?

(a) Personal information broadly means information that identifies (or which could, with other information that we hold or are likely to hold, identify) a living individual. This would therefore include any information provided to us in relation to your actual, past or potential membership of the United Glass Pension Plan (the “Plan”) or receipt of benefits from the Plan.

(b) We may hold any or all of the following personal information about you:

personal details such as your name, gender, age, date of birth, email address, postal address, telephone or mobile number, description of physical or mental health and identifiers such as National Insurance number;
family, lifestyle and social circumstances such as details about current marriage and partnerships and marital history, details of family and dependants;
employment details such as pensionable pay, length of service and, in relation to an application for an ill health pension, your job title, job responsibilities and any other information required to determine whether you are able to carry out your job; and
financial details such as income, salary, assets and investments, bank account details to process pension payments, tax code, and benefits.

We may also process other information about you which reveals information about your health status, such as information related to your physical or mental health, including the provision of health care services, or data relating to your sexual orientation (“Special Category Data”). Where we collect these types of information about you, we will take appropriate steps to get your consent to our collection and use of this information.

How do we collect personal information about you?

(c) We would collect your personal information when you, any of your dependants or relatives or your employer contacts us by phone, email or post. We would also obtain your information where this is provided through any other discussions or correspondence that you, any of your dependants or relatives or your employer may have with us. The Trustee may also collect personal information about you from other third parties including tracing agencies and from public sources.

3. What we may use your information for and why

We will use your personal information for a number of purposes, as set out in the table below. For each purpose we have also set out why we are able to process your information in this way (i.e. our legal basis for processing your personal information). In general, the Trustee’s legal basis for processing your personal information is that this information is necessary for the purposes of both our and your legitimate interest to administer the Plan properly and ensure that you are paid the correct benefits in accordance with the Plan’s governing documentation. There will also be occasions where we are required to process your personal information in a specific way in order to comply with our legal obligations.

We use your personal information to	This means that processing your personal information allows us to	Do we have to process your personal information in this way?
Administer the Plan	– administer the Plan including to process data to calculate and pay benefits; – carry out our obligations arising from any agreement that we have with or concerning you and to provide you with the information, benefits and services that you request from us;	Yes, it is necessary for us to process your personal information so that we can administer the Plan and provide you with our services (including the payment of your benefits) and ensure that those benefits are provided in compliance with our legal obligations as Trustee of the Plan.
Contact and interact with you	– use information in relation to any correspondence (including queries relating to your membership of the Plan) related to the administration of the Plan; – provide you with information about your benefits;	Yes, it is necessary for us to process your personal information to provide you with information about the Plan and respond to any queries that you may have, so that you are aware of your benefits and entitlements in compliance with our legal obligations as Trustee of the Plan
Manage our day-to-day operations	– keep internal records about your membership of the Plan;	Yes, it is necessary for us to keep internal records so that we can effectively communicate with you, your dependants and relatives and your employer (if applicable) about your membership of the Plan and your entitlements. We need to keep these records to comply with our legal obligations as Trustee of the Plan. It is also in your and our legitimate interests to keep up to date and accurate information in relation to our members so that we can pay you the correct benefits at the correct time.
	– carry out risk management activities along with the Principal Employer of the Plan, the Plan actuary and our advisers such as assessing employer risk, contingency planning and funding activities;	Yes, it is in your and our legitimate interests to manage the risks to the Plan so that risks to the payment of your benefits are minimised.
	– comply with any present or future law, rule, regulation, guidance or directive, and complying with any industry or professional rules and regulations or any applicable voluntary codes; – comply with demands or requests made by local and foreign regulators, governments and law enforcement authorities, and complying with any subpoena or court process, or in connection with any litigation;	Yes, we sometimes need to process your data in order to comply with our legal obligations, for example our obligations to keep up to date and accurate information in relation to our members so that we can pay the benefits that members are entitled to in accordance with the governing documentation of the Plan. It is in our legitimate interest to comply with all laws, guidance and codes that apply to us, as well as with data requests from regulators, governments, courts, law enforcement and tax authorities to ensure that the Plan is well run and compliant.
Improve our day-to-day operations	– handle that information in connection with any sale, merger, acquisition, disposal, recognition or similar change involving the Plan;	Yes. It is in your and our legitimate interest to be able to process your personal information in these circumstances so that we can minimise any disruption to the Plan if there is ever a restructuring of the Plan and ensure that members’ benefits are paid.
Assist with research	– use your data in research which assists actuaries – for example research into the mortality experience (life expectancy) of pension scheme members in general. This may include the provision of data on a no-names basis to a recognised external authority, for example to the Continuous Mortality Investigation (CMI) which investigates mortality experience on behalf of the Institute and Faculty of Actuaries.	Yes. It is in your and our legitimate interest to be able to process your personal information in these circumstances so that we properly understand the liabilities under the Plan and make accurate provision for meeting these liabilities.

As mentioned in paragraph 2 above, we may also need to process Special Category Data in order to be able to carry out the activities set out in the table above. To the extent that we collect Special Category Data, we will process it on the basis that it is necessary for the purposes of both our and your legitimate interest to administer the Plan properly and ensure that you are paid the correct benefits in accordance with the Plan’s governing documentation. There will also be occasions where we are required to process Special Category Data in order to comply with our legal obligations.

4. How long do we retain your records?

We will hold your personal information on our systems for as long as is necessary in order to carry out the relevant activities or services listed above. However, in certain circumstances it may be necessary for the Plan to continue to process your information after you have opted out of the Plan or stopped receiving any benefits from us, for example the Trustee may need to prove that it no longer holds a liability in relation to you.

5. With whom we may share your information

(a) We may share or disclose your information to any of the following recipients:

• the Plan’s administrator, the Plan’s actuary, sponsoring employers and the counterparties to the Plan’s investments;
• our service providers, professional advisers and auditors;
• local or foreign regulators, governments, law enforcement and tax authorities;
• local and foreign courts, tribunals and arbitrators or other judicial committees;
• insurance companies;
• persons in connection with any sale, merger, acquisition, disposal, reorganisation or similar change to the Plan or the sponsoring employers (including any potential or actual purchaser of the sponsoring employers or their parent companies and that purchaser’s advisors).

We will take appropriate legal, organisational and technical measures to protect your information consistent with applicable privacy and data security laws.

6. Your rights regarding the personal information you provide to us

(a) You have the right:

• to request information regarding the processing of your personal information, including to be provided with a copy of your personal information;
• to request the correction and/or deletion of your personal information, or object to the processing of your personal information. However, please note that this right does not apply in most situations, since we will normally have a legitimate interest in continuing to process your data for the purposes of the Plan and, to comply with our legal obligations under the Plan;
• to request to obtain and reuse your personal information for your own purposes across different services; and
• to complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation for damages or distress incurred or suffered in consequence of unlawful processing of your personal information.

(b) If you would like access to the information that we hold about you, if any of the information we hold about you is inaccurate or out of date, or if you object to us processing it, please let us know by emailing us at unitedglass@buck.com, or writing to us at Buck (Derby), PO Box 322, Mitcheldean Gloucestershire GL14 9BH

7. What if you do not provide us with your personal information

We may not be able to perform actions necessary to achieve the purposes set out above and you may not be able to make use of the services offered by us if you do not provide us with personal information that we may need
to comply with our statutory or contractual obligations, as set out in the table in paragraph 3, above.

8. Keeping your information safe

Transfers of your information

(a) We may transfer, store, or process your personal information outside the European Economic Area (EEA). Where the countries to which your personal information is transferred may not offer an equivalent level of
protection for personal information to the laws of the UK, we will take reasonable steps to ensure that your information is treated securely and in accordance with this Privacy Notice. This may include our entering into data transfer agreements based on the model clauses approved by the European Commission, to ensure that third parties to whom we transfer information in those countries nevertheless commit to ensuring an adequate level of protection for your personal information.

(b) Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the safety of your information transmitted via email; any transmission is at your own risk. Once we have received your information, we will use reasonable procedures and security features to try to prevent unauthorised access.

9. Changes to our Privacy Notice

This Privacy Notice may be updated from time to time. Any substantive changes we make to our Privacy Notice in the future will be notified to you and will become effective 5 days after the date of the notice.

10. Contact

If you have any questions, comments or requests regarding any aspect of this Privacy Notice, please do not hesitate to contact us at:

Denise Parker, Pensions Manager and Secretary to the Trustee
Phone:01279 773074
Email: ugpp@o-i.com

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
_mailmunch_visitor_id	never	Mailmunch sets this cookie to create a unique visitor ID for the Mailmunch mailing list software.
_schn	session	No description available.
_scid	1 year 1 month	This cookie is set by Snapchat to store Snapchat Pixel unique ID of the User.
autolaunch_triggered	past	The autolaunch_triggered cookie is used by Okta to indicate whether the user has launched an app from the Okta dashboard or not. This cookie helps Okta to optimize the user experience and provide relevant suggestions. The cookie expires after 30 minutes of inactivity or when the browser is closed.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
incap_ses_1185_1816097	session	No description
incap_ses_1319_1816097	session	No description
incap_ses_1579_1816097	session	No description
incap_ses_1582_1816097	session	No description
incap_ses_373_1816097	session	No description
incap_ses_452_1816097	session	No description
incap_ses_459_1816097	session	No description
incap_ses_872_1816097	session	No description
incap_ses_874_1816097	session	No description
incap_ses_9153_1816097	session	No description
incap_ses_9206_1816097	session	No description
incap_ses_9210_1816097	session	No description
incap_ses_9218_1816097	session	No description
lang	session	LinkedIn sets this cookie to remember a user's language setting.
langOI	1 day 4 hours	This cookie saves the user's preferred language for this website. No personally identifiable information is stored here.
li_gc	5 months 27 days	No description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
mailmunch_second_pageview	never	Mailmunch sets this cookie to manage subscription service to mailing lists.
mid	2 years	The mid cookie is set by Instagram to personalise user experience by remembering user preferences and settings.
ppwp_wp_session	30 minutes	No description
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
X-AB	1 day	Cookie associated with embedding content from Snapchat.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_3VZZNTFK6B	2 years	This cookie is installed by Google Analytics.
_ga_8LXKHSK1EM	2 years	This cookie is installed by Google Analytics.
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
_gat_UA-10167707-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
AnalyticsSyncHistory	1 month	No description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
sid	past	The sid cookie contains digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_pin_unauth	1 year	This cookie is placed by Pinterest Tag when the user cannot be matched. It contains a unique UUID to group actions across pages.
_tt_enable_cookie	1 year 24 days	No description
_ttp	1 year 24 days	No description
muc_ads	2 years	No description
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
sc_at	1 year 24 days	The cookie is set by Snapchat to show relevant ads to the users by tracking user behaviour on Snapchat.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_hjSession_2922349	30 minutes	No description
_hjSessionUser_2922349	1 year	No description