DATA PROTECTION – PRIVACY NOTICE
1. Introduction and General Terms
(a) This Privacy Notice sets out how United Glass Pension Plan Trustee Limited, the trustee of the United Glass Pension Plan, (“Trustee”, “we”, “us”, “our”) obtains, uses and protects any personal information that you provide to us, or that is otherwise obtained or generated by us, and which relates to you or to any individual connected with you.
(b) This Privacy Notice is effective from 01 December 2019.
(c) This Privacy Notice explains the following:
Paragraph 2 – what information we may collect about you;
Paragraph 3 – what we may use your information for;
Paragraph 4 – how long we retain your records;
Paragraph 5 – with whom we may share your information;
Paragraph 6 – your rights regarding the personal information you provide to us;
Paragraph 7 – what if you do not provide us with your personal information;
Paragraph 8 – keeping your information safe;
Paragraph 9 – changes to our Privacy Notice;
Paragraph 10 – how to contact us;
(d) When you, any of your dependants or relatives or your employer provides us with your personal information, we will process that information as outlined in this Privacy Notice.
(e) The data controller of your personal information is United Glass Pension Plan Trustee Limited, a company registered in England under number 2392335 whose registered office is at PO Box 6068, Edinburgh Way, Harlow, Essex CM20 2UG
(f) In some circumstances the actuary to the Plan, Paul Houghton of Barnett Waddingham, and Barnett Waddingham will also be data controllers in relation to the personal data you provided. The role of the Plan actuary is to assist the Trustee to determine how much money it needs to fund the Plan and also to calculate certain member benefits. The Plan actuary and Barnett Waddingham (where applicable) will process your personal data in accordance with this Privacy Notice. Other professional advisers, such as Allen & Overy LLP, the Plan’s legal advisers, and Ernst & Young, the auditors to the Plan, may also be the data controllers in relation to your personal information and have to comply with their own legal obligations, industry codes and standards when processing your data. Where these organisations are data controllers a copy of their privacy notice is available on request to you.
Barnett Waddingham LLP: Barnett Waddingham LLP, a company registered in England under number OC307678 whose registered office is at 2 London Wall Place, London, EC2Y 5AU.
Plan actuary: Paul Houghton, Barnett Waddingham LLP, Decimal Place, Chiltern Avenue, Amersham HP6 5FG.
2. Information we may collect about you
What types of personal information may we collect about you?
(a) Personal information broadly means information that identifies (or which could, with other information that we hold or are likely to hold, identify) a living individual. This would therefore include any information provided to us in relation to your actual, past or potential membership of the United Glass Pension Plan (the “Plan”) or receipt of benefits from the Plan.
(b) We may hold any or all of the following personal information about you:
- personal details such as your name, gender, age, date of birth, email address, postal address, telephone or mobile number, description of physical or mental health and identifiers such as National Insurance number;
- family, lifestyle and social circumstances such as details about current marriage and partnerships and marital history, details of family and dependants;
- employment details such as pensionable pay, length of service and, in relation to an application for an ill health pension, your job title, job responsibilities and any other information required to determine whether you are able to carry out your job; and
- financial details such as income, salary, assets and investments, bank account details to process pension payments, tax code, and benefits.
We may also process other information about you which reveals information about your health status, such as information related to your physical or mental health, including the provision of health care services, or data relating to your sexual orientation (“Special Category Data”). Where we collect these types of information about you, we will take appropriate steps to get your consent to our collection and use of this information.
How do we collect personal information about you?
(c) We would collect your personal information when you, any of your dependants or relatives or your employer contacts us by phone, email or post. We would also obtain your information where this is provided through any other discussions or correspondence that you, any of your dependants or relatives or your employer may have with us. The Trustee may also collect personal information about you from other third parties including tracing agencies and from public sources.
3. What we may use your information for and why
We will use your personal information for a number of purposes, as set out in the table below. For each purpose we have also set out why we are able to process your information in this way (i.e. our legal basis for processing your personal information). In general, the Trustee’s legal basis for processing your personal information is that this information is necessary for the purposes of both our and your legitimate interest to administer the Plan properly and ensure that you are paid the correct benefits in accordance with the Plan’s governing documentation. There will also be occasions where we are required to process your personal information in a specific way in order to comply with our legal obligations.
|We use your|
|This means that processing your|
personal information allows us to
|Do we have to process your personal|
information in this way?
|– administer the Plan including to process data to calculate and pay benefits;|
– carry out our obligations arising from
any agreement that we have with or
concerning you and to provide you with
the information, benefits and services
that you request from us;
|Yes, it is necessary for us to process|
your personal information so that we
can administer the Plan and provide you
with our services (including the payment of your benefits) and ensure that those benefits are provided in compliance with our legal obligations as Trustee of the Plan.
interact with you
|– use information in relation to any|
correspondence (including queries
relating to your membership of the Plan)
related to the administration of the Plan;
– provide you with information about
|Yes, it is necessary for us to process|
your personal information to provide
you with information about the Plan and
respond to any queries that you may
have, so that you are aware of your
benefits and entitlements in compliance
with our legal obligations as Trustee of the Plan
|Manage our day-to-day operations||– keep internal records about your|
membership of the Plan;
|Yes, it is necessary for us to keep|
internal records so that we can
effectively communicate with you, your
dependants and relatives and your
employer (if applicable) about your
membership of the Plan and your
entitlements. We need to keep these
records to comply with our legal
obligations as Trustee of the Plan. It is
also in your and our legitimate interests
to keep up to date and accurate
information in relation to our members
so that we can pay you the correct
benefits at the correct time.
|– carry out risk management activities|
along with the Principal Employer of the
Plan, the Plan actuary and our advisers
such as assessing employer risk,
contingency planning and funding
|Yes, it is in your and our legitimate interests to manage the risks to the Plan so that risks to the payment of your benefits are minimised.|
|– comply with any present or future law,|
rule, regulation, guidance or directive, and complying with any industry or professional rules and regulations or any applicable voluntary codes;
– comply with demands or requests made
by local and foreign regulators, governments and law enforcement
authorities, and complying with any subpoena or court process, or in connection with any litigation;
|Yes, we sometimes need to process your data in order to comply with our legal obligations, for example our obligations to keep up to date and accurate information in relation to our members so that we can pay the benefits that members are entitled to in accordance with the governing documentation of the Plan.|
It is in our legitimate interest to comply with all laws, guidance and codes that apply to us, as well as with data requests from regulators, governments, courts, law enforcement and tax authorities to ensure that the Plan is well run and compliant.
|Improve our day-to-day operations||– handle that information in connection|
with any sale, merger, acquisition, disposal, recognition or similar change
involving the Plan;
|Yes. It is in your and our legitimate interest to be able to process your personal information in these circumstances so that we can minimise any disruption to the Plan if there is ever a restructuring of the Plan and ensure that members’ benefits are paid.|
|– use your data in research which assists|
actuaries – for example research into the
mortality experience (life expectancy) of pension scheme members in general. This may include the provision of data on a no-names basis to a recognised external authority, for example to the Continuous Mortality Investigation (CMI) which investigates mortality experience on behalf of the Institute and Faculty of Actuaries.
|Yes. It is in your and our legitimate|
interest to be able to process your
personal information in these
circumstances so that we properly
understand the liabilities under the Plan
and make accurate provision for
meeting these liabilities.
As mentioned in paragraph 2 above, we may also need to process Special Category Data in order to be able to carry out the activities set out in the table above. To the extent that we collect Special Category Data, we will process it on the basis that it is necessary for the purposes of both our and your legitimate interest to administer the Plan properly and ensure that you are paid the correct benefits in accordance with the Plan’s governing documentation. There will also be occasions where we are required to process Special Category Data in order to comply with our legal obligations.
4. How long do we retain your records?
We will hold your personal information on our systems for as long as is necessary in order to carry out the relevant activities or services listed above. However, in certain circumstances it may be necessary for the Plan to continue to process your information after you have opted out of the Plan or stopped receiving any benefits from us, for example the Trustee may need to prove that it no longer holds a liability in relation to you.
5. With whom we may share your information
(a) We may share or disclose your information to any of the following recipients:
• the Plan’s administrator, the Plan’s actuary, sponsoring employers and the counterparties to the Plan’s investments;
• our service providers, professional advisers and auditors;
• local or foreign regulators, governments, law enforcement and tax authorities;
• local and foreign courts, tribunals and arbitrators or other judicial committees;
• insurance companies;
• persons in connection with any sale, merger, acquisition, disposal, reorganisation or similar change to the Plan or the sponsoring employers (including any potential or actual purchaser of the sponsoring employers or their parent companies and that purchaser’s advisors).
We will take appropriate legal, organisational and technical measures to protect your information consistent with applicable privacy and data security laws.
6. Your rights regarding the personal information you provide to us
(a) You have the right:
• to request information regarding the processing of your personal information, including to be provided with a copy of your personal information;
• to request the correction and/or deletion of your personal information, or object to the processing of your personal information. However, please note that this right does not apply in most situations, since we will normally have a legitimate interest in continuing to process your data for the purposes of the Plan and, to comply with our legal obligations under the Plan;
• to request to obtain and reuse your personal information for your own purposes across different services; and
• to complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation for damages or distress incurred or suffered in consequence of unlawful processing of your personal information.
(b) If you would like access to the information that we hold about you, if any of the information we hold about you is inaccurate or out of date, or if you object to us processing it, please let us know by emailing us at email@example.com, or writing to us at Buck (Derby), PO Box 322, Mitcheldean Gloucestershire GL14 9BH
7. What if you do not provide us with your personal information
We may not be able to perform actions necessary to achieve the purposes set out above and you may not be able to make use of the services offered by us if you do not provide us with personal information that we may need
to comply with our statutory or contractual obligations, as set out in the table in paragraph 3, above.
8. Keeping your information safe
Transfers of your information
(a) We may transfer, store, or process your personal information outside the European Economic Area (EEA). Where the countries to which your personal information is transferred may not offer an equivalent level of
protection for personal information to the laws of the UK, we will take reasonable steps to ensure that your information is treated securely and in accordance with this Privacy Notice. This may include our entering into data transfer agreements based on the model clauses approved by the European Commission, to ensure that third parties to whom we transfer information in those countries nevertheless commit to ensuring an adequate level of protection for your personal information.
(b) Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the safety of your information transmitted via email; any transmission is at your own risk. Once we have received your information, we will use reasonable procedures and security features to try to prevent unauthorised access.
9. Changes to our Privacy Notice
This Privacy Notice may be updated from time to time. Any substantive changes we make to our Privacy Notice in the future will be notified to you and will become effective 5 days after the date of the notice.
If you have any questions, comments or requests regarding any aspect of this Privacy Notice, please do not hesitate to contact us at:
Denise Parker, Pensions Manager and Secretary to the Trustee