ENSIGN RETIREMENT PLAN (“ENSIGN”)
Ensign Retirement Plan Trustees Limited (the “Trustee“, “we, “our“) is committed to protecting and respecting your privacy. This Privacy Notice explains the types of personal information we collect, how we use that information and who we share it with in order to properly manage and administer Ensign, and also sets out how we protect that information.
Please read the following carefully to understand our views and practices regarding your personal information, and how we will treat it.
Who we are
We, the Trustee, are the ‘data controller’ for the purposes of data protection legislation. Our registered office and correspondence address is c/o BDO LLP, 31 Chertsey Street, Guildford, Surrey, GU1 4HD, United Kingdom.
For members, beneficiaries or any individual with a query or complaint in relation to Ensign: The Trustee’s representative is Aegon (the trading name of Scottish Equitable plc), as administrator of Ensign, who may be contacted about any privacy questions you may have using the contact details below.
For employers, Trustee Directors and third-party service providers: The Trustee’s representative is Rock Pensions (the trading name of Rock Strategic Consulting Ltd), who may be contacted about any privacy questions you may have at firstname.lastname@example.org.
Information covered by this Privacy Notice
This Privacy Notice covers all personal information collected and used by the Trustee. “Personal data” or “personal information” means information that (either in isolation or in combination with other information held by us) enables you to be identified as an individual or recognised directly or indirectly. This may include the types of information set out below.
What information do we collect from or about you?
Information we receive from you or your employer:
When your employer enrolled you into Ensign, they provided us with personal information about you as required by law. Your employer, or a third-party payroll provider chosen by your employer, will continue to provide us with personal information about you whilst you remain a member of Ensign and in their employment.
You, or your delegate, may also provide us with personal information about you when you correspond with us. This may be to inform us of a change of address or amend your nomination form.
The information we may receive from you, your delegate or your employer may include the following:
- Information about you, such as name, date of birth, sex, postal address, email address, phone number, bank details, national insurance number, HMRC details and passport number;
- Information about your health, such as in the context of ill-health application forms;
- Information about your family, such as current marriage and partnerships and marital history, details of family and dependants;
- Information about your employment history, such as pensionable pay, length of service, employment and career history, recruitment and termination details, attendance record, health and safety records, security records, job title and job responsibilities, financial details such as income, salary, assets and investments, bank account details to process pension payments, benefits, grants and insurance details.
Information we may collect when you visit our website:
- Technical information, including your IP address, browser type and version, device identifier, location and time zone setting, browser plug-in types and versions, operating system and platform, page response times, and download errors;
- Information about your visit, including the websites you visit before and after our website;
- Length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers) and methods used to browse away from the page.
Information we receive from other sources:
If you are a member of Ensign, we may receive information about you from third parties. These could include another pension scheme if you are transferring in benefits, a third-party agency if we’ve lost contact with you, anyone entitled to benefit under your membership of Ensign, your next of kin or (with your consent) from registered medical practitioners.
Some of the personal information you provide may be sensitive personal information, such as details about your health in the case of an application for ill-health early retirement. In these circumstances, you will be asked to provide consent. This will enable the Trustee to process your sensitive personal information for the purposes set out in the form. Occasionally, where it is not possible to obtain your consent, we may alternatively process such sensitive information which we receive from third parties where this is necessary for the purposes of carrying out our obligations, the establishment, exercise or defence of legal claims, or exercising our or your specific rights under employment, social security and social protection law, or where this is necessary to protect your vital interests.
If you are a beneficiary nominated by a member, we may receive information about you from a member who nominates you to be a beneficiary of Ensign. For example, a member may nominate you to receive lump sum death benefits in the event of their death.
How do we use your personal information?
Who may use your personal information?
We share your personal information with third parties, where this is necessary to administer Ensign and/or comply with contractual obligations relating to it.
We share your personal information with the following third-party organisations:
- Executive services
Rock Pensions (the trading name of Rock Strategic Consulting Ltd) provides certain pensions management, executive and secretarial services to the Trustee and will require access to your personal information in order to carry out those functions. Rock Pensions will process your personal information on our behalf as our data processor.
- Ensign’s administrator
We have appointed Aegon (the trading name of Scottish Equitable plc) as administrator of Ensign (we may change this appointment from time to time, in which case we will update this notice) (the “Administrator“). The Administrator carries out the pensions administration services on behalf of the Trustee and is data controller in respect of your personal data that is required to carry out those services. These services include the ongoing administration of your personal account, responding to requests or complaints and providing information to members. Aegon’s privacy notice, which includes more information about how Aegon processes your data, can be found on the Aegon website or TargetPlan (https://lwp.aegon.co.uk/targetplan/).
- Participating employers of Ensign
This may include your former, current or prospective employer. Your personal information will only be shared with these entities to the extent that this is necessary for the administration of your pension benefits.
- Other third-party service providers
- In certain circumstances, we share your personal information with third-party organisations such as auditors and legal advisors who may also be data controllers in relation to your personal information.
- Other third-party organisations such as investment consultants may also process personal information on our behalf as data processors. We ensure that your information is kept secure by checking that their security measures are adequate and by entering into agreements with such third parties which specify that they must only process personal information on our behalf and according to our instructions.
A list of advisors, with whom we may share your personal information, can be found on the Ensign website at http://www.ensignpensions.com/about-ensign/partners/.
- Third parties permitted by law
- In certain circumstances, we may be required to disclose or share your personal information in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal information to the police, local or foreign regulators or to judicial or administrative authorities).
- We may also disclose your personal information to third parties where disclosure is both legally permissible and necessary to protect or defend our rights or protect your rights or those of the public.
Any personal information held by us and any third-party will be treated as confidential. We will not sell your personal information to third parties.
Where we store your personal information
The personal information that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom (“UK“). In particular, some of the personal data we collect may be transferred to and stored in India. Your personal data may also be processed by staff operating outside the UK who work for us or for one of our service providers. We will take all steps necessary to ensure that your personal information is treated securely and in accordance with this Privacy Notice and applicable data protection laws, including, where relevant, entering into standard contractual clauses (or equivalent measures) with the party outside the UK receiving the personal information.
You have the legal right to request details of the personal information that we hold about you, to ask us to stop processing your information where you have previously consented to us doing so, to have it corrected or deleted in certain circumstances, and not to be contacted by us if you do not wish to be.
Your right to access the information we hold about you
You can request access to the information we hold about you by contacting us using the contact details set out below. Our file of your information will usually be made available to you within 30 days, although occasionally we may not be able to give you access to the personal information we hold about you (for example, we may not be able to give you access if it would unreasonably affect someone else’s privacy or if giving you access poses a serious threat to someone’s life, health or safety). Please note that we may apply an administrative charge for providing access to your information in certain circumstances. Any such charge will be reasonable and we will advise you of the charge and obtain your consent before providing you with access to your personal information. Please note that if you request a copy of your data using electronic means (such as email), then we will provide a copy of your information in electronic form unless you ask us to do otherwise.
Your right to have your information corrected or deleted
If any of the information we hold about you is inaccurate or out of date, such as the information included in your benefit statement, or you would like it deleted, please email your request to email@example.com and we will consider your request as soon as possible.
Your right to object to us processing your personal information
Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
Your right to restrict processing of your personal data
You have the right to restrict our processing of your personal information where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
Your right to have your personal information transmitted to another organisation
Where we hold personal information about you that you have provided to us or that has been generated by your activity as a member of Ensign, and we hold this information with your consent, you have the right to ask us to provide you with the personal information we hold about you in a structured, commonly used and machine-readable format and, where technically feasible, to transmit that personal information to another organisation.
Your right to withdraw consent to your data being processed
If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge.
Making a complaint
We would be happy to address any concerns you have directly and as a first port of call. If you believe that we have not complied with applicable data protection laws and you have a need to escalate your complaint, you have the right to lodge a complaint.
The address for the UK data protection authority is as follows:
Information Commissioner’s Office
Water Lane, Wilmslow
Cheshire, SK9 5AF
Tel. +44 (0)303 123 1113
If you have any questions or concerns about how we treat your personal information, you wish to ask us to stop processing your personal information, or you would like to request a copy of the personal information we hold about you, please contact the Administrator at firstname.lastname@example.org or by writing to us at:
Aegon Workplace Investing
Please include your reply address when you write to us.
How long do we keep your personal information?
Your personal information is stored by us and/or our service providers strictly to the extent necessary for the performance of our obligations, and for the time necessary to achieve the purposes for which the information is collected, in accordance with applicable data protection laws and our data retention policy. In the context of providing pension benefits, this period is extensive. We will typically store your personal information for the life of Ensign (or, in the event that Ensign were to wind up, for 15 years after such time). Retention of your personal information enables us:
- to process and pay your benefits and benefits that may be payable after your death;
- to respond to queries from members or your beneficiaries about your correct benefit entitlement, which queries may be received many years after members have transferred out or taken a refund of contributions or made elections to change their benefits; and
- to respond to legal claims.
When we no longer need to use your information, we will remove it from our systems and records and/or take steps to properly anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject).
How do we keep your personal information secure?
Any information held by the Trustee is stored electronically within a secure portal. Your information is protected through the use of password protection, user access restrictions and encryption.
The Trustee take steps to confirm that any third-party service provider that collects and stores personal data, whether in hard copy or electronic format, on behalf of the Trustee, acting as processor, has taken appropriate technical and organisational steps to ensure the security of your personal data. Such measures may include holding hard copy data in physical storage units with appropriate security restrictions or, in relation to personal information held electronically, password protecting computers and laptops and using secure portals for the transfer of documents.
As part of these security measures, you will be required to give proof of your identity before any personal information is disclosed to you.
Changes to this Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, regulatory or operational requirements. We will notify you of any such changes (including when they will take effect). Your continued participation in Ensign after any such updates take effect will constitute acceptance of those changes.