Northern Bank Pension Scheme – Privacy Notice
As the Trustee of the Northern Bank Pension Scheme (“Scheme”), we hold certain personal information (known as “personal data”) about Scheme members and, where applicable, their dependants and beneficiaries. Most of the personal data held and processed by the Trustee in running the Scheme will be personal data (in other words, it is information from which you as an individual can be identified).
What information do we collect about you?
Depending on the circumstances and the stage of your membership, the information we need to hold to pay benefits may include:
- Your name, date of birth and gender
- Your address
- Your National Insurance number and, if you are a pensioner, HMRC tax reference/codes
- Your employment service records (including salary records) and pension contribution records, relating to your membership of the Scheme
- Details of your bank account to pay benefits to if you are a pensioner or if we are paying a lump sum to you
- Your marital status, as well as details about your dependants and/or beneficiaries where this is needed so that we can administer the Scheme and pay benefits following your death
- If you receive benefits on grounds of ill health, medical and other details about your health.
How we gather your personal information
Your personal data will generally be collected directly from you or from your employer. However, we may also receive personal data from other parties such as HM Revenue & Customs, the Pensions Ombudsman or someone acting on your behalf, such as an independent financial adviser. If you are receiving a dependant’s benefit from the Scheme, or a benefit resulting from divorce or the dissolution of a civil partnership, we may have been given your personal data by the member or through enquiries undertaken by us on a member’s death. We will not collect any personal data that we do not need.
How do we use that information?
The Trustee needs to hold and process information about you as it is required to administer the Scheme and to calculate and pay benefits. In legal terms, this means that we have a legitimate interest in processing the information. We also keep information about you in order to allow us to comply with our obligations towards members under the Scheme’s governing documents, as well as under relevant legislation.
Personal data relating to the Scheme is held on paper and on computer systems. As the “data controller”, the Trustee must process this information fairly and lawfully.
As part of running the Scheme, we may also need to hold and process particularly sensitive information about you and/or your dependants and beneficiaries. This is known as “sensitive personal data” and for instance includes information that relates to health and/or sexual orientation. Except where the legislation allows it, this information cannot be processed or passed to a third party without your explicit consent.
Who do we share it with?
We are not allowed to share personal data about you with other organisations and people, unless the law allows us to or you have given your consent. As we need to share information with others in order to provide you with benefits, there is a legitimate interest in the Trustee sharing this information. We may also need to share it in order to meet contractual and other legal obligations.
We may need to share personal data with the following:
- The third parties who are responsible for the day-to-day administration of the Scheme on behalf of the Trustee
- Your employer (Northern Bank Limited or Danske Bank A/S) and, where relevant any former employer which participated in the Scheme
- The Scheme’s third-party service providers, such as our payroll and IT providers
- The Scheme’s professional advisers, including the Scheme Actuary, auditor, investment adviser, investment consultant, lawyers and Scheme Secretary.
- HM Revenue & Customs and other statutory bodies (such as the Pensions Ombudsman and the Pensions Regulator) – the Trustee can be fined and subject to other action if they fail to provide certain information to these authorities
- The printers who help us prepare various communications we send to you, such as the Member Report
- Any insurance company or companies (and their re-insurers) that we appoint or from whom we obtain quotes to provide life insurance, additional voluntary contributions and bulk annuity (e.g. buy-in) transactions
- Depending upon how we pay pensions and/or lump sums, the personal data we have to supply in order to effect a bank transfer
- Tracing agencies who assist the Trustees with updating Scheme data from time to time.
Any transfer of your personal data outside of the European Economic Area will comply with the requirements of data protection legislation and appropriate safeguards will be put in place to ensure it is kept secure.
The Scheme Actuary and insurers may also be data controllers in relation to your personal data (and, if applicable, personal data of any contingent beneficiaries). As a data controller, when processing personal data, this means that they have to comply with the requirements of data protection legislation, as well as relevant industry codes and standards. For more information about how they hold and use personal data, please see www.willistowerswatson.com/personal-data , www.pru.co.uk/mydata-bapn and www.aviva.co.uk/services/about-our-business/products-and-services/privacy-policy/retirement-privacy-policy/ .
How long do we keep personal data for?
We must keep all personal data safe and only hold it for as long as necessary. To meet the requirements of both UK tax and pensions law, we must keep certain personal data (for example, details about the date a member joins the Scheme, their name and address and details of benefits paid) for a minimum of 6 years. But, given the nature of pension schemes, the Trustee may be required to keep some of your personal information for the rest of your life so that we have the information we need in order to pay benefits and to answer queries relating to your benefits.
We review the personal data held in relation to the Scheme on a regular basis although please note that the Scheme's Independent Trustee Director (PAN Trustees UK LLP) may continue to hold personal data collected through its role as a Trustee even when it is no longer a Trustee Director of the Scheme. Information about PAN’s approach in this situation to data security as a firm can be found at: https://www.pantrustees.co.uk/Scheme-GDPR/
- You have the right to see personal data that is held about you and a right to have a copy provided to you, or someone else on your behalf, in a machine readable (namely, digital) format
- If at any point you believe that the personal data we hold about you is inaccurate or wrong, you can ask to have it corrected
- You can require the Trustee to restrict/limit the processing of your personal data in certain circumstances, for example, whilst a complaint about its accuracy is being resolved
- You can object to your personal data being processed, although the Trustee can override this objection in specific instances.
- Where you have given us your consent to processing your personal data, you can withdraw that consent at any time by notifying us (see “Who to contact” below)
- You can request that your personal data is deleted altogether.
You should be aware that taking some of the above steps could impact on the payment of your benefits, the ability for you to build up benefits and our ability to answer questions relating to your benefits.
Information will generally be provided to you free of charge, although the Trustee can charge a reasonable fee in certain circumstances.
Who to contact about your personal data
Please contact Equiniti (Scheme Administrator) in the first instance, if you wish to:
- see your personal data or to exercise any of the rights mentioned above
- make a complaint about how we have handled your personal data.