Your privacy matters to us, so you can be confident that we take good care of all the personal data we hold about you. One of the ways we do this is by adhering to the requirements and principles of data protection legislation. In this privacy notice we explain the reasons we handle your personal data, what happens to it and your rights in relation to it.
Controller name: The Board of the Pension Protection Fund (PPF)
Contact:
Data Protection Officer
Renaissance House
12 Dingwall Road
Croydon
Surrey
CR0 2NA
UK
We have separate privacy notices for PPF members and FAS members which explain how we use our members’ personal data. We collect the following data, which we’ve grouped into broad categories, about other individuals:
The PPF has a very specific function: to pay compensation or provide assistance whilst providing excellent customer service to our members. All the reasons that we use your personal data are designed to enable us to do that.
The Pensions Act 2004 set up the PPF and most of the time is the reason why we need to use your personal data. Either complying with our legal obligations in the Act or providing an excellent service to you would not be possible without using your personal data.
Below we provide details of the different ways that your personal data is used and our lawful basis for using it. Beneath each explanation, we have set out which of the categories of personal data listed above is affected and details of why the data is shared with third parties in support of that activity.
There are specific circumstances where it is necessary for third parties to have access to your data. Where this is the case we ensure that appropriate contractual, technological and other safeguards are in place:
If you consent to performance cookies when you visit our website we use a third-party service to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow our provider to make, any attempt to find out the identities of those visiting our website. We use the information to report on visitor numbers, and to make improvements to our website. We also use a provider to ensure that our website remains secure and that suspicious traffic is blocked. This requires IP addresses to be processed by our provider. If you have consented to ‘targeting cookies’ a cookie is placed when you visit our recruitment page which is used to ensure that you are kept up-to-date with details of relevant jobs at the PPF via Facebook. You can find out more about the cookies that we use on our cookies page.
Cookies allow you to consent to our use of data for analytics and to place targeting cookies for recruitment. We need to use your IP address for our legitimate interest of keeping our website secure.
We are using Google Analytics. The third-party provider collects, stores, uses, processes and transfers information about your activity on our website in accordance with their Privacy Policies.
Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the website available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms webpage.
Where you make a media enquiry to our Press Office we’ll process your personal data to respond to your request. In some circumstances we collect personal data from publicly available sources such as social media or acquire personal data from commercial databases. This data may be used in a number of different ways to support our statutory functions. Examples include for intelligence purposes and for us to send communications to journalists and other key industry stakeholders. On occasion, we, or an authorised third party, may contact you for research purposes so that we can improve our services and better meet the needs of our members.
It’s in the public interest that we use personal data to promote our statutory role, respond to media enquiries and ensure information about the PPF in the public domain does not mislead the public or our stakeholders.
If you are a member, please read the PPF members’ or FAS members’ privacy notice for details of how your data is used when you make an enquiry. The following relates to enquiries and contact from other stakeholders such as trustees of eligible schemes.
If you’ve contacted us to make an enquiry or complaint we’ll hold your personal data so that we can deal with it. This includes if you complete a form on our website such as a section 120 or section 122 notification. We don’t need to collect a lot of information but we need to know who you are, what you’ve asked and how we can reply to you.
If you speak to our switchboard or our Member Services teams by telephone, we record all calls made to us for training and compliance purposes, to improve our customer service and to verify information provided to us. You may be asked if you’re willing to complete a survey at the end of the call, and if you agree, we’ll keep a record of your responses. You may be asked to complete an online survey following the resolution of your enquiry or complaint. We also contact a sample of our contacts for eligible schemes every 18 months to ask if you are willing to complete a survey for the Institute of Customer Service.
We conduct research of our stakeholders’ views which means that we or one of our suppliers may contact you. If you’d prefer not to receive communications of this nature, please let us know.
There is a public interest in us responding to enquiries and complaints and in us finding ways to improve our service to you and we have the power to do so under the Pensions Act 2004.
If you exercise your rights under data protection legislation (primarily the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA)) or the Freedom of Information Act 2000 (FOIA) or Environmental Information Regulations 2004 (EIR), we will need to handle your contact details, your request and relevant information. If you are making a request in relation to your personal data, we will often need to ask you for information to help confirm your identity.
We need to handle your personal data to help meet our legal obligations under GDPR/DPA and/or FOIA/EIR.
If you visit our office we ask that all visitors sign in and out of reception. You may also be required to provide proof of identification but this information is not recorded. We also have surveillance cameras in place in our offices which are intended to prevent, and assist with the investigation and prosecution of, crime as well as to ensure the safety of our premises, employees and visitors. If you have an accident on our premises details will be retained.
We need to collect this information to meet our legitimate interest in maintaining the security and safety of our facilities.
If you apply for one of our vacancies, the information you provide will be used to progress your application and assess your suitability for the position. For some roles you’ll be asked to complete a test and the results will form part of the assessment of suitability. If we make you a conditional offer of employment pre-employment checks will be carried out which require you to provide proof of your identity, including your national insurance number, your contact details, your address history, proof of your qualifications and contact details of suitable referees. You’ll also be asked to consent to a criminal records check, and for evidence of your eligibility to work in the UK.
You’ll be asked to provide us with equal opportunities information. Providing this information is not mandatory and will not affect the outcome of your application in any way. Any information you do provide is aggregated by role and used to monitor equality of opportunity.
Should you be successful in your application, you will be asked to provide your bank details in order to process salary payments and, where approved, process expenses claims.
If you apply for a job we use your data to perform our/enforce your obligations under the employment contract or to take steps prior to entering into that contract.
Businesses which bid for, or are awarded, contracts to provide goods or services to the PPF often provide us with contact details of employees for the purposes of negotiating or managing the contract. Where necessary we will also be provided with CVs for individuals that a company proposes to put forward to deliver the work. Where you are providing consultancy or similar services we will record information about your performance to assess delivery of the contract.
We need to use your data in this way to meet our legitimate interests in the procurement and delivery of best value goods and services.
One of the ways that compensation to members is funded is through an annual levy imposed on eligible schemes. If you are a trustee or other named contact for an eligible pension scheme we will use contact details provided by you or by The Pensions Regulator (TPR) to carry out activities in support of the levy. We have to consult schemes on the setting of the levy, answer enquiries and provide you with information about our services (e.g. through annual newsletters). We need to collect the levy by issuing invoices to schemes. We monitor our performance by recording calls and requesting feedback. Where necessary we will need to process your data in the resolution of disputes.
We’re legally required to consult on and collect the levy under the Pensions Act 2004. It’s in the public interest that we seek to continually improve our service to schemes and keep them informed about levy arrangements.
Another source of funding is through investment management. Telephone calls with employees in our investments team are recorded to preserve client orders. Messages sent and received by these employees on the Bloomberg trading system are retained and monitored.
Retaining and monitoring these records is necessary for us to meet legal requirements.
We have to determine whether schemes which have applied for fraud compensation have been subject to fraud that has led to a loss. This requires details of trustees of the scheme, members, fraudsters and those suspected of fraud to be processed as part of the investigation.
We need to process this personal data to meet our legal obligations in the Pensions Act 2004.
If your employer has become insolvent and your scheme is undergoing assessment for entry to the PPF, you will be sent a privacy notice explaining how your personal data will be affected.
When a qualifying employer becomes insolvent we exercise the pension scheme trustee’s creditor rights to influence the management of the insolvency process and maximise returns to the scheme. We occasionally get involved in restructuring of companies where it is inevitable that they will become insolvent with a view to ensuring a better outcome for the pension scheme. We need to handle personal data of senior employees, shareholders, trustees and members of schemes as part of these processes.
We need to use personal data to comply with our legal obligations under the Pensions Act 2004.
Most of our service providers are based in, and process personal data in, the UK. There are a small number of circumstances in which your personal data may be processed abroad:
We have agreements with these companies which incorporate international data transfer clauses approved by the Information Commissioner’s Office. We require companies to comply with the standards set out in data protection legislation and to put in place appropriate security measures before we agree to share your data with them.
We sometimes need to use special category data about you. Special category data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation or sex life, as well as genetic or biometric data used to identify individuals. We will also need to process criminal records on occasion.
The specific purposes for which we use such data are as follows:
In addition to the lawful basis set out above for each of these purposes, it is necessary to use special category data or criminal records for the purposes of monitoring and promoting equality and diversity; protecting the public against dishonesty; and to take steps to establish whether another person has committed an unlawful act, or been involved in dishonesty, malpractice or other seriously improper conduct.
Where possible we inform you before handling data of this kind and only collect or use it where necessary. We make it easy for you to check and update your records, and take appropriate security precautions to protect your data. Data is retained and then destroyed securely in line with the PPF’s Retention and Disposal Schedule.
We’ll keep your information in line with our retention policy which varies depending on why we keep data. Some key examples are:
If you’d like to see our full Retention and Disposal Schedule just let us know.
Under data protection legislation you have the right to ask to see the personal data we hold about you and to ask why we hold that information. Other rights you have are to ask us to correct data that you believe to be inaccurate or to ask us to stop using your data if you believe that we no longer need it to carry out our work.
We aim to comply with requests for access to personal data as quickly as possible and within one month of receipt unless there’s a good reason for delay. If so we’ll tell you, and let you know when you can expect to hear from us and the reason for the delay.
The PPF has a Data Protection Officer (DPO) whose role is to act as a point of contact for individuals and to monitor and provide advice to the PPF in relation to data protection issues. You can raise any concerns you have about the way we handle your personal data with the DPO by writing to:
Data Protection Officer
Pension Protection Fund
Renaissance House
12 Dingwall Road
Croydon
Surrey
CR0 2NA
UK
You can also email us at [email protected].
If you’re not satisfied with our response or believe we’re not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
The Information Commissioner can be contacted at:
Address: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: +44 303 123 1113
Website: www.ico.org.uk
We keep our privacy notice under regular review and we‘ll place any updates on the member website. This privacy notice was last updated in November 2022.
| Supplier | Purpose of processing | Privacy notice |
| Bloomberg | Investments management system | https://www.bloomberg.com/notices/privacy/ |
| Bottomline | Payments to members | https://www.bottomline.com/uk/privacy-policy |
| Box | Document storage and transfer (for audits) | https://www.box.com/en-gb/legal/privacypolicy |
| Civica | Member records system support (occasional access for this purpose) | https://www.civica.com/en-gb/policies-and-statements/privacy-notice/ |
| Cmetrix | Customer service surveys | – |
| CVInsights | Pre-employment checks | – |
| Deloitte | Auditing our accounts | https://www2.deloitte.com/uk/en/misc/audit-privacy-statement.html |
| EQ Pay | Payments to members overseas | https://equiniti.com/uk/privacy-policy/ |
| Google Analytics | Website analytics | https://policies.google.com/privacy |
| MailChimp | Email distribution | https://www.intuit.com/privacy/statement/ |
| Microsoft | Cloud storage | https://privacy.microsoft.com/en-gb/privacystatement |
| Mimecast | Secure email | https://www.mimecast.com/company/mimecast-trust-center/gdpr-center/privacy-statement/ |
| Networx Recruitment portal | Recruitment portal | – |
| Nudge | Website design/hosting | – |
| Pro2Col | GoAnywhere Managed (secure) File Transfer | https://www.goanywheremftexperts.com/privacy-policy/ |
| Restore | Storage and secure destruction | https://www.restoreplc.com/sustainability/policies/ |
| Target Professional Services | Tracing | https://targetprofessional.co.uk/privacy-policy/ |
| Williams Lea | Printing and postage | https://www.williamslea.com/privacy-statement |
