Privacy Policy

Your privacy matters to us, so you can be confident that we take good care of all the personal data we hold about you.  One of the ways we do this is by adhering to the requirements and principles of data protection legislation. 

In this privacy notice we explain the reasons we handle your personal data, what happens to it and your rights in relation to it. 

 

What personal data we collect

We collect the following data about our members which we’ve grouped into broad categories:

  • basic details – name, date of birth, address, email address, telephone number(s), FAS reference, National Insurance number
  • identity checks – proof of identity (copy of passport, driving licence, utility bills, etc.), proof of entitlement to act on a member’s behalf (e.g. power of attorney)  
  • financial details – bank account details, payments
  • assistance entitlement – calculations, details of previous pension scheme(s), relevant personal circumstances (employment history, income, marital status)
  • health details – normally only if you inform us of a terminal illness
  • interaction records – correspondence (letters, emails, etc.), recordings and notes of telephone calls, online transactions, survey responses

We sometimes use cookies to help analyse use of our websites. You can find out more about the cookies we use on this site's Cookie Policy page.

 

Why we use your personal data

The PPF has a very specific function: to pay Financial Assistance Scheme (FAS) assistance while providing excellent customer service to our members. All the reasons that we use your personal data are designed to enable us to do that.

The Pensions Act 2004 set up the PPF and most of the time is the reason why we need to use your personal data. Either complying with our legal obligations in the Act or providing an excellent service to you would not be possible without using your personal data. 

Below we provide details of the different ways that your personal data is used and our lawful basis for using it. Beneath each explanation, we have set out the types of personal data affected and details of why data is shared with third parties in support of that activity. 

Data sharing

There are specific circumstances where it is necessary for third parties to have access to your data. Where this is the case we ensure that appropriate contractual, technological and other safeguards are in place:

  • We'll disclose your personal data if required to by law. For example, to Her Majesty’s Revenue and Customs (HMRC) for tax purposes or to the police for the prevention or detection of crime. Regulators, such as the Information Commissioner (ICO), also require us to share information on occasion
  • Like most organisations we rely on companies to support our services, and in some cases they will need to collect, access or handle your personal data. For example, increasingly our IT infrastructure operates in the cloud, which means that suppliers store data for us. Suppliers and their employees are only allowed to access or handle personal data with our permission and where it is strictly necessary for them to fulfil their contract with us. In some cases they will appoint sub-contractors and where this is the case, suppliers will be expected to ensure they are subject to the same requirements. A table at the end of this privacy notice lists the main suppliers who process members’ personal data for us (including accessing, collecting or storing it).

Administering your account and paying you the right amount

We need to calculate the right amount to pay you when you join the PPF or FAS schemes or when there are changes in your circumstances. We collect information including your previous pension entitlement, marital status and details about your personal circumstances. Some of this information is provided to us by your previous pension scheme or its administrators. In some cases, for example where you have been diagnosed with a terminal illness, we will need to collect limited information about your health.

We need to handle payment information including your bank details so that we can pay you. In rare circumstances we may also need to use your details to recover money where we have overpaid you. The handling of your personal data for these purposes is necessary for us to comply with our legal obligations under the Pensions Act 2004.

  • Type of personal data: basic details; compensation entitlement; health details
  • Data sharing: member records system support; cloud-based storage; actuarial services; secure data sharing; previous trustees and administrators (where necessary to resolve queries); legal services (where it is necessary for us to seek legal advice); storage, digitisation, and secure destruction of physical records; HMRC; our auditors; our payment administrators; our bank.

Keeping you informed

We sometimes need to use your contact details to update you about our services either by post or by email, such as our regular newsletters. Keeping you up-to-date with improvements and changes that affect you is an important part of our public duty to members and is carried out using our powers under the Pensions Act 2004.

  • Type of personal data: basic details
  • Data sharing: email distribution service; printing service

Ensuring your information is correct

We need to make sure that we have up-to-date contact details for all our members. We also need to take steps to reduce the likelihood of fraud or payments in error. For these reasons we use a tracing service provided by a company called Target Professional Services to check a variety of sources (e.g. credit reference agencies) to confirm or locate contact details for our members. Ensuring that we can keep in touch with our members and are not making unnecessary payments is in the public interest and is carried out using our powers under the Pensions Act 2004.

  • Type of personal data: basic details
  • Data sharing: tracing service

Responding to your enquiries and complaints and assessing the quality of our customer service

If you’ve contacted us to make an enquiry or complaint we’ll hold your personal data so that we can deal with it. We don’t need to collect a lot of information but we need to know who you are, what you’ve asked and how we can reply to you. 

If you contact us by telephone, we record all calls made to us for training and compliance purposes, to improve our customer service and to verify information provided to us. You may be asked if you’re willing to complete a survey at the end of the call, and if you agree, we’ll keep a record of your responses. You may also be asked to complete an online survey if you visit our member website or following the resolution of a complaint. We also contact a sample of our membership every 18 months to ask if you are willing to complete a survey for the Institute of Customer Service.

When you contact us we need to be sure who you are so that we don’t disclose personal data to or take instructions from the wrong person. We'll usually ask you for evidence to confirm your identity.

We conduct research of our members’ views which means that we or one of our suppliers may contact you. If you’d prefer not to receive communications of this nature, please let us know.

There is a public interest in us responding to enquiries and complaints and in us finding ways to improve our service to you and we have the power to do so under the Pensions Act 2004.

  • Type of personal data: basic details; identity checks (where relevant); interaction records
  • Data sharing: customer service surveys; ServiceMark accreditation surveys (Institute of Customer Service); translation services

Answering information rights requests

If you exercise your rights under data protection legislation (primarily the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA)) or the Freedom of Information Act 2000 (FOIA) or Environmental Information Regulations 2004 (EIR), we'll need to handle your contact details, your request and relevant information. If you're making a request in relation to your personal data, we'll often need to ask you for information to help confirm your identity. We need to handle your personal data to help meet our legal obligations under GDPR/DPA and/or FOIA/EIR.

  • Type of personal data: basic details; identity checks (where relevant); interaction records

Managing our resources and planning for the future

Ensuring that there's enough money to pay all our members now and in the future is a complex business. We need to use our members’ details such as age and likely retirement date to help plan our activities. This allows us to keep everyone informed of our progress and make necessary adjustments over time. Insurance policies help to ensure that we can continue to fund compensation to members and require us to share members’ data with insurers and administrators.

Planning and reporting on our current and future commitments, and managing risks to our funding model, is in the public interest and is carried out using our powers under the Pensions Act 2004.

  • Type of personal data: basic details; financial details; compensation entitlement
  • Data sharing: actuarial services; insurers; former scheme administrators

Accessing your account online

If you want to register for and use our online services you'll have a username and password allowing you to access your account. We'll log your activities on the website so that we can identify and rectify any problems and make improvements to the way the website works. When you sign up to use online services you consent to the use of your personal data for the purposes of managing your online access.

  • Type of personal data: interaction records
  • Data sharing: member records system support

 

Special category data

When carrying out some of the above activities, we sometimes need to collect or use data about your health (described as ‘health details’ above). In data protection legislation, data about your health is what's described as special category data and we can only use it in specified circumstances.

We only collect and handle health details about our members when it is necessary to do so for us to exercise our functions as conferred under the Pensions Act 2004.

Where possible we inform you before handling data of this kind and only collect or use it where necessary. We make it easy for you to check and update your records, and take appropriate security precautions to protect your data. Data is retained and then destroyed securely in line with the PPF’s Retention and Disposal Schedule.

 

International transfers of personal data

Most of our service providers are based in, and process personal data in, the UK. There are a small number of circumstances in which your personal data may be processed abroad:

  • Auditing: where it's necessary for us to share your data with our auditors, this is done using data storage and sharing service Box. Box stores some data on servers outside the UK. Box has approved binding corporate rules (BCRs) in place to ensure that personal data is handled to appropriate standards wherever it is processed
  • Newsletters: if you receive newsletters and other email updates from us, your name, email address and PPF reference is shared with MailChimp, a business based in the USA, for distribution
  • Payments to members living overseas: EQPay, the company that we use to make these payments, sometimes processes payments in the USA or India

We have agreements with these companies which incorporate international data transfer clauses approved by the Information Commissioner’s Office. We require companies to comply with the standards set out in data protection legislation and to put in place appropriate security measures before we agree to share your data with them. 

 

How long we'll keep your data for

We’ll keep your information in line with our retention policy. This means that your core record will be retained as long as you, or a dependant of yours, remain a member of the PPF or FAS and for 12 years following. Financial records of payments made to you will be retained for 6 years after the end of the financial year the payment was made in.

Recordings of telephone calls are retained for a year, and records of routine enquiries and information requests are retained for three years after the last action taken in relation to the enquiry. If you’d like to see our full Retention and Disposal Schedule just let us know. 

 

Exercising your rights

Under data protection legislation you have the right to ask to see the personal data we hold about you and to ask why we hold that information. Other rights you have are to ask us to correct data that you believe to be inaccurate or to ask us to stop using your data if you believe that we no longer need it to carry out our work. 

Don’t forget that you can access your core record online via this website and can update your record there. If there's something you can’t access or update online, and you’d like to exercise any of your rights you should write to: 

The Resolutions Team
Pension Protection Fund 
Renaissance
12 Dingwall Road
Croydon
Surrey
CR0 2NA
UK

You can also email your request to [email protected]

We aim to comply with requests made under data protection legislation as quickly as possible and within a month of receipt unless there is a good reason for delay. If there is any reason why we can't respond this quickly we'll let you know when you can expect to hear from us and the reason for the delay.

If you need any assistance please call us on 0330 678 0000 between 9.00 and 17.30, Monday to Friday (except public holidays).

 

The PPF’s Data Protection Officer and raising concerns

The PPF has a Data Protection Officer (DPO) whose role is to act as a point of contact for individuals and to monitor and provide advice to the PPF in relation to data protection issues. You can raise any concerns you have about the way we handle your personal data with the DPO by writing to:

Data Protection Officer
c/o The Resolutions Team
Pension Protection Fund
Renaissance
12 Dingwall Road
Croydon
Surrey
CR0 2NA
UK

You can also email us at [email protected] If you need any assistance please call us on 0330 678 0000 between 9.00 and 17.30, Monday to Friday (except public holidays).
 

The Information Commissioner

If you’re not satisfied with our response or believe we’re not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO). 

The Information Commissioner can be contacted at: 

Address: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: +44 303 123 1113 
Website: www.ico.org.uk 

 

Changes to this privacy notice

We keep our privacy notice under regular review and we‘ll place any updates on the member website. This privacy notice was last updated in July 2022.

 

Annex: main suppliers who process members’ personal data

Supplier Purpose of processing Privacy notice
Bottomline Payments to members https://www.bottomline.com/uk/privacy-policy
Box Document storage and transfer (for audits) https://www.box.com/en-gb/legal/privacypolicy
Civica Member records system support (occasional access for this purpose)
https://www.civica.com/en-gb/policies-and-statements/privacy-notice/
Cmetrix Customer service surveys -
Deloitte Auditing our accounts https://www2.deloitte.com/uk/en/misc/audit-privacy-statement.html
EQ Pay Payments to members overseas https://equiniti.com/uk/privacy-policy/
MailChimp Email distribution https://www.intuit.com/privacy/statement/
Microsoft Cloud storage https://privacy.microsoft.com/en-gb/privacystatement
Mimecast Secure email https://www.mimecast.com/company/mimecast-trust-center/gdpr-center/privacy-statement/
Pro2Col GoAnywhere Managed (secure) File Transfer https://www.goanywheremftexperts.com/privacy-policy/
Restore Storage and secure destruction https://www.restoreplc.com/sustainability/policies/
Target Professional Services Tracing https://targetprofessional.co.uk/privacy-policy/
Williams Lea Printing and postage https://www.williamslea.com/privacy-statement