FULL PRIVACY NOTICE
Strathclyde Pension Fund
Who we are:
When organisations offer their employees membership of the Local Government Pension Scheme (LGPS), you may become a member of Strathclyde Pension Fund. Strathclyde Pension Fund Office is a department of Glasgow City Council (GCC), as the LGPS Regulations require a local authority to be responsible for the local administration of pensions and other benefits payable under the LGPS regulations.
GCC's head office is located at City Chambers, George Square, Glasgow G2 1DU, United Kingdom. Contact details for the Council's Data Protection Officer can be found on GCC's website at www.glasgow.gov.uk/privacy.
Why we are providing this notice to you
The Strathclyde Pension Fund Office collects and holds certain information about you ("personal data") which we need to administer the Local Government Pension Scheme and pay benefits from the Fund. We have a responsibility to protect your information and would like to explain:
- what information we hold about you
- what we do with it
- who we share it with
- how long we keep it for
- your rights in relation to the data
- why we are allowed to collect it
The technical bit
Our legal basis for processing your personal information is because it is necessary to carry out our function for administering the Local Government Pension Scheme and managing Strathclyde Pension Fund. Our role is set out in the Local Government Pension Scheme (Scotland) Regulations 2018. In data protection legislation, this is known as processing information because it is 'necessary for the performance of a task carried out in the public interest or in the exercise of official authority'. You can find more details of our role on our website at www.spfo.org.uk
What personal data we hold, and how we obtain it
We obtain some personal data directly from you. We may also obtain data (for example, pay information) from your current or past employer(s) or companies that succeeded them in business, from a member of the Fund (where you are or could be a beneficiary of the Fund as a consequence of that person's membership of the Fund) and from a variety of other sources including public databases (such as the Register of Births, Deaths and Marriages), our advisers and government or regulatory bodies, including those in the list of organisations that we may share your personal data with set out below.
The types of personal data we hold and process about you and the source of that information can include:
- Contact details, including name, address, telephone numbers and email address. Source: you / your employer / public databases (in some instances)
- Identifying details, including date of birth, national insurance number and employee and membership numbers. Source: you / your employer / public databases (in some instances)
- Information that is used to calculate and assess eligibility for benefits, for example, length of service or membership and pay information. Source: your employer
- Financial information relevant to the calculation or payment of benefits, for example, bank account and tax details. Source: you / your employer
- Information about your family, dependents or personal circumstances, for example, marital status and information relevant to the distribution and allocation of benefits payable on death. Source: you / your employer / your personal representatives
- Information about your health, for example, to assess eligibility for benefits payable on ill health, or where your health is relevant to a claim for benefits following the death of a member of the Fund. Source: you / your employer / medical practitioners
- Information about a criminal conviction if this has resulted in you owing money to your employer or the Fund and the employer or Fund may be reimbursed from your benefits. Source: you / your employer / the courts
Where we obtain information concerning certain "special categories" of particularly sensitive data, such as health information, extra protections apply under the data protection legislation. We will only process your personal data falling within one of the special categories with your consent, unless we can lawfully process this data for another reason permitted by that legislation. You have the right to withdraw your consent to the processing at any time by notifying the Administering Authority in writing. However, if you do not give consent, or subsequently withdraw it, the Administering Authority may not be able to process the relevant information to make decisions based on it, including decisions regarding the payment of your benefits.
Where you have provided us with personal data about other individuals, such as family members, dependents or potential beneficiaries under the Fund, please ensure that those individuals are aware of the information contained within this notice. We obtain some of this personal data directly from you.
How we will use your personal data
We will use this data to deal with all matters relating to the Fund, including its administration and management (including payment of any Additional Voluntary Contributions). This can include the processing of your personal data for all or any of the following purposes:
- to contact you.
- to assess eligibility for, calculate and provide you (and, if you are a member of the Fund, your beneficiaries upon your death) with benefits.
- to identify your potential or actual benefit options and, where relevant, implement those options.
- for statistical and financial modelling and reference purposes (for example, when we assess how much money is needed to provide members' benefits and how that money should be invested).
- to comply with our legal and regulatory obligations as the administering authority of the Fund and ensure our systems and processes meet these requirements.
- to address queries from members and other beneficiaries and to respond to any actual or potential disputes concerning the Fund.
- the management of the Fund's liabilities, including the entering into and selection of Fund investments.
- in connection with the sale, merger or corporate reorganisation of or transfer of a business by the employers that participate in the Fund and their group companies.
Organisations that we may share your personal data with
As we are legally obliged to safeguard public funds, we are required to verify and check your details internally and across GCC and associated organisations for fraud prevention. We may share this information with other public bodies for the same purpose. We are also legally obliged to share certain data with other public bodies, such as Her Majesty's Revenue and Customs (HMRC) and will do so where the law requires this. We will also generally comply with requests for specific information from other regulatory and law enforcement bodies where this is necessary and appropriate including the Pensions Regulator, Police Scotland and the Pensions Ombudsman. They may then use the data to carry out their legal functions.
Your information is also analysed internally to help us improve our services. This data sharing is in accordance with our Information Use and Privacy Policy which can be seen at https://www.glasgow.gov.uk/CHttpHandler.ashx?id=3895&p=0 It also forms part of our requirements in line with our Records Management Plan approved in terms of the Public Records (Scotland) Act 2011 - this can be seen here:
http://www.glasgow.gov.uk/councillorsandcommittees/viewDoc.asp?c=P62AFQNTZLUTNT81
From time to time we will share your personal data with advisers and service providers so that they can help us carry out our duties, rights and discretions in relation to the Fund. Some of those organisations will simply process your personal data on our behalf and in accordance with our instructions. Other organisations will be responsible to you directly for their use of personal data that we share with them. They are referred to as data controllers and we have highlighted them in the table below. The data controllers may be obliged under the data protection legislation to provide you with additional information regarding the personal data they hold about you and how and why they process that data. Further information may be provided to you in a separate notice or may be obtained from the advisers and service providers direct, for example via their websites.
These organisations include the Fund's
Data processors
- Overseas payments provider to transmit payments to scheme member with non-UK accounts - (currently Convera)
- Printing companies - (currently Critiqom Limited and APS Group Scotland)
- Pensions software provider - (currently Heywood Pension Technologies)
- Suppliers of IT (currently CGI IT UK Limited)
- Fund Actuary - Hymans Robertson LLP. In certain instances, Hymans Robertson may process data on behalf of Strathclyde Pension Fund.
Data controllers
- Investment adviser - (currently Hymans Robertson LLP)
- Additional Voluntary Contribution providers - (currently Prudential and Standard Life)
- Legal adviser - (currently Pinsent Masons LLP)
- Statutory auditor - (currently Ernst & Young LLP "EY UK")
- Tracing bureau for mortality screening and locating members
- LGPS National Insurance database - (South Yorkshire Pensions Authority)
- The Department for Work and Pensions
- The Government Actuary's Department
- The Cabinet Office - for the purposes of the National Fraud Initiative
- HMRC
- The Courts - for the purpose of processing pension sharing orders on divorce
- The Scottish Public Pensions Agency
- Administering authorities of other LGPS funds (or their agents, such as third party administrators) where you have been a member of another LGPS fund and the information is needed to determine the benefits to which you or your dependants are entitled
- Administering authorities of other LGPS funds where necessary under the Internal Dispute Resolution Procedure
Joint data controllers
- Fund Actuary, scheme benefit consultant and actuarial consultant - (currently Hymans Robertson LLP)
We will share your information with Hymans Robertson LLP, who provide actuarial, benefits consultancy and investment advice, analytics and assessments to the Administering Authority. When providing actuarial services, Hymans Robertson considers that it is a joint data controller with Strathclyde Pension Fund. This means that both Hymans Robertson and Strathclyde Pension Fund have data controller responsibilities.
For more information on how we work with Hymans Robertson, please visit:
https://www.hymans.co.uk/media/uploads/How_Hymans_Robertson_uses_your_personal_data_LGPS.pdf
In each case that we share your personal data we will only do this to the extent that we consider the information is reasonably required for these purposes.
From time to time we may provide some of your data to your employer and their relevant subsidiaries (and potential purchasers of their businesses) and advisers for the purposes of enabling your employer to understand its liabilities. Your employer would generally be a controller of the personal data shared with it in those circumstances. For example, where your employment is engaged in providing services subject to an outsourcing arrangement, the Administering Authority may provide information about your pension benefits to your employer and to potential bidders for that contract when it ends or is renewed.
The organisations referred to in the paragraphs above may use the personal data to perform their functions in relation to the Fund as well as for statistical and financial modelling (such as calculating expected average benefit costs and mortality rates) and planning, business administration and regulatory purposes. They may also pass the data to other third parties, to the extent they consider the information is reasonably required for a legitimate purpose.
In some cases recipients of your personal data may be outside the UK. This means your personal data may be transferred outside the EEA to a jurisdiction that may not offer an equivalent level of protection as is required by EEA countries. If this occurs, we are obliged to verify that appropriate safeguards are implemented with a view to protecting your data in accordance with applicable laws. Please use the contact details below if you want more information about the safeguards that are currently in place.
How long we keep your personal data
We only keep your personal information for the minimum period of time necessary. Sometimes this time period is set out in the law, but in most cases it is based on business need. We have published a retention policy which sets out how long we hold different types of information for.
You can view this here: Retention policy statement (PDF) [850KB] or you can request a hard copy from us.
Your rights under data protection law:
• access to your information - you have the right to request a copy of the personal information that we hold about you
• correcting your information- we want to make sure that your personal information is accurate, complete and up to date. Therefore you may ask us to correct any personal information about you that you believe does not meet these standards
• deletion of your information - you have the right to ask us to delete personal information about you where:
1. you think that we no longer need to hold the information for the purposes for which it was originally obtained
2. we are using that information with your consent and you have withdrawn your consent - where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given
3. you have a genuine objection to our use of your personal information- you have the right at any time to tell us to stop using your personal information for direct marketing of our in-house AVC facility.
4. our use of your personal information is contrary to law or our other legal obligations
• restricting how we may use your information - in some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information that we hold about you or we are assessing the objection you have made to our use of your information. This right might also apply if we no longer have a basis for using your personal information, but you don't want us to delete the data.
• withdrawing consent to use your information - where we use your personal information with your consent (for example, for the purposes of administering an ill-health retirement) you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given. However, if you withdraw your consent, we may not be able to pay certain LGPS benefits.
The personal data we hold about you is used to administer your benefits, and we may from time to time ask for further information from you for this purpose. If you do not provide such information, or ask that the personal data we already hold is deleted or restricted this may affect the payment of benefits to you (or your beneficiaries). In some cases it could mean the Administering Authority is unable to put your pension into payment or has to stop your pension (if already in payment).
Please contact us if you wish to exercise any of these rights.
Information we hold about other people:
Most of the personal information we hold relates to people we are providing services to. However we also hold information about other people as well, where this is necessary for us to carry out particular functions. In some cases we will contact these other people directly to inform them that we have been provided with information about them (and also to tell them about their rights under data protection law and advise them about the terms of this privacy notice), but in many cases this is impractical. However details of what we do with this sort of information and why we hold it is provided in the specific privacy notices relating to functions where we routinely hold information about people who are not our service users.
Updates
We may update this notice periodically. Where we do this we will inform members of the changes and the date on which the changes take effect.
Complaints:
We aim to directly resolve all complaints about how we handle personal information. However, you also have the right to lodge a complaint with the Information Commissioner's Office. Contact details for the Council's Data Protection Officer and for the ICO can be found under www.glasgow.gov.uk/privacy.
Date - 27/07/2018
Ends