Who we are
Wood Pensions Trustee Limited is the trustee (“the Trustee”) of the Wood Pension Plan (“the Plan”).
As the Trustee of the Plan, we hold certain personal information (known as “personal data”) about Plan members and, where applicable, their dependants and beneficiaries or ex-spouse participants. Most of the information held and processed by the Trustee in running the Plan will be personal data (in other words, because we hold information from which you as an individual can be identified, any information we hold in respect of you will be subject to certain protections).
In accordance with guidance issued by the Information Commissioner’s Office (ICO), the Trustees and Scheme Actuary of the Plan are considered “joint data controllers” (the holders, users and processors of personal data) for the purposes of the GDPR.
What information we collect about you
Depending on the circumstances and the stage of your membership, we may hold some or all of the following information about you
- Personal details including your name, National Insurance number, gender, age, date of birth, postal and/or email address and telephone number.
- Descriptions relating to your physical and mental health (to the extent that they are relevant to the calculation and payment of your benefits from the Plan).
- Salary and data relating to investments and personal assets held outside of the Scheme.
- Employment history, including employment dates historic pay and contracting out records.
- Bank account details for payment of benefit instalments, HMRC tax code and NI information.
- Passport or other identification details.
- Information on benefits, contributions paid and death benefit distribution information (including expression of wish forms).
This information, and updates to this information may come from you, your employer or other third parties.
Additionally, in the course of running the Scheme, we may require information from you in relation to your marital status (which may include the gender of your spouse or civil partner) and / or information about your (or your partner’s) health.
We will not ask for any personal data from you that we do not need.
How we use that information
The Trustee has a legitimate interest (further detail is set out below) in holding and processing the above information about you as it is needed for us to properly administer the Plan to calculate and pay benefits and ensure that expected standards of governance (including any Pensions Regulator requirements) are met. We also have a legal obligation (further detail is set out below) to hold the above information to allow us to run the Plan in accordance with the Trust Deed and Rules, as well as under relevant legislation.
Personal data relating to the Plan is held on paper and on computer systems. As the “data controller”, the Trustee must process this information fairly and lawfully.
As part of running the Plan, we may also need to hold and process particularly sensitive information about you and/or your dependants and beneficiaries (known as “sensitive personal data”). Under the legislation, details relating to health, racial or ethnic origin, religious or other similar beliefs, sexual orientation and political affiliations are regarded as “sensitive personal data”. In practice, sensitive information will only be processed for the purpose of establishing eligibility for benefits, the calculation and payment of those benefits and demonstrating our past compliance with our duties.
The legislation only allows this sensitive information to be processed or passed to a third party:
- with your explicit consent;
- when processing is necessary for carrying out obligations under employment, social security or social protection law. This includes obligations under pensions law; and/or
- when processing is necessary for reasons of substantial public interest (which, under the Data Protection Act 2018, applies to certain processing by trustees of occupational pension schemes when making decisions about benefits).
- This means that if we need to use sensitive information this way we may ask for your consent unless one of the other grounds referred to applies.
As noted above, processing your personal information is lawful if it is based on the Trustee's 'legitimate interests'. The Trustee has a legitimate interest in running and managing the Plan and managing the Plan's risks and liabilities. In addition, certain third parties may have legitimate interests which require the processing of your personal information by the Trustee (e.g. your employer may need information in order to comply with regulatory requirements).
In order to rely on this legal ground, we have:
- considered the impact the processing has on your interests and rights; and
- implemented appropriate safeguards to ensure that your privacy is protected as far as possible.
As noted above, the Trustee is under legal obligations to process your personal information in order to comply with pensions and other relevant legislation, the Plan's rules, court rulings and Pensions Ombudsman decisions as well as establish and defend our legal rights. For example:
- legislation sets out certain things trustees must do (e.g. sending certain information to the Plan's members); and
- the Trustee is subject to fiduciary duties under trust law to act in line with the Plan's governing documentation.
It is necessary for the Trustee to process your personal information in order to comply with these legal obligations.
What would happen if we did not collect and process your personal data?
If we did not collect and process your personal data then:
- we would not be able to manage or administer the Plan appropriately;
- we would not be able to pay the benefits that you are entitled to under the Plan; and
- we would be in breach of our legal and regulatory duties
Who we share it with
The Trustee will not disclose personal data about you to other parties except:
- when required for contractual or legal reasons or other specifically identified purposes; or
- where you have given your consent.
However, as the Trustee needs help from various advisers to properly administer the Plan, we share personal data with the following: The Plan’s administrator Wood Pensions Team, Scheme Actuary, the sponsoring employer, life assurance providers, Annuity providers and AVC providers. We may also share data with the Trustees’ other professional advisers (including the Scheme Auditor, lawyer and pension consultants), our insurers, regulatory bodies (including, but not limited to, HM Revenue and Customs, the Department for Work and Pensions and the Pensions Regulator/Ombudsman).
Your data is also shared by the Plan’s administrator with sub-processors for particular outsourced activities such as the personal data we have to supply in order to effect a BACS transfer (the Bankers' Automated Clearing Service) in the UK and/or a payment via Citibank when pensions are being paid overseas, bulk printing jobs, confirmation of address/existence, offsite backup and archive, in each case with appropriate protections being put in place. A comprehensive list of parties with whom data may be shared is set out in the Trustees’ formal Data Mapping document, available on request at the address below..
The Plan’s Actuary
Mercer and the Plan's named actuary for statutory purposes use personal data in order to perform actuarial calculations, or as requested by the Trustee to provide advice in respect of the Plan. The Plan's actuary has to use personal data in order to fulfil certain statutory duties, for example, relating to the formal scheme valuations.
The Scheme Actuary uses your personal data to advise the Trustees on the financial management of the Scheme. This advice helps to ensure the Trustees are able to meet their obligations to pay members’ benefits, and is necessary to comply with obligations placed on them by legislation, including the Pensions Act 2004.
The Scheme Actuary may also use your personal data in research which assists actuaries in providing this type of advice - for example research into the mortality experience (life expectancy) of pension scheme members in general. This may include the provision of personal data, anonymised as far as possible, to a recognised external authority, such as the Continuous Mortality Investigation (CMI) which investigates mortality experience on behalf of the Institute and Faculty of Actuaries
Mercer also uses the Plan's personal data for data analytics purposes, including to create insights, reports and other analytics to improve the quality of and market Mercer’s advice, products and services.
The Trustee is satisfied that this is a reasonable use for the Plan's personal data because the Trustee benefits from it. The research, information and analysis is made available to those at Mercer who advise the Trustee so that it can be used to improve and extend the services available to the Trustee. Some of the information may be available to the Trustee directly and helps inform it of pension industry knowledge. Mercer has confirmed to us that none of its data analysis output discloses individual details of Plan members or other beneficiaries.
How long we keep personal data for
We must keep all personal data safe and only hold it for as long as necessary. To meet the requirements of both UK tax and pensions law, we must keep certain personal data (for example, details about the date a member joins the Plan, their name and address, and details of benefits paid) for a minimum of 6 years. But, given the nature of pension Plans, the Trustee may be required to keep personal information for the lifetime of the Plan. This means that we may continue to process personal information about former members who have no further entitlement under the Plan.
However, we review the personal data held in relation to the Plan on a regular basis in accordance with our data retention schedule. If we conclude that certain personal data is no longer needed, that personal data will generally be destroyed.
The Trustee has conducted due diligence on their suppliers to ensure they process data within the UK and/or the EEA. It is possible that the Trustees and the partners / staff of adviser firms may take laptops and smartphones with them on trips outside of the UK and/or the EEA, indirectly causing data to be sent outside of the EEA. We have received guidance that as long as the information stays with the individual on the laptop / smartphone and their employer has an effective procedure to deal with security and the other risks of using laptops (including the extra risks of international travel), it is reasonable to conclude that adequate data protection exists
The purpose of this Privacy Notice is to fulfil your right to be informed about the use of your personal data. In addition you have the following rights:
- Right of Access –you have the right to see personal data that is held about you and a right to have a copy provided to you, or someone else on your behalf, in a readable format.
- Right to Rectification –If at any point you believe that the personal data we hold about you is inaccurate, you can ask to have it corrected.
- Right to Restrict processing – You can require the Trustee to limit the processing of your personal data in certain circumstances, for example, whilst a complaint about its accuracy is being resolved.
- Right to object to processing – As we are relying on legitimate interests as a reason for processing, you can object to your personal data being processed, although the Trustee can override this objection in certain circumstances.
- Withdrawing consent – Where you have given us your consent to processing your personal data, you can withdraw that consent at any time by notifying us (see “Who to contact” below). However, withdrawing your consent will not affect the processing of any personal data which took place beforehand and it may be possible for the Trustee to continue processing your personal data where this is justified.
- Right to be forgotten – You can request that your personal data is deleted altogether, although the Trustee can override this request in certain circumstances.
- Right to transfer your personal data – You have the right to request to have your personal information transferred to another data controller (e.g. if you decide to transfer your pension benefits to another pension scheme).
Information will generally be provided to you free of charge, although the Trustee can charge a reasonable fee in certain circumstances.
Please note that if you choose to exercise your rights to withhold data or insist on its deletion, then the Trustee may not be able to perform their duties in relation to the Scheme, and your benefits could be affected.
Who to contact about your personal data
If you wish to:
- see your personal data or to exercise any of the rights mentioned above.
- raise any questions on our privacy practices.
- make a complaint about how we have handled your personal data.
Wood Pensions Team
Telephone: 01565 683295
Making a complaint to the Information Commissioner’s Office
If you are not satisfied with our response to any query you raise with us, or you believe we are processing your personal data in a way which is inconsistent with the law, you can complain to the Information Commissioner’s Office whose helpline number is: 0303 123 1113.
Further details about GDPR and your rights under GDPR can be found on the ICO’s website at https://ico.org.uk/.
Updates to this notice
This notice is the latest version as at May 2018. This notice will be updated from time to time and you can see the current version at any time on the Plan’s website at https://amecfw.compendiahosting.co.uk/. Alternatively, if you would prefer to receive a hard copy of the notice, please let us know (see “Who to contact” above).