Your privacy matters to us, so you can be confident that we take good care of all the personal data we hold about you. One of the ways we do this is by adhering to the requirements and principles of data protection legislation.
In this privacy notice we explain the reasons we handle your personal data, what happens to it and your rights in relation to it.
What personal data we collect
We collect the following data about our members which we’ve grouped into broad categories:
- basic details – name, date of birth, address, email address, telephone number(s), FAS reference, National Insurance number
- identity checks – proof of identity (copy of passport, driving licence, utility bills, etc.), proof of entitlement to act on a member’s behalf (e.g. power of attorney)
- financial details – bank account details, payments
- assistance entitlement – calculations, details of previous pension scheme(s), relevant personal circumstances (employment history, income, marital status)
- health details – normally only if you inform us of a terminal illness
- interaction records – correspondence (letters, emails, etc.), recordings and notes of telephone calls, online transactions, survey responses
We sometimes use cookies to help analyse use of our websites. You can find out more about the cookies we use on this site's Cookie Policy page.
Why we use your personal data
The PPF has a very specific function: to pay Financial Assistance Scheme (FAS) assistance while providing excellent customer service to our members. All the reasons that we use your personal data are designed to enable us to do that.
The Pensions Act 2004 set up the PPF and most of the time is the reason why we need to use your personal data. Either complying with our legal obligations in the Act or providing an excellent service to you would not be possible without using your personal data.
Below we provide details of the different ways that your personal data is used and our lawful basis for using it. Beneath each explanation, we have set out the types of personal data affected and details of why data is shared with third parties in support of that activity.
Data sharing
There are specific circumstances where it is necessary for third parties to have access to your data. Where this is the case we ensure that appropriate contractual, technological and other safeguards are in place:
- We'll disclose your personal data if required to by law. For example, to HM Revenue and Customs (HMRC) for tax purposes or to the police for the prevention or detection of crime. Regulators, such as the Information Commissioner (ICO), also require us to share information on occasion
- Like most organisations we rely on companies to support our services, and in some cases they will need to collect, access or handle your personal data. For example, increasingly our IT infrastructure operates in the cloud, which means that suppliers store data for us. Suppliers and their employees are only allowed to access or handle personal data with our permission and where it is strictly necessary for them to fulfil their contract with us. In some cases they will appoint sub-contractors and where this is the case, suppliers will be expected to ensure they are subject to the same requirements. A table at the end of this privacy notice lists the main suppliers who process members’ personal data for us (including accessing, collecting or storing it).
Analytics
We may use third-party providers to monitor and analyse the use of our website. These third-party providers collect, store, use, process and transfer information about your activity on our website in accordance with their Privacy Policies. For example, we are using Google Analytics.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of website. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
You can opt-out of having made your activity on the website available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy.
reCAPTCHA is a service from Google that helps protect websites from spam and abuse. We use reCAPTCHA to protect our site against spam and abuse of web forms.
For more information on the impact of reCAPTCHA, please visit the Google Terms of Service web page: https://policies.google.com/terms.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy.
Administering your account and paying you the right amount
We need to calculate the right amount to pay you when you join the PPF or FAS schemes or when there are changes in your circumstances. We collect information including your previous pension entitlement, marital status and details about your personal circumstances. Some of this information is provided to us by your previous pension scheme or its administrators. In some cases, for example where you have been diagnosed with a terminal illness, we will need to collect limited information about your health.
We need to handle payment information including your bank details so that we can pay you. In rare circumstances we may also need to use your details to recover money where we have overpaid you. The handling of your personal data for these purposes is necessary for us to comply with our legal obligations under the Pensions Act 2004.
- Type of personal data: basic details; compensation entitlement; health details
- Data sharing: member records system support; cloud-based storage; actuarial services; secure data sharing; previous trustees and administrators (where necessary to resolve queries); legal services (where it is necessary for us to seek legal advice); storage, digitisation, and secure destruction of physical records; HMRC; our auditors; our payment administrators; our bank.
Keeping you informed
We sometimes need to use your contact details to update you about our services either by post or by email, such as our regular newsletters. Keeping you up-to-date with improvements and changes that affect you is an important part of our public duty to members and is carried out using our powers under the Pensions Act 2004.
- Type of personal data: basic details
- Data sharing: email distribution service; printing service
Ensuring your information is correct
We need to make sure that we have up-to-date contact details for all our members. We also need to take steps to reduce the likelihood of fraud or payments in error. For these reasons we use a tracing service provided by a company called Target Professional Services to check a variety of sources (e.g. credit reference agencies) to confirm or locate contact details for our members. Ensuring that we can keep in touch with our members and are not making unnecessary payments is in the public interest and is carried out using our powers under the Pensions Act 2004.
- Type of personal data: basic details
- Data sharing: tracing service
Responding to your enquiries and complaints and assessing the quality of our customer service
If you’ve contacted us to make an enquiry or complaint we’ll hold your personal data so that we can deal with it. We don’t need to collect a lot of information but we need to know who you are, what you’ve asked and how we can reply to you.
If you contact us by telephone, we record all calls made to us for training and compliance purposes, to improve our customer service and to verify information provided to us. You may be asked if you’re willing to complete a survey at the end of the call, and if you agree, we’ll keep a record of your responses. You may also be asked to complete an online survey if you visit our member website or following the resolution of a complaint. We also contact a sample of our membership every 18 months to ask if you are willing to complete a survey for the Institute of Customer Service.
When you contact us we need to be sure who you are so that we don’t disclose personal data to or take instructions from the wrong person. We'll usually ask you for evidence to confirm your identity.
We conduct research of our members’ views which means that we or one of our suppliers may contact you. If you’d prefer not to receive communications of this nature, please let us know.
There is a public interest in us responding to enquiries and complaints and in us finding ways to improve our service to you and we have the power to do so under the Pensions Act 2004.
- Type of personal data: basic details; identity checks (where relevant); interaction records
- Data sharing: customer service surveys; ServiceMark accreditation surveys (Institute of Customer Service); translation services
Answering information rights requests
If you exercise your rights under data protection legislation (primarily the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA)) or the Freedom of Information Act 2000 (FOIA) or Environmental Information Regulations 2004 (EIR), we'll need to handle your contact details, your request and relevant information. If you're making a request in relation to your personal data, we'll often need to ask you for information to help confirm your identity. We need to handle your personal data to help meet our legal obligations under GDPR/DPA and/or FOIA/EIR.
- Type of personal data: basic details; identity checks (where relevant); interaction records
Managing our resources and planning for the future
Ensuring that there's enough money to pay all our members now and in the future is a complex business. We need to use our members’ details such as age and likely retirement date to help plan our activities. This allows us to keep everyone informed of our progress and make necessary adjustments over time. Insurance policies help to ensure that we can continue to fund compensation to members and require us to share members’ data with insurers and administrators.
Planning and reporting on our current and future commitments, and managing risks to our funding model, is in the public interest and is carried out using our powers under the Pensions Act 2004.
- Type of personal data: basic details; financial details; compensation entitlement
- Data sharing: actuarial services; insurers; former scheme administrators
Accessing your account online
If you want to register for and use our online services you'll have a username and password allowing you to access your account. We'll log your activities on the website so that we can identify and rectify any problems and make improvements to the way the website works. When you sign up to use online services you consent to the use of your personal data for the purposes of managing your online access.
- Type of personal data: interaction records
- Data sharing: member records system support
Special category data
When carrying out some of the above activities, we sometimes need to collect or use data about your health (described as ‘health details’ above). In data protection legislation, data about your health is what's described as special category data and we can only use it in specified circumstances.
We only collect and handle health details about our members when it is necessary to do so for us to exercise our functions as conferred under the Pensions Act 2004.
Where possible we inform you before handling data of this kind and only collect or use it where necessary. We make it easy for you to check and update your records, and take appropriate security precautions to protect your data. Data is retained and then destroyed securely in line with the PPF’s Retention and Disposal Schedule.
International transfers of personal data
Most of our service providers are based in, and process personal data in, the UK. There are a small number of circumstances in which your personal data may be processed abroad:
- Auditing: where it's necessary for us to share your data with our auditors, this is done using data storage and sharing service Box. Box stores some data on servers outside the UK. Box has approved binding corporate rules (BCRs) in place to ensure that personal data is handled to appropriate standards wherever it is processed
- Newsletters: if you receive newsletters and other email updates from us, your name, email address and PPF reference is shared with MailChimp, a business based in the USA, for distribution
- Payments to members living overseas: EQPay, the company that we use to make these payments, sometimes processes payments in the USA or India
We have agreements with these companies which incorporate international data transfer clauses approved by the Information Commissioner’s Office. We require companies to comply with the standards set out in data protection legislation and to put in place appropriate security measures before we agree to share your data with them.
How long we'll keep your data for
We’ll keep your information in line with our retention policy. This means that your core record will be retained as long as you, or a dependant of yours, remain a member of the PPF or FAS and for 12 years following. Financial records of payments made to you will be retained for 6 years after the end of the financial year the payment was made in.
Recordings of telephone calls are retained for a year, and records of routine enquiries and information requests are retained for three years after the last action taken in relation to the enquiry. If you’d like to see our full Retention and Disposal Schedule just let us know.
Exercising your rights
Under data protection legislation you have the right to ask to see the personal data we hold about you and to ask why we hold that information. Other rights you have are to ask us to correct data that you believe to be inaccurate or to ask us to stop using your data if you believe that we no longer need it to carry out our work.
Don’t forget that you can access your core record online via this website and can update your record there. If there's something you can’t access or update online, and you’d like to exercise any of your rights you should write to:
The Resolutions Team
Pension Protection Fund
Renaissance
12 Dingwall Road
Croydon
Surrey
CR0 2NA
UK
You can also email your request to [email protected].
We aim to comply with requests made under data protection legislation as quickly as possible and within a month of receipt unless there is a good reason for delay. If there is any reason why we can't respond this quickly we'll let you know when you can expect to hear from us and the reason for the delay.
If you need any assistance please call us on 0330 678 0000 between 9.00 and 17.30, Monday to Friday (except public holidays).
The PPF’s Data Protection Officer and raising concerns
The PPF has a Data Protection Officer (DPO) whose role is to act as a point of contact for individuals and to monitor and provide advice to the PPF in relation to data protection issues. You can raise any concerns you have about the way we handle your personal data with the DPO by writing to:
Data Protection Officer
c/o The Resolutions Team
Pension Protection Fund
Renaissance
12 Dingwall Road
Croydon
Surrey
CR0 2NA
UK
You can also email us at
[email protected]. If you need any assistance please call us on 0330 678 0000 between 9.00 and 17.30, Monday to Friday (except public holidays).
The Information Commissioner
If you’re not satisfied with our response or believe we’re not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
The Information Commissioner can be contacted at:
Address: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: +44 303 123 1113
Website: www.ico.org.uk
Changes to this privacy notice
We keep our privacy notice under regular review and we‘ll place any updates on the member website. This privacy notice was last updated in January 2023.
Annex: main suppliers who process members’ personal data