Privacy notice for Pensions 

What do we use the information for?

East Riding Pension Fund (“the Fund”) is responsible for the administration of the Local Government Pension Scheme (LGPS). The service is carried out by the council (“the administering authority”) on behalf of qualifying employers and the scheme members.

The Fund collects, processes and holds your personal information in order to provide our services effectively  to members and other stakeholders, fulfilling its legal requirement to provide individuals with the following:

• Basic information to members on the LGPS on joining or upon request by other parties
  
• Information to early leavers and those retiring from the LGPS
  
• Information on request relating to transfers to and from the LGPS
  
• Annual benefit statements and information about pensions in payment
• Information regarding changes to the regulations that govern the LGPS. 

We also use information to improve our services so that they are more appropriate to people’s requirements.  We recognise that your personal information is important to you, and we take our responsibilities for ensuring that we collect and manage it proportionately, correctly and safely very seriously. 

What information do we hold and use?

The Fund collects and processes the following information:

• Personal information (including full name, full residential address, date of birth)
• Location data (including postcode and telephone number)
• Contact details (such as email address)
• Identifiable information (including NI number) 
• Information relating to employment (including details of employer, salary details, employment dates, details of service breaks)
• Bank details for payments
• Information relating to health in order to assess eligibility for certain scheme benefits. 

On what grounds do we use the information?

The Fund collects and lawfully processes your information under the following:

• The Occupational and Personal Pension Schemes (Disclosure of Information) Regulations 2013
  
• The Pensions Act 2011(Transitional, Consequential and Supplementary Provisions) Regulations 2014 
  
• Public Services Pensions Act 2013
• The Occupational and Personal Pension Schemes (Disclosure of Information) Amendment Regulations 2015
  
• The Local Government Pension Scheme (LGPS) Regulations 2013. 

The Fund processes personal data for the following reasons:

• GDPR Article 6(1)(b) - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
• GDPR Article 6(1)(c) - processing is necessary for compliance with legal obligation to which the East Riding of Yorkshire Council is subject; and
• GDPR Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

We process special category data for the following reason:

• GDPR Article 9(2)(a) - the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject
• GDPR Article 9(2)(b) - processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject
• GDPR Article 9(2)(g) - processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

How do we collect this information?

We obtain some of this personal data directly from you. We may also obtain data from your employer (for example, salary information) and from other sources including public databases.

We may collect information in the following ways:

• Paper, electronic or online forms
• Email
• Letter
• Telephone
• Face to face, with one of our employers, or one of our partners
• From third-party sources who have a duty to share information to enable us to meet our statutory obligations (including the Department of Work and Pensions, HM Revenues and Customs and other local authorities).

Who we share your information with?

The Fund procures the services of various providers to support its management and administration of the scheme. The following providers may have access to your information purely for the purposes of supporting our administration system; they will not use your information for any other purpose. 

• Civica Group Ltd. 

The Fund may also share your information with third parties, for example where we outsource our print to mail documents (payslips, P60’s, benefit statements). Under GDPR, you can object to the Fund sharing your data with these third parties.

We may disclose your information to others, but only where this is necessary either to comply with our legal obligations or as permitted by Data Protection legislation. We may share it with service providers, professional advisers and auditors who, in certain circumstances, may also be data controllers. These organisations, in respect of the Fund, are as follows:

• Regulators, the government and law enforcement authorities. This also includes participating in the Cabinet Office’s National Fraud Initiative for the purposes of the prevention and detection of fraud against the Fund and organisations within the public sector and the Government Actuary's Department for the calculation of the triennial assessment of the cost of the Local Government Pension Scheme on a national basis as per the Public Service Pensions Act 2013. By law, we are also required in certain circumstances to share your information with government organisations such as Her Majesty’s Revenue and Customs and the Department of Work and Pensions so that they can monitor our performance and ensure that public funds are safeguarded.
  
• Local and foreign courts, tribunals and arbitrators, other judicial committees of enactments of laws.
  
• Persons in connection with any transfer of employment of a scheme member or members under TUPE which results in a transfer out of this scheme to another pension scheme.
• Organisations who have a liability for the payment of an individual’s pension, where that pension payment is managed by the Fund and the sum paid is re-charged to that organisation.

The reasons why we may share your data with other public bodies are as follows:

• To support the Fund’s administration system
• To monitor and improve our performance and delivery of services
• For the prevention and or detection of crime
• Where necessary to protect individuals from the risk of harm or injury; and 
• Where otherwise permitted under the General Data Protection legislation.

We will only disclose your sensitive or confidential information if we are legally required to do so, or where we have good reason to believe that failing to share the information would put you or someone else at risk of harm.

We will not pass your personal information to external organisations for marketing or sales purposes or for any commercial use without your prior expressed consent.

How long do we store it and is it secure?

The Fund has a retention schedule in place to ensure that information is only held for as long as it is needed.

We will not keep your information for longer than is required to by law. Your information will be disposed of in a controlled and secure manner in accordance with the council’s Records Management and Data Quality Policy. The council’s IT security and confidentiality policies ensure that your information is protected, and accessed only by staff directly involved in your case.  

For information on how long your information will be held, please visit the retention page.

What rights do you have?

 The rights that you have depend upon the grounds on which we collected your information.  All of the rights you could have are outlined on the data protection rights page.  

In most cases, people who have been involved with the Fund will have the following rights:

• The right of access - you are entitled to see the information we hold about you 
  
• The right to rectification - we will amend the information accordingly, if any information the service holds about you is incorrect
  
• The right to restrict processing - you may wish to limit how we use your data 
• The right to object - in addition to the right to limit the use of your data, you also have a right to object to the use of your data for certain actions. Should you exercise your right to object, it will not limit the information you receive from the Fund, as we may still be required by law to provide you with certain information. In cases such as this the Fund will take appropriate steps to ensure your request is complied with but that it also fulfils any legal obligation it has to provide you with information or supply services
• The right to data portability - this is particularly relevant to members who may choose to transfer out of the Fund to another pension provider. The Fund will provide the information we hold about to your new pension provider in a format that they can use. The transfer would not take place without your consent.
  

 To exercise any of your above rights, please visit the data protection rights page for more information.

Where can I find out more?

If you would like to know more about how the council uses information, your rights or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance; contact details are available on the general privacy information page. Alternatively, you can contact the Information Commissioner's Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest and they handle public concerns regarding organisations information rights practices. 

Information Commissioner’s Office (external website)

When was this privacy notice last updated?

We will continually review and update this privacy notice to reflect any changes in our services, feedback from customers, and to comply with any changes in the law. This privacy notice was last updated on 26 January 2021.