Fair Processing Notice

Self-invested Personal Pension (SIPP)

We know how important privacy is to you. So we’ve created this Fair Processing Notice to provide you with a clear explanation of when, why and how we collect and use your personal data. We’ve designed it to be as user friendly as possible, and have labelled sections to make it easy for you to navigate to the information that may be most relevant to you.

Please read this Notice with care, it applies to any personal data we have collected or will collect about you for the purposes set out in section 2. It provides important information about how we use your personal data and explains your legal rights. This Notice does not override the rights you have available under data protection law. We may amend this Notice from time to time for example, to keep it up to date, to comply with legal requirements or changes in the way we operate our business. We will publish updates to this Notice on our web site.

 


Definitions

Notice – This Fair Processing Notice. Also referred to as a Privacy Notice.

We, us – JLT Benefit Solutions Limited. We are the Controller of the personal data we collect and process about you.

Your Personal Data - The personal data that we collect and process about you.

Special Category Data - Categories of information that require enhanced protection measures. This includes, for example, health related information.

Processing – Any set of actions which is performed on Personal Data such as collecting, recording, organising, structuring, storing, altering, retrieving, using, disclosing or destroying.

Controller – The person or body that determines the purposes and means of processing.

Processor – The person or body that processes Personal Data on your behalf.

Profiling - Using automated processes without human intervention (such as computer programmes) to analyse your personal data in order to evaluate your behaviour or to predict things about you, such as your likely risk profile. 

FCA – The Financial Conduct Authority, a financial regulatory body.

tPR – The Pensions Regulator, a regulatory body.

ICO - The Information Commissioner's Office who are the Supervisory Authority for the processing of personal data by all UK organisations. See www.ico.org.uk for more information.

Service Providers - Third parties to whom we outsource certain functions of our business. For example, we have service providers who provide / support 'cloud based' IT applications or systems, which means that your personal data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of personal data.

 


 

1. Who is responsible for looking after your personal data?

We, JLT Benefit Solutions Limited, are responsible for the information that we collect and process about you.

 


 

2. What do we use your personal data for?

We use your personal data to:

  • verify your identity (including sanctions check);
  • implement a pension scheme;
  • calculate and process payment of benefits; to respond to and manage change of address/name, transfers, contributions, divorce, death, bankruptcy etc.; to store death benefit nomination information on receipt;
  • carry out tasks such as arranging for monies to be invested and disinvested accordingly;
  • submit claims and reports to HM Revenue & Customs (HMRC), The Pensions Regulator etc.;
  • administer serious ill health and ill health retirements;
  • support our controls and management information;
  • improve our processes and use of technology; and
  • meet our legal and regulatory obligations.

We have set out the legal basis we use for collecting and using your personal data below.

 


 

3. What personal data do we collect?

We will only collect your personal data where it is relevant for the purposes set out in Section 2. The information we collect may include:

 Categories of personal data  Examples of personal data we may collect
 Personal attributes  Name; Age or date of birth; National Insurance Number; Marital information (including divorce).
 Personal directory  Address (including postcode). Email address; Telephone numbers; Passport; Utility bills; Birth certificate.
 Financial data  Pension; Bank account information; Other financial information e.g. fund values, insured amounts.
 Special categories of data  Medical diagnosis; Health information.
 Background checks Outside Directorships & external business interests

Certain additional information may be collected where this is necessary for us to fulfil our responsibilities under the terms of the trust and relevant regulation.

From time to time, you may need to provide us with someone else’s personal data, e.g. your dependants, nominated beneficiaries, power of attorney etc. Wherever possible, you should take steps to inform them that you need to disclose their details to us, obtain their consent to do so and identify us as the party with whom you are sharing their information. Please provide them with a copy of this Notice.

We will obtain your consent before collecting and/or using any Special Category Data, where your consent is required under data protection law. If you provide your consent, you may withdraw that consent at any time. However, you should be aware that if you choose to withdraw your consent to collect or use Special Category data then we may be unable to continue to provide services to you. If you choose to withdraw your consent we will tell you about the possible consequences at that time.

 


 

4. Who do we collect your personal data from?

We will collect information from you and your employer, if applicable, over the course of our dealings with you. We may also obtain information from other sources such as public registers, other online sources, credit reference agencies and other reputable organisations.

 


 

5. Who do we share your personal data with?

We work with the SIPP trustee, other members of the JLT Group and other Service Providers to help manage the Scheme and to deliver services to you. You should be aware that your information may be held on JLT databases which can be accessed by JLT Group companies. These parties may from time to time need to have access to your personal data.

The Service Providers may include:

  • Financial institutions with whom you have assets;
  • Providers of pension transfer analysis calculations, suitability reports and portfolio valuations;
  • Businesses who help manage our IT and back office systems;
  • Credit reference agencies and organisations working to prevent fraud in financial services; and
  • Auditors and other professional services firms.

We may be under legal or regulatory obligations to share your personal data with public authorities, government bodies, courts, regulators (which may include the FCA, tPR and ICO) and law enforcement agencies in the E.U. and around the world. Also, if the JLT Group were to sell part of their businesses they may need to transfer your personal data to the purchaser of such businesses.

We will not share your personal data with third parties for marketing purposes.

 


 

6. International transfers

From time to time we may need to share your personal data with members of the JLT Group or with other Service Providers who may be based outside of the European Economic Area (EEA).

We always take steps to ensure that any international transfer of information is managed carefully and in accordance with data protection law to protect your rights and interests. These measures include:

  • Transfers of your personal data to countries which are recognised as providing an adequate level of legal protection;
  • Transfers within the JLT Group where they have entered into Standard Contractual Clauses or an intra-group agreement, both of which give specific contractual protections designed to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within the JLT Group; and
  • Transfers to Service Providers protected by prior due diligence and contractual commitments such as signing the Standard Contractual Clauses and, where available, further assurances such as certification schemes.

We may also share your personal data with a third party (e.g. fund manager, product provider) outside of the UK that you have selected.  This transfer will be necessary for you to enter into the contract or for the performance of that contract between you and that third party.

You have the right to ask us for more information about our safeguards. Please contact us if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality).

 


 

7. How do we keep your personal data secure?

We take data security seriously. To reflect this, we’ve put in place a clear chain of responsibility when it comes to security. Our JLT Group Chief Information Security Officer (CISO) and CISO office are responsible for helping all JLT entities protect personal data and manage security risks. The CISO office does this by developing, monitoring and reviewing their information security framework policies and standards. Our Privacy and Security Statement can be found here.

 


 

8. How long do we keep your personal data?

We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 2 of this Notice, including meeting legal, regulatory, tax and accounting requirements. We also retain your personal data so that we have an accurate record of your dealings with us in the event of any complaints or disputes, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings. This means that we may keep your personal data for a period of time after we have ceased to provide you with services. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business on a day to day basis.

 


 

9. What are your rights?

You have a number of rights in relation to your personal data. You may request access to your data, correction of any mistakes in our files, erasure of records where no longer required and restriction on the processing of your data. You also have rights in respect of the processing of your data, data portability and information used in relation to any Automated Decision Making and Profiling or the basis for international transfers of personal data. You can find out more information about your rights by clicking on this link.

Where we rely on our legitimate interests to obtain and use your personal data then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests. 

Where processing is carried out based upon your consent, you have the right to withdraw that consent. You may also exercise a right to complain to your Supervisory Authority. If you would like to exercise any of your rights then please click on this link.

 


 

10. Contact, further information, queries and complaints

JLT Premier Pensions is your primary point of contact for all matters arising from this Notice, including requests to exercise your rights set out in section 9.

If you have any query, complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the matter as soon as possible. You also have a right to lodge a complaint with the ICO at any time.

If you would like more information, please contact our Data Protection Officer by emailing EB_DataProtectionOfficer@JLTGroup.com.

 


 

What is the legal basis on which we process your personal data?

Activity

The legal basis for the processing of your personal data

To verify your identity (including sanctions check).

Performance of a contract

To implement a pension scheme.

Performance of a contract

To calculate and process payment of benefits; to respond to and manage change of address/name, transfers, contributions, divorce, death, bankruptcy etc.; To store death benefit nomination information on receipt.

Performance of a contract

To carry out tasks such as managing our and your funds ensuring monies recorded, invested and disinvested accordingly.

Performance of a contract

To submit claims to HM Revenue & Customs (HMRC), The Pensions Regulator etc.

Legal obligation

To administer serious ill health and ill health retirements.

Consent

To support our controls and management information

Legitimate interest

 To improve our processes and use of technology

 Legitimate interest
 To comply with legal and regulatory obligations.

 Legal obligation

 

Your rights

Your right

What this means

Access

You can ask us to:

  • confirm whether we are processing your personal data;
  • give you a copy of that data;
  • provide you with other information about your personal data to the extent that information has not been provided to you in this Notice, such as what data we hold about you, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any Automated Decision Making or Profiling.

Rectification

You can ask us to rectify inaccurate personal data. We may seek to verify the data before rectifying it.

Erasure

You can ask us to erase your personal data, but only where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see 'Objection' below); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which we are subject.

We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances where we would deny that request.

Restriction

You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

  • you contest the accuracy of your personal data (see Rectification), to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

    We can continue to use your personal data following a request for restriction, where:

  • we have your consent (for example to process a claim); or
  • to establish, exercise or defend legal claims; or
  • to meet legislative or regulatory requirements or
  • to protect the rights of another natural or legal person.

Portability

You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another Controller, but in each case only where the processing is based on your consent or the performance of a contract with you; and the processing is carried out by automated means.

Objection

You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

International Transfers

You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Economic Area. We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.

Supervisory Authority

You have a right to lodge a complaint with your local supervisory authority about our processing of your personal data. In the UK, the supervisory authority for data protection is the ICO. We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.