Pensions fund privacy notice

For the members and beneficiaries of the London Borough of Waltham Forest Pension Fund

This notice is for members and beneficiaries of the London Borough of Waltham Forest Pension Fund (the “Fund”). It has been prepared by the London Borough of Waltham Forest (the “Administering Authority”, or “we”) in its capacity as the administering authority of the Fund.

As the Administering Authority of the Fund, we hold certain information about you (“personal data”) which we use to administer the Fund and to pay benefits from it. This notice is designed to give you information about the data we hold about you, how we use it, your rights about it and the safeguards that are in place to protect it.

The Administering Authority holds personal data about you in its capacity as data controller for the proper handling of all matters relating to the Fund, including its administration and management.

This includes:

• the need to process your data to contact you
• to calculate, secure and pay your benefits, for statistical and financial modelling and reference purposes. (For example, when we assess how much money is needed to provide members’ benefits and how that money should be invested), and to manage liabilities and administer the Fund generally.

Further information about how we use your personal data is provided below.

The legal basis for our use of your personal data will generally be one or more of the following:

a) we need to process your personal data to satisfy our legal obligations as the Administering Authority of the Fund; and/or

b) we need to process your personal data to carry out a task in the public interest or the exercise of official authority in our capacity as a public body; and/or

c) we need to process your personal data for the legitimate interests of administering and managing the Fund and liabilities under it.  Calculating, securing and paying benefits and performing our obligations, exercising any rights, duties and discretions the Administering Authority has about the Fund and/or

d) because we need to process your personal data to meet our contractual obligations to you about the Fund.  For example, under an agreement that you will pay additional voluntary contributions to the Fund, or to take steps, at your request, before entering into a contract.

The types of personal data we hold and process about you can include:

• Contact details, including name, address, telephone numbers and email address.
• Identifying details, including date of birth, national insurance number and employee and membership numbers.
• Information that is used to calculate and assess eligibility for benefits, for example, length of service or membership and salary information.
• Financial information is relevant to the calculation or payment of benefits, for example, bank account and tax details.
• Information about your family, dependents or personal circumstances, for example, marital status and information relevant to the distribution and allocation of benefits payable on death.
• Information about your health, for example, to assess eligibility for benefits payable on ill health, or where your health is relevant to a claim for benefits following the death of a member of the Fund.
• Information about a criminal conviction if this has resulted in you owing money to your employer or the Fund and the employer or Fund may be reimbursed from your benefits.

We obtain some of this personal data directly from you.

We may also obtain data:

• (for example, salary information) from your current or past employer(s) or companies that succeeded them in business
• from a member of the Fund (where you are or could be a beneficiary of the Fund as a consequence of that person’s membership of the Fund)
• and from a variety of other sources including public databases (such as the Register of Births, Deaths and Marriages)

Our advisers and government or regulatory bodies, including those in the list of organisations where we may share your personal data are set out below.

Where we obtain information concerning certain “special categories” of particularly sensitive data, such as health information, extra protections apply under the data protection legislation. We will only process your personal data falling within one of the special categories with your consent unless we can lawfully process this data for another reason permitted by that legislation. You have the right to withdraw your consent to the processing at any time by notifying the Administering Authority in writing. However, if you do not give consent, or subsequently withdraw it, the Administering Authority may not be able to process the relevant information to make decisions based on it, including decisions regarding the payment of your benefits.

Where you have provided us with personal data about other individuals, such as family members, dependants or potential beneficiaries under the Fund, please ensure that those individuals are aware of the information contained within this notice.

We will use this data to deal with all matters relating to the Fund, including its administration and management. This can include the processing of your personal data for all or any of the following purposes:

• to contact you.
• to assess eligibility for, calculate and provide you (and, if you are a member of the Fund, your beneficiaries upon your death) with benefits. 
• to identify your potential or actual benefit options.
• to allow alternative ways of delivering your benefits, for example, through the use of insurance products and transfers to or mergers with other pension arrangements.
• for statistical and financial modelling and reference purposes (for example, when we assess how much money is needed to provide members’ benefits and how that money should be invested).
• to comply with our legal and regulatory obligations as the administering authority of the Fund.
• to address queries from members and other beneficiaries and to respond to any actual or potential disputes concerning the Fund.
• the management of the Fund’s liabilities, including entering into insurance arrangements and selection of Fund investments.
• in connection with the sale, merger or corporate reorganisation of or transfer of a business by the employers that participate in the Fund and their group companies.

From time to time we will share your personal data with advisers and service providers so that they can help us carry out our duties, rights and discretions about the Fund. Some of those organisations will simply process your personal data on our behalf and in accordance with our instructions. Other organisations will be responsible to you directly for their use of personal data that we share with them. They are referred to as data controllers and we have highlighted them in the table below. You will be able to find out about their own data protection policies (which will apply to their use of your data) on their websites.

These organisations include the Funds:

Data processors

• Administrator – (currently Waltham Forest Council
• (Third-party) administrator – (currently PSS)
• Accountants and creditors – (currently Waltham Forest Council)
• Bureaus for mortality screening and locating members – (currently ATMOS)
• Overseas payments provider to transmit payments to scheme members with non-UK accounts – (currently Western Union)
• Printing companies – (currently Waltham Forest Council and Adare)
•  Pensions software provider – (currently Aquila Heywood
• Suppliers of IT, document production and distribution services SAP – CDS Print and Creative (Printing of Pension Payslips)

Data Controllers

• (Third-party) administrator – (currently PSS)
• Actuarial consultant – (currently Mercers)
• Scheme benefit consultant – (currently Mercers)
• Investment adviser – (currently Mercers)
• Additional Voluntary Contribution providers – (currently Clerical Medical and Equitable Life)
• Legal adviser – (currently Waltham Forest Legal Department and Sackis)
• Fund Actuary – (currently Mercers)
• Statutory auditor – (currently KPMG)
• External auditor – (currently KPMG)
• Internal auditor – (currently Waltham Forest Council)
• Occupational Health Provider – Medigold Health Consultancy
• LGPS National Insurance database – (South Yorkshire Pensions Authority)
• The Department for Work and Pensions
• The Government Actuary’s Department
• The Cabinet Office – for the purposes of the National Fraud Initiative
• HMRC
• The Courts of England and Wales – for processing pension sharing orders on divorce

In each case, we will only do this to the extent that we consider the information is reasonably required for these purposes.

In addition, where we make Fund investments or seek to provide benefits for Fund members in other ways, such as through the use of insurance, we may need to share personal data.  This could be with providers of investments, insurers and other pension scheme operators. In each case, we will only do this to the extent that we consider the information is reasonably required for these purposes.

From time to time we may provide some of your data to:

• your employer and their relevant subsidiaries
• potential purchasers of their businesses
• advisers to enable your employer to understand its liabilities to the scheme.

Your employer would generally be a controller of the personal data shared with it in those circumstances. For example, where your employment is engaged in providing services subject to an outsourcing arrangement, the Administering Authority may provide information about your pension benefits to your employer and potential bidders for that contract when it ends or is renewed.

Where requested or if we consider that it is reasonably required, we may also provide your data to government bodies and dispute resolution and law enforcement organisations. This includes those listed above, the Pensions Regulator, the Pensions Ombudsman and Her Majesty’s Revenue and Customs (HMRC). They may then use the data to carry out their legal functions.

The organisations referred to in the paragraphs above may use personal data to perform their functions about the Fund.  They may use it for statistical and financial modelling (such as calculating expected average benefit costs and mortality rates) and planning, business administration and regulatory purposes. They may also pass the data to other third parties.  For example, insurers may pass personal data to other insurance companies to obtain reinsurance, to the extent they consider the information is reasonably required for a legitimate purpose.

In some cases, these recipients may be outside the UK. This means your personal data may be transferred outside the EEA to a jurisdiction that may not offer an equivalent level of protection as is required by EEA countries. If this occurs, we are obliged to verify that appropriate safeguards are implemented to protect your data by applicable laws. Please use the contact details below if you want more information about the safeguards that are currently in place.

We do not use your personal data for marketing purposes and will not share this data with anyone for marketing to you or any beneficiary.

We will only keep your personal data for as long as we need to fulfil the purpose(s) for which it was collected.  We will keep it for as long afterwards as we consider necessary.  We may be required to deal with any questions or complaints that we receive about our administration of the Fund unless we elect to retain your data for a longer period to comply with our legal and regulatory obligations. In practice, this means that your personal data will be retained for such a period as you (or any beneficiary who receives benefits after your death) are entitled to benefits from the Fund and for 15 years after those benefits stop being paid. For the same reason, your personal data may also need to be retained where you have received a transfer, or refund, from the Fund in respect of your benefit entitlement.

You have a right to access and obtain a copy of the personal data that the Administering Authority holds about you and to ask the Administering Authority to correct your personal data if there are any errors or it is out of date.

In some circumstances, you may also have a right to ask the Administering Authority to:

• restrict the processing of your personal data until any errors are corrected
• to object to processing or transfer or
• (in very limited circumstances) to erase your personal data.

You can obtain further information about these rights from the Information Commissioner’s Office or via their telephone helpline (0303 123 1113).

If you wish to exercise any of these rights or have any queries or concerns regarding the processing of your personal data, please contact the Fund Administrator as indicated below. You also have the right to complain about this privacy notice or the Administering Authority’s processing activities with the Information Commissioner’s Office which you can do through the website above or their telephone helpline.

The personal data we hold about you is used to administer your Fund benefits and we may from time to time ask for further information from you for this purpose. If you do not provide such information, or ask that the personal data we already hold be deleted or restricted this may affect the payment of benefits to you (or your beneficiaries) under the Fund. In some cases, it could mean the Administering Authority is unable to put your pension into payment or has to stop your pension (if already in payment).

We may update this notice periodically. Where we do this we will inform members of the changes and the date on which the changes take effect.

Please contact the Fund administrator
Pensions Shared Service
PO Box 72351
London SW18 9LQ

Email: pensions@wandsworth.gov.uk

Telephone: 020 8871 8036

For further information 

You may also contact our data protection officer Mark Hynes
Director of Governance and Law,
Town Hall,
Forest Road,
London
E17 4JF