Birmingham Airport Limited Pension Scheme Privacy Notice

Birmingham Airport Limited Pension Privacy Notice

This Notice has been designed to inform you about the use of your data by the Trustee and the Scheme Actuary of the Birmingham Airport Limited Pension Scheme. This Notice is designed to meet the Scheme’s obligations under data protection law, including the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (“data protection laws”). This Notice will be reviewed overtime to respond to changes in the Scheme, its advisors and the obligations that are placed upon the Scheme from time to time. This Notice sets out how and why we hold your data, including who we share your data with. We use the term data to mean personal data (also known as personal information).

Controllers

The Trustee of the Scheme is Birmingham Airport Pension Trustees Limited, with appointed directors of that Trustee Company. The Trustee of the Scheme needs personal information about you to run the Scheme and pay benefits. Similarly, other parties involved in running the Scheme will sometimes need to make decisions jointly with the Trustee about how your personal information will be used for those purposes, including the Scheme Actuary, who is Robert Hawkes of Barnett Waddingham LLP.

In accordance with guidance issued by the Information Commissioner’s Office (ICO) and the Institute and Faculty of Actuaries, the Trustee and Scheme Actuary of the Scheme are considered “joint data controllers” (the holders, users and processors of personal data) for the purposes of the data protection laws. This means we need to tell you some things about the personal information we have about you and your other dependents/beneficiaries and what your rights are in relation to it.

In this notice (which is known as a “Privacy Notice”) you will see information about what the Trustee does with your personal information and also what the Scheme Actuary does with it. We describe who to contact if you wish to exercise your rights under data protection laws in relation to the joint use we make of your information.

Except where stated otherwise, ‘we’ means both the Trustee and the Scheme Actuary where they are acting as joint data controllers in relation to your personal information (as described above).

We can be contacted through Barnett Waddingham’s member helpline 0344 443 4410.

What data do we hold and use?

We normally hold some or all of the following types of personal information:

• Personal details including your name, National Insurance number, gender, age, date of birth, postal and/or email address and telephone number
• Your gender (we use this to understand how long you are likely to receive your pension for and as part of your addressee details if we write to  you, e.g. ‘Mr, Mrs, Ms).’
• Details of your salary and employment history
• If your benefits from the Scheme derive from your employment, details of your employer when you were building up benefits in the Scheme, how long you worked for them and your salary from time to time
• Details of the value of your benefits in the Scheme
• Bank account information (where your benefits are in payment)
• Information about your tax position
• Details of your marital status (which may include the gender of your spouse or civil partner)
• Any information you have provided about who you would like to receive any benefits due on your death
• If your benefits form part of a divorce settlement, details of that settlement
• Your investments profile choice, where you have historically made additional voluntary contributions.
• Details of any benefits earned in a previous pension arrangement if you have transferred these into the Scheme
• Correspondence received about you from HMRC, relating to periods of service when you may have been contracted out of the upper tier of the state scheme.
• Correspondence that we may have received about you from your appointed independent financial adviser.
• Details in connection with your physical and mental health.

The Trustee may sometimes use other information about you. This could include information about your health where it is relevant to, for example, early payment of benefits from the Scheme, or details about personal relationships to determine who should receive benefits on your death. The Trustee might also, very rarely, have information about criminal convictions and offences, but only where it is relevant to the payment of Scheme benefits.

Where do we get your information from?

A lot of the information we have comes directly from you. In addition, Barnett Waddingham who administers the Scheme on behalf of the Trustee, may have obtained information from you and passed it to us. The Trustee may then in turn pass information about you to the Scheme Actuary or may instruct Barnett Waddingham as the administrator to do so. The Trustee is the source of the personal information which the Scheme Actuary may have about you.

Sometimes we get information from other sources – such as your employer such as your salary and length of service), from another scheme (if you have transferred benefits from that scheme), from government departments (such as HMRC and DWP), from publicly accessible sources (such as the electronic roll) or from a tracing agency if we have lost touch with you and are trying to find you, or from Government records regarding marriage, civil partnerships and divorce to verify marital status. The Trustee may then pass this onto the Scheme Actuary (as above).

Why we hold your personal information?

The Trustee holds your personal information to meet our legal obligations to provide benefits under the Scheme’s Rules and governing documentation and to meet other legal requirements in relation to the running of the Scheme.

The Trustee will use your personal information to comply with these legal obligations, to establish and defend its legal rights, and to prevent and detect crimes such as fraud. The Trustee may need to share your personal information with other people for this reason, such as courts and law enforcement agencies.

The Trustee also has a legitimate interest in properly administering the Scheme. This includes: paying benefits as they fall due; purchasing insurance contracts; communicating with you; and ensuring that correct levels of contributions are paid, benefits are correctly calculated and the expected standards of Scheme governance are met (including standards set out in Pensions Regulator guidance). The Trustee makes sure that your own interests are not outweighed or prejudiced by our legitimate interests.

Sometimes the Trustee may need to use very personal information about you (such as details about your health). In these circumstances, we may ask for your consent. Sometimes, there may be reasons of public interest or law which enables the Trustee to use this information about your health (or other very personal information such as details about personal relationships relevant to who should receive benefits on your death) without consent and it will do so where that is necessary to run the Scheme in a sensible way. You can withdraw your consent at any time by using the contact details above, although this may affect what the Trustee can do for you, unless it has another lawful reason for using your information. For example, if you apply for ill health early retirement and consent to us processing your health data for that, then withdraw that consent, we will usually be unable to consider your application. If you withdraw consent after our processing this will not retrospectively affect the processing that has already happened.

Sometimes, we need to use your personal data, including special categories of personal data, in order to establish, exercise or defend legal claims.

The Scheme Actuary uses your personal data to advise the Trustee on the financial management of the Scheme. This advice helps to ensure the Trustee is able to meet the obligations to pay your benefits, and is necessary to comply with obligations placed on them by legislation.

The Scheme Actuary may also use your personal data in research which assists actuaries in providing this type of advice - for example research into the mortality experience (life expectancy) of pension scheme members in general. This may include the provision of personal data, anonymised as far as possible, to a recognised external authority, such as the Continuous Mortality Investigation (CMI) which investigates mortality experience on behalf of the Institute and Faculty of Actuaries.

Who we will share your information with

The Trustee shares your personal information with the Scheme’s administrator Barnett Waddingham, Scheme Actuary and Additional Voluntary Contribution providers, and any new trustees or trustee directors. They may also share data with the Trustee’s other professional advisers (including the Scheme Auditor and pension consultants) and regulatory bodies (including, but not limited to, HM Revenue and Customs, the Department for Work and Pensions and the Pensions Regulator).

The Trustee can share your data with the employer for the purposes of providing you with options about your benefits and additional options which may be available to you in relation to those benefits.

Your data may be shared with other parties for particular activities such as printing, confirmation of address/existence, IT and data storage and archiving, and tracking and tracing services.

Also, if your benefits are transferred to another scheme, we will also need to provide the administrators of that scheme with information about you.

The Trustee may also share your personal information with someone else where you have given your consent – for example, where you seek advice from a financial adviser or where you transfer your benefits out of the Scheme.

We may need to share personal data with insurers in relation to purchasing and pricing up insurance contracts called ‘annuities’ (unless that can happen based on anonymized data). Insurers will use that data to verify the assets and liabilities of the Scheme. We may write to you before purchasing an annuity to ask for up to date information about your spouse/partner/children/other dependents to this end.

We will share your personal data when we purchase the annuity and at that stage the insurer will typically share information with its chosen re-insurer. Sometimes the insurer’s privacy notice will mention who itsre-insurer is and how to see its privacy notice (either giving you a link to it online or explaining where it can be seen or by providing a copy of it). The Trustee will usually need to write to members to explain about the particular annuity and who the insurer is. In this way you can know who holds your personal data and how to exercise your rights against them. The following categories of personal data would typically be shared with insurers: Scheme membership ID number; marital status and details about spouse/partner; DOB; information about annual pensions increases; pension/benefit amounts payable; age at retirement; service length and retirement.

A comprehensive list of parties with whom data may be shared is set out in the Trustee’s formal Data Mapping document, available on request by contacting the helpline above.

Scheme Actuary:

The Scheme Actuary is appointed by the Trustee to value the Scheme benefits and carry out other calculations in relation to your Scheme benefits. He will use your personal information for this purpose and has a legitimate interest in doing so. The Scheme Actuary will also use your personal information to comply with his own legal obligations and may need to share your details with other people for legal reasons, such as courts and law enforcement agencies. He may also share it with his own professional advisers, auditors and insurers, IT and data storage providers and other service providers.

Sometimes, your information may be used by the Trustee and the Scheme Actuary for statistical research, but only in a form that no longer identifies you.

How to contact the other people we give your personal information to:

Some of the people mentioned above just use your personal information in the way we tell them. However, others may make their own decisions about the way they use this information to provide their services, perform their functions, or comply with their regulatory requirements. In such a case, they have responsibilities as data controllers in their own right. This means that they are subject to the same legal obligations as the Trustee in relation to your information and the rights you have in relation to your information apply to them, too.

Security of your personal information

Protecting your data is very important to us. When we pass your information to a third party, we seek to ensure that they have appropriate security measures in place to keep your information safe and to comply with general principles in relation to data protection.

Other than in very limited circumstances, your data will not be stored, processed or transferred outside of the United Kingdom, but in the event this did happen, we will ensure appropriate protection is in place for your data. Some countries already provide adequate legal protection for your personal information, but in other countries, additional steps will need to be taken to protect it.

You can contact us for more information about the safeguards we use to ensure that your personal information is adequately protected in these circumstances (including how to obtain copies of this information).

Transfers outside the UK can happen lawfully if:

• the personal information is transferred at the request and with the consent of the Scheme member in relation to his/her own benefits (or those of a dependent or beneficiary, as appropriate);
• the country to which the personal information is being transferred is deemed to provide for adequate protection for personal data by the UK secretary of state and/or the UK’s Information Commissioner who (depending on the circumstances) determine adequacy;
• an appropriate standard contractual clauses contract has been put in place with the third party/parties to whom the personal information will be transferred, containing appropriate safeguards in relation to it; or
• the transfer is within a group of companies who have obtained Binding Corporate Rules.

How long do we keep your data for?

We will hold your data for as long as necessary to meet our obligations to pay the benefits to you under the Scheme and so that we have enough information to deal with any queries relating to your benefits that might arise in the future and because trustees of pension schemes can commonly face complaints or questions from members, former members, other individuals or regulatory authorities many years after a member / beneficiary has ceased to be entitled or prospectively entitled to benefits, some personal information may need to be kept indefinitely.

Your rights

You have a number of rights in relation to the data we hold about you. In particular, you have the right to:
• obtain a copy of your personal data
• have your personal data rectified if it is inaccurate and completed if it is incomplete
• in particular circumstances, have your personal data deleted or removed
   • request access to your information and to obtain information about how we process it;
   • in particular circumstances, move, copy or transfer your information
• in particular circumstances, object to your personal data being processed and to restrict the processing of your personal data in certain circumstances

You can exercise all of these rights free of charge except in some very limited circumstances, and we will explain these to you where they are relevant.

To exercise these rights, please use our administrator Barnett Waddingham’s contact details, which are set out earlier. The administrator can also supply more information about these rights to you, on request.

Please do let us know if at any time your information needs to be updated.

Further information

Should you have any further questions about how we use your personal information, you can contact our administrator Barnett Waddingham using the helpline as set out earlier.

If you have concerns about the way we handle your data, you have the option of contacting the Information Commissioner’s Office (ICO). Details of how to contact the ICO can be found at its website at https://ico.org.uk/. The website also includes further details about UK GDPR and your rights under UK GDPR.