The Somerfield Pension Scheme (the 'Scheme')
Privacy notice for UK General Data Protection Regulation (GDPR)
We, TCG Southern Trustees Limited, are the Trustee of the Scheme. We are committed to protecting your information and acting in accordance with your rights under data protection law.
Collection of your information
We collect and use the following information about you:
Some of this information is collected directly from third-parties, such as your employer, your previous pension schemes, government departments and publicly available records.
Where applicable, we also collect information about your dependants or next of kin (for example, when you submit a nomination form, or where we collect marriage and birth certificates, for example at your retirement or when deciding how to distribute death benefits). You should therefore provide a copy of the information in this notice to those individuals.
We also have a legal obligation to carry out due diligence checks in the event of a pension transfer request, which may mean that we are obliged to ask you for additional information. For instance:
How we use your information
We use your information for the following purposes:
a) communicating with you in relation to the Scheme, including any changes to your benefits and contributions and working with the Co-op to provide you with a copy of the Co-op’s pensioner magazine Evergreen (or its replacement from time to time);
b) for general administration of the Scheme, including: to record and pay benefits; for actuarial valuations; for reviews we or our administrators conduct for statistical and reference purposes; and for other checks or administrative activities that may become necessary from time to time (like member tracing) should we happen to lose contact with you or to prevent fraud;
c) for meeting our on-going regulatory and compliance obligations, or to comply with any applicable legal or regulatory reporting or disclosure requirements;
d) to monitor and improve our processes and our use of technology, including testing and upgrading of systems, and to learn about other processes we can use to improve the administration of the Scheme; and
e) when we undertake activities to help us manage the liabilities of the Scheme, including (for example):
Our use of your information as described above is permitted by applicable data protection law because it is:
(i) necessary for our legitimate interests in pursuing the purposes set out in (a) to (e) above - a balancing test always has to be applied when we rely on legitimate interests to ensure that our own interests are not outweighed by any impact on your interests, rights and freedoms;
(ii) when we make the disclosures to a sponsoring employer (i.e. an employer with responsibilities for meeting the liabilities of the Scheme – this is typically a company that is part of the Co-operative Group or is a former member of the Co-operative Group) for the audit and corporate transaction purposes referred to below, necessary for that sponsoring employer’s legitimate interests in meeting regulatory responsibilities and conducting proper operational management;
(iii) required to meet our legal or regulatory responsibilities, including when we make the disclosures to authorities, regulators or government bodies referred to below;
(iv) necessary for the performance of a task carried out in the public interest;
(v) when we use special categories of personal data:
(vi) used with your consent which we obtain from you from time to time, such as when you ask us to make disclosures or allocate benefits or where the Scheme rules require you to provide information which we cannot otherwise use without your consent – you may withdraw your consent and this may limit the benefits that you are able to receive.
Where the personal data we collect from you is needed to meet our legal or regulatory obligations or to pay benefits to you or your nominated beneficiaries, if we cannot collect this personal data we may be unable to record or pay your or your beneficiaries’ benefits.
When the Trustee needs to use information about your health, it may ask for your consent. However, sometimes there may be reasons of public interest or law which enable the Trustee to use information about your health without consent, and the Trustee will do so where that is necessary to run the Scheme in a sensible way. This applies to other very personal information too, such as information in a gender recognition certificate; information given by members (without a formal certificate) who identify with a different gender than their birth gender and want correspondence to reflect this; details about personal relationships relevant to who should receive benefits on your death.
Disclosures of your information
We share some or all of your information with the following recipients as and when it becomes necessary:
We may need to share personal data with insurers in relation to the purchase and pricing of insurance contracts called ‘annuities’ (unless that can happen based on anonymised data). Insurers will use that data to verify the assets and liabilities of the Scheme. We may write to you before purchasing an annuity to ask for up-to-date information about your spouse/partner/children/other dependants, for this purpose.
We will share your personal data when we purchase the annuity, and at that stage the insurer will typically share information with its chosen re-insurer. Sometimes the insurer’s privacy notice will mention who its re-insurer is and how to see its privacy notice (either giving you a link to it online or explaining where it can be seen or by providing a copy of it). We will usually need to write to members to explain about the particular annuity and who the insurer is. In this way you can know who holds your personal data and how to exercise your rights against them.
The following categories of personal data would typically be shared with insurers:
- Scheme membership ID number;
- marital status and details about spouse/partner;
- date of birth;
- information about annual pensions increases;
- pension/benefit amounts payable;
- age at retirement;
- service length and retirement date.
In January 2019, the Trustee insured pensions in payment of £1,700 a year or more from the Scheme with Pension Insurance Corporation plc (PIC). A copy of PIC’s privacy notice for members of schemes who have an insurance policy with PIC is available online at: https://www.pensioncorporation.com/content/dam/pic/corporate/documents/privacy-notices/privacy-notice-buy-in.pdf.downloadasset.pdf
Transfers of your information abroad
The use and disclosure of your information, including for the purpose referred to in (e) above, may involve transferring your information outside of the UK. In those cases, except where the relevant country has been determined by the relevant public authority to ensure an adequate level of data protection, we will ensure that the transferred information is protected, for example by a data transfer agreement in the appropriate standard form approved for this purpose by the relevant authority in the United Kingdom. Further details of these transfers including copies of any data transfer agreements we use are available from us on request.
Retention of your information
We keep your information for the longer of the period required in order to meet our legal or regulatory responsibilities, and the period envisaged within our data protection policy. We determine the period envisaged within such documentation with regard to the Scheme’s operational and legal requirements, such as facilitating the payment of benefits to you or your nominated beneficiaries, calculating and managing the liabilities of the Scheme, and responding to legal claims or regulatory requests.
At present, our policy is to retain your information for as long as it is required, subject to a maximum retention limit of 20 years following the termination and winding-up of the Scheme. This means that we will continue to hold your information even if you have withdrawn or transferred your benefits out of the Scheme in full. This is to ensure that we are able to respond appropriately if a former member or beneficiary raises a query or complaint as to the benefits due from the Scheme.
You have rights under data protection law to access and correct your information and (in some circumstances) to restrict its use or have it deleted.
You also have the right to object to the processing of your information in some circumstances, and to tell us that you do not wish to receive marketing information.
You can exercise any of these rights by contacting our privacy office at the details set out below.
You also have the right to withdraw your consent to the use of your information, to the extent such use is based on your consent. You can notify us of your withdrawal of consent by contacting us at the details set out below. Your withdrawal of consent will not have any retrospective effect on the processing that has already been carried out.
You can exercise all of these rights free of charge except in some very limited circumstances, and we will explain these to you where they are relevant.
You can also lodge a complaint about our processing of your personal information with the Information Commissioner in the UK or, if you live elsewhere in the European Economic Area, with the supervisory authority in your home country. Details for the office of the Information Commissioner in the UK are available at www.ico.org.uk.
Further information may be required to carry out requests
In some cases, it may be necessary to obtain additional information from you, such as in order to carry out your request for a transfer or allocation of benefits. We will notify you when your information is required for this purpose.
Status of this privacy notice
This privacy notice was updated in December 2022. It is a notice explaining what we do, rather than a document that binds us or any other party contractually. We reserve the right to amend it from time to time, and will take appropriate steps to bring any such amendments to your attention.
TCG Southern Trustees Limited
c/o Department 10406
1 Angel Square,
0330 606 1000
Privacy Office Contact:
Data Protection Team
1 Angel Square