GDPR Data Privacy Notice
One Pension Consultancy LLP has produced this privacy notice in order to keep you informed of how we handle your personal data. All handling of your personal data is done in compliance with the General Data Protection Regulation (EU) 2016/679 (“Data Protection Legislation”).
What are your rights?
When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:
• The right to be informed of how your Personal Data is used (through this notice);
• The right to access any personal data held about you;
• The right to rectify any inaccurate or incomplete personal data held about you;
• The right to erasure where it cannot be justified that the information held satisfies any of the
criteria outlined in this policy, or where you have withdrawn consent;
• The right to prevent processing for direct marketing purposes, scientific/historical research or
in any such way that is likely to cause substantial damage to you or another, including through
profile building; and
• The right to object to processing that results in decisions being made about you by automated
processes and prevent those decisions being enacted.
Who is the Data Controller?
If we have collected your personal data directly from you, we, One Pension Consultancy LLP (with registered number OC306990 and address 2 Venture Road, Chilworth, Southampton, Hampshire, SO16 7NP) are the Data Controller.
If your data has been passed to us by a third party, the third party who instigated the collection of your personal data is the Data Controller. They should have notified you that they would be passing your personal data to us at the time they collected your data and within their own privacy notices/policies, naming us as a Data Processor or Sub-Processor.
Why are we processing your data?
We process your personal data for the purpose of responding to an enquiry from you and/or providing services to you, either directly or via your employer. Our services include the provision of advice in the areas of corporate pensions, employee benefits, wealth management and retirement solutions.
This processing is conducted lawfully on the basis of article 6, section 1, sub-sections:
• a – ‘your consent’ (where you are an individual client or where you provide information via an
enquiry on our website); or
• b – ‘performance of a contract’ (where you are an employee of a corporate client).
Where did One Pension Consultancy LLP acquire your personal data?
We may acquire personal data from you directly, or we may receive it from a corporate client with whom we have a contract. Under the terms of such corporate client contract, we have been contracted to provide consultancy services to the client and to its employees.
What categories of personal data are processed?
We will capture and process the following types of personal data:
• Name and contact information (including email address, home address, telephone number)
• Financial information (including bank details)
• Information on assets and liabilities including policies you may hold
• Medical information which you provide to us in respect of an insurance claim or application.
We may also need to receive information to validate your identity such as; birth certificate, marriage certificate, passport, bank statement, utility statement.
Who else will receive your personal data?
We do not pass any of your Personal Data to outside organisations and/or individuals, except those that assist us in providing our services to you and then only to the extent necessary. Such third parties will include organisations whose services you expressly request and various insurance and pension providers. We have in place appropriate contracts with all those with whom we share your Personal Data.
Other than as stated above, we will not disclose, sell, distribute or lease your Personal Data to third parties unless we have your permission or are required by law to do so. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Third Party Processing
Where Personal Data is processed by a third-party technology provider on our behalf, we will have a contract in place to govern that relationship in accordance with Data Protection Legislation. We will remain responsible for the protection and safe processing of your data, even if we use a third party to help us process it.
Our technology providers currently include; Iress, Cobweb, SharePoint, Filestream and Intelligent Office Software.
Does your data leave the EU?
The majority of your information is processed in the UK and European Economic Area (EEA). If any information is passed outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK / EEA data privacy laws e.g.
we will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.
How long will your personal data be kept?
One Pension Consultancy holds different categories of personal data for different periods of time. We will keep data long enough as is necessary to fulfil any contract we may have with you, but also to meet our legal obligations. In retaining data, we will strike a balance between:
(1) Retaining data long enough to:
• Undertake any remedial work for you;
• Provide any information required by a regulator, HMRC or other law enforcement agency;
• Defend any legal action which may be made against us; and
(2) Not keeping data longer than the applicable Data Protection Legislation allows.
We are committed to ensuring that your Personal Data is secure and comply fully with all applicable Data Protection Legislation. In order to prevent unauthorised access, use or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Our security technologies and procedures are regularly reviewed to ensure that they are up to date and effective.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Full details of our IT security measures are available upon request.
Who can you complain to?
Our Data Protection Lead is Duncan Revolta. All queries, requests to exercise a right, or complaints regarding your Personal Data should be forwarded to him at firstname.lastname@example.org.
If you believe that we have failed to comply with our duties under Data Protection Legislation you also have the option to lodge a complaint with the Information Commissioner’s Office by visiting www.ico.org.uk/concerns/ or by calling telephone number 0303 123 1113.
We keep this Privacy Notice under regular review. This Privacy Notice was last updated in April 2020.