Tel: 0800 012 1117
Menu
Joining the RPS
In the Scheme
Retired
Resources
The Railways Pension Trustee Company Limited (the “Trustee”) and Railpen Limited (“Railpen”), each with its registered address at 100 Liverpool Street, London EC2M 2AT, are “joint controllers” in respect of your personal data for the purposes of applicable data protection legislation. The Trustee and Railpen are collectively referred to herein as (“Railpen”, “we”, “our” or “us”). If there is a Pensions Committee for your Section, it will also comply with applicable data protection legislation.
This privacy notice explains how we collect and process your personal data in connection with the administration of the Railways Pension Scheme (the “Scheme”), the BT Police Superannuation Fund, the British Railways Superannuation Fund, or any other pension fund administered by Railpen (each a “Fund”). It describes what personal data we collect about you, the basis upon which we process it, with whom it is shared, how it is stored and certain other important information relating to the protection of your personal data.
We collect and process your personal data for the following reasons:
If we wish to use your personal data for any other purpose, we will update this privacy notice.
Information we collect from or about you
We may collect and process the following types of personal data about you and, in some circumstances, your spouse, civil partner, partner or dependants, including but not limited to:
This information may be obtained from your current or former employer, government agencies, any financial or other adviser or representative acting on your behalf, service providers that allow us to verify the accuracy of your personal details (for example, to trace your current address or to verify your continuing existence), and from yourself.
You do not have to provide the information requested from you, but there may be a delay in the payment of your benefits if that information is not provided.
You may also need to provide us with personal data relating to other people (for example, your spouse, civil partner or dependants) for example when completing a nomination form. When you do so, you will need to check with them that they are happy for you to share their personal data with us and for us to use it in accordance with this privacy notice.
If you are acting on behalf of a child, may also process your personal data, which will be dealt with in accordance with this privacy notice.
What is our lawful basis for processing your information
Under applicable data protection legislation we must have a legal basis to process your personal data and this will be:
In certain circumstances, we will need your consent to collect and process your personal data; this is most likely where we are collecting information relating to your health (for example, in applying for ill health benefits). If we are processing your personal data on the basis of your consent, you can withdraw your consent at any time by contacting Railpen's Data Protection Officer (details set out in the “How to contact us” section below).
Disclosure of your information to third parties
From time to time, we may need to share your personal data with third parties. The types of third parties we may need to share some of your personal data with include:
Your personal data will also be disclosed to third parties:
Details of all of the main advisers to the Scheme are available in the Scheme's annual report and accounts, which are available on request by writing to us.
Most third parties with whom we share your personal data are limited (by law and by contract) in their ability to use your personal data for the specific purposes identified by us.
Certain third parties are independent controllers of your personal data. Typically this is because they are subject to legal or regulatory obligations. As such, they will be responsible for their own processing of your personal data to the extent that the processing activities relates to those obligations. The Scheme and Fund actuary and our professional advisors are typically independent controllers:-
How long do we retain your information
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
As pensions are a long-term saving vehicle, it may be necessary to retain your personal data for the remainder of your life and any dependants’ lives in order to administer the Scheme and Fund, and to deal with any questions or complaints we may receive about them.
When we no longer need your personal data, we will ensure that it is securely destroyed.
Transferring information outside the UK
In certain circumstances, your personal data may be transferred outside of the UK.
If we transfer personal data outside of the UK (for example to one or more of our service providers), we will take appropriate measures to ensure that your personal data is adequately protected in a manner which is consistent with this privacy notice and in accordance with applicable data protection law. This can be done in a number of ways, for instance:
In other circumstances the law may permit us to otherwise transfer your personal data outside the UK. In all cases, however, we will ensure that any transfer of your personal data is compliant with applicable data protection legislation.
The majority of our core systems, data, and administration services are all carried out and stored within the UK.’ However, TCS an international information technology service provider, based in India, provides maintenance support. Therefore, on rare occasions it may be necessary to transfer your data overseas to TCS.
As India is currently not on the UK Government’s list of countries providing adequate data protection, Railpen and TCS have entered into a data protection contract using the approved form of the model contractual clauses. These clauses contain enforceable data subject rights and effective legal remedies for data subjects against TCS.
You can obtain more details of the protection given to your personal data when it is transferred outside the UK (including a copy of the model contractual clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the “How to contact us” section below.
Your rights
You can exercise your rights by contacting our Data Protection Officer using the details set out in the “How to contact us” section below.
You can find out more information about your rights by contacting the Information Commissioner’s Office, or by searching their website at https://ico.org.uk/.
How do we keep your information secure
We are committed to protecting your personal data from loss, misuse, disclosure, alteration, unauthorised access and destruction. We take all reasonable precautions to safeguard the confidentiality of personal data.
Although we make every effort to protect the personal data which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge that we cannot guarantee the security of personal data transmitted to us over the internet, and that any such transmission is at your own risk.
Once we have received your personal data, we will use strict procedures and security features to prevent unauthorised access (and take steps to ensure that any third parties with whom we share your personal data do the same).
Other websites
How to contact us
If you wish to exercise any of your rights or have concerns about the processing of your personal data or wish to raise any issues in relation to data protection, including in relation to the use of it by Railpen, please contact the Data Protection Officer at:
Data Protection Officer
Railpen
Stooperdale Offices
Brinkburn Road
Darlington
Co Durham
DL3 6EH
Tel: 0800 012 1117
Email: csu@railpen.com
If you are unhappy with how your personal information is being handled, you also have the right to make a complaint to the Information Commissioner’s Office (www.ico.org.uk), an independent body set up to uphold information rights, which will investigate your complaint.
Changes to this notice
This privacy notice was last updated in September 2021.
Also in this section