The Railways Pension Trustee Company Limited (the “Trustee”) and Railpen Limited (“Railpen”), each with its registered address at 100 Liverpool Street, London EC2M 2AT, are “joint controllers” in respect of your personal data for the purposes of applicable data protection legislation.
The Trustee and Railpen are collectively referred to herein as (“Railpen”, “we”, “our” or “us”). If there is a Pensions Committee for your Section, it will also comply with applicable data protection legislation.
This privacy notice explains how we collect and process your personal data in connection with the administration of the Railways Pension Scheme (the “Scheme”), the BT Police Superannuation Fund, the British Railways Superannuation Fund, or any other pension fund administered by Railpen (each a “Fund”). It describes what personal data we collect about you, the basis upon which we process it, with whom it is shared, how it is stored and certain other important information relating to the protection of your personal data.
How we use your information
We collect and process your personal data for the following reasons:
to administer and manage the Scheme and the Funds, including paying you any benefits you are entitled to under them (as applicable);
to communicate with you about your benefits, and the Scheme and the Funds in general;
to trace you and other beneficiaries;
to establish your identity and eligibility for benefits;
to obtain actuarial, statistical and financial modelling calculations in order to inform and guide the Trustee about Scheme and Fund investment and funding matters;
to record and update member records to ensure information is correct and to prevent and detect fraud;
to prepare accounts for the Scheme and the Funds, and to assist Railpen’s auditors;
to pay tax charges, including reporting to HM Revenue & Customs;
to support Railpen’s compliance with legal obligations, such as reporting to relevant authorities, independent regulators, and government bodies, including to respond to compulsory questionnaires from the Pensions Regulator and Office of National
Statistics (these are usually completed on an anonymous basis);
to comply with Railpen’s legal obligations, any relevant industry or professional rules and regulations or any applicable voluntary codes;
to maintain compliance with internal policies and procedures; and/or
to comply with court orders and/or in connection with legal proceedings or disputes.
If we wish to use your personal data for any other purpose, we will update this privacy notice.
Information we collect from or about you
We may collect and process the following types of personal data about you and, in some circumstances, your spouse, civil partner, partner or dependants, including but not limited to:
contact details such as name, home address, telephone number and personal e-mail address;
national insurance number;
gender and date of birth;
marital status, next of kin and family / dependants;
dates on which you joined and left pensionable service;
financial details such as your salary information;
information relating to any pension sharing or earmarking order (if your marriage or civil partnership ends);
information about pension benefits you have accrued, investment choices and death benefit nomination forms;
tax information and any protections that you may have in relation to your pension benefits; and/or
your bank account details.
This information may be obtained from your current or former employer, government agencies, any financial or other adviser or representative acting on your behalf, service providers that allow us to verify the accuracy of your personal details (for example,
to trace your current address or to verify your continuing existence), and from yourself.
You do not have to provide the information requested from you, but there may be a delay in the payment of your benefits if that information is not provided.
You may also need to provide us with personal data relating to other people (for example, your spouse, civil partner or dependants) for example when completing a nomination form. When you do so, you will need to check with them that they are happy
for you to share their personal data with us and for us to use it in accordance with this privacy notice.
If you are acting on behalf of a child, may also process your personal data, which will be dealt with in accordance with this privacy notice.
What is our lawful basis for processing your information
Under applicable data protection legislation we must have a legal basis to process your personal data and this will be:
to comply with our legal and regulatory obligations;
to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
where we have obtained your consent;
to perform our contractual obligations; or
for our legitimate business interests, such as:
to administer and manage the Scheme and the Funds, including paying you any benefits you are entitled to under them (as applicable);
to communicate with you about your benefits, and the Scheme and the Funds in general;
to trace you and other beneficiaries;
to establish your identity and eligibility for benefits;
to obtain actuarial, statistical and financial modelling calculations in order to inform and guide the Trustee about Scheme and Fund investment and funding matters;
to record and update member records to ensure information is correct and to prevent and detect fraud; and/or
to maintain compliance with internal policies and procedures.
In certain circumstances, we will need your consent to collect and process your personal data; this is most likely where we are collecting information relating to your health (for example, in applying for ill health benefits). If we are processing
your personal data on the basis of your consent, you can withdraw your consent at any time by contacting Railpen's Data Protection Officer (details set out in the “How to contact us” section below).
Disclosure of your information to third parties
From time to time, we may need to share your personal data with third parties. The types of third parties we may need to share some of your personal data with include:
your current or former employer;
pension schemes with which the person whose personal data we are processing has an association;
our professional advisors, including:
the Scheme or Fund actuary – this is an actuary who is personally appointed to provide advice on the funding of the Scheme or Fund. The actuary will be supported by an actuarial team who will also have access to your personal data;
the Scheme or Fund auditor – they prepare the Scheme's or Fund’s annual accounts and audit them for us; and
the Scheme or Fund legal advisor – they advise us on all legal issues affecting the Scheme or Fund;
government agencies (for example, HM Revenue and Customs);
ombudsmen and regulatory authorities;
companies that provide services to us, such as printers, IT and communication providers, including providers of email archiving, back-up and disaster recovery and cyber security services;
with our business partners who are contractually obliged to comply with appropriate data protection obligations; and/or
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or any lawful request from any legal or regulatory authority; and/or
to respond to any claims, and to establish, exercise or defend our legal rights.
Details of all of the main advisers to the Scheme are available in the Scheme's annual report and accounts, which are available on request by writing to us.
Most third parties with whom we share your personal data are limited (by law and by contract) in their ability to use your personal data for the specific purposes identified by us.
Certain third parties are independent controllers of your personal data. Typically this is because they are subject to legal or regulatory obligations. As such, they will be responsible for their own processing of your personal data to the extent that
the processing activities relates to those obligations. The Scheme and Fund actuary and our professional advisors are typically independent controllers:-
Willis Towers Watson provides actuarial services for the Railways Pension Scheme and the British Railways Superannuation Fund and is an independent controller in respect of your personal data which it processes to provide these services. Its privacy
notice is available at www.willistowerswatson.com/personal-data
XPS Pensions Group provides actuarial services for the BT Police Superannuation Fund and is an independent controller in respect of your personal data which it processes to provide these services. Its privacy notice is available at https://www.xpsgroup.com/legal-regulatory/privacy-policy
How long do we retain your information
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.
As pensions are a long-term saving vehicle, it may be necessary to retain your personal data for the remainder of your life and any dependants’ lives in order to administer the Scheme and Fund, and to deal with any questions or complaints we may
receive about them.
When we no longer need your personal data, we will ensure that it is securely destroyed.
Transferring information outside the UK
In certain circumstances, your personal data may be transferred outside of the UK.
If we transfer personal data outside of the UK (for example to one or more of our service providers), we will take appropriate measures to ensure that your personal data is adequately protected in a manner which is consistent with this privacy notice
and in accordance with applicable data protection law. This can be done in a number of ways, for instance:
the country that we send your personal data to might be approved by the UK Government as having adequate level of protection; or
the recipient might have signed up to a contract based on “model contractual clauses” approved by the Information Commissioner’s Office, obliging them to protect your personal data.
In other circumstances the law may permit us to otherwise transfer your personal data outside the UK. In all cases, however, we will ensure that any transfer of your personal data is compliant with applicable data protection legislation.
The majority of our core systems, data, and administration services are all carried out and stored within the UK.’ However, TCS an international information technology service provider, based in India, provides maintenance support. Therefore, on
rare occasions it may be necessary to transfer your data overseas to TCS.
As India is currently not on the UK Government’s list of countries providing adequate data protection, Railpen and TCS have entered into a data protection contract using the approved form of the model contractual clauses. These clauses contain enforceable
data subject rights and effective legal remedies for data subjects against TCS.
You can obtain more details of the protection given to your personal data when it is transferred outside the UK (including a copy of the model contractual clauses which we have entered into with recipients of your personal data) by contacting us in accordance
with the “How to contact us” section below.
the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;
the right to receive your personal data (in a structured, commonly used and machine-readable format) and to request that we transfer your data to another service provider or data controller where technically feasible. This right applies where your
data is being processed on the basis of your consent or in line with a contract to which you are party. Please note that, for the majority of members, this is not applicable as we generally rely on our legitimate business interest to collect and
process your data rather than individual consent or contracts;
the right to request that we rectify your personal data if it is inaccurate or incomplete;
the right to request the we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data, but we are legally entitled to retain it;
the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but
we are legally entitled to continue processing your personal data and / or to refuse that request; and
the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
You can exercise your rights by contacting our Data Protection Officer using the details set out in the “How to contact us” section below.
You can find out more information about your rights by contacting the Information Commissioner’s Office, or by searching their website at https://ico.org.uk/.
How do we keep your information secure
We are committed to protecting your personal data from loss, misuse, disclosure, alteration, unauthorised access and destruction. We take all reasonable precautions to safeguard the confidentiality of personal data.
Although we make every effort to protect the personal data which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge that we cannot guarantee the security of personal data transmitted
to us over the internet, and that any such transmission is at your own risk.
Once we have received your personal data, we will use strict procedures and security features to prevent unauthorised access (and take steps to ensure that any third parties with whom we share your personal data do the same).
If you wish to exercise any of your rights or have concerns about the processing of your personal data or wish to raise any issues in relation to data protection, including in relation to the use of it by Railpen, please contact the Data Protection Officer
at:
Data Protection Officer Railpen Stooperdale Offices
Brinkburn Road Darlington Co Durham DL3 6EH
If you are unhappy with how your personal information is being handled, you also have the right to make a complaint to the Information Commissioner’s Office (www.ico.org.uk), an independent
body set up to uphold information rights, which will investigate your complaint.
We use these cookies to ensure our services work correctly. They cannot be switched off. You can find out more in our privacy policy and cookie policy.
Cookie
Purpose
Sitefinity
These cookies are part of the website log in mechanism. They
allow authenticated users to access secure content across
Railpen websites.
Vimeo
Cookies used to control the Vimeo video player. Railpen websites use Vimeo to deliver video content
unencumbered by commercial messages.
Virtual Assistant
Cookies required by the Virtual Assistant window for it to display and function correctly.
Network
These cookies are part of the website log in mechanism. They allow authenticated users to access secure content across Railpen websites.
Analytical cookies
Allow
These cookies allow us to improve our website.
Cookie
Purpose
Hotjar
Railpen uses Hotjar to analyse how customers are using our website, with a view to improving customer experience.
However, it does not use Hotjar’s Visitor Recordings facility.
Allow
Google Analytics
These cookies are used to collect information about how visitors
use our site.