Privacy notice

The Railways Pension Trustee Company Limited (the 'Trustee') and Railpen Limited ('Railpen'), each with its registered address at 100 Liverpool Street, London EC2M 2AT, are 'joint controllers' in respect of your personal data for the purposes of applicable data protection legislation.

Railpen organisation
Who are we

We are the Railways Pension Trustee Company Limited, RAILPEN Limited, RAILPEN Investments Limited (each with its registered address at 100 Liverpool Street, London EC2M 2AT) and each is registered with the Information Commissioner's Office (ICO) as a separate 'data controller' in respect of personal information handled for the Railways Pension Scheme. We are also a data processor for personal data handled on behalf of our clients in pension schemes such as Zurich, United Utilities and Schneider amongst others. 

This privacy notice is intended to give you a clear picture of how we handle and protect your personal information. It describes what we collect about you, why, how it is handled, with whom we share it, and where and how long we handle it before it is securely destroyed.

Whose personal information we handle

We handle and protect personal information relating to members of the Schemes we administrate and:

  • their employers
  • their next of kin
  • their representatives
  • their nominees
  • their beneficiaries
Why we use personal information

For data protection purposes we justify the handling of any personal information we receive based on:

  • our legitimate interests - handling your personal information to calculate and provide benefits to our members or others entitled to receive them as part of our pension Schemes
  • our legal obligations - handling personal information because we are legally required to do so
  • your consent - members using our portal or visiting our website can give and withdraw their consent to the use of all non-essential

Below are the purposes we have identified to handle and protect your personal information. *LI indicates the reasons premised upon Legitimate Interests.

Reasons for handling your personal informationExamples

Manage security incidents and breaches

Deal with incidents and breaches reported about IT hardware and software holding your information
Review rights requestsReview your data protection rights requests and provide you access to or act on requests to change, delete, suppress, object to or appeal against how we handle and protect your information
Execute client trading on behalf of Members (LI)Carry out intersection and external Scheme and TUPE transfers
Undertake case committee reviews (LI)Distribute your information to committee members for example, to decide on benefits to be provided based on ill health retirement

Make payments following a transfer out of the Schemes (LI)

Support requests to transfer you out of our pension Schemes and to another one
Pay benefits at retirement (LI)Obtain documents such as original birth/marriage certificates or copy of passport/driving licence and bank details so your benefits can be paid to you
Update bank details (LI)Input new bank details received from a member or a bank
Record changes of name (LI)Update records to reflect a change of name following marriage or change of personal circumstances

Record benefits nominees (LI)

Input details of your nominees provided on Nomination form onto our systems
Handle reports of a death (LI)Handle your reports of deceased members, such as setting up and paying out to dependants and other beneficiaries 
Handle queries (LI)Respond to your queries
Enrol individuals onto our portal and websites (LI)Register you on our portal so you can access your pension information there

Share information with external Scheme advisers (LI)

Share your information with scheme actuaries so they can validate our calculations of the benefits you receive
Record Letters of Authority (LI)Log your Letters of Authority so your proxies can handle your pension on your behalf 
Provide estimates of benefits and transfer quotes (LI)Calculate your benefits due to member on retirement or transfer
Manage benefits following a Divorce (LI)Collate and record documentation receiving Scheme details in order to provide benefits to your ex-spouses

Return original Certificates (LI)

Return, following collation and recording, to you the original certificates that you, your relatives or your representatives etc, supplied to us
Ill health and serious ill-health retirement grounds (LI)Collate documentation relating to your health condition and personal circumstances to support providing you with benefits prior to your retirement on ill-health/serious ill-health grounds
Oversee the administration of the pension Schemes (LI)Investigate, monitor, and prepare control and regulatory reports about how we handle pension benefits, members like you and those related to you and the Schemes more generally
Manage TUPE transfers (LI)Update your records should you be TUPE'd from one section of the RPS (Railways Pension Scheme) Schemes to another

Enrol new entrants (LI)

Obtain your details to be set up and record that you are a new member of our pension Scheme/other schemes we administrate 
Oversee our Master Trust (LI)Oversee the operation of our Master Trust pension scheme
Undertake Quality Assurance reviews (LI)Monitor the quality of business processes associated with dealing with you and our members
Provide legal advice (LI)Provide legal advice or legal support in relation to Railpen's business

Approve and post journals (LI)

Post new journals to the ledger in line with good accounting practices
Perform bank reconciliations Reconcile bank transactions to our ledger 
Carry out banking activities (LI)Download statements to handle cash as it comes in and out of the business
Pay supplier invoices for work rendered (LI)Pay supplier invoices
Manage financial transactions (LI)Manage CHAPS and BACS transactions in order to pay members and collect contributions
Produce treasury forecasts (LI)Produce forecasts about what cash is in the bank

Perform control monitoring (LI)

Investigate, monitor, and prepare control and regulatory reports into we handle our accounts
Prepare annual accounts (LI)Produce audited accounts
Produce cashflow forecasting (LI)Provide forecasted payments in and out to our various internal and external stakeholders
Manage travel and accommodation bookingManage Railpen's travel and accommodation bookings
Make CHAPS payments (LI)Make ad hoc payments
Manage security incidents (LI)Manage information security incidents and alert our regulators and those such as you that may be affected
Undertake internal audits (LI)Assess whether our business processes are in line with legislation, regulation, industry best practice and internal policy which may mean accessing information about you
Carry out fraud investigationsInvestigating suspected attempts of fraud by you to deceive Railpen for your own profit
Investigate issues brought to our attention by whistleblowersInvestigate allegations or concerns made via our confidential whistleblowing hotline. This may require reviewing information about you

Cookies deployed on our websites and portal are as follows:

What personal information we handle

In order to handle your personal information for the above reasons, we may collect and use the following types of personal information about you and, in some circumstances, your spouse, civil partner, partner or dependants:

Personal detailsFinancial detailsDetails about others
  • Name
  • Postal address
  • Email address
  • Pension Reference Number
  • Correspondence
  • NI number
  • Employee number
  • Payroll ID
  • Photo ID (Passport/driving licence)
  • Birth, death, marriage certificates
  • Gender
  • Your employer's ID
  • Your pension scheme ID
  • Date you joined our scheme
  • Date your contributions began
  • Salary
  • Bank account details
  • Pension forecasts i.e. death benefit salary, total pensionable salary, contributions made







  • Marital status
  • Dependants
  • Nominees








What special category and sensitive personal information we handle

We also handle the following 'special categories' or more sensitive personal information:

Health data - information about your health conditions could be collected from you should you apply for ill health or serious ill-health retirement

Reasons for handling your sensitive and special category personal informationExamples
Substantial public interestsfor a substantial public interests which are contained in the UK Data Protection Act
Vital interestsprotect yours or someone else's vital interests - usually by making a disclosure to a third-party to support you or a third party with whom you have some involvement
Explicit consentwith your explicit consent from time to time we will need your valid explicit consent to handle your personal information if no other appropriate data protection legal basis exists
Where we get your personal information from

Personal information received by Railpen usually comes from yourself, a current or former employer, government agency, any financial or other advisers or representatives acting on your behalf. We also use several suppliers that allow us to verify the accuracy of personal information handled by us (for example, to trace current addresses or verify its continuing existence).

In certain circumstances, we may ask you for information relating to your health. For example, if you are applying for ill-health benefits. In some circumstances, additional medical information may be required from your doctor or appropriate medical adviser. We will explain to you at the time why we need that information and how we intend to use it. You do not have to provide the information requested from you, but there may be a delay in the payment of benefits if that information is not provided.

You may also need to provide us with personal information relating to other people (for example, your spouse, civil partner or dependants) for example when completing a nomination form. When you do so, you will need to check with them that they are happy for you to share their personal information with us and for us to use it in accordance with this privacy notice.

If you are acting on behalf of a child, we may also hold and use your personal information, which will be dealt with on the same basis as set out earlier.

With whom we share your personal information

From time to time, we may need to share your information with other parties. Where this is necessary, we are required to comply with all relevant data protection legislation. The types of third parties we may need to share of your information with include:

Employers and other pension schemesProfessional advisory servicesRegulators and government agencies Suppliers to Railpen
  • your current or former employer - for the purposes of operating the Schemes;
  • other pension schemes connected with you or your relatives, nominees, or other beneficiaries
  • an actuary that is appointed to provide advice on whether the Schemes are fully funded and operating properly. For example, whether we have calculated your benefits properly.
  • an auditor so that they can prepare the annual accounts and audit them for us;
  • a legal adviser so that they advise us on all legal issues affecting the Schemes or Fund;
  • government agencies (for example, HM Revenue and Customs)
  • regulators
  • police
  • judicial authorities
  • companies that provide services to us such as help us store and share information or to verify your identity as well as to prevent and detect fraud

Certain third parties (most notably, the Schemes' actuary and other professional advisers) are themselves subject to certain legal or regulatory obligations (including professional codes of practice). They will be responsible for their own handling of the information we share with them.

Sharing your personal information overseas

Our core systems, data, and administration services are all carried out and stored within the UK.

Where it is necessary to transfer personal information i.e. send, store or allow access to your personal information outside the UK we will ensure that the correct safeguard is used so that the data is protected to an equivalent extent as it would be if it remained in the UK. This is usually by transferring to a country that is approved as having essentially equivalent data protections under the UK Adequacy Regulation.

Alternatively, we carry out a Transfer Risk Assessment, and where appropriate, the receiving party putting in place an International Data Transfer Agreement designed by the ICO or the EU’s Standard Contractual Clauses with an addendum agreed by the ICO and UK Government to recognise it as a valid control under UK. If necessary and based on our Transfer Risk Assessment, we may ask them to put in place additional measures to protect your personal information.

How we keep your personal information secure

We are committed to protecting your personal information from loss, misuse, disclosure, alteration, unauthorised access, and destruction. We take all reasonable precautions to safeguard the confidentiality of personal information.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

A white icon of a guide

Although we make every effort to protect your personal information the transmission of information over the internet is not completely secure. As such, you acknowledge that we cannot guarantee the security of personal information transmitted to us over the internet, and that any such transmission is at your own risk.

Once we have received your personal data, we will use strict procedures and security features to prevent unauthorised access (and take steps to ensure that any third parties with whom we share your personal data do the same).

How long we keep your personal information

We will only retain your personal information for as long as necessary. Necessity will be based on our legal obligations, regulatory guidance, and industry good practice. We have documented how long we keep records containing personal information and why in polices and standards on retention and destruction.

In some circumstances, we may anonymise your personal information instead of destroying it so that it can no longer be associated with you but where anonymised data can be used to add value to our products and services.

Our standard policy is for information or data to be kept for only as long as necessary for the purposes set out above. It is then disposed of in a managed and secure way. However, as pensions are a long-term saving vehicle, it may be necessary to retain your personal data for the remainder of your life and any dependants' lives in order to determine your entitlement to and pay the benefits you may be entitled to, along with any dependant's benefits payable.

Your rights

You have several rights under data protection law.

    These include the right to:

    • receive a copy of the personal data we hold about you
    • request personal data to be amended if it is inaccurate or incomplete
    • request the deletion or removal of personal data where there is no compelling reason for its continued use
    • block or restrict the processing of your personal data
    • object to the processing of your personal data

    There is also a right in GDPR (General Data Protection Regulation) to receive your personal data (in a structured, commonly used, and machine-readable format) and to transfer your data to another service provider or data controller. This right applies where your data is being processed on the basis of your consent or in line with a contract to which you are party. Please note that, for the majority of members, this is not applicable as we rely on our legitimate business interest to collect and process your data rather than individual consent or contracts.

    In order to exercise any of the above rights please write to the DPO (Data Protection Officer) at the address under the Our Data Protection Officer section.

    If you fail to provide personal information

    If you fail to provide certain information when requested, we may not be able to provide our services to you (such as paying you your pension), or we may be prevented from complying with our legal obligations (such as to prevent fraud).

    We may also not be able to support you if you do not provide us with up-to-date personal information. Therefore, please do keep us updated of any changes in your personal circumstances

    We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

    Your rights to lodge a complaint with the Regulator

    At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO on their website or by calling them on 0303 123 1113. Of course, we hope that we can resolve your issue quickly and fairly ourselves.

    Our Data Protection Officer

    We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at 

    or write to:

    7th Floor
    100 Liverpool St
    EC2M 2AT

    If you are unhappy with how your personal information is being handled, you also have the right to make a complaint to the Information Commissioner's Office, an independent body set up to uphold information rights, which will investigate your complaint.

    Changes to this Privacy notice

    We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

    This privacy notice was updated January 2024.