Privacy Notice
We act in compliance with the EU General Data Protection Regulation 2018 (GDPR). This Privacy Notice explains how we collect, process and protect personal information about you.
Privacy Principles
When we collect and use your personal information, we ensure we look after it properly and use it in accordance with our privacy principles set out below, keep it safe and will never sell it.
- Every pension scheme we operate is registered with the Information Commissioner as a Data Controller. As Professional Trustees and Scheme Administrators respectively, Whitehall Trustees Limited and Whitehall Group SIPP Limited undertake the duties of Data Controllers and utilise the services of Whitehall Group (UK) Limited and Whitehall SIPP Trustees Limited as Data Processors. Our companies use other data sub-processors to assist with their operation.
- Personal information you provide is processed fairly, lawfully and in a transparent manner.
- Personal information you provide is collected for a specific purpose and is not processed in a way which is incompatible with the purpose for which we collected it.
- Your personal information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Your personal information is kept accurate and, where necessary kept up to date.
- Your personal information is kept no longer than is necessary for the purposes for which the personal information is processed.
- We will take appropriate steps to keep your personal information secure.
- Your personal information is processed in accordance with your rights.
- We will only transfer your personal information to another country or an international organisation outside the European Economic Area where we have taken the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards.
- We do not sell your personal information and we also do not permit the selling of customer data by any companies who provide a service to us.
How we Collect Your Personal Information
Whilst there are a number of ways in which we collect your personal information, the two main ways we might collect personal information about you are from things you tell us yourself, and from things we ask other people or organisations to share with us. Things you tell us could include conversations we have on the phone (including call recording), what you have written on an application form or in correspondence with us. We might also collect information about you from other people and organisations such as financial advisers, accountants, credit reference agencies and other pension companies. You will have consented to them providing this information to us.
What Personal Information do we Collect?
The information that we collect will depend on our relationship with you such as a pension scheme member, employer, beneficiary or supplier.
- Personal Information
- Contact Details: name, addresses, telephone numbers, email addresses.
- Personal Details: date of birth, National Insurance Number, marital status, spouse’s date of birth, employment details, ethnicity, citizenship, religious beliefs, marketing preferences.
- Note: no children’s data or Criminal Offence Data is processed but we may need to process sensitive information such as physical or mental health details, divorce, bereavement and bankruptcy.
- Financial Details: bank account details, tax code, amount of pension assets, types of pension assets, contributions and pension transfers, pension benefits paid, personal tax details, investor status, source of wealth and funds.
- Legal and identity documents: copy passport, driving licence, birth certificate, marriage certificate, utility bills, bank statements.
- Company Information
- Contact Details: name, addresses, telephone numbers, email addresses.
- Financial Details: company tax codes, accounts information, company trading activity, employee and director details, pension contribution information.
- Commercial Details: details of commercial contracts, services, payment arrangements, intellectual property, charges, costs, business operation, staff, trading performance.
- Pension Scheme Information
- Legal Details: HMRC and regulatory references, trust documentation, membership and trustee records.
- Financial Details: contributions and transfers, retirement and death benefits, investments and bank accounts.
- Suppliers Information
- Contact Details: name, addresses, telephone numbers, email addresses.
- Commercial Details: details of commercial contracts, services, payment arrangements, intellectual property, charges, costs, business operation, staff, trading performance.
How do we use your Personal Information?
We use your personal information to enable us to operate UK Registered Pension Schemes and the services associated with them. We also use supplier’s data to help us operate our business. This may include the following:
- Provide, monitor, administer, maintain, develop, expand and improve our services, including, for example, enhancing our customer service and administering your pension scheme.
- Perform internal operations, including, for example to prevent fraud.
- Confirm your identity by using third-party databases.
- Undertake all activities and communications necessary, in such manner and with such third parties as we determine to be appropriate, for the purposes of managing your pension scheme.
- Send you communications we think will be of interest to you, including information about our services, as well as other rules, regulations, promotions and news.
- Respond to regulatory, government or legal requests that are legally binding upon us.
What Legal Bases do we Rely on?
Consent: where you have provided your consent for us to use your personal information. This will be made clear when you provide your personal information.
Legal or Regulatory Obligation: for example, when our regulators wish us to maintain certain records of any dealings with you and submit regulatory reports to them.
Legitimate Interest: we may need to use your personal information to establish, exercise or defend our legal rights.
Contractual: where we have a contract of services with you which requires us to use your personal information to fulfil that contract.
Special Category Data: which is personal data that needs more protection because it is sensitive, such as your health or specific financial circumstances is processed using one of two legal bases:
- Explicit Consent: you have specifically agreed that we can use this information.
- Substantial Public Interest: for example, to safeguard your economic wellbeing.
Who do we Share Your Personal Information With?
We will not share any of your personal information other than for the purposes described in this Privacy Notice. subject to the purposes described in this Privacy Notice, we may share your data with:
- Close Contacts: yourself, your family members, your employer, other trustees of your pension scheme.
- Business and Operational Contacts: financial advisers, accountants, solicitors, pension companies, banks, investment providers, insurance brokers, previous employers, the Stock Exchange.
- Regulators: The Financial Conduct Authority, HM Revenue & Customs, The Pensions Regulator, The Information Commissioner and any other regulatory bodies we are required to share your information with.
- Sub Processors: Other companies with whom we have a contractual relationship and need to share your personal information to fulfil our services. Examples could include payroll services or compliance auditors.
- If we or substantially all of our assets are acquired by a third party, the personal data we hold about our customers will be one of the transferred assets.
Where third parties are involved in processing your data we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they will only act in accordance with our written instructions.
How do we Store and Protect Your Personal Information?
Your data will primarily be held in the UK but there may be occasions when the data that we collect from you is transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. These staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
We will take all steps that are reasonably necessary to ensure your data is treated securely and in accordance with this privacy policy.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. You are responsible for keeping confidential any password we have given you, or you have chosen, which enables you to access certain parts of our website. It is important you do not share a password with anyone.
If you (or your representatives) contact us for details of your account, we will ask some questions so that we can establish your (or your representative’s) identity. We will not disclose any details unless we are satisfied that you (or your representative) are who you claim to be.
Unfortunately, transmitting information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We strongly suggest you purchase and keep up-to-date software to protect the security of your computer or device.
How Long do we Keep Your Personal Information?
Your personal data will be stored for the duration of your relationship with us. After that, we will store your personal data for as long as it is legal, appropriate and necessary to do so. This includes retaining the checking/verifying identity data (that is, all anti-money laundering data) for 5 years. We may also store other information for longer than 10 years if we need to evidence that we have met our regulatory requirements and to demonstrate that we have correctly recorded and reported information on your account(s) to the relevant authorities.
Your Rights
You have the following rights in relation to our use of your personal information:
- Right to access your personal information
You are entitled to a copy of the personal information we hold about you and certain details of how we use it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.
- Right to Rectification
We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us and you can ask us to update or amend it.
- Right to Erasure
In certain circumstances you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent.
- Right to Restriction of Processing
In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.
- Right to Data Portability
In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your personal information.
- Right to Object
You have the right to object to us processing your personal data, for example where we send you marketing information.
- Right not to be subject to automated decision making and profiling
This involves inputting your personal information into a system or computer and the decision is calculated using certain automatic processes rather than our employees making those decisions.
- Right to Withdraw Consent
Where you have given us consent to use your personal information, you have the right to withdraw your consent to further use of this information.
- Right to Make a Complaint
You have a right to complain to the Information Commissioner at any time if you object to the way in which we use your personal information. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/
You can make any of the requests set out above using the contact details we provide to you. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we cannot comply with your request we will tell you why.
In some circumstances exercising some of these rights will mean we are unable to continue providing you with our services and may therefore result in us ceasing to act on your behalf.
Marketing
You are in control of how we use your information for marketing. We will only contact you if you have agreed that we can. If you wish to unsubscribe from emails sent by us you may do so at any time by following the unsubscribe instructions that appear in all emails. Otherwise you can always contact us to update your contact preferences. We will continue to send you service related (non-marketing) communications where necessary.
We use cookies to track visitor use of the website and to compile statistical reports on website activity. For further information visit http://www.allaboutcookies.org
Data Breaches
We will report any data breach by us or our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen or misused.
Contact Details
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. If you wish to contact us the details are as follows:
Richard Mattison, Director
Whitehall Group
8-10 Bolton Street
Ramsbottom
BL0 9HX
Telephone: 03302 232300
Email: enquiries@whitehallgroup.co.uk
If you would like to contact the UK’s Information Commissioner’s Officer direct, please write to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number https://ico.org.uk/global/contact-us/email/
We keep our privacy notice under regular review. This privacy notice was last updated on 21st October 2023.
Whitehall is the trading name of:
Whitehall Group (UK) Limited, a company registered in England and Wales (Registered number 07625300), Whitehall Trustees Limited, a company registered in England and Wales (Registered number 07625294), Whitehall Corporate Limited, a company registered in England and Wales (Registered number 7759590),Whitehall Group SIPP Limited, a company registered in England and Wales (Registered number 13577749) and Whitehall SIPP Trustees Limited, a company registered in England and Wales (Registered number 13587700). All companies have their registered office at 8-10 Bolton Street, Ramsbottom, BL0 9HX.
Whitehall Group SIPP Limited is authorised and regulated by the Financial Conduct Authority (FCA) firm reference number 978183.