Sevenoaks Workstyle - Sevenoaks

Section A

Privacy Notice

BT Pension Scheme - Privacy Notice
Last updated: 3 November 2020

Introduction

BT Pension Scheme Trustees Limited, the trustee of the BT Pension Scheme, (“Trustee”, “we”, “us”, “our”) is committed to protecting your privacy.

We are a private company limited by guarantee established in England and Wales with company number 06009363 and registered office at One America Square, 17 Crosswall, London EC3N 2LB, and for the purposes of the General Data Protection Regulation (the “GDPR”) and any legislation in the UK implementing the GDPR, we are the data controller.

This Privacy Notice sets out the basis on which we will process any personal data we collect from you, or that you or third parties provide to us, in connection with your membership in the BT Pension Scheme (the “Scheme”) and which relates to you or to any individual connected with you. Please read this Privacy Notice carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data.

This Privacy Notice explains our policy in relation to:

  • what information we collect or receive about you;
  • how we use your information;
  • who we share your information with;
  • where and how long we will keep your data;
  • how we keep your information safe;
  • your rights regarding the personal information you provide to us;
  • technical information that we collect about you (including via the use of cookies on our website); and
  • who you can contact if you have questions or complaints about how we process your information.

Information we collect about you and how we use it

Information you and your employer give us

You and your employer provide certain information to us in relation to your membership of the Scheme when using the online pensions portal which enables members to manage their membership in the Scheme (the “Pensions Portal”) and when otherwise contacting us online, by phone, text, email, post or any other engagement or correspondence that you or your employer may have with us.

What types of personal information do we collect about you?

We hold the following personal information about you:

  • personal details such as your name, gender, age, date of birth, email address, postal address, telephone or mobile number and identifiers such as national insurance number;
  • family such as details about current marriage and partnerships and marital history, details of family and dependants;
  • employment details such as pensionable pay, length of service, employment and career history, recruitment and termination details, attendance record, health and safety records, security records, job title and job responsibilities, financial details such as income, salary, assets and investments, bank account details to process pension payments, voluntary deduction choices, benefits, grants and insurance details;
  • if you are a member in receipt of a pension and have opted into paying a trade union directly from your pension receipts, information on trade union membership; 
  • if you are involved in an appeal in relation to an early retirement due to ill health decision, relevant details in relation to your physical and mental health; and
  • technical information and other information about your visits to our website and the Pensions Portal – you can find more information about this below.

If you provide us with information about someone else, for example your family members and dependants, we will assume that you have their permission to do so. We will process their personal data in accordance with this Privacy Notice. Please let them know you have provided their information to us and encourage them to read this Privacy Notice.

How do we use your information?

We will use your personal information for the purposes of administering and managing the Scheme. More information on the purposes for which we process your data and the legal bases for this processing can be found by clicking here.

Who we share your personal data with?

We do not sell, rent or lease your personal information. We share your information with selected recipients as set out in this Privacy Notice. This includes sharing information with those who are involved in the running of the Scheme, those who provide assistance to us to run the Scheme, those who sponsor or oversee the Scheme, and those who may have a legal or regulatory right to request such information. Please click here for more information.

Where do we store your personal data?

The information that we collect from you will be transferred to and stored at/processed in Europe. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice.

We will only transfer your information outside of Europe where we have adequate measures in place to provide appropriate safeguards such as the Privacy Shield (where recipients comply with the US Department of Commerce’s EU-US Privacy Shield) or Model Clauses (standard clauses produced by the EU Commission). Click here to learn more about these transfer mechanisms.

Keeping your information safe

Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through this website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping such password confidential. Please do not share your password with anyone.

How long will we keep your personal data?

Pension benefits are paid over a long period and your right to benefits payable under the Scheme is based on information that may date back many years. We may decide to delete some of the data held In relation to you after 6 years. However, your personal information may be held for longer where: (i) it is required by law or a court order; (ii) it is needed to defend or pursue legal claims; (iii) we consider it is necessary to ensure the Scheme pays the correct benefits; and (iv) to deal with any queries relating to your benefits as they may arise after that time. 

After the retention periods have elapsed, we may store your information in an aggregated and anonymised format.

Your rights regarding the personal information you provide to us

You have certain rights in relation to the personal information we hold about you, which we detail below. Some of these only apply in certain circumstances as set out below. We also set out how to exercise those rights. Please note that we will require you to verify your identity before we respond to any of your requests. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please click here to fill out the Data Subject Rights Request Form.

Right of access

You have the right to know whether we process personal information about you, and if we do, to access information we hold about you and certain information about how we use it and who we share it with. 

If you require more than one copy of information, we hold about you, we may charge an administration fee. We may not provide you with certain personal information if providing it would interfere with another’s rights (e.g. where providing the personal information we hold about you would reveal information about another person) or where another exemption applies.
Right to rectification

The accuracy of the information we hold about you is important to us. Under the GDPR you have the right to access the information we hold about you and have any inaccuracies corrected. Where you request correction, please explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that whilst we assess whether the personal data, we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.

Right to erasure

This is also known as the “right to be forgotten”. Please click here for more information about the circumstances in which you may request that we erase the personal data we hold about you. 
Right to portability

You have the right to receive a subset of the personal data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such personal data to another party. Please click here for more information on the data we hold.

If you wish for us to transfer the personal data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal data or its processing once received by the third party. We also may not provide you with certain data if providing it would interfere with another’s rights (e.g. where providing the personal data we hold about you would reveal information about another person or our trade secrets or intellectual property).
Restriction of Processing to Storage Only

You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).

Please click here for more information on the circumstances in which you may request that we stop processing and just store the personal data we hold about you.

Technical information (including cookies) that we collect about you

When you visit our website, we collect technical information about your computer, such as your internet protocol address (which is a number that can uniquely identify a specific computer on the internet), time zone setting, your login information, browser type and version, browser plug-in types and versions, operating systems and platforms.

We use cookies to collect information about your browsing activities over time following your use of our services. They allow us to recognise and count the number of users and to see how users move around our website when they are using it. This helps us to improve the services we provide to you and the way our website works. Please click here to learn more about the cookies we use. You can also find more information about cookies and how to manage them at http://www.allaboutcookies.org/

Complaints

If you wish to make a complaint about how we process your personal data, please contact us (contact details below) and we will endeavour to deal with your request as soon as possible. This does not interfere with your right to raise a complaint with a relevant data protection supervisory authority.

Changes to our Privacy Notice

Any changes we make to our Privacy Notice in the future will be posted on this page. Please check back frequently to see any updates or changes to our Privacy Notice. Any changes to this Privacy Notice will become effective when we post the revised Privacy Notice on our website. Your use of the website, or continued participation in the Scheme, following these changes means that you accept the revised Privacy Notice.

Contact

If you have any questions, comments or requests regarding any aspect of this Privacy Notice, please do not hesitate to contact us at:

By post: BT Pension Scheme, Sunderland, SR43 4AD 

By email: riskandcompliance@btpsa.co.uk

By phone from within the UK: 0800 731 1919

By phone from outside the UK: +44 0203 0233420

Additional information

Category of Personal Data Processing Purpose Legal Basis
Personal details such as your name, gender, age, date of birth, email address, postal address, telephone or mobile number and identifiers such as national insurance number (Personal Details)
  • In relation to any correspondence (including queries relating to your membership of the Scheme via the Pensions Portal or our call centre) for the purpose of administration of the Scheme
  • To notify you about our services and changes to our services
  • To conduct member satisfaction surveys
  • For internal record keeping
  • To verify your identity, to prevent and detect fraud and to comply with our legal and regulatory obligations

Performance of a contract as required by the Scheme

Legitimate interest to run an effective business

Personal Details and family, lifestyle and social circumstances such as details about current marriage and partnerships and marital history, details of family and dependents;
  • To carry out our obligations arising from any agreement that we have with, or concerning, you and to provide you with the information, benefits and services that you request from us
  • Risk management including credit risk analysis and the insurance of longevity risks and related demographic risks.

Performance of a contract as required by the Scheme

Legitimate interests to run an effective business

Personal Details and employment details such as pensionable pay, length of service, employment and career history, recruitment and termination details, attendance record, health and safety records, security records, job title and job responsibilities, financial details such as income, salary, assets and investments, bank account details to process pension payments, benefits, grants and insurance details
  • To administer the Scheme including to process data to calculate and pay benefits
  • To comply with any present or future law, rule, regulation, guidance or directive, and complying with any industry or professional rules and regulations or any applicable voluntary codes
  • To comply with any present or future requests received from BT plc
  • To comply with requests made by local and foreign regulators, governments and law enforcement authorities, and complying with any subpoena or court process, or in connection with any litigation

Performance of a contract as required by the Scheme

Legitimate interests to run an effective business

Personal Details and pension entitlement
  • To comply with and carry out your instructions in relation to your benefits and investment choices including in relation to additional voluntary contributions and voluntary deductions, (e.g. charities and trade unions) where applicable

Performance of a contract

Legitimate interests to run an effective business
Personal Details and details in relation to your physical and mental health
  • Compliance with our legal obligations
  • Necessary for carrying out our legal obligations in the field of social security law

Legitimate interests to run an effective business

Explicit consent
Technical information and other information about your visits to our website/Pensions Portal
  • To improve the services we provide to you and the way our website and Pensions Portal works
 Legitimate interest to ensure our website and Pensions Portal is operating effectively

Who do we share your personal data with?

The categories of recipients include:

  • our affiliate companies, BT Pension Scheme Management Limited and BT Pension Scheme Administration Limited, to manage and administer the Scheme;
  • BT plc as the sponsoring employer and members of its group of companies - please refer to www.bt.com/bt-plc/assets/documents/career/bt-employee-privacy-notice.pdf for information on how BT uses the personal data of its current and former employees;
  • cloud and other data storage providers, to store the personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter into with you;
  • IT Services providers, including but not limited to Profund Solution Limited, located in the UK for fund administration;
  • our helpline and satisfaction survey service providers, Accenture and Telecom Service Centres Limited trading as Webhelp UK, and their sub-processors, who are located in India, EEA, USA, Canada and Australia;
  • external printing and office support providers, such as postal and scanning services, including but not limited to Paragon Limited;
  • payment providers, including banks, located in the UK and, if you are not resident in the UK and are in receipt of a pension, the country of your residence;
  • insurance companies and their affiliates with member data being retained within EEA.
  • external providers (Standard Life and Equitable Life) of additional voluntary contribution funds only if you have chosen to make such contributions;
  • annuity provider, Hargreaves Lansdowne, to provide annuity quotes for members in payment who hold residual additional voluntary contributions;
  • the BT Benevolent Fund (the “Fund”), to inform you of its activities by post, to provide you with the opportunity to contribute to the Fund and to provide you with the opportunity to request financial assistance if you are eligible;
  • UK trade unions you are a member of, such as the Communication Workers Union (CWU), only if you have chosen to make contributions to a trade union from your pension receipts;
  • other voluntary deduction societies located in Europe, only if you have chosen to make such deductions directly from your pension receipts;
  • legal and other professional advisers located in Europe, to provide us with legal and other professional services (who in certain circumstances will also be ‘data controllers’);
  • actuarial (Willis Towers Watson and the Scheme Actuary), administration and consultancy services providers located in Europe (who in certain circumstances will also be ‘data controllers’) – please refer to www.willistowerswatson.com/personal-data for information on how Willis Towers Watson uses personal data when it provides actuarial services to UK pension scheme trustees;
  • existence check providers including but not limited to Equifax and Lexis Nexis located in Europe;
  • the Pensions Advisory Service and the Pensions Ombudsman, to deal with complaints and resolve disputes; 
  • HMRC, to account for payments made to you.

We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

  • comply with a legal obligation, process or request;
  • enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
  • detect, prevent, investigate or otherwise address security, fraud or technical issues; or
  • protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

We will also disclose your information to third parties:

  • if we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
  • if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.

Your Right to Erasure

You may request that we erase the personal data we hold about you in the following circumstances:

  • you believe that it is no longer necessary for us to hold the personal data we hold about you;
  • we are processing the personal data we hold about you on the basis of your consent (for more information click here), and you wish to withdraw your consent and there is no other ground under which we can process the personal data;
  • we are processing the personal data we hold about you on the basis of our legitimate interest (for more information click here), and you object to such processing. Please provide us with details as to your reasoning so that we can assess whether there is an overriding interest for us to retain such personal data; or
  • you believe the personal data we hold about you is being unlawfully processed by us.

Also note that you may exercise your right to restrict our processing the data whilst we consider your request as described below. 

Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. Please note, however, that we may retain the personal data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case.

Where you have requested that we erase data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the data or providing links to the data to erase the data too.

Restriction of Processing to Storage Only

You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).

You may request we stop processing and just store the personal data we hold about you if:

  • you believe the personal data is not accurate for the period it takes for us to verify your claim;
  • we wish to erase the personal data as the processing we are doing is unlawful but you want us to retain the personal data for storage but not further process it;
  • we wish to erase the personal data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or
  • you have objected to us processing personal data we hold about you on the basis of our legitimate interest (for more information click here), and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data.

You also have the right to object to our processing of data about you and we will consider your request in other circumstances as detailed below by filling out the Data Subject Rights Request Form and submitting it to member@btps.co.uk. 

You may object where:

  • we are processing the data we hold about you based on our legitimate interest or public interest (for more information click here), and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the data whilst we make the assessment on an overriding interest by ticking the box for that purpose on the Data Subject Rights Form;
  • we are processing the data based on historical/scientific research or statistics and you have a particular reason to object. Your right would not apply where we have been tasked with and it is necessary for us to undertake such processing in the public interest.

Transfer Mechanisms

  • Privacy Shield: the relevant recipient will comply with the US Department of Commerce's EU-US Privacy Shield and has certified that it adheres to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website.
  • Model Clauses: The personal data that we collect from you will be transferred to, stored at and/or processed by the relevant recipient under a written agreement incorporating the EU Commission’s model clauses for the transfer of personal data to third countries (the ”Model Clauses”), pursuant to Decision 2010/87/EU. A copy of these Model Clauses is available upon request. Please see section “Contact” of this Privacy Notice on how to request a copy.