We love nothing more than a refreshing way of doing things at The Pensions Solutions Group. However, when it comes to the privacy and security of your personal information, we take the same approach that you will have come to expect from any honest and trustworthy service or provider when you agree to share this with them. We take this very seriously.
Please read the following Statement carefully to understand our views and practices regarding your personal data and how we will treat it. There is a lot of information to be found here, we know that, but it is important to us that you are fully informed about your rights, and how your data is used.
Privacy Statement – 25 May 2018
The Pension Solutions Group Limited/PSG SIPP Limited (your Data Controller) is committed to protecting and respecting your privacy and personal data.
This Privacy Statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It explains the types of personal data we may collect about you when you interact with us. It also describes how we will store and handle that data and keep it safe.
Who We Are
In accordance with the Data Protection Bill 2017 and the EU GeneralData Protection Regulation (GDPR), your Data Controller is The Pension Solutions Group Limited/PSG SIPP Limited,The Gardeners Store, Box House, Bath Road, Box, Corsham SN13 8AA.
What is Personal Data?
Personal data means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
Article 4 of the GDPR states that Personal Data is:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Any reference to data or personal data in this statement must be taken in this context.
The Legal Basis We Rely On
The GDPR sets out several different reasons for which a company may collect and process personal data that include:
For example, when you choose to receive email newsletters, you give us permission to process your data for that purpose. We will make it clear to you what data is required to serve that purpose.
When you become our client, we enter into a contract with you to provide you with your chosen product. We need your personal data to comply with our obligations under that contract. For example, if you ask us to administer a pension scheme for you we will need to know your name, address, National Insurance number and date of birth to calculate available retirement benefits and pay them to you.
When Do We Collect Your Personal Data?
We can collect your personal data when:
- you visit any of our websites and subscribe for newsletters or marketing material.
- you purchase a product or service by completion of applications forms and thereby entering into a contract with us. This could be done directly or via a financial intermediary.
- You may engage with us on social media.
- you contact us by any means with queries, enquiries, complaints etc.
- you ask us to provide you with information about a product or service.
- you’ve given a third-party permission to share with us the information they hold about you.
How We Use the Information We Collect
We may use information held about you in the following ways:
- to provide you with services and/or information you request from us that includes carrying out any obligations arising from any contracts entered into between you and us.
- to notify you about any changes to our services.
- to prevent and detect money laundering, financial crime and other crime.
- to facilitate investments with investment providers as directed by you.
- to answer queries, correspondence, enquiries, complaints etc.
We may collect information by:
- your completion of our application forms
- copies of documents you provide to prove your age or identity where the law requires this. (including your passport, driving licence and evidence of residential address). This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
- an intermediary or third party to whom you have previously provided consent for your personal data to be passed to us.
We may also collect data from publicly-available sources (such as Companies House) where you have given your consent to share information or where the information is in the public domain by matter of law. We will only ever only obtain data necessary for the completion of our duties to you.
We only ever obtain information from third parties where permitted by law. We may use legal public sources to obtain information about you, for example, to verify your identity. This information (including your name, address, email address, date of birth, etc.), as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the GDPR.
We undertake always to protect your personal data in a manner that is consistent with GDPR and to take reasonable security measures to protect your personal data in storage.
To whom your data will be disclosed
We may share the personal data we hold about you with third parties only when essential to fulfil our legal obligations under the contract between you and us. Examples of such third parties are:
- professional payroll providers for the purposes of assisting in the payment of retirement benefits;
- investment providers chosen by you as part of your financial planning strategy;
- professional accountants to assist in the administration of products we are contracted to provide and administer, as well as those who may act for investments selected by you;
- any other our partners and suppliers who may be engaged by us to fulfil the terms of a contract between you and us,
When sharing your information with a third party, we provide only the information they need to perform their specific services and stipulate that they may only use your data for the exact purposes we specify in our contract with them. We work closely with third parties to ensure that your privacy is always respected and protected. If we stop using their services, we will request that any of your data held by them either be deleted or rendered anonymous.
We have an obligation to share personal data with the police or other enforcement, regulatory or government body, upon receipt of a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our clients into consideration. Similarly, we have an obligation to share data with relevant authorities where we suspect fraudulent or potentially fraudulent activity.
We will only disclose your information with any other third parties with your express consent
Data Retention and transfers to a third country
We securely store your data in the United Kingdom and retain it for a reasonable period or if the law or regulatory bodies require. At the end of that retention period, your data will either be deleted completely or anonymised,
Sometimes we will need to send your personal data outside the European Economic Area (EEA) to fulfil our legal obligations under the contract between you and us, for example if you or your financial intermediary are based outside the EEA. The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. By submitting your personal data, you agree to this transfer when required.
No processing by a Data Controller or Data Processor takes place outside of the EEA. The place of residence of data is the United Kingdom. We will only ever disclose your data to a third party outside the EEA after having been given your consent to do so
What Are Your Rights
You have specific rights in the following areas:
- breach notification
- to be informed
- to access
- to rectification
- to be forgotten
- to restrict processing
- to data portability
- to object
- against automated decision making and profiling
If you would like to exercise any of your above rights, please contact our Data Protection Officer:
Post: The Pension Solutions Group Limited/PSG SIPP Limited, The Gardeners Store, Box House, Bath Road, Box, Corsham SN13 8AA.
If you do wish to exercise any of your rights, we will ask you to verify your identity before proceeding with any request you make under this Privacy Statement. This is to protect the confidentiality of your information. If you have authorised a third party to submit a request on your behalf, we will ask them to provide evidence that they have your permission to act for you. Please note that you may continue to receive communications for a short period after changing any preferences while our systems are updated.
In the unlikely event of a data breach, we have a legal responsibility to notify the lead UK data protection authority being the Information Commissioner’s Office within 72 hours of first having become aware of the breach.
We will notify you without undue delay with any relevant advice about protective measures you should take.
Right to be Informed
We must provide information relating to how we process personal data in a concise, clear and intelligible manner. We do so by the provision of this Privacy Statement.
Right to access
You have the right to obtain from us (known as a Subject Access Request) confirmation as to whether personal data concerning you is being processed, where and for what purpose. You have the right to be provided with a copy of that personal data, free of charge, in an electronic format if you so wish within one month of making your request.
Our response will include:
- sources from which we acquired the information;
- the purposes for processing the information; and
- persons or entities with whom we are sharing the information.
Right to rectification
You have the right for inaccurate information to be corrected by us within one month of notifying us. If we have disclosed that data to third parties, we will immediately instruct that third party to correct their records.
Right to erasure
You have the right to obtain from us the erasure of personal data concerning you without undue delay in specific circumstances:
- where data is no longer necessary in relation to the purpose for which it was originally required
- where consent is withdrawn
- where any objection is raised and there is no legitimate interest to continue
- unlawful processing, i.e. breach
- to comply with a legal obligation
This is often referred to as the “right to be forgotten” and means we must erase your personal data, cease further dissemination of that data, and have third parties halt any processing of it.
We must pay notice to data retention guidelines from regulatory bodies such as H M Revenue & Customs and the Financial Conduct Authority. This means that in normal circumstances we will retain data for five years after its need has ended.
Right to restriction of processing
You have the right to obtain from us restriction of processing in the following circumstances
- you contest the accuracy of the data and it is therefore restricted until its accuracy has been verified
- processing is unlawful, and you oppose the erasure of the data and instead request the restriction in its use;
- we no longer need the data, but it is required by you for the establishment, exercise or defence of legal claims;
- you have objected to processing of your data pending the verification of whether there are legitimate grounds for us to override these objections.
If processing is restricted, we can store data but not process it until its accuracy has been verified. If we have disclosed that data in question to a third party, we must inform that third party of the restriction on the data unless this proves impossible or involves disproportionate effort. We shall provide you with information about those third parties if you request it.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us. We must complete the transfer of data under the right to portability within one month of its request.
Right to object
You have an absolute right to object to data processing for direct marketing purposes. We must cease where you object to processing on certain grounds such as personal profiling, public or legitimate interest or where data is collected for research or statistical purposes.
Your objection must be based on grounds relating to your situation. We must stop all processing on receipt of an objection unless:
- Compelling legal grounds can be demonstrated for processing that override your interests, rights and freedoms of the individual, or
- Processing is for the establishment, exercise or defence of legal claims
Whenever you may have given us your consent to use your personal data, you have the absolute right to change your mind at any time and withdraw that consent.
Right to not be subject to decisions based solely on automated processing
All our processes require human intervention, so we do not carry out any automated processing that may lead to an automated decision based on your personal data.
We will only ever provide you with information by post, email, telephone or otherwise about products and services of a similar nature to those you have previously purchased where you have clearly expressed a preference for us to do so. You can change your mind and stop receiving such correspondence at any time by simply letting us know. You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any email communication that we send you.
- Email us at firstname.lastname@example.org
- Write to The Data Protection Officer, The Pension Solutions Group Limited/PSG SIPP Limited, The Gardeners Store, Box House, Bath Road, Box, Corsham SN13 8AA.
Changes to our privacy notice
We reserve the right to review this Privacy Statement from time to time. We provide all our clients with a copy on an annual basis when we evaluate the personal data that we hold for accuracy. You are welcome to periodically review this Privacy statement and you can determine when it was last revised by checking the date in its heading.
We regularly review this policy to ensure we always protect your privacy and to ensure it meets the highest possible standards. We will not significantly change how we use information you have already given to us without your prior agreement.
Right of Complaint
If you have a complaint regarding the use of your personal data or sensitive information, then please contact us by contacting our Data Protection Officer:
Post: The Pension Solutions Group Limited/PSG SIPP Limited, The Gardeners Store, Box House, Bath Road, Box, Corsham SN13 8AA.
Tel: 01249 280020
If you feel that your data has not been handled correctly, or you are unhappy with our response to your complaint or to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office: Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF
Tel: 0303 123 1113