Your privacy is important to us. Our privacy notice is designed to be as concise and transparent as possible and explains.
a) How to contact us
The Pensions Regulator (TPR) is a data controller. You can email TPR’s Data Protection Officer (DPO) at firstname.lastname@example.org
Alternatively, you can write to the DPO at:
Data Protection Officer
The Pensions Regulator
b) Our legal basis to process personal data
We will process your personal data where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
Our legal basis to process your personal data derives from the statutory functions and objectives conferred on us under the Pensions Schemes Act 1993, Pensions Act 1995, Pensions Act 2004, Pensions Act 2008, Pensions Schemes Act 2017 and other pensions legislation and underlying regulations. We may also process personal data under other legislation such as the Fraud Act. This includes, for the avoidance of doubt, taking regulatory or enforcement action for breach of the above legislation.
In some limited circumstances we will process your personal data on the basis of your consent. We will also process personal data where it is in your vital interests or where it is in our legitimate interests.
We may from time to time process personal data that is considered ‘special category data’ that is data revealing:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic or biometric data
- data concerning health
- data concerning a person’s sex life or sexual orientation
Where we process special category data, we will only do so where an applicable lawful basis applies. This may include:
- where we have your explicit consent
- where processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment and social security and protection
- where processing is necessary for the establishment, exercise or defence of legal claims
- where processing is necessary for reasons of substantial public interest
c) How we gather personal data
We gather personal data in a number of different ways, including where:
- we obtain information for the exercise our statutory functions and objectives
- you are statutorily required to provide us information
- you make an enquiry
- you visit our website
- you apply for a job vacancy
- you nominate a contact
Where we exercise our statutory functions and objectives
Our objectives are to protect the benefits of members of work-based pension schemes; reduce the risk of compensation payments from the Pension Protection Fund; promote and improve the understanding of good administration of pension schemes and to maximise employer compliance with automatic enrolment duties.
When things go wrong, we’ll investigate. We’ll gather information, which may include personal data about persons who might be involved. When we collect personal data in this way we’re limited in how we can use it for purposes outside our statutory functions.
As a regulator of workplace pensions, we process your personal data for regulatory and enforcement purposes which may include the issuing of statutory notices and penalties.
Where considered appropriate to do so we may provide a credit reference agency with your personal data in order to conduct a credit reference check against you.
In limited circumstances we will process personal data for the purposes of the prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal penalties. We will do this to protect members of the public against financial loss due to dishonesty, malpractice or other seriously improper conduct related to the administration of workplace pensions.
If you are a trustee we’ll send you information by newsletter (email or post) where you have signed up to them. We will also send you information where we are required to by law
We also collect information from other government organisations and public bodies including the Department for Work and Pensions (DWP) and HM Revenue and Customs (HMRC).
In some circumstances we collect personal data from publicly available sources. This data may be used in a number of different ways including for intelligence purposes and for us to send communications to key industry stakeholders.
Where you are legally required to provide us information
If you are a trustee or a manager of an occupational pension scheme, you will be required to provide TPR with information pertaining to your pension scheme in the form of a scheme return. We use the scheme return to gather information about pension schemes. The data gathered helps us maintain our register of schemes and to identify schemes where there’s a risk or potential risk to members’ benefits. We also use this information to calculate annual levy charges.
If you are an employer, you are required by law to complete the declaration of compliance. Failure to do so may lead to enforcement action being taken against you.
Where you are applying for master trust authorisation, we will process personal data in order to determine whether those persons involved in the master trust scheme are ‘fit and proper’ according to the Pensions Schemes Act 2017 and underlying regulations. We will also process your personal data in relation to any of the authorisation criteria or for ongoing supervision and monitoring purposes.
Under section 72 of the Pensions Act 2004, TPR may require you to produce any document, or provide any other information which is relevant to the exercise of our functions. Failure to comply with a section 72 request is a criminal offence and may lead to TPR bringing criminal proceedings against you.
Where you make an enquiry
If you’ve made an enquiry with us we’ll hold your personal data for the purpose of dealing with your enquiry. We don’t need to collect a lot of information but we do need to know who you are, what you’ve asked and how we can reply to you.
You can make an enquiry in a number of different ways, including by:
calling our Customer Support team
submitting your enquiry via our enquiry web form
writing to us
When you contact TPR we collect your information to enable us to respond to your query. We record all calls made to us for training and compliance purposes, to improve our customer service provided to you or to verify information provided to us. We also gather and use personal data for research purposes. You may be selected at random to take part in a survey and, where we do so, ORC International will contact you on our behalf with details of the survey.
Please inform ORC International if you do not wish to take part in the survey.
Visitors to our website
When someone visits thepensionsregulator.gov.uk we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website.
When you visit our website a cookie identifies and tracks your visit whilst collecting statistical information. Cookies tell us the pages that have been visited and collect information about how many times certain pages have been visited.
The cookie has no way of identifying you, it doesn’t hold any of your personal data nor can it be used retrospectively to track you.
When you view pages on our website and select an option of ‘remember me’, a cookie will be placed on your computer which will remember your computer’s details. The cookie will identify the computer used in order to make using the website easier for you next time.
Cookies help us to assess the effectiveness of our website and can provide useful information following publications. For more information about the cookies that we use go to cookies.
If you’ve ‘signed up’ to receive any of TPR’s news services we’ll only hold the information that we need to deliver the service. Emails you’ll receive will give you the option to unsubscribe and where you do so we will remove your personal data from our list and delete it.
If you’ve completed or are completing learning on the education portals, then we’ll hold some of your personal data. If you forget your login details or its necessary to verify your status we’ll need to match the query to the right person.
Where you apply for a job vacancy
All of the information you provide when applying for a vacancy with TPR will be used for the purpose of progressing your application and assessing your suitability for employment with us.
We require you to provide us your CV and a covering letter.
If you are given a conditional offer of employment a third party processor, Inkerman, will conduct pre-employment checks which will require you to provide:
- proof of your identity, including your national insurance number, your contact details and your address history
- proof of your qualifications
- a criminal records check
- contact details of referees
You will be asked to provide us with equal opportunities information. Providing us this information is not mandatory and will not affect the outcome of your application in anyway. Any information you do provide will be used to produce and monitor equal opportunity statistics.
Should you be successful in your application, you will be asked to provide your bank details in order to process salary payments.
From time to time we may receive personal data from recruitment agencies. Where we do so, we will process that data in accordance with this privacy notice.
Where you nominate a contact
If you are a nominated contact, we will have received your contact information from an individual with the necessary consent or authority to provide us with your personal data. In most situations this will be your employer or your client.
You may opt out to receive these communications or update who should be the nominated contact by visiting our nominate a contact webpage.
d) Sharing personal data
Where we are allowed to do so by law, we may share your personal data with other public bodies or government organisations. Where we regularly share data with other public bodies we have agreements in place to govern the sharing of information and to ensure compliance with the law. For more information please see our memorandum of understanding webpage.
TPR is required under EU law to provide the following information to the European Insurance and Occupational Pensions Authority (EIOPA) which will then be published on their register: the name, address, cross-border status, and host country or countries of the pension schemes in TPR’s register. The EIOPA public register of European occupational pension schemes is updated annually and available to view on the EIOPA website.
Additionally, we often share information with the public of regulatory action we have taken in particular cases. For further information, please see our essential guide to how we publish information about cases (PDF, 60kb, 6 pages).
We may share your personal data with private organisations to provide services to us in relation to our statutory functions, for example, to produce a skilled persons report or to provide legal services. We require and ensure full adherence with data protection via our instructions on contracts with such entities.
For more information related to the arrangements we put in place with those we share personal data with, please see our doing business with us webpage.
We will never share your personal data for commercial or marketing purposes.
e) Retention periods
f) Your rights
If we hold your personal data then you have certain rights in relation to what we do with it.
You have the right to access your personal data. Where you request access to your personal data we will confirm whether or not we hold information related to you, and if we do hold your data we will provide you a copy of your personal data free of charge. We may not provide information to you where to do so would prejudice the exercise of our statutory functions.
Rectification, erasure, restriction and data portability
Under certain circumstances, you have the right to have inaccurate data corrected and incomplete data completed; you may also have the right to have your personal data erased, its use restricted and your data transmitted in a commonly used format.
The right to object to the processing of your personal data does not apply to the processing of personal data for the purpose of the exercise of TPR’s statutory functions to the extent that the exercise of that right would prejudice the exercise of those functions.
You have the right to object to your personal data processed by TPR for other purposes. Where you exercise this right, we will erase your personal data if legally required.
Right to withdraw consent
Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at anytime without affecting the lawfulness of processing before withdrawal. If you do so we may no longer be able to send you communications you have signed up for or other guidance information.
If you wish to make a request exercising any of the rights set out above, please write to us:
The Pensions Regulator
Alternatively, you can email us at email@example.com
g) Data security
h) Complaints process
TPR will endeavor to meet the highest standards when collecting and using your personal information. For this reason, we take any complaint we receive about the way in which we handle your data very seriously. We encourage you to bring your concerns to our attention. For more information about how to make a complaint, please see our complaints process.
If you have already made a complaint to us and are not happy with the outcome, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).