Privacy and Personal Information Policy
Under the General Data Protection Regulation (GDPR) we must comply with various duties in relation to any personal information that we hold about you. The Pensions Ombudsman is committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information about people who seek to use our service, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change or update this Policy from time to time, so please check this page occasionally to ensure that you are happy with any changes. By using our service, you are agreeing to be bound by this Policy.
Who are we?
We are The Pensions Ombudsman. We are an independent organisation set up by law to investigate complaints about pension administration. We also operate an Early Resolution Service (ERS) which helps people involved in a pension complaint to agree a resolution in an informal way. We can also consider complaints about the actions and decisions of the Pension Protection Fund and about some decisions made by the Financial Assistance Scheme.
How to contact us
Any questions or queries regarding this Policy and our privacy practices should be sent by email to our Data Protection Officer at email@example.com or by writing to 10 South Colonnade, Canary Wharf, London E14 4PU. Alternatively, you can telephone 0800 917 4487.
What type of personal information do we collect from you?
By personal information we mean information that is about identifiable living individuals. A complaint will include a considerable amount of information about a person such as their name, age, workplace or former workplace, and possibly their financial affairs and medical history. When we investigate your complaint, you or others will probably give us additional information about you. Unless you provide us with such information as is relevant to your complaint or your ERS application, we may not be able to process the complaint or application.
How do we collect the information from or about you?
We are happy to talk over the phone to answer queries or to explain our position. Please be aware that all telephone calls we make and receive are recorded for security, reference and quality purposes.
However, if the matter is not easily resolved, we will usually ask any relevant party to provide any detailed information in writing. This is to avoid any misunderstandings about the facts and to allow us to send a copy of what has been said to the other parties.
When corresponding by email, we will do so by using encrypted email to ensure that all personal information remains safe and protected.
Anyone who wants to send information to us but has not yet had an encrypted email can start the process by contacting us at: firstname.lastname@example.org
We may also obtain information about you from third parties, such as a pensions provider that you are complaining about, or other third parties connected with your complaint.
How is your information used by us?
We use this personal information to help you to resolve any queries that you have with a pensions provider at an early stage or for us to reach a decision about a complaint. Incidental to that, other uses may include publishing decisions; dealing with any appeals or any other legal action concerning our decisions. We may also use your personal information with the aim, for example, of adjusting our practices and improving the performance of our service. This could include training and monitoring purposes; analysing complaints or collating information to identify trends or characteristics; customer surveys; and dealing with any service complaints.
Your personal information will only be used for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may share your personal information with a third party, such as companies or individuals that you are complaining about, as part of our investigation of your queries or complaints.
By law, we also have the power to share information about a complaint with a small number of designated persons, including other ombudsman schemes, regulators, public authorities and government departments (as set out in section 149 of the Pension Schemes Act 1993), if we think it necessary in helping them carry out their own functions. We will always consider this carefully before doing so.
Publishing our decisions
We aim to carry out our work openly and transparently and for this reason we usually publish Ombudsman determinations, as well as some opinions made by our adjudicators considered to be of interest, on our website. Since 3 May 2016, our published decisions have generally been anonymised and have the name of the person making the complaint as well as any other identifying personal data removed – unless such data is essential for understanding the decision or there is another reason why we consider it is appropriate to publish it.
Our policy was amended to reflect the prevailing approach of dispute handling schemes towards increased protection of personal information, while maintaining transparency in demonstrating our work and findings and giving guidance to the industry and consumers.
The decision we send to the parties in each complaint will retain the name of the person making the complaint (in a footnote), to assist with any appeal or enforcement issues. However, the decision we publish on our website will generally be anonymised.
In certain cases, we may decide not to anonymise the decision. Examples might be: where the case is a particularly notable one with wider (public interest) implications; where we are taking a position; or where the name of the person making the complaint is relevant to the issue – perhaps a claim to a pension entitlement where the policy cannot be found or has been allocated to someone else.
If we are considering not anonymising a decision, or we are asked to do so by a party, we will ask the parties for their comments. Similarly, if you have concerns about a decision which has already been published on our website (including one published before 3 May 2016 which includes the parties’ names) you can contact us using the details set out above. Ultimately, it will be a matter for the Ombudsman to decide on a case-by-case basis.
If you think that there is other material we should edit in the decision in your case, you should let us know as soon as possible, giving your reasons. We will not always agree, but will always consider a request very carefully.
Exceptionally we might publish a decision in summary form only, while making more information available to anyone who requests it.
The legal basis that we rely on for the processing of your personal information
Our legal basis for processing your personal information will usually be: exercising our official authority or performing our role in the public interest, which includes administering justice and carrying out our statutory function pursuant to Part X of the Pension Schemes Act 1993 (the investigation of complaints into alleged maladministration, and disputes of fact or law, relating to pension schemes); our legal obligations and reasons of substantial public interest; and/or that we are establishing legal claims and acting in our judicial capacity. On those occasions where we are not relying on any of the above, we will ensure that a suitable alternative legal basis is used, which could (in the case of applicants) include obtaining your explicit consent. The legal basis for using information for incidental purposes would be if there is a legitimate or public interest.
We have decided to operate the ERS on the basis of explicit consent.
Where we do process data based on your explicit consent, you have a right to withdraw that consent at any time, but this may mean that we can no longer provide you with a service.
How long do we hold your information for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider: the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure of your personal data; the purposes for which we process your personal data and whether we can achieve those purposes through other means; and the applicable legal requirements.
You have the right to request access to, and rectification or erasure of, your personal data (the right to be forgotten). You also have rights to restrict or object to our processing of your personal information and to request that we send you, or another organisation, certain types of information about you in a format that can be read by a computer (data portability).
That said, due to the nature of the work that we do, we may refuse such requests from you in accordance with relevant legislation. Our overall aim, however, is to be as fair and transparent as possible and we will only refuse such requests where we consider that we are legally justified in doing so.
How you can update your information
The accuracy of your information is important to us. We are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your email address, or any of the other information we hold is inaccurate or out of date, please contact us using the details given in the ‘How to contact us’ section.
Security precautions in place to protect the loss, misuse or alteration of your information
We know that data security is important to you. When you give us personal information we take steps to ensure that it is stored securely, both physically and electronically, in accordance with the internal policies that we have in place for the effective and secure processing of your personal information.
We also have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Use of ‘cookies’
Transferring your information outside of the European Economic Area (“EEA”)
We store all your personal information in the UK and we avoid transferring your personal information outside the EEA whenever possible. If circumstances arise where it does become necessary to transfer your information outside of the EEA – such as you, or any of the other parties involved in the case, being located outside the EEA - we will take reasonable steps to ensure that appropriate security measures are taken.
What if you are unhappy about the way that we handle your personal information?
If you have any issues or complaints about the way that we have handled your personal information, please contact our Data Protection Officer at email@example.com. You also have the right to make a complaint to the Information Commissioner’s Office (www.ico.org.uk).
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in September 2019.