Privacy Policy
Your Rights, Your Information and how we use it
Brunel Trustees and its professional trustee company, Brunel Trustees Limited (The Companies), is committed to protecting your personal information.
Our Privacy Policy contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given us.
We may need to make changes to our Privacy Policy. If there are important changes such as changes to where your personal data will be processed; we will contact you to let you know.
This version of our Privacy Policy was last updated 14th May 2018.
Who we are
This Privacy Policy applies to The Companies
How to contact us
If you have any questions about our Privacy Policy or the information we collect or use about you, please contact;
The Data Compliance Administrator
Brunel Trustees.
The Quorum,
Temple Back,
Bristol, BS1 3AE
Email: datacompliance@bruneltrustees.co.uk
Information we collect and use
Information about you that we collect and use includes:
- Information about who you are e.g. your name, date of birth and contact details
- Information connected to your scheme or service with us e.g. your bank account details
- Information about your contact with us e.g. meetings, phone calls, emails / letters
- Information that is automatically collected e.g. via cookies when you visit one of our websites
- Information classified as ‘sensitive’ personal information e.g. relating to your health, marital or civil partnership status. This information will only be collected and used where it’s needed to provide the service you have requested or to comply with our legal obligations.
- Information you may provide us about other people e.g. joint applicants or beneficiaries for your scheme
- Information on children e.g. where a child is named as a beneficiary to the scheme. In these cases, with parental or consent from a guardian we will collect and use only the information as required to identify the child (such as their name, age, gender)
Where we collect your information
We may collect your personal information directly from you, from a variety of sources, including:
- an application form for a scheme or service
- phone conversations with us
- emails or letters you send to us
- meetings with one of our consultants
- a Government or regulatory body such as HMRC
If you have a financial adviser and / or are a member of your employer’s pension scheme, the information we collect and use will most likely have been provided by them on your behalf.
We may also collect personal information on you from places such as business directories and other commercially or publicly available sources e.g. to check or improve the information we hold (like your address) or to give better contact information if we are unable to contact you directly.
Please note that it is not practicable for us to send a privacy notice to all dependants of our clients and members (and it may well breach our obligations of confidence to you if we do send out such a notice). You are therefore required to ensure you have the permission of your dependants for their information to be passed to us.
What we collect and use your information for
We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. We will collect and use your information only where:
- you have given us your permission.
- it is necessary to provide the service you have requested e.g. we will require some personal information including your name, address, date of birth, bank account details
- it is necessary for us to meet our legal or regulatory obligations e.g. to send you Annual Statements, tell you about changes to Terms and Conditions or for the detection and prevention of fraud
- it is in the legitimate interests of Companies e.g. to deliver appropriate information and guidance so you are aware of the options that will help you get the best outcome from your scheme or investment; where we need to process your information to better understand you and your needs so we can send you more relevant communications about your scheme.
- it’s in the legitimate interests of a third party e.g. sharing information with your employer’s adviser for the governance of a pension scheme of which you are a member
If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our services.
What we do with your data
As your scheme administrator and professional trustee our lawful basis for processing your data is:
Contract: the processing of your personal data is necessary for the contract we have with you to administer your pension scheme, or because you have asked us to take specific steps before entering into a contract with us.
Legal obligation: the processing is necessary for the Companies to comply with the law (not including contractual obligations).
When we process your data for these purposes the Companies will ensure that we always keep your Personal Data rights in the highest regard and take into account all of your data protection rights in compliance with the General Data Protection Regulation and the safeguarding of your data.
Who we may share your information with
We may share your information with third parties for the reasons outlined in 'What we collect and use your information for.' These third parties include:
- Your adviser or employer
- Companies we have chosen to support us in the delivery of the services we offer to you and other clients e.g. back office system providers, research, consultancy or technology companies; or companies who can help us in our contact with you, for example an internet service provider
- Our regulators and Supervisory Authority e.g. the Financial Conduct Authority (FCA), the Information Commissioner’s Office for the UK (the ICO), The Pensions Regulator.
- Law enforcement, credit and identity check agencies for the prevention and detection of crime
- HM Revenue & Customs (HMRC) e.g. for the processing of tax relief on pension payments or the prevention of tax avoidance
We will never sell your details to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
Where your information is processed
The majority of your information is processed in the UK and European Economic Area (EEA).
However, some of your information may be processed by us or the third parties we work with outside of the EEA, including countries such as the United States.
Where your information is being processed outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK / EEA data privacy laws e.g. we will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.
How we protect your information
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake annual training on this.
Our security controls are aligned to industry standards and good practice; providing a controlled environment that effectively manages risks to the confidentiality, integrity and availability of your information.
How long we keep your information
We will keep your personal information only where it is necessary to provide you with our services while you are a customer.
We will keep your information after this period but only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the obligations we need to meet.
Your individual rights
You have several rights in relation to how the Companies uses your information. They are:
The Right to be informed
You have a right to receive clear and easy to understand information on what personal information we have, why we need it and who we share it with – this is covered within this Privacy Policy and our privacy notices.
The Right of access
You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request (DSAR).
The Right to request that your personal information be rectified
If your personal information is inaccurate or incomplete, you can request that it is corrected.
The Right to request erasure
You can ask for your information to be deleted or removed if there is not a compelling reason for The Companies to continue to have it, subject to our own legal requirements.
The Right to restrict processing
You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted. We may not be able to agree to this as it may compromise our service, in which case we would need to cease our involvement.
The Right to data portability
You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving your pension to another pension provider.
Right to object
You can object to the Companies processing your personal information where:
- It is based on our legitimate interests (including profiling);
- if we were using it for scientific/historical research and statistics.
- Rights related to automatic decision making including profiling
Please note we do not use automatic decision making processes or profiling.
How to make a complaint
We will always strive to collect, use and safeguard your personal information in line with data protection laws. If however you do not believe we have handled your information as set out in our Privacy Policy, please email our Data Compliance team (datacompliance@bruneltrustees.co.uk) with the subject of “Complaint” and we will do our utmost to make things right.
ICO contact details:-- If you are still unhappy, you can complain to our Supervisory Authority. Their contact details are: UK – ICO – telephone 0303 123 1113.
