What personal data do we hold?

The types of data we hold and process will typically include:

  • Contact details, including name, address, telephone numbers and email address.

  • Identifying details, including date of birth and national insurance number.

  • Information relating to your benefits in the Fund, including length of service or membership and salary.

  • Other information in relation to your membership of the Fund or to enable the calculation or payment of benefits, for example bank account details.

  • Information about your family, dependents or personal circumstances, for example, marital status, gender and information relevant to the distribution and allocation of benefits payable on death.

  • Financial information relevant to the calculation or payment of benefits, for example, bank account and tax details.

  • Information about your health, for example, to assess eligibility for benefits payable on ill health, or where your health is relevant to a claim for benefits following the death of a member of the Fund.

  • Information about a criminal conviction if this has resulted in you owing money to your employer or the Fund and the employer or Fund may be reimbursed from your benefits.

We obtain some of this personal data directly from you. We may also obtain data from your employer (for example, salary information) and from other sources including public databases.

What will we do with your personal data?

We will use this personal data to administer the Fund and to calculate and provide you (and, if you are a member of the Fund, your beneficiaries if you die) with benefits. We will also use this personal data for statistical and financial modelling and reference purposes (for example, when we assess how much money is needed to provide members' benefits and how that money should be invested), and to comply with our legal obligations.

From time to time we will share your personal data with third parties, including our contractors, advisors, government bodies and dispute resolution and law enforcement agencies and insurers in order to comply with our obligations under law, and in connection with the provision of services that help us carry out our duties, rights and discretions in relation to the Fund.  These organisations are listed in the full Privacy Notice.

In rare cases recipients of your personal data may be outside the UK. If this occurs, we will make sure that appropriate safeguards are in place to protect your data in accordance with applicable laws. Please use the contact details below if you want more information in connection with this.

What is the legal basis for our use of your personal data?

The legal basis for our use of your personal data will generally be one or more of the following:

  1. we need to process your personal data to satisfy our legal obligations as the Administering Authority of the Fund; and/or

  2. we need to process your personal data to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body; and/or

  3. we need to process your personal data for the legitimate interests of administering and managing the Fund and liabilities under it, calculating, securing and paying benefits and performing our obligations and exercising any rights, duties and discretions the Administering Authority has in relation to the Fund; and/or

  4. because we need to process your personal data to meet our contractual obligations in relation to the Fund (for example, under an agreement that you will pay additional voluntary contributions to the Fund), or to take steps, at your request, before entering into a contract.

How long will we hold your data?

We will only keep your personal data for as long as we need to in order to fulfil the purpose(s) for which it was collected and for so long afterwards as we consider may be required to deal with any questions or complaints that we may receive about our administration of the Fund, unless we elect to retain your data for a longer period to comply with our legal and regulatory obligations.  We keep your information for long enough to ensure that, if a query arises in the future about your benefits, we have enough information to deal with it where we have a legal obligation to do so. This information includes the data we need to identify a specific record. In practice, this means that your personal data will be retained for such a period as you (or any beneficiary who receives benefits after your death) are entitled to benefits from the Fund until such a time that the Fund is satisfied that there is no benefit due to be paid and no person, estate, or organisation exists that may be able to claim a benefit is due to be paid. This is likely to be at least 75 years after a benefit ceases to be payable. For the same reason, your personal data may also need to be retained where you have received a transfer, or refund, from the Fund in respect of your benefit entitlement.

Your rights

You have a right to access and obtain a copy of the personal data that we hold about you and to ask us to correct your personal data if there are any errors or it is out of date or incomplete.  In certain circumstances you have the right to object to the processing of your personal data; for example you have the right to object to processing of your personal data which is based on the public interest or legitimate interests identified in the section above headed "What is the legal basis for our use of your personal data?", or where the processing is for direct marketing purposes.  In some cases you may also have a right to ask us to restrict the processing of your personal data until any errors are corrected or to transfer or (in very limited circumstances) erase your personal data.  You can obtain further information about these rights from the Information Commissioner's Office at: www.ico.org.uk or via its telephone helpline (0303 123 1113).

If you wish to exercise any of these rights, please contact the Fund Administrator below. You also have the right to lodge a complaint in relation to this summary notice, the full Privacy Notice or our processing activities with the Information Commissioner's Office, which you can do through the website above or their telephone helpline.

One of the reasons we collect and hold your personal data is to administer your benefits from the Fund.  If you do not provide the information we request, or ask that the personal data we already hold is deleted or that the processing of the personal data be restricted, this may affect our ability to administer your benefits, including the payment of benefits from the Fund. In some cases it could mean that we are unable to put your pension into payment or have to stop your pension (if already in payment).

Please contact the Fund for further information.

East Sussex Pension Fund - Pensions Administration,

County Hall East Block, F Floor, Lewes, BN7 1UE

[email protected]

Data Protection Officer

You may also contact our data protection officer for further information.

Data Protection Officer,

East Sussex County Council

County Hall West Block, G Floor,

Lewes,

BN7 1UE

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new set of European Union (EU) regulations came into force on 25 May 2018. It will change how organisations process and handle data, with the key aim of giving greater protection and rights to individuals.

What laws currently govern data protection in the UK?

Currently in the UK the Data Protection Act 1998 sets out how your personal information can be used by companies, government and other organisations. The GDPR will replace the Data Protection Act 1998 when it comes into force on 25 May 2018.

You can obtain further information about these rights from the Information Commissioner's Office at: or via www.ico.org.uk their telephone helpline (0303 123 1113).

ESPF Full Policy and Notice

Find the ESPF Governance Policy, Statement and Guides here