Brunel Trustees and its professional trustee company, Brunel Trustees Limited (The Companies), is committed to protecting your personal information.
Who we are
How to contact us
The Data Compliance Administrator
Bristol, BS1 3AE
Information we collect and use
Information about you that we collect and use includes:
Where we collect your information
We may collect your personal information directly from you, from a variety of sources, including:
If you have a financial adviser and / or are a member of your employer’s pension scheme, the information we collect and use will most likely have been provided by them on your behalf.
We may also collect personal information on you from places such as business directories and other commercially or publicly available sources e.g. to check or improve the information we hold (like your address) or to give better contact information if we are unable to contact you directly.
Please note that it is not practicable for us to send a privacy notice to all dependants of our clients and members (and it may well breach our obligations of confidence to you if we do send out such a notice). You are therefore required to ensure you have the permission of your dependants for their information to be passed to us.
What we collect and use your information for
We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. We will collect and use your information only where:
If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our services.
What we do with your data
As your scheme administrator and professional trustee our lawful basis for processing your data is:
Contract: the processing of your personal data is necessary for the contract we have with you to administer your pension scheme, or because you have asked us to take specific steps before entering into a contract with us.
Legal obligation: the processing is necessary for the Companies to comply with the law (not including contractual obligations).
When we process your data for these purposes the Companies will ensure that we always keep your Personal Data rights in the highest regard and take into account all of your data protection rights in compliance with the General Data Protection Regulation and the safeguarding of your data.
Who we may share your information with
We may share your information with third parties for the reasons outlined in 'What we collect and use your information for.' These third parties include:
We will never sell your details to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
Where your information is processed
The majority of your information is processed in the UK and European Economic Area (EEA).
However, some of your information may be processed by us or the third parties we work with outside of the EEA, including countries such as the United States.
Where your information is being processed outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK / EEA data privacy laws e.g. we will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.
How we protect your information
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake annual training on this.
Our security controls are aligned to industry standards and good practice; providing a controlled environment that effectively manages risks to the confidentiality, integrity and availability of your information.
How long we keep your information
We will keep your personal information only where it is necessary to provide you with our services while you are a customer.
We will keep your information after this period but only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the obligations we need to meet.
Your individual rights
You have several rights in relation to how the Companies uses your information. They are:
The Right to be informed
The Right of access
You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request (DSAR).
The Right to request that your personal information be rectified
If your personal information is inaccurate or incomplete, you can request that it is corrected.
The Right to request erasure
You can ask for your information to be deleted or removed if there is not a compelling reason for The Companies to continue to have it, subject to our own legal requirements.
The Right to restrict processing
You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted. We may not be able to agree to this as it may compromise our service, in which case we would need to cease our involvement.
The Right to data portability
You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving your pension to another pension provider.
Right to object
You can object to the Companies processing your personal information where:
Please note we do not use automatic decision making processes or profiling.
How to make a complaint
ICO contact details:-- If you are still unhappy, you can complain to our Supervisory Authority. Their contact details are: UK – ICO – telephone 0303 123 1113.