Privacy and Cookie Policy

Privacy Policy

We are committed to ensuring that your privacy is protected. This Privacy Policy explains how we use information about you:

  • which your employer or pension scheme trustee has provided to us, and
  • any additional information you provide through our Site.

Depending on the services we are providing to your employer or pension scheme trustee you may be able to limit the use of that information, and where that is possible this is explained below.

This notice also explains the procedures that we have in place to safeguard your privacy.

WHO IS COLLECTING INFORMATION ABOUT ME?

Capita Pension Solutions Limited. We are registered in England and Wales under company number 02260524 and have our registered office situated at First Floor, 2 Kingdom Street, Paddington, London, England, W2 6BD.

We are authorised and regulated by the Financial Conduct Authority under registration number 142484.

We provide pension administration services to your employer and / or pension scheme trustee. As part of these services they provide us with information about you to enable us to administer your pension scheme and to allow you to apply for any additional optional benefits that your employer or pension scheme trustees ask us to make available to you.

Your employer and / or the pension scheme trustee are the Controller of this information and we are a Processor where we process information at their direction or generally as part of providing our services to them. This Privacy Policy for the administration services we provide to your employer and/or pension scheme trustee, including your use of our Site, is supplemental to any privacy notice or policy provided by your employer and/or pension scheme trustee.

There may also be instances where we process your information where necessary to fulfil a request made by you or complete a transaction on your behalf, and which do not form part of our usual services to your employer and / or the pension scheme trustee. Examples of this may include where you request a cash equivalent transfer value on your own behalf and pay us directly for providing this, or where you make a complaint in respect of which we offer compensation. In these instances, we will be the Controller of your information.

WHAT INFORMATION ARE YOU COLLECTING ABOUT ME?

When your employer and/or pension scheme trustee decides to use our services they provide us with your personal details which are necessary to provide you with the benefits and services they are providing or offering you. The exact details may vary depending on the pension options being provided but may include, without limitation:

  • Full Name
  • Address
  • Gender
  • Date of birth
  • Phone number
  • Company email address
  • Bank account details
  • Personal email address
  • National Insurance Number
  • Employee/Payroll Number
  • Annual salary
  • Employment start date
  • Date you enrolled into the pension scheme
  • Dependents details (e.g. if there is a spouse's pension/death in service/life cover)
  • Login details

When you enrol and visit our Site you should check the details we hold about you are accurate.

We may ask you for further details in the following circumstances:

  • The information provided by your employer/pension scheme trustee is incomplete, or
  • An external provider of a particular benefit or service requires more information to provide that benefit or service.

Depending on the service you may have the option to receive information by SMS e.g. pension investment alerts or instant message. Where you choose this service you will have the option of providing your mobile phone number.

We may also ask you for details of your spouse, partner or other immediate family member if they are to be included as the nominated beneficiary of your pension. Where you submit such details, you do so on behalf of the relevant family member and you acknowledge and accept that it is your responsibility for letting them know (i) that you have done so; (ii) what details you have submitted; and (iii) the purpose of submitting the details.

It is your responsibility to keep your personal details and those of any relevant family member updated. If there is any change in your personal details or those of your family members, please let us know the correct details by updating them on our Site (where possible) or inform your employer and/or pension scheme trustee of the changes.

WHY ARE YOU COLLECTING THIS INFORMATION?

We gather this information to allow us to process your enrolment into your employer’s pension scheme, provide you with updated details of your pension scheme and benefits, assist you in applying for further benefits or products and processing those applications (where applicable), and generally ensure the smooth running of your pension account.

The information is also used by us to communicate with you on any matter relating to your pension scheme and benefits and the provision of our pensions administration services to your employer’s pension scheme in general.

Your employer and / or pension trustee may have provided your e-mail address details to us for the purpose of providing our services. E-mail messages cannot be guaranteed to be completely secure as they may be subject to possible interception or loss. If you do not want us to contact you on your e-mail address, please update your contact preferences once logged in, or notify your employer and / or pension scheme administrator.

We may also wish to provide you with information about special features of our Site or other services. This may be by email or by SMS text messaging if you have registered for this service. If you do not want to receive this information, please contact your employer and / or pension scheme trustee.

There may also be instances where we process your information where necessary to fulfil a request made by you or complete a transaction on your behalf, as set out in the 'Who is collecting information about me' section above.

We never use or share any personally identifiable information provided to us online in ways unrelated to the ones described on our Site, this Privacy Policy or our Cookie Policy below.

WHAT IS YOUR LAWFUL BASIS FOR PROCESSING MY INFORMATION?

Your employer and/or pension scheme trustee, as Controller, will have a lawful basis for providing us with your information to process and they should provide you with details of this in their privacy notice to you.

Where we act as Processor, your information is processed by us for the purposes of meeting our contractual obligations to your employer and/or pension scheme trustee to provide pension administration services.

Where we act as Controller as set out in the 'Who is collecting information about me' section above, your information is processed by us because it is necessary for the performance of a contract with you. It may also be necessary for our legitimate interests to collect money due to us for providing a service at your request.

WHO MIGHT YOU SHARE MY INFORMATION WITH?

To provide our services to your employer and / or pension scheme trustee as Processor, and also where we act as Controller as set out in the 'Who is collecting information about me' section above, we sometimes use both internal (i.e. other organisations within the Capita group of companies) and external third parties such as IT systems and software providers, print and document management companies and banks and payment providers to authorise and complete payments.

In addition, your details may be disclosed to your employer / pension scheme in order for us to provide pensions administration services to you. They may also be disclosed to government, regulatory and law enforcement bodies where required to comply with our legal obligations or exercise our legal rights.

Where we provide pension administration services and you apply for any additional products or services offered through our Site, we will pass your personal details as necessary to a third party provider of those products and services to the extent necessary for you to receive those products or services. Thereafter, the provider may correspond with you directly in order to provide those services. Once a provider has received your personal information they will usually have a direct relationship with you and use your personal data in accordance with their terms and conditions and privacy policy. An example of the types of providers used are insurance companies for the provision of medical insurance or life assurance.

In the event we are sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchasers' advisers and will be passed on to the new owners of the business in order to ensure continuity of service.

WHERE MIGHT YOU TRANSFER MY INFORMATION OUTSIDE THE EEA?

Where we act as Processor, your personal data will not be transferred by us outside of the European Economic Area (EEA) unless specifically agreed with your employer and/or pension scheme trustee. Where your employer and/or pension scheme trustee has consented, we may engage with internal and external third party suppliers in the countries outside the EEA which are subject to different standards of data protection, including but not limited to:

  1. India
  2. United States
  3. South Africa

for more straightforward backoffice support services such as invoice and payroll processing, IT support and providing data matching sources for tracing services.

Where we act as Controller, we may engage internal third parties within the Capita group of companies based in India to perform straightforward back-office such as invoice and payroll processing. By submitting your personal data to us, you agree to this transfer, storing or processing of your personal data.

In all cases where personal data is transferred outside of the EEA, we will take appropriate steps to ensure that such transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests. To achieve this, we will:

  • Ensure transfers within the Capita group of companies are covered by an intra-group data sharing agreement entered into by all relevant entities within the Capita group, which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection.
  • When transferring personal data to third parties outside the UK and EEA:
    • Put in place International Data Transfer Agreement (IDTA) or Standard Contractual Clauses plus UK Addendum, to ensure that your information is safeguarded; or
    • Ensure that the country in which your personal data will be handled has been deemed ‘adequate’ by the European Commission/ICO.

HOW LONG DO YOU KEEP HOLD OF MY INFORMATION?

Unless an alternative retention period is agreed with your employer and / or pension scheme trustee, our standard policy is to hold your data for a maximum of 7 years after the end our agreement to provide services to your employer / pension scheme trustee, after which it will be securely destroyed.

WHAT IF I CHOOSE NOT TO GIVE YOU MY PERSONAL INFORMATION?

If you do not wish us to process your Personal Data in order to use our Site, please use the contact details on the Site homepage. However, in certain circumstances your employer and/or pension scheme trustee may be under a legal obligation to process your Personal Data e.g. for automatic enrolment into a pension scheme and to manage opt-outs in which case we may have to continue to process your Personal Data.

WILL YOU PROCESS MY INFORMATION FOR PURPOSES I MAY NOT BE AWARE OF?

Where agreed with your employer and / or pension scheme trustee we may anonymise your Personal Data and use it for data analytical purposes.

We may also use aggregate information and statistics for the purposes of monitoring website usage and to help us develop our Site and our services, and may provide such aggregated information to third parties. These statistics will not include information that can be used to identify any individual.

From time to time we may provide your information that we collect and store during normal use of our Site to our customer service agencies for research and analysis purposes so that we can monitor and improve the services we provide. Such use does not result in any Personal Data, other than contact details, being collected, stored or transferred to such agencies. We, or our agents and sub-contractors, may contact you by post, e-mail or telephone to ask you for your feedback and comments on our services.

One way in which we gather this information is by using cookies. Please see our Cookie Policy below for more information.

WHAT RIGHTS DO I HAVE?

Under Data Protection Legislation you have a number of rights. These can be exercised by contacting your employer / pension scheme trustee as Controller of your Personal Data, and a brief summary of the rights is provided below:

The right to be informed
This includes an obligation to explain to you how your information is used. This Privacy Policy provides you with this explanation in relation to Personal Data processed by us when providing pension scheme administration services to your employer or pension scheme trustee.

The right of access
You have the right to obtain confirmation that your Personal Data is being processed and to obtain access to your information (e.g. by receiving a copy of it).

The right to rectification
You have the right to have your Personal Data corrected if it is inaccurate or incomplete.

The right to erasure (also known as the "right to be forgotten")
You have the right to request the deletion or removal of your Personal Data in certain circumstances. Please note that there may be circumstances where you ask for your information to be deleted but both us and your employer / pension scheme trustee are legally entitled to retain it.

The right to restrict processing
You have the right to request the processing of your Personal Data is restricted in certain circumstances. Again, there may be circumstances where you ask your employer / pension scheme trustee to restrict the processing of your information, but they are legally entitled to refuse that request.

The right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.

The right to data portability
You have the right to receive the Personal Data you have provided in a usable electronic format and/or request it is transmitted to a third party where this is technically feasible.

The right to complain to the Supervisory Authority
You have the right to make a complaint with the Information Commissioner (www.ico.org.uk) if you think that any of your rights have been infringed.

Cookie Policy

We are committed to ensuring that your Personal Data is protected. This Cookie Policy explains how we use the information we collect about you by our use of cookies, and the purpose for which we use them.

At any time, you can manage cookie settings in order to give or withdraw your consent to non essential cookies.

1. Information about our use of cookies and other information gathering technologies

Our Site uses cookies to distinguish you from other users of our Site. This helps us to provide you with a good experience when you browse our Site. It also allows us to improve our Site.

Cookies are small text files that are placed on your computer by websites that you visit. Cookies contain information that is transferred to your computer’s hard drive. They are widely used in order to make websites work, or work more efficiently (such as recalling your preferences), as well as to provide information to the owners of the website, which helps to improve the user experience of the website.

To learn more about cookies, including how to manage them and how they affect your online activities, please visit www.aboutcookies.org or www.allaboutcookies.org. You can also learn how to control cookies on different browsers at www.aboutcookies.org/how‐to‐control‐cookies/, or if you want to know how to delete cookies, visit www.aboutcookies.org/how‐to‐delete‐cookies/

To opt out of being tracked by Google Analytics across all websites, you can visit http://tools.google.com/dlpage/gaoptout. The Internet Advertising Bureau website (Your Online Choices) which you can visit at www.youronlinechoices.com/uk/ allows you to install opt‐out cookies across different advertising networks. New technologies such as Mozilla's Do Not Track (www.mozilla.org/en‐GB/firefox/dnt/) allow you to tell websites not to track you.

However, blocking cookies may on occasion reduce the functionality of a website or prevent access, depending on the browser options which are selected. All of the cookies used by our Site are required for it to function correctly and therefore to use our Site you must give your consent for cookies to be stored on your machine. None of the cookies our Site uses are harmful or will track anything you do away from our Site.

We use the following types of cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e‐billing services.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functional cookies. These cookies support additional functionality such as the online chatbot. Functional cookies also allow you to choose whether the website is allowed to store cookies in your browser.

The table below explains the specific cookies we use for the operation of our Site and why:

Cookie Type Cookie Name Purpose Lifespan
Strictly necessary cookies Sid* This is a session cookie which holds the members session information while they go through the Site. When the browsing session ends
Strictly necessary cookies displayCookieConsent This cookie is used to notify you that the Site is storing cookies in your browser. 90 days
Strictly Necessary Cookies BNES_* This cookie is used for the management of the Site’s security. When the browsing session ends
Strictly necessary cookies Incap_* This cookie is used to maintain your session. When the browsing session ends
Strictly necessary cookies Visid_* This cookie is used to identify the session with your device. 1 year
Functional Cookies LPSID‐* This cookie is used for the online chatbot functionality. This cookie is the unique visitor identifier. When the browsing session ends
Functional Cookies LPVID This cookie is used for the online chatbot functionality. This cookie is used to give a unique visitor identifier. When the browsing session ends
Functional Cookies AllowCookies This cookie is used to control whether you allow the website to store cookies in your browser. 90 days

2. Third party cookies

We use a number of suppliers which set cookies through our Site in order to deliver the services they provide

The table below explains the third party cookies we use for the operation of our Site and why:

Cookie Type Cookie Name Purpose Lifespan
Google Analytics _gat_globalTracker These cookies are used to collect information about how visitors use our Site. We use the information to compile reports and to help us improve the Site. The cookies collect information in an anonymous form, including the number of visitors to the Site, how and where the visitor has accessed the Site from, and the pages they have visited. When the browsing session ends
_gat When the browsing session ends
_ga 2 years
_gid 1 day

Please note other websites to which our Site may be linked, may also make use of their own cookies, over which we have no control.

3. Hartlink Online Portal sessionStorage property

The read-only sessionStorage property accesses a session Storage object for the current origin. sessionStorage is similar to localStorage; the difference is that while data in localStorage doesn't expire, data in sessionStorage is cleared when the page session ends.

  • Whenever a document is loaded in a particular tab in the browser, a unique page session gets created and assigned to that particular tab. That page session is valid only for that particular tab.
  • A page session lasts as long as the tab or the browser is open, and survives over page reloads and restores.
  • Opening a page in a new tab or window creates a new session with the value of the top-level browsing context, which differs from how session cookies work.
  • Opening multiple tabs/windows with the same URL creates sessionStorage for each tab/window.
  • Duplicating a tab copies the tab's sessionStorage into the new tab.
  • Closing a tab/window ends the session and clears objects in sessionStorage.

Data stored in sessionStorage is specific to the protocol of the page. In particular, data stored by a script on a site accessed with HTTP (e.g., http://example.com/) is put in a different sessionStorage object from the same site accessed with HTTPS (e.g., https://example.com/).

The keys and the values are always in the UTF-16 string format, which uses two bytes per character. As with objects, integer keys are automatically converted to strings.

Source: https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage