Privacy Policy of ProPensions Limited
ProPensions Limited takes your privacy very seriously. This notice explains how we use and protect the personal information that we hold about contacts and that held in relation to clients. We encourage you to read our Privacy Notice before providing us with any personal data.
1 WHO ARE WE?
This is the Privacy Notice of ProPensions Limited (“we” or “us”), a private company registered in Scotland with the company number (SC639915). Our registered office is 227 West George Street, Glasgow, G2 2ND. If you have any questions about how we look after your personal data, you can contact us by email at or by calling 07793 307497.
We are a "controller" for the purposes of the relevant data protection laws. This Privacy Policy sets out how we will hold your data in accordance with Regulation (EU) 2016/679, General Data Protection Regulation (“GDPR”).
2 THE PERSONAL DATA WE COLLECT
When you contact us via our website, by email, over the telephone or by post, we collect personal data about you to enable us to effectively answer your enquiry or provide you with a service. This personal data includes:
• Your Name
• Your Address
• Company Details (if relevant)
• Your Phone Number
• Your Email Address
For client contacts, advisers to clients and third party contacts, the personal information held is limited to the above details.
We also provide professional trustee and consultancy services in relation to company pension schemes, therefore personal information may also be processed by us in relation to the members of our clients and former clients. Depending on the nature of services provided we will either be a “controller” or a “processor” of this personal data for the purposes of the GDPR. This personal data may include:
· Details of members’ earnings;
· Details of members’ employment;
· Members’ demographic details;
· Theirr dates of birth;
· Details of their benefit payments and entitlements under the pension scheme;
· Their marital status;
· Their health status;
· Their bank details.
We will put in place and comply with our obligations under a separate data protection agreement which shall govern our data controlling or processing activities under any such professional trustee or consultancy engagement as appropriate.
3 THE SOURCES FROM WHICH WE OBTAIN YOUR PERSONAL DATA
We obtain your personal data from the following sources:
(a) Directly from you, either in person, via our website or by telephone or email. This could include personal data which you provide when you request information on our services or appoint us to provide services.
(b) Cookies, server logs and other similar technologies. We may automatically collect Information Technology Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. If you have any questions about our use of cookies, see our Cookies Policy on our website or you can contact us at info@propensions.co.uk ;
(c) publicly available sources, such as Companies House and HM Land Registry.
4 HOW WE USE YOUR PERSONAL DATA
We collect personal data about you in order to:
(a) perform our contractual obligations to you. This would include:
• processing and performing any services you have requested;
• orders placed by us where you are a supplier;
• making or receiving payments, fees and charges; and
• collecting and recovering money owed.
(b) use your personal data for health and safety requirements;
(c) use your personal data in an official role which we have been designated to carry out by an official authority (e.g. the government) or where we are otherwise carrying out tasks which are in the public interest (e.g. which have been designated as such by government, or which would otherwise be deemed in the public interest);
(d) manage our relationship with you including:
• to send you important notices such as communications about changes to our terms and conditions and policies (including this Privacy Notice);
• to provide you with important information about services we provide;
• to send you information you have requested; and
• to deal with your enquiries.
(e) administer our business and carry out business activities;
(f) protect our business including dealing with any misuse of our website and complying with our security policies;
(g) to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same);
(h) make suggestions and recommendations to you about goods or services that may be of interest to you;
(i) sell, make ready for sale, financing or dispose of our business in whole or in part including to any potential buyer or their advisers;
(j) enforce or apply our terms of use, terms and conditions of supply and other agreements with third parties; or
(k) investigate and defend any third-party claims or allegations.
5 OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA
Where we may rely on consent
For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
In the event that we rely on your consent, you may at any time withdraw the specific consent you give to us processing your personal data. Please contact us using the contact details set out in paragraph 1 to do so. Please note that even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other bases to process your personal data for other purposes.
Other legal basis
Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:
(a) the processing is necessary in order for us to comply with our legal obligations (such as compliance with anti-money laundering legislation);
(b) the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
(c) processing is necessary for the establishment, exercise or defence of legal claims; or
(d) the processing is necessary for the pursuit of our legitimate business interests (including that of the delivery and the promotion of our services).
In particular, our legitimate interests include:
(a) the provision of services;
(b) the recovery of debt;
(c) the provision of administration and / or IT services;
(d) the prevention of fraud;
(e) marketing of services
(f) the reorganisation or sale or refinancing of the business or a group restructure;
(g) the study in how to develop and the update of our services; and
(h) the development of our business strategy.
6 WHO RECEIVES YOUR PERSONAL DATA
We will not process data obtained for one purpose for any unconnected purpose unless the individual concerned has either agreed or would otherwise reasonably expect this. Personal information will, therefore, only be disclosed to third parties if there is either a legal requirement to do so or it is necessary to comply with contractual requirements to our stakeholders. We may disclose your personal data to:
(a) our third party data processers who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
(b) external professional advisers such as accountants, bankers, insurers, auditors and lawyers;
(c) HMRC or other tax authorities, legal and other regulators or authorities (e.g. the Information Commissioners Office), including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
(d) law enforcement agencies (e.g. the police or the Serious Fraud Office), courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
(e) third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties; or
(f) third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation).
7 WHEN MIGHT WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA?
We do not transfer your personal data outside of the European Economic Area (EEA). You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
8 RETENTION
We will retain personal data for no longer than necessary.
Contact details for advisers, consultants and other individuals who either act for clients or with whom we engage in business development activities will be deleted within a reasonable period of there being no on-going commercial relationship with us or any of our clients. Where contact details are held in relation to other third parties in similar or related industries, personal information will be deleted once notification is received that the individual is no longer employed by such a third party.
Current client data will be retained in accordance with the individual policy applicable to that client. In respect of former clients, including pension schemes which have been wound up, our legitimate interests include the ability to refer to data in the event of litigation, claims or complaints. In this context, and subject to any statutory limits which may be imposed, data will be held by ProPensions Limited for a period of at least ten years from when we ceased to provide services for that client.
9 DATA SECURITY
Personal data will normally only be held on our servers or suitably secured/encrypted computers, laptops, tablets or mobile devices. Any transfer of personal data will only be in an encrypted form or subject to appropriate safeguards.
10 CONTRACTUAL OR STATUTORY REQUIREMENTS ON YOU TO PROVIDE PERSONAL DATA
In certain circumstances the provision of personal data by you is a requirement to comply with the law or a contract, or necessary to enter into a contract.
If you do not provide your personal data then the consequences are that we may not be able to perform to the level you expect under our contract with you.
11 YOUR RIGHTS
If, for any reason, you are unsure about the personal data we are holding in your name, please contact us. We will happily review your details and update the records if required. You can contact us by email, phone or letter.
You have a number of rights under data protection laws; these are summarised below.
(a) the right to request access to your personal data that we process or control;
(b) the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
(c) the right to request, on legitimate grounds as specified in law:
• erasure of your personal data that we process or control; or
• restriction of processing of your personal data that we process or control;
(d) the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
(e) the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
(f) The right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body. Please see for how to do this.
If you would like to exercise any of the rights set out above, please contact us using the contact details set out in paragraph 1. We will aim to provide a response to any request within one month of the request being received. Access to data will usually be provided free of charge, although in certain circumstances a small charge may be made where entitled to do so under the data protection laws. It should be noted that it may not be possible to delete or remove data that is needed to manage our business.
12 DATA ACCURACY AND RECTIFICATION
We will take reasonable steps to ensure data for our management purposes is kept accurate. When advised of any legitimate inaccurate or incomplete personal data, we will correct that data and, if applicable, advise relevant third parties of that correction.
13 CHANGES TO THIS PRIVACY POLICY
This policy is current as of September 2019 and it will be reviewed regularly. Any changes to our privacy policy will be posted on this site so that you may ensure that you are fully informed of your rights and can notify us of any changes to your preferences.
14 LINKS TO OTHER WEBSITES
This policy only applies to us. If you link to another website from our website, you should remember to read and understand that website’s privacy policy as well. We do not control unconnected third-party websites and are not responsible for any use of your personal data that is made by unconnected third-party websites.