Skip to content

Privacy policy – St Dunstan's retirement benefits plan

This privacy policy was last updated on 16 December 2021.

This version is not a Blind Veterans UK policy but is hosted on our website on behalf of the pension plan.

The Trustees of the St Dunstan’s Retirement Benefits Plan (1973) respect the privacy of our scheme members. This policy explains how and why we collect, manage, use and protect your personal data. It also makes clear how you can exercise control over your personal data. It should be read in conjunction with the appropriate Blind Veterans UK Group employee and Barnett Waddingham (Scheme Actuary) privacy policies.

Our privacy promise

We take our duties when processing your personal data very seriously. We promise that we will tell you what data we are collecting and why. We will make every reasonable effort to collect, process, store and share your data safely and securely. We will also make sure that our trusted partners do the same. We also promise that we will be open and clear with you about our use of your personal data and that you will be able to control your personal data with ease.

Your data

In order to provide the pension scheme benefits to you or your beneficiaries, we need to collect and keep a little data about you, like your name, date of birth, contact details, banking details and, when appropriate, health details. Some of this personal data we may need to share with our trusted partners, such as scheme administrators and professional advisors. This is to provide you with the support and services you require from us.

We use your data to provide your pension

We use the personal data you provide to fulfil our legitimate interests and obligations to provide your pension and manage its benefits as required by you or the law.

You are in control

If you would like to make any changes to the way we are processing your data, if you believe it is inaccurate or incomplete, or you have any concerns regarding how it is being processed you can discuss this with us. You can contact us using the details in Section 9 of this policy “How to Contact Us”. If you prefer, you can discuss how we process your personal data or if you wish to make an individual rights request you can e-mail our Data Protection Officer whose details are also in Section 9.

Changes to this policy

We may change this document from time to time to reflect the latest views of what we do with your personal data and legal and regulatory changes. Please check back frequently. You will be able to see when changes have been made by the date (at the top of the page) stating when it was last updated.

Our privacy policy in detail

1. Who we are

Our Privacy Policy applies to personal data collected and used by St Dunstan’s Retirement Benefits Plan (1973). Under data protection law and regulation, we are a ‘data Controller’ and are registered as such with the Information Commissioner’s Office (Registration Reference Number: (ZA356585).

The Plan and its Trust was established by St Dunstan’s (now the Blind Veterans UK Group) as the Principal Employer to manage, administer and pay the appropriate scheme benefits to members and nominated beneficiaries.

References to “the plan”, “the scheme”, “Trust”, “Trustees”, “our’, ‘us’, and "we" means St Dunstan’s Retirement Benefits Plan (1973).

For the purposes of the scheme we are Joint Controllers with Blind Veterans UK (UK registered charity 216227) sharing responsibility for determining the purposes and means of the processing of personal data as defined in the UK-GDPR 2020. Barnett Waddingham is a Data Processor as our scheme administrator. Additionally, Barnett Waddingham also process personal data as the scheme Actuary. When exercising that function thay are a data Controller in their own right. You should refer to their privacy policies to understand how they process and treat your personal data. Links to these policies are in Section 9 “How to Contact Us’.

2. What personal data we collect and why

What we need to collect

For data to be considered ‘personal’ it must relate to you as an identified or identifiable individual. An individual can be identifiable either directly (your name, address, email address etc.) or indirectly (job title, payroll number, location, business phone number). Where there is insufficient data to identify you as an individual from a group that is not personal data. If your identifiable data is used but the use does not relate to you that would also not be personal data. We need to process personal data about our scheme members to allow us to provide you with your appropriate pension and benefits.

As a member of the scheme, we will process personal data about you for the purpose of setting up, administering, maintaining, calculating and paying pensions accurately to scheme members and appropriate dependents. We do this while also meeting our legal obligations and pursuing our legitimate interests as your pension plan trustees.

This may include:

  • Postal address, telephone number, email address.
  • Date and place of birth.
  • Gender (Recorded at birth for MHRC purposes)
  • Your national insurance number.
  • Career, unpaid leave, retirement details, membership status (in-service deferred, deferred or pensioner), details of last change in status.
  • Banking, salary, pension payment, AVC contributions, tax details and Guaranteed Minimum Pension entitlement.
  • Spouse and nominated beneficiary details.
  • Health details.

We will be very clear with you when we wish to collect such personal data and our reason for collecting it. We will only do so when we have a lawful basis for processing as required by the DPA 2018.

UK Data protection law and supporting regulation recognises certain personal data as ‘special category’ data and as being particularly sensitive. This includes: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, certain biometric data, data concerning health or a person's sex life or sexual orientation. Sometimes we may need to collect or may indirectly obtain such data. This is most likely to be health details (e.g. in the case of ill health early retirement), where we need to consider discretionary benefits or appropriate pension payments.

If you provide, either at our request or voluntarily, any special cageory or personal data, you explicitly agree that we may collect and use it in order to provide our services in accordance with this Privacy Policy.

The accuracy of your personal data is really important to us. If you wish to update or correct any personal data we hold, please contact us using the contact details in Section 9 of this policy.

Why we need it

We need your personal data in order to perform functions such as:

  • Statutory Requirements. Whether you are a deferred member or a current pension beneficiary, we need to comply with legal, audit and actuarial obligations as required by pension law.
  • Administer and manage your pension. Whether you are a deferred member, a pension beneficiary or a dependent, the Blind Veterans UK Group payroll systems needs to calculate monthly retirement benefits, the value of pensions and AVCs, other benefits and entitlements such as a trivial commutation, transfers and payment details. We also need to calculate the value of the pension fund.
  • Communicate with you. To know how you prefer to be contacted and to make adjustments as you specify. To provide you with specific services, updates and information. To assist with technical problems related to our services.
  • To improve our services and administration. To ensure the most efficient and appropriate use of the resources we have.

3. How we collect your personal data

We collect personal data about you in a variety of ways. We may collect from you directly when we ask, we may collect data indirectly available from other sources, such as HMRC or tracking agents.

Direct from you

You will give us personal data directly yourself: during the pension application process and subsequently when managing or amending your pension requirements. You will also give us personal data if you communicate with us or ask us to consider specific individual entitlements or adjustments.

Indirectly from other sources

We may obtain your personal data indirectly when you give permission to others to share it or it is publicly available, such as from:

  • Third party organisations or Individuals. We may obtain personal data from third parties if you have agreed that they can approach us or we can approach them, for example a legal representative or health care agency. We may also obtain data about you from official sources as part of enabling your pension services, such as HMRC for tax purposes or for the purpose of paying appropriate pensions using the scheme’s Actuary’s data.
  • Publicly available sources. Public information may include personal data information from places such as Companies House, the electoral register. Additionally, the Post Office’s National Change of Address database allows us to keep your personal data up to date.

4. The lawful basis for processing

Data protection law and regulation require us to have a lawful basis for processing your personal data. These include:

  • Where you have given consent to do so for notified purpose(s). This may include when we require special category health details to consider benefit entitlements or when considering a transfer in or out of the scheme. Where we need your consent, or in some cases explicit consent it will be clearly identifiable for a specific purpose.
  • To comply with a legal obligation. For example, where we are ordered to do so by a court or regulatory authority or we are legally required to process personal data such as tax records, pension payments and actuarial services.
  • In performance of a contract. To fulfil the requirements of the contract such as payment of Additional Voluntary Contributions (AVCs) to a contracted 3rd party provider.
  • Where we as a pension scheme have a legitimate interest. Where we have a legitimate interest, we must ensure that we are not harming any of your interests or your data rights and only use it in a manner that you would reasonably expect us to. For example, we need to administer and manage your pension scheme; be able to contact and communicate with you for pension purposes; certify your current status and details.

Where we process special category personal data (such as health) we will ensure we do so in accordance with at least one of the required processing conditions within Article 9 of the UK-GDPR. For example, obtaining your explicit consent or carrying out our obligations as a pension provider.

5. Protecting and sharing your personal data

Protecting your personal data.

We ensure that there are reasonable and appropriate technical and organisational controls in place to protect your personal data against unauthorised or unlawful processing and against accidental loss, corruption, destruction or damage. We make use of the Blind Veterans’ UK Group Microsoft 365 IT environment as our Joint Controller. Their devices, computers, online systems and IT environment infrastructure is protected and routinely monitored. We and they have policies and procedures in place which Trustees and staff are expected to comply with and for which they receive training.

Managing access and sharing of your personal data

We undertake regular reviews of who has access to your data which we hold to ensure that it is accessible only by necessary and appropriately trained trustees, staff and trusted third parties. Where we share your data with a third-party processor, such as Barnett Waddingham the scheme administrator, or our auditors, AVC providers, legal advisors, we require that they have appropriate technical and organisational measures in place to protect your personal data, at a standard equal to our own.

On rare occasions, we may be compelled by law to disclose your personal data to a third-party, such as law enforcement agencies, the UK courts or government bodies (e.g. HMRC) and we have limited control over how it is protected by that party.

Occasions, other than by law, when we may share your data include:

  • If you have agreed that we may do so.
  • When we use external service providers to process personal data on our behalf, for example, providing pension administration, tracing and actuarial services. A list of data processors used is included at the end of this document.
  • If we believe that we need to protect the rights, property or personal safety of the scheme or Blind Veterans UK and their personnel, scheme members and for other lawful purposes.
  • We may disclose aggregate statistics about our pension to describe our scheme and for audit purposes, but these statistics won’t include any personally identifying data without explicit consent.
  • If we or Blind Veterans UK (as Principal Employer) merge with another organisation or partly diversify forming a new entity, personal data will be transferred to the new entity within the limits of UK law.

We will never rent, share, swop or sell your personal data to other organisations for their own purposes or to make money out of your data.

Where we store your personal data

The personal data you provide to us will be held within the Blind Veterans UK Group’s Microsoft 365 Environment IT network. Where we have contracted with a third party to process your personal data it will also be processed on their own IT systems and servers on our behalf. As a deferred member or a current pension beneficiary your personal data will be processed by CoreHR on behalf of Blind Veterans UK payroll. All CoreHR processing of client personal data is limited to servers located within the EU. This processing is permissible due to the fact the UK has data pprotection Adequacy with the EU.

The Trustees of the St Dunstan’s Retirement Benefits Plan (1973) and the Blind Veterans UK Group, do not process Plan personal data on servers located outside of the UK. If the circumstances for the processing of your personal data needed to change, we will put in place, where appropriate, safeguards to protect your data and rights. If we need to transfer your personal data to a location outside of the UK, we will ensure if there is not an active “Adequacy” agreement in place we will conduct an appropriate risk assessment and put in to place appropriate “additional measures” to safeguard your personal data and your rights, such as the use of Standard Contractual Clauses (SCC). If the transfer is a one off or infrequent we may ask for your explicit consent to validate and conduct the transfer.

6. Retaining and sharing your personal data

We hold your information for only as long as is necessary to fulfil the purposes for which the data was collected and our legitimate interests or in order to comply with legal or regulatory obligations, rules and requirements.

On your death, we will retain information in order to continue to administer appropriate benefits to any nominated beneficiaries and to meet any legal or regulatory requirements or to protect our legitimate interests and for legal purposes, for example in the event of a dispute. Note: Information related to a deceased person is not subject to data protection legislation. However, personal data provided to us (which is not in the public domain) for pension plan purposes is provided on the expectataion that it will kept confidential, this applies after the death of the individual, this personal data is thereby protected by the common law duty of confidentiality.

7. Your details on the internet and website

Although the Plan has no website of its own, if you use the Blind Veterans UK Group website, for example to access this privacy policy, you should read their privacy policy to understand what personal data they may gather about you by doing so using such technologies such as cookies.

8. What are your rights?

The UK’s data protection legislation includes the UK-General Data Protection Regulations 2020 (UK-GDPR) and the Data Protection Act 2018, these two authorities are to be jointly considered as the authority of UK data protection law. This UK legislation gives everyone a number of very important rights. In abbreviated form these are:

  • The right to be informed. Transparency over how we use your personal data. This Privacy Policy is required under this right.
  • The right of access. Request confirmation of processing and to be provided with copies of your personal data held by us.
  • The right of rectification. Update or amend the information we hold about you if it is incomplete or inaccurate.
  • The right to erase or ‘right to be forgotten'. Ask us to remove your personal data from our records where there is no compelling reason for its continued processing, subject to specific exemptions.
  • The right to restrict processing. Ask us to supress the processing of your personal data subject to qualifying criteria.
  • The right to data portability. Obtain and reuse your personal data for your own purposes.
  • The right to object. Object to the processing of your personal data for certain purposes (such as marketing, research, statistics or our legitimate interests).
  • Rights in relation to automated decision making and profiling.


If you would like to know more about your rights under the data protection law see the Information Commissioner’s Office (ICO) website which also explains how to contact them.

Remember, you can exercise your rights in relation to your personal data at any time by contacting us using the contact details set out in the ‘How to contact us’ section of this policy.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law and your rights, you can complain directly to the Information Commissioner’s Office at:

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Phone: 0303 123 1113

Online: ICO: Make a complaint - your personal information concerns

9. How to contact us

If you wish to raise any comments or questions regarding this Privacy Policy or you would like to discuss how we process your information, enquire about your rights or make a complaint, you are very welcome to do so. You can contact our Data Protection Officer:

Write to us

Data Protection Officer
Blind Veterans UK
3 Queen Square
London
WC1N 3AR

Call us

020 4534 1127 (direct dial)

Email us

Other scheme related Controller details

The scheme Actuary’s (Barnett Waddingham ) privacy policy can be found here, which includes details of how to contact them if required.

Appendix 1: List of data Processors

Data Processor’s Name | Purpose / service provided | Link to privacy policy

CoreHR | Personnel, Payroll records, and recruitment services | Privacy Policy: CoreHR

Office 365/Azure | Online Buinsess software | Privacy Statement: Microsoft

Barnett Waddingham | Pension Provider and Acurary | Privacy policy: St Dunstans Retirement plan

 

 

 

 

Related documents

St Dunstan's retirement benefits plan – statement of investment principles

Download now

St Dunstan's retirement benefits plan – implementation statement

Download now

Read more