Privacy notice for employees
This privacy notice explains how we use any personal information we collect about you.
Who are we?
Chiltern Consultancy Ltd, is the data controller of personal data in respect of arranging and administering workplace pension schemes and employee benefit contracts.
What information do we collect about you and where do we get it from?
From your employer:
Your employer will have passed on to us employee details as part of the contract which underpins the workplace pension scheme and/or employee benefits offered to you by your employer.
This information will relate to your personal and financial circumstances. It may also include special categories of personal data such as data about your health, if this is necessary for the provision of our services.
Information relating to usage of our website is collected using cookies. These are text files placed on your computer to collect standard internet log information and visitor behaviour information. We’ll use your information collected from the website to personalise your repeat visits to the site
Information about connected individuals
We may need to gather personal information about your close family members and dependants in order to provide our service to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We’ll provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.
Why do we need to collect and use your personal data?
The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with your employer. The information that we collect about you is essential for us to be able to carry out the services that your company require from us effectively. Without collecting your personal data we’d also be unable to fulfil our legal and regulatory obligations.
Where special category data is required we’ll obtain your explicit consent in order to collect and process this information.
How will we use the information about you?
We will process personal data in order to undertake any activity relating to the services your employer has engaged us in, and where relevant, to process applications, set up and administer policies, products and services.
Who might we share your information with?
In order to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers that we use to arrange financial products for you.
Where third parties are involved in processing your data we’ll have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they’ll only act in accordance with our written instructions.
Where it’s necessary for your personal data to be forwarded to a third party we’ll use appropriate security measures to protect your personal data in transit, by enhancing the security of the data during transfer with password protection / encryption.
To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes.
How long do we keep hold of your information?
In principle, your personal data shouldn’t be held for longer than is required under the terms of our contract for services with your company. However, we’re subject to regulatory requirements to retain data for specified minimum periods. We also reserve the right to retain data for longer than this due to the possibility that it may be required to defend a future claim against us. In any case, we’ll not retain your personal data for longer than required for regulatory purposes.
You have the right to request deletion of your personal data. We’ll comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
You have a number of rights under data protection law which may be exercised in certain circumstances.
Right to be informed about how and why we are processing your personal information - You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with – we do this in our privacy notices.
Right of access to personal information relating to you - You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request (DSAR).
Right to request rectification of inaccurate or incomplete personal information - If your personal information is inaccurate or incomplete, you can request that it is corrected.
Right to request erasure of your personal information - You can ask for your information to be deleted or removed if there is not a compelling reason for us to continue to have it.
Right to restrict processing of your personal information - You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.
Right to data portability - You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving your pension to another pension provider.
Right to object to processing of your personal information - You can object to us processing your personal information where: it’s based on our legitimate interests.
Right to not be subject to automated decision making including profiling - We do not undertake any automated decision making in relation to your personal data.
More information can be found on your rights on https://ico.org.uk/for-the-public/
For further information visit http://www.allaboutcookies.org/
You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
What can you do if you are unhappy with how your personal data is processed?
You also have a right to lodge a complaint with the supervisory authority for data protection.
In the UK this is:
Information Commissioner's Office
0303 123 1113 (local rate)
How to contact us
Or write to us at: Chiltern House, Unit 5 Stokenchurch Business Park, Ibstone Road, Stokenchurch, Bucks, HP14 3FE.