Pension scheme members, beneficiaries and client’s employees


Although much of our work does not involve processing personal data, Sacker & Partners LLP (“We / us/ Sackers”) are, from time to time, given access by our clients as their legal advisers to personal data relating to a range of individuals.

Where we use personal data to provide our advice and we are deciding the purposes and means for which it is collected and used, we act as a “Data Controller”.  We also become a Data Controller in respect of such personal data if we need to retain it as part of our client files and documentation after the end of our engagement with a client for legal, regulatory, compliance or risk management reasons.

In other cases, when processing personal data on our clients’ behalf and in accordance with their instructions, we do so as a “Data Processor”. This will be the case where it is our client that determines the purpose and means for which such personal data is collected and used.

This privacy notice is intended to provide information about how we use such personal data when acting as a Data Controller.

Who might we hold personal data about?

We may hold personal data about a range of individuals where this is relevant to our clients’ matters.

For example, we may hold personal data about –

  • members, former members, and prospective members of a pension scheme and their dependants and other beneficiaries;
  • potential beneficiaries of survivors’ pensions or lump sum death benefits;
  • persons claiming to be members of a pension scheme or to have entitlement to pension benefits;
  • client’s current or former employees or workers;
  • persons representing any of the above.

Where we advise employers, we may also hold personal data about their current or former employees or workers.

What personal data do we hold?

The types of personal data we are given depends on the context for which it has been provided. However, it could include many of the types of personal data that would be held by a pension scheme or employer for pension purposes. For example, we may hold some or all of the following information about a relevant individual –

  • name, date of birth, contact details (including postal and email address), gender, age and marital status;
  • NI number and relevant tax information;
  • information relating to employment and scheme membership history, salary and benefit entitlements;
  • information about dependants, beneficiaries and nominees including details of their dates of birth, financial situation and relationship with a member where this is potentially relevant to their eligibility for benefits.

We may in some circumstances hold sensitive personal data (known as special categories of data) such as information which relates to an individual’s health or sexual orientation or criminal activity where this is relevant to their pension and associated benefit arrangements.

What do we use this personal data for?

We use this personal data where this is necessary for us to provide legal services to our clients, to maintain appropriate records of that advice and where relevant, to comply with our legal, regulatory and compliance requirements or for risk management reasons.

We may also use it, where appropriate, for the purposes of defending against legal claims.

What is our legal basis for processing this personal data?

Where we process personal data as a Data Controller for the purpose of providing advice to a client, this processing is necessary for the performance of our contract with our client.

However, we may also process personal data as a Data Controller in order to comply with our own legal or regulatory obligations or where we have a legitimate interest in doing so for the purposes of managing our business or dealing with a complaint or defending a claim.

How do we obtain this personal data?

This personal data is generally provided to us by our clients (either directly or on their behalf). They will therefore be responsible for ensuring it is collected in accordance with relevant data protection requirements and that they have notified the relevant individual, through their privacy information, that the personal data will be shared with us.

We may also occasionally receive it directly from the individual or from third parties such as the courts, the Pensions Ombudsman or an individual’s independent financial adviser or solicitor.

Who has access to this personal data?

Personal data will be shared with our personnel where this is necessary for them to perform their roles.  We may also share such personal data with our relevant clients’ other advisers or representatives, such as actuaries or administrators, or with external organisations who are involved in the relevant matter, such as the courts or Pensions Ombudsman. In some circumstances, we may also need to share personal data with organisations such as our insurers, the Pensions Regulator, Pensions Ombudsman or other relevant supervisory authorities.

In providing our services, we use a number of external providers and agencies. For example:

  • we use external cloud-based email and document management systems, and other IT services to ensure a robust IT infrastructure
  • we also use external providers for secure archiving and confidential waste disposal
  • occasionally, we ask external agencies to assist us with specific copying or printing tasks (for example, if we need to prepare large bundles of information in connection with court hearings)
  • In addition, external agencies may be asked to conduct quality checks on our practice.

We will not share your personal data externally for any purposes which are not related to the services we provide without your prior consent, unless we are legally required to do so.

Will this personal data be shared outside the European Economic Area (EEA)?

In most circumstances personal data will remain within the European Economic Area.  However, processing and temporary storage may occur occasionally if our personnel are travelling outside of the UK and, for time sensitive reasons, need to work on your matter whilst abroad. In such cases, personal data is stored and processed on company-issued or company-approved devices that have appropriate and adequate security.

How do we protect this personal data?

We take the security of personal data very seriously and have measures in place to protect it and to limit access to it. If we share personal data outside Sackers, we will require the recipient to comply with applicable data protection requirements.

How long will we keep this personal data?

We will keep personal data on our client files and related documentation for as long as it is appropriate for us to do so in order for us to advise the relevant client and refer back to that advice and the information that relates to it.

The long-term nature of pension schemes and pension benefits and the potential for advice to be revisited many years later, means that personal data sent to us by clients for the purposes of our advice may be retained over the long term.

If we are retaining personal data held within former client files for our own record keeping purposes we will ensure that this personal data is appropriately protected and only used if it is necessary to refer back to those files at any point.

What rights do individuals have in relation to this personal data?

Individuals will have certain rights in relation to the personal data we hold.

They can ask for a copy of the personal data we hold about them or require us to change it if it is incorrect, incomplete or out of date. In some circumstances, they can also object to processing of their personal data or ask us to restrict processing or to delete their personal data. In some circumstances we may be able to refuse or resist a request. Information will generally be provided free of charge but we reserve the right to charge a reasonable fee in some instances.

More information about data rights can be found at https://ico.org.uk.

If you would like to exercise any of these rights, please email compliance@sackers.com.

Who can individuals contact if they have any questions, concerns or complaints about how we handle their personal data?

If individuals have any questions, concerns or complaints about how we handle their personal data they can contact us at compliance@sackers.com

Individuals can also make a complaint to the Information Commissioner using their helpline on 0303 123 1113 or through their website https://ico.org.uk.

call Sackers  +44 (0)20 7329 6699
email address  enquiries@sackers.com
address  20 Gresham Street, London, EC2V 7JE - get directions
LinkedIn Twitter

To sign up to Sackers' updates, please
complete the form below.