VTL privacy policy

Privacy Notice for members (their dependants and nominated beneficiaries), employers participating in the Pensions Trust or Pensions Trust 2016 and advisers

Last updated June 2025.

 

1. Introduction

This privacy notice applies to members (both active, deferred and those accessing their benefits) of the Pensions Trust or Pensions Trust 2016 (“the Pension Trusts”), their dependants and nominated beneficiaries and participating employers of the Pension Trusts and advisers.

It explains what personal information Verity Trustees Limited (the “Trustee”) (as trustee of the Pension Trusts) (together “we”, “our” or “us”) collects about individuals, how we use that personal information, how we store it and with whom we share it.. We are responsible for your personal information (“known as a “data controller”).

In accordance with guidance issued by the Information Commissioner’s Office the Scheme Actuary of the Pension Trusts is considered a “joint data controller” (holder, user and processor of personal data) with the Trustee for the purposes of UK data protection laws. It is possible that in certain circumstances, other professional advisers appointed by the Trustee to the Scheme may also be considered to be “data controllers” for example, our auditor, or our legal advisers.

The Scheme Actuary is Michael Kelly of Mercer Limited.

The Scheme Actuary uses your personal data to advise the Trustee on the financial management of the Scheme. This advice helps to ensure that the Trustee is able to meet its obligations to pay members’ benefits and is necessary to comply with obligations placed on them by legislation. The Scheme Actuary will not pass on your personal data to a third party without the prior agreement of the Trustee.

The joint data controllers can be contacted as set out in Paragraph 6 below.

The Trustee shares your data with the administrator of the Pension Trusts, TPT Retirement Solutions Limited, They may also share data with our other professional advisers (including legal advisers and auditors), regulatory bodies (including, but not limited to, HM Revenue and Customs, the Department for Work and Pensions and the Pensions Regulator). For more detail regarding who your data is shared with, please see Paragraph 3 below. We are committed to protecting your information and acting in accordance with your rights under data protection law. We have measures in place to protect your data and when sharing your personal data with the administrator or another third party we will make sure that they too have appropriate measures in place to protect your data.

Please be aware that if you have (or if you are an employer, your employees have) pensions savings which are administered by us, but the pension scheme is run by a different trustee to Verity Trustees Limited, the personal (and other) information which we collect and process on behalf of that trustee about you or your company will be subject to that trustees’ privacy notice.

We may also ask for personal information about other individuals if we need it. For example where you nominate an individual to receive payments upon your death. If you provide us with personal information about someone else, including if you are an employer providing information about your employees or someone else, we’ll assume that you have their permission, where required. We’ll process personal information about such individuals so it may be helpful to show them this privacy notice and if they have any concerns, please contact us as set out in Paragraph 6 (How to Contact us) below.

 

2. Personal Information we collect

2.1. Sources of Personal Information

We may obtain personal information directly from you including from application and forms, communications with you, your participation in market research, your use of our Websites, Portals, Platforms, Online applications or Apps (“Online Services”) and details of the devices you use to interact with them.

Where you are a beneficiary, we obtain personal information from the member of the Pension Trusts (e.g. your spouse) and where you are a member of any of the Pension Trusts, we may obtain information from your employer (past and current) which includes your employer’s affiliated companies where those companies share a centralised pension administration function or from the trustees of any pension scheme which has transferred to any of the Pension Trusts.

We may also obtain personal information from other third parties, including the following:

• Financial advisers, intermediaries, or other third parties, including other product providers, trustees and banks;
• Healthcare providers and medical practitioners;
• Your attorney acting under a power of attorney;
• Legal advisers, accountants, auditors and professional service firms who act on our or your behalf or on behalf of your employer (past and current);
• Service providers in relation to the Pensions Trusts, including experts and in limited circumstances, private investigators; 
• Third party providers or trustees of other pensions from which you may have transferred or you may have;
• Financial crime detection and fraud prevention agencies, databases and sanctions lists;
• Government agencies and regulatory bodies, including the police, the courts, the Office for National Statistics, the Department for Work and Pensions (DWP), Companies House and HM Revenue & Customs (HMRC);
• Regulators who regulate how we operate, including the Pensions Regulator, Financial Conduct Authority (FCA), Information Commissioner’s Office (ICO) and Financial Ombudsman Service (FOS);
• Third parties that help us maintain the accuracy of our data e.g. by identifying individuals who are deceased, updating contact details for individuals who have moved;
• Other third party suppliers, actuaries, auditors, legal advisers and other professional services firms and sanctions-checking service providers;
• Data suppliers, e.g. Experian and LexisNexis;
• Publicly available sources, including the Office for National Statistics (e.g. census data) and other data made available under the Open Government Licence, internet searches, news articles, online marketplaces and social media sites, apps and networks;
• Third parties in connection with any acquisition of a business by us.

2.2. Types of personal information collected

The personal information we hold and process includes:

• General data – includes the gender you identify with, name, date of birth, marital status, country of residence/citizenship and your relationships to other people, e.g. nominated beneficiaries or other occupiers of your home and bank account details (in some cases); 
• Contact data – includes your personal or work current or prior addresses, telephone number and e-mail address, membership/employer number, company, job title;
• Data about dependants or next of kin – includes information on nomination forms, or marriage or birth certificates;
• Identification data – includes government issued identification numbers, e.g. your national insurance number, passport number or driving licence number and other identifiers, e.g. usernames and social media identifiers;
• Appearance and behavioural data – includes your gender, age, descriptive data, e.g. your demographic data and behavioural data, e.g. your lifestyle;
• Fraud and sanctions related data – includes information obtained as a result of our investigations, e.g. carrying out checks of publicly available sources such as newspapers and social media sites and information obtained from checks of fraud databases and sanctions lists such as relationships/close associations with politically exposed persons;
• Employment-related data – includes your employment status, job title, salary and employment and history;
• Financial data – includes credit and payment card numbers (including updated card information provided by card issuers when changes are made), bank account details, payment information, tax information, details of income and assets, mortgages and pensions contributions and values;
• Vulnerability data –includes information about health, life events, resilience and capability that helps us identify if you might have additional support requirements in order that we can better meet your needs;
• Authentication data – includes account log-in information, passwords and memorable data for accessing your accounts with us;
• Telephone recordings, chatbot and live chat transcripts – includes information obtained during recordings of telephone calls or chats with our representatives, chatbots and call centres;
• Records of other communications with you -includes any complaints;
• Mobile device number -includes device type, operating system, browser, MAC address, IP address, location and account activity obtained through our use of cookies on any of our Online Services;
• Modelled data -includes data that has been developed by us using data that we already hold;
• Customer feedback and reviews – includes responses to surveys, complaints and reviews or details of your customer experience;
• Information relating to your benefits- includes your member number (which is assigned to you by the relevant scheme in the relevant Pensions Trust (“the Scheme”)), the date you joined or left the Scheme, your earnings, the category and value of contributions and benefits that you receive, your target retirement age (includes your estimated retirement pot size, estimated retirement income and expected level of retirement lifestyle) and any relevant matters impacting your benefits such as additional voluntary contributions, pension sharing orders (including information in divorce or dissolution certificates), tax protections or other adjustments or other pension schemes with third parties from which you may have transferred or transfer to.

Children’s data

We collect data about children in some circumstances, e.g. where they are beneficiaries of a pension we provide.

Sensitive Personal Information

Sometimes we will request or receive personal information that is sensitive and we call this “Sensitive Personal Information” such as your marital status or information concerning your health (for example in the case of ill-health early retirement and ill-health reviews; and where incapacity or similar reasons determine the benefits paid to you) and (in exceptional cases) information relating to convictions or offences (for example in relation to fraud).  This is information may relate to your health, genetic or biometric data, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership. It also covers criminal offence data, including information about criminal activity, allegations (including those unproven), investigations, proceedings and penalties. We know how sensitive this data is, so protecting it is a top priority. The types of Sensitive Personal Information we hold and process where relevant include:

• Health data – includes details of existing and previous physical or mental health conditions, health status, test results, medical diagnoses and treatment given, prescriptions and personal habits (e.g. smoking or consumption of alcohol);
• Criminal data – includes details of convictions e.g. in relation to detecting and preventing financial crime;
• Other sensitive data – in limited circumstances we may process other Sensitive Personal Information. For example, we may process sexual orientation data when we collect details of the gender of your spouse.

2.3. Uses of personal information 

The main purposes for which we use personal information are to:

• Communicate with you in relation to your benefits and contributions, handling requests for transfers and allocation of death benefits or valuations for divorce, dealing with complaints and making disclosures at your request such as in relation to transfers to other pension schemes;  
• Administering the Pension Trusts including recording and paying benefits, making changes where requested or necessary and reviews we or our administrators conduct for statistical and reference purposes and for other checks or administrative activities that may become necessary from time to time (like member tracing) should we happen to lose contact with you;  
• Assisting the Trustee to calculate and pay the benefits to which members (or anyone claiming through members, for example as dependants) are entitled;
• Communication with you regarding updates on our products, funds, services, promotions and news (this will usually be to your email. For some communications, you will be able to click the unsubscribe link at the bottom of emails;
• Manage relationships with third parties including financial advisers and service providers, who provide services either to you or to your employer (past and current);
• Prevent, detect and investigate fraud and other crime, including by carrying out fraud, sanctions and anti-money laundering checks;
• Improve our products and services, provide staff training and maintain information security, including by recording and monitoring telephone and online calls and screen sharing sessions;
• Improving processes and our use of technology, including testing and upgrading of systems, developing solutions for access to historic data and to learn about other processes we can use to improve the administration of the pension schemes, internal operations and other business activities;
• Provide marketing information and run promotions according to preferences you have expressed;
• Conduct customer insight analysis, market research and focus groups, including customer segmentation, campaign planning, creating promotional materials, gathering customer feedback and customer satisfaction surveys;
• Help us better understand our members and client and improve our customer or employer engagement, including noting your interest in our website, understanding your customer journey or employer engagement, and use of profiled data (which is not actual information about you but predictions about you, e.g. assumptions about your interests based on the preferred leisure pursuits of households in your area). This allows us to make correlations about our members to improve our Schemes;
• Carry out data analysis, including to ensure data accuracy and quality and for risk modelling and product and pricing refinement;
• Manage complaints, including to allow us to respond to any current complaints, or challenges you or others might raise later, for internal training and monitoring purposes and to help us to improve our complaints handling processes. We may be obliged to forward details about your complaints, including your Personal Information, to the appropriate authorities, e.g. the relevant ombudsman;
• Manage feedback and queries, and handle requests to exercise data subject rights;
• Manage our business operations, including by carrying out internal audits, quality assurance and training, financial analysis and accounting, producing management information and performing administrative activities in connection with the services we provide;
• When we or your employer undertake activities from time to time to help us and them manage the liabilities of the Schemes, such as obtaining life insurance, longevity hedging, scheme mergers, bulk transfers, pension increase exchanges and enhanced transfer value exercises, including (where relevant) disclosures to administrators for calculating offers made to you in relation to these activities and disclosures to independent financial advisers to allow you to obtain financial advice;
• Ensure that content from our Online Services is presented in the most effective manner for you and your device;
• Allow you to use different resources and materials on our Online Services;
• Personalise the way information on our Online Services is presented to you. To give you information on products and services which you have asked for or which we think may be of interest to you;
• Track the use of referral links you have shared;
• Manage commercial risk, including by taking out and maintaining appropriate insurance and reinsurance;
• Comply with applicable legal, regulatory and professional obligations, including cooperating with regulatory bodies, e.g. the FCA, Pensions Regulator, ICO and government authorities, to comply with ongoing regulatory and compliance obligations, law enforcement and manage legal claims;
• Identify and support members requiring additional support, to help us better meet your needs and to comply with regulatory guidance about how we meet your needs. Sometimes you or a third party may tell us that you have additional support requirements, and in other cases we may infer this from your Personal Information and our interactions with you;
• Establish, enforce and defend our legal rights or those of third parties, including enforcing our terms and conditions, pursuing available remedies and limiting our damages;
• Carry out activities that are in the public interest, e.g. we may need to use Personal Information to carry out anti-money laundering checks;
• Buy, sell, transfer or dispose of any part of our business;
• Archiving, scientific or historical research or statistical purposes.

2.4. Lawful bases for uses of personal information 

We are committed to collecting and using personal information in accordance with applicable data protection laws. By law, we must have a legal justification, known as a lawful basis, in order to use your personal information for the purposes described in this Privacy Policy. Depending upon the purpose, our lawful basis will be one of the following:

• Performance of a contract – to provide you with our products and services in accordance with their terms;
• Compliance with a legal obligation – to meet responsibilities we have to our regulators, government bodies, tax officials, law enforcement, or other legal responsibilities;
• Legitimate interests – to operate and improve pension options and services and keep people informed about them or for any other purposes we identify as appropriate to our business needs, or those business needs of a third party;
• Consent – where we have obtained appropriate consents to collect or use your Personal Information for a particular purpose.
  Where we rely on legitimate interests as our lawful basis, we are required to carry out a balancing test to ensure that our interests, or those of a third party, do not override the rights and freedoms that you have as an individual. The outcome of this balancing test will determine whether we can use your personal information for the purposes described in this Privacy Policy. Where we rely on the lawful basis of legitimate interests, the interests being relied upon will usually be:
• To further our business and commercial activities and objectives, or those of a third party, e.g. to produce management information on our performance and the performance of third parties;
• To assist your employers (past and current) and third parties that are providing services to both you and your employer in respect of the administration, governance and evaluation of a pension scheme, including pension planning services for employees;
• To help us better understand our customers and improve our customer engagement including by carrying out marketing analytics and profiling, e.g. by making certain predictions and assumptions about your interests;
• To provide you with helpful information relating to your pension savings and about useful tools for managing and engaging with your pension savings. These are not marketing communications;
• To find your pensions, check the details of those pensions, provide you with information in relation to your pensions;
• To comply with our legal and regulatory obligations, guidelines, standards and codes of conduct, e.g. background checks or the prevention, detection and investigation of financial crime or fraud;
• To improve and develop our business, products and services, or those of a third party, e.g. to ensure the accuracy of customer data and to develop our pricing and risk methods and models;
• To retain records for a period of time in order to ensure we have appropriate records in place in respect of any future complaints or claims that may be made against us;
• To safeguard our business, employees and customers, or those of a third party, e.g. maintaining the security of our IT network and information, enforcing claims, including debt collection;
• Ensuring that the Schemes are run in a cost effective way and that you are offered appropriate pension options, such interests in each case not being overridden by your privacy interests;
• For the performance of a task carried out in the public interest where it is necessary;
• To facilitate the purchase, sale, transfer or disposal of any part of our business; and
• To analyse and assess competition in the e.g., by carrying out market research.

We can only collect and use Sensitive Personal Information where we have an additional, specific lawful basis to process such information. We usually rely upon one of the following lawful bases where we process Sensitive Personal Information:

• Reasons of substantial public interest:
  • occupational pensions – including processing health data which relates to an individual who is the parent, grandparent, great-grandparent or sibling of a member of an occupational pension scheme where it is necessary for determining eligibility for, or benefits payable under the Scheme;
  • complying, or helping someone else comply with, a regulatory requirement relating to unlawful acts and dishonesty - including regulatory requirements to carry out money laundering checks;
  • preventing or detecting unlawful acts – including disclosures to competent authorities;
  • preventing fraud – including investigating alleged fraud;
  • safeguarding the economic well-being of certain individuals – including where we identify additional support required by our customers;
  • equality of opportunity or treatment – including where we need to keep under review the equality of treatment of customers with additional support needs.
• Necessary for making a determination in connection with eligibility for, or benefits payable under, the Schemes (where authorised under law);
• Necessary to establish, exercise or defend a legal claim – including where we are faced with legal proceedings, we bring legal proceedings ourselves or where we are investigating legal proceedings that a third party has brought against you;
• Necessary to protect your vital interests or those of another individual;
• Information has been clearly or obviously made public by you.

 

3. Who personal information is shared with

In connection with the purposes set out above, we will sometimes share personal in-formation within our group of companies and third parties, including:

• Providers who help us administer parts of the Schemes including those who help operate our IT and back office systems and our information security controls;
• Our auditors,  accountants, legal advisers, financial institutions and professional service firms who act on our or your behalf;
• Our actuarial service providers, and the scheme actuary (who is a person appointed by the Trustee); 
• Companies that provide services to the Trustee, primarily in respect of accounting services for some employers;
• Research agencies and providers of market research services, including customer feedback surveys;
• Third party pension providers and service providers who are necessary to operate the pensions dashboard;
• Other providers of services to us, including financial advisers, payroll providers (to record and pay benefits) mortality analysis providers, printing, communication, IT and hosting, archiving, marketing, and tracing providers;
• Financial advisers, intermediaries and business partners who help us arrange, and manage our products and who provide services;
• Other insurers and pension providers;
• Our insurers or reinsurers who provide reinsurance services to us or your employer;
• Your employers (past and current), which includes any of your employers’ affiliated companies where those companies share a centralised pension administration function who will use the information for audit purposes, in relation to corporate transactions they are involved in, to consider whether to participate in the activities referred to above and to allow you to flex your benefits including your pension options;
• Insurance and reinsurance companies and independent financial advisers where we carry out the activities referred to above;
• The trustees of the pension and third parties that are providing services to you or them in respect of the administration, governance and evaluation of a pension scheme, including pension planning services for employees. Information may be used to provide statistics to your employer in respect of the effectiveness of the pension scheme, e.g. to allow your employer to review calculations for employee pension savings and retirement income, and accurate contact details may be shared so that you can continue to receive information about your pension;
• Data analysts and providers of data services who support us with developing our pensions saving products and prices;
• Third parties that help us maintain the accuracy of our data, e.g. by identifying individuals who are deceased, updating contact details for individuals who have moved;
• Financial crime detection agencies, sanctions-checking providers, financial services organisations and third parties who maintain fraud detection databases or provide assistance with investigation in cases of suspected fraud;
• Regulators who regulate how we operate;
• Government agencies and regulatory bodies including the police and courts;
• Industry bodies;
• Third parties in connection with any sale, transfer or disposal of our business;
• Third parties to which you ask us to disclose your information, for example where you wish to transfer your pension; and 
• Other persons from time to time when the disclosure is needed to exercise or protect legal rights, including those of the Trustee or other stakeholders or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others. 

 

4. Transfers of your information abroad

Sometimes we, or third parties acting on our behalf, may need to transfer personal information outside of the UK. We’ll always take steps to ensure that any transfer of Personal Information outside the UK is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place. We comply with the requirements of applicable data protection laws in relation to international data transfers by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to by a competent approving authority provide an adequate level of protection for personal data; and
• When transferring personal data to third-party processors or controllers, we typically use standard contractual clauses approved for use by a competent approving authority.

Further details of these transfers including the form of safeguards used are available from us on request using the contact details below. 

 

5. Retention of your information

We keep your information for as long as is reasonably required for the purposes explained in this Privacy Policy and in order to meet our legal or regulatory responsibilities.

To support us in managing how long we hold your data and our record management, we maintain a data retention policy which includes clear guidelines on data retention and deletion.

For members, we determine the period envisaged within such policy having regard to the Schemes’ operational and legal requirements, such as facilitating the payment of benefits to you or your beneficiaries, calculating and managing the liabilities of the Schemes and responding to legal claims, complaints or regulatory requests. 

 

6. Your rights

You have legal rights under data protection laws in relation to your personal information (or in the case of a dependant, beneficiary or adviser in respect of your information and that of any living member.  

We may ask you for proof of identity when you make a request to exercise any of these rights. We do this to ensure we only disclose information to the right individual.

We aim to respond to all valid requests within one month. It may take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked. This is because your rights will not always apply, e.g. if it would impact the duty of confidentiality we owe to others, or if the law allow us to deal with the request in a different way. We will always explain to you how we are dealing with your request. In some circumstances (such as the right to erasure or withdrawal of consent), exercising a right might mean that we can no longer provide our product to you.

Your rights are as follows:

• Access to your personal information

You may ask us for a copy of your personal information together with specified details about how we use your information. This is commonly known as a ‘subject access request’.

If you wish to make a subject access request, please contact us using the details set out below.

• Rectification of your personal information

We do our best to ensure that your personal information is accurate and kept up to date. If you believe your information is inaccurate or incomplete, then please contact us using the details set out below to request that we amend or update it.

• Erasing your personal information

You may ask us to erase your personal information, but this right only applies in certain circumstances, e.g. where:

• • it is no longer necessary for us to use your personal information for the original purpose;
  • our lawful basis for using your personal information is consent and you withdraw your consent; or
  • our lawful basis is legitimate interests and there is no overriding legitimate interest to continue using your personal information if you object.

This isn’t an absolute right and we have to balance your request against other factors such as legal or regulatory requirements, which may mean we cannot erase your personal information.

• Restricting processing of your personal information

You may ask us to stop using your personal information in certain circumstances such as:

• • where you have contacted us about the accuracy of your personal information and we are checking the accuracy;
  • if you have objected to your personal information being used based on legitimate interests.

This isn’t an absolute right and we may not be able to comply with your request.

• Data portability

In some cases, you can ask us to transfer personal information that you have provided to us to another third party of your choice. This right only applies where we have justified our use of your personal information based on your consent or the performance of a contract with you.

This isn’t an absolute right and we may not be able to comply with your request.

• Right to object

You may also object where you have grounds relating to your particular situa-tion and the lawful basis we rely on for using your personal information is our (or a third party's) legitimate interests. However, we may continue to use your per-sonal information where there are compelling legitimate grounds to do so.

• Withdrawing consent

In some circumstances we ask for your consent to use your personal infor-mation. You have the right to withdraw your consent to the use of your infor-mation to the extent such use is based on your consent. You can notify us of your withdrawal of consent by contacting us at the details set out below. This will not affect the lawfulness of any processing conducted before your consent was withdrawn.

 

7. Contacting us or the Information Commissioner

If you wish to exercise your rights described in paragraph 6 above, or if you have any questions about our use of information or this notice, please contact us by letter, phone call or email at:   

TPT Retirement Solutions Limited, Aire Park, 5th Floor, 3 South Brook Street, Leeds, LS10 1FT. 
privacy@tpt.co.uk
0113 394 2677

If you’re not happy with the way we’re handling your Personal Information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioner's Office (ICO). We ask that you please attempt to resolve any issues with us before contacting the ICO. 

 

8. Updates

This Privacy Policy is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it’s as transparent as possible, so please check back here for the current version. You can see when this Privacy Policy was last updated by checking at the top of this page.