GMPF privacy notice
Data protection is the term normally used to describe the laws that deal with data and its use. The main purpose of data protection rules is to make sure people and organisations are gathering and storing data properly.
The Data Protection Act 2018 and the General Data Protection Regulations (known as GDPR) set out these rules. You can find out more about them on the Information Commissioner’s Office website.
Everybody has the right to access recorded information held by public authorities, including Tameside Metropolitan Borough Council the administering authority for the Greater Manchester Pension Fund. You can find out more about Freedom and Information on the Tameside MBC website.
Greater Manchester Pension Fund (GMPF) has a legal responsibility to look after the pensions of our members and to run the pension fund. We need to use data to do this. This is one of the reasons allowed under data protection laws. There are six conditions for using personal data set out in the law and having a legal obligation is one of them. Some types of data are classed as ‘special category data’. We need your consent to process this type of data.
Tameside Metropolitan Borough Council runs GMPF. The council is the ‘data controller’ under the law and holds all the data. We hold your data so that we can:
- Contact you
- Work out your pension benefits
- Pay your pension benefits
- Produce statistics about what we do
- Work out how much money we need to pay pensions in the future
- Make decisions about how and where to invest pension contributions
- Monitor the quality of our services to you and train our staff in best practice
- Test calculation updates and identify software faults
We hold two types of data about a person. In the data protection rules these are called ‘personal data’ and ‘special category data’.
Some examples of the personal data we would normally hold about members include:
- Contact details – your name, address, telephone number and email address
- Identifying details – your date of birth, national insurance number, employee and membership numbers
- Information that is used to decide the pension benefits you are entitled to
- Information that is used to work out your pension benefits, for example, your pay
- Financial information needed to pay a pension, such as bank account and tax details
- Information about your family and other dependents who may be entitled to pension benefits if you die
We also obtain the personal data of people who we work with, such as contractors, advisors and other professionals who are involved in the investment and administration work we do. This will usually be limited to names, phone numbers, email and physical addresses or other personal data necessary for the work that is being carried out.
Special category data
Special category data is sensitive data, such as information about your health, religion or political beliefs. There are extra protections for this type of data. We will only process special category data if we have your consent or another legal reason for doing so.
If you give your consent to allow us to process this data, you can withdraw it at any time by telling us in writing. You may want to speak to us about this beforehand in case withdrawing your consent means that we have to stop paying you your pension.
Another example of special category data is information about a criminal conviction. We would only hold this information if you owed money to your employer or GMPF because of a crime you had committed and where we were collecting it back from your pension.
Where do you get my data from?
We get some data directly from you, so for example when you fill in a form and send it to us. We also get some data from others, including:
- Your current or past employer, or a company that took them over
- A relative or solicitor acting on your behalf
- A public database, such as the register of births, deaths and marriages
- Government or official bodies, such as Her Majesty’s Revenue and Customs (HMRC)
Who do you share my data with?
We may share your data with several other organisations. In many cases, this is so they can process data on our behalf following our instructions. Organisations that do this are called ‘data processors’ and are just as responsible for keeping your data safe as we are. Here are some examples:
- Adare post out letters and newsletters on our behalf. They also process data to create annual pension statements and P60s for pensioners.
- We use BACS to pay our pensions in the UK and Western Union to pay pensions overseas in a local currency.
- We send and receive data from Her Majesty’s Revenue & Customs (HMRC).
- Hymans Robertson is our actuary. Their main role is to decide how much money we need to pay benefits and how much employers must pay in. They need information about the pensions people are building up to do this. We also share similar data with the Government Actuary’s Department (GAD), who carries out a similar role for the Government when they are looking at the cost of the LGPS as a whole.
- RNIB help us to produce documents in Braille.
- Languageline translate foreign documents into English and documents from English into other languages.
- We may share data with your employer to help them to carry out their LGPS pension responsibilities and may also provide your former employer with data if they need to pay extra costs linked to your pension. If your former employer is no longer responsible for these payments, then we may provide those details to the organisation that has taken over that responsibility.
- We may share data with other public bodies to prevent fraud.
- We take part in the National Fraud Initiative (NFI). The NFI team cross-checks information to find cases where someone has died but a pension is still being paid.
- We use Target Professional Services Ltd to run a monthly check against the General Register Office's records to identify pensioners who have died. We also use them to help us to trace the addresses of members who have moved house and not told us their new address.
- If you are going through a divorce case, then we may have to provide information to the court, your solicitor or the solicitor of your spouse.
- Your data may be shared securely with other departments inside GMPF and Tameside Metropolitan Borough Council (TMBC) where those departments provide a service to GMPF. For example, to provide legal advice.
We also provide data to the LGPS national insurance database. This is a way of sharing member information with other LGPS funds.
The database is owned by the Local Government Authorities (LGA) who contract South Yorkshire Pension Authority to maintain the service.
We use the database to assist us carry out the following duties:
- To make sure we don't double up when paying a lump sum death grant
- To check for previous LGPS membership when a member re-joins the LGPS, with a view to automatically aggregating that membership as required by the regulations
- To check if the member is entitled to a refund of contributions
- To check if a member has other rights that would either prevent payment of, or need to be taken into account when assessing the eligibility for a ‘de minimis’ payment or a trivial commutation
- To check if a member has a statutory right to a transfer out, in accordance with the law
- To trace a member’s address if we have previously receive returned mail
If you use the ReciteMe accessibility tool to read any pages, your computer's IP address will be sent to the third party who provides this tool. This is for analytic and performance monitoring, so that they can deal with any problems that arise. You can find out more information by visiting the ReciteMe website.
We may share data with your employer or their advisers to help them understand how much they have to pay into GMPF to pay for the pensions of their employees.
There may be times when we need to share data with other organisations connected with your employer. For example, a contractor may need to know what the pension costs are likely to be if they are going to bid for work currently done by a GMPF employer.
When we share your data with your employer, they become a data controller and have to follow the law in the same way.
If you chose to make AVCs, you will have given your data to the provider when you first started. We share data with them and providers of annuities if you ask us to do this on your behalf when you retire.
You can find out how your AVC provider manages your data by visiting their website.
There are some situations when this might happen, for example if you went to work abroad and wanted to transfer your pension there.
The laws governing data protection apply to all countries in the European Union, so the same protections and restrictions apply in those countries. This will continue for a while if there is a transition period following the United Kingdoms’ planned exit from the European Union.
If we have to transfer your data outside the European Union, we will check that the appropriate safeguards are in place and follow the laws that apply.
We should only keep data for as long as we need it to carry out the job we had collected it for.
However, we need to keep everything long enough to be able to respond to questions or complaints about the benefits we pay or about how we have made decisions.
If you are a GMPF member, this means that we will keep your data to:
- Work out your pension benefits
- Pay you those benefits, in many cases for the rest of your life
- Work out and pay pension benefits to your dependents or beneficiaries
- To answer questions and queries
We will keep your data for at least 15 years after we stop paying your pension or after you transfer it to another pension provider.
You have a right to:
- Ask for a copy of any personal data we hold about you
- Ask us to put right anything in your data which is wrong or out of date
- Ask us to stop processing your data if it is wrong until the errors are put right
If you wish to do any of these things, or you have questions or worries about how we are using your data, please contact us. You can also get more information on your rights and Subject Access Requests (SARs) by going to the Tameside MBC website.
Alternatively you can visit the Information Commissioner's Office website to find out more about your rights. This includes your right to complain about this section of our website.
Tameside Metropolitan Borough Council’s data protection officer (DPO) is responsible for ensuring that GMPF is complying with data protection law.
The council’s full data protection statement is on their website.
You can refer the matter to the Information Commissioner’s Office if you are unable to resolve the issue.