[Avon Pension Fund] (the "Fund")
This document has been prepared by [Bath & North East Somerset Council] (the "Administering Authority", or "we") in its capacity as the administering authority of the Fund and sets out the Fund’s policy on the retention of personal data.
This policy document can also be accessed via the following link: https://www.avonpensionfund.org.uk/personal-data-retention-policy and should be read in conjunction with the Fund’s privacy notice, which can be accessed via the following link: https://www.avonpensionfund.org.uk/privacy-notice
As data controllers, we are required by legislation to comply with the principles of data minimisation and storage limitation. Personal data we process:
- must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed; and
- must not be kept in a form which permits identification of a data subject for longer than is necessary for the purposes for which the personal data is processed.
We are obliged to retain certain records (whether in hard copy or electronic form) for various periods of time because:
- we have a statutory obligation to do so; and/or
- the information contained in those records may be necessary for the future (for example, questions may arise about the calculation of benefits paid in the past, and data that may be relevant to a possible legal claim needs to be kept until the period within which that claim could be brought has expired).
This policy document sets out the measures adopted by the Fund to comply with the principles of data minimisation and storage limitation in relation to personal data that it holds.
Types of personal data we hold
We hold and process the following types of personal data in relation to Members of the Fund:
- Contact details, including name, address, telephone numbers and email address.
- Identifying details, including date of birth, national insurance number and employee and membership numbers.
- Information that is used to calculate and assess eligibility for benefits, for example, length of service or membership and salary information.
- Financial information relevant to the calculation or payment of benefits, for example, bank account and tax details.
- Information about the Member’s family, dependents or personal circumstances, for example, marital status and information relevant to the distribution and allocation of benefits payable on death.
- Information about the Member’s health, for example, to assess eligibility for benefits payable on ill health, or where the Member’s health is relevant to a claim for benefits following the death of a Member of the Fund.
- Information about a criminal conviction if this has resulted in the Member owing money to the Member’s employer or the Fund and the employer or Fund may be reimbursed from the Member’s benefits.
Retention periods for personal data
In compiling our policy on the retention of personal data, we have taken into account the guidelines on the retention of personal data as set out by / in:
- Information and Records Management Society;
- The National Archives;
- HMRC compliance handbook manual CH15400;
- Lord Chancellor’s Code of Practice on the Management of Records issued under Section 46 of the Freedom of Information Act 2000;
- ICO’s retention policy;
- EU Article 29 Working Party guidance; and
- The Pension Regulator’s code of practice 14 for public service pension schemes.
Data protection legislation requires that we retain personal data for no longer than is necessary in order to fulfil the purpose(s) for which it is processed. Given the long term nature of pensions, we need to ensure that personal data is retained to:
- comply with our legal and regulatory obligations regarding the payment of pensions from the Fund; and
- deal with any questions or complaints that we may receive about our administration of the Fund.
Personal data will be retained for the greater of:
- such period as the Member (or any Beneficiary who receives benefits after the Member’s death) are entitled to benefits from the Fund and for a period of 15 years after those benefits stop being paid;
- 100 years from the Member’s date of birth
- 100 years from the date of birth of any Beneficiary who received benefits from the Fund after the Member’s death.
It is our intention to delete electronic data permanently from our records, but where this is not possible, we will put the data beyond use which means that we will:
- not attempt, to use the personal data to inform any decision in respect of any individual or in a manner that affects the individual in any way;
- not give any other organisation access to the personal data;
- surround the personal data with appropriate technical and organisational security;
- commit to permanent deletion of the information if, or when, this becomes possible.
During any period when we retain personal data, we will keep that personal data up to date and take all reasonable steps to ensure that inaccurate data is either erased or rectified without delay. We will periodically review the personal data that we retain and consider whether it is still required; any personal data that we no longer require will be destroyed.
Member’s and Beneficiary’s rights
Beneficiaries form a wider category of people who receive benefits from the Fund, for example the active/deferred/pensioner Member’s spouse / child(ren) / dependents who may receive benefits from the Fund following a Member’s death. Members of the Fund and Beneficiaries have a right to access and obtain a copy of the personal data that we hold about them and to ask us to correct personal data if there are any errors or it is out of date or incomplete.
In certain circumstances a Member / Beneficiary has the right to:
- object to the processing of their personal data
- restrict the processing of their personal data until any errors are corrected;
- transfer their personal data; or
- erase their personal data.
If the exercise of the Member’s / Beneficiary’s rights would prevent us from paying or continuing to pay a pension from the Fund, we will consider retaining a minimised version of that Member’s / Beneficiary’s personal data in order to fulfil our legal and regulatory obligations.
This policy applies to Bath & North East Somerset Council in its capacity as the administering authority of the Fund. We have produced separate guidance for other participating employers in the Fund about our expectations for the retention by them of personal data we may require to administer the Fund. That guidance includes a suggested data retention policy that employers can each adopt in relation to their participation in the Fund.
This policy will be reviewed by Avon Pension Fund annually