Who we are 

Bath and North East Somerset Council is the Administering Authority for the Avon Pension Fund (the Fund). When we refer to “we”, “us” or “our”, we mean the Administering Authority. 

As Administering Authority, we are responsible for running the Fund and paying benefits. To do this, we must hold and use information that can identify you (personal data).

This privacy notice explains:

  • what personal data we hold about you 
  • how and why we use it 
  • who we may share it with 
  • how long we keep it 
  • your rights under data protection law 

Please read this notice alongside any other privacy information we provide when collecting data for specific purposes. This notice replaces any previous general privacy notice issued by the Fund. 

Why we hold your information 

We use personal data to: 

  • administer the Fund 
  • calculate, manage and pay benefits 
  • meet our legal and regulatory obligations 
  • communicate with members and beneficiaries 

Without this information, we would be unable to properly administer or pay pension benefits. 

How we comply with data protection law 

We are a data controller under data protection legislation. This means we decide how and why your personal data is used. 

We process your personal data because it is necessary for: 

  • compliance with legal obligations (for example pension legislation and pensions dashboards regulations) 
  • carrying out tasks in the public interest or in the exercise of official authority 
  • our legitimate interests in administering and managing the Fund, where this does not override your rights and where public task does not apply
  • fulfilling contractual obligations (for example Additional Voluntary Contributions) 
  • consent, where required for specific purposes 

The data protection laws that apply include: 

  • UK General Data Protection Regulation (UK GDPR) 
  • Data Protection Act 2018 
  • Privacy and Electronic Communications Regulations 2003 
  • Data (Use and Access) Act 2025 
  • related legislation and guidance in force from time to time 

What personal data we hold

We hold and process personal data including: 

Personal and contact details 

  • Name, address, email address and telephone number 
  • Date of birth and National Insurance number 

Identification and membership information 

  • Employee or membership reference numbers 
  • Pension Identifier (PEI) used for pensions dashboards 

Employment and pension details 

  • Salary information 
  • Length of service or scheme membership 
  • Previous public sector pension scheme details 
  • Information needed to assess underpin protection (McCloud remedy) 

Financial information 

  • Bank account details 
  • Tax information 

Family and personal circumstances 

  • Marital status 
  • Dependant and beneficiary details 

Health information 

  • Where needed to assess ill-health benefits or death benefits 

Criminal conviction data 

  • Only where this affects recovery of monies owed to an employer or the Fund 

How we collect your data

We collect personal data: 

  • directly from you (for example via My Pension Online or forms on our website) 
  • from your current or former employers 
  • from other LGPS administering authorities or public service pension schemes 
  • from government bodies and public registers (such as births, deaths and marriages) 
  • via pensions dashboards when you search for your pension 
  • from advisers and service providers working on our behalf 

When you book an appointment with us online, we collect basic contact details, information about any access requirements, and the reason for your booking so that we can arrange and manage your appointment.

Special category personal data

Some information we use is legally classed as special category data, such as health information. 

We only process this data when: 

  • you have given consent, or 
  • the law allows us to do so without consent (for example where necessary to pay benefits) 

You may withdraw consent at any time. However, if consent is withdrawn, we may be unable to assess or pay certain benefits. 

Information about other people

If you provide personal data about another person (such as a dependant or beneficiary), please make sure they are aware of this privacy notice.

How we use your personal data

We use your personal data to: 

  • contact you 
  • calculate, assess and pay benefits 
  • identify benefit options 
  • process transfers and refunds 
  • manage Fund liabilities and investments 
  • meet legal and regulatory obligations 
  • deal with queries, complaints or disputes 
  • verify your identity 
  • communicate news and updates 
  • support pensions dashboards 
  • identify eligibility for underpin protection (McCloud remedy

Where identity checks are required, we normally use electronic verification for UK residents. Documentation may be provided by post or in person if preferred. Overseas members must provide certified copies. 

The Fund is expanding its capacity for digital communications, and our default communication method reflects this. Where we are able to contact you digitally, for example by email, we will normally do so in the first instance.

You may choose to receive printed communications instead if you prefer. Your communication preference can be changed at any time through the ‘Details and Settings’ section of your My Pension Online account or by contacting us.

We do not use your personal data for marketing purposes and we do not send marketing communications.

However, we will contact you from time to time with service‑related, administrative and regulatory communications that are necessary to administer the Fund or keep you informed. These may include updates or surveys about your pension, changes to processes, investment or governance information, or other matters relevant to the management of the Fund.

These communications are not marketing and form part of our legal duties as the Administering Authority.

Who we share your data with

We may share personal data with: 

  • administrators, actuaries, auditors and IT providers 
  • AVC providers 
  • insurers and investment providers 
  • employers participating in the Fund 
  • government bodies and regulators (e.g. HMRC, TPR, Ombudsman) 
  • dispute resolution or law enforcement bodies 
  • the Money and Pensions Service (MaPS) for pensions dashboards 

All organisations are subject to strict data protection obligations.

Data Processors and Controllers

To run the Fund and meet our legal obligations, we work with a number of trusted third‑party organisations. Some of these organisations process personal data on our behalf, while others receive and use personal data independently to carry out their own legal or professional responsibilities.

Organisations that process data on our behalf (data processors)

These organisations process personal data only in line with our instructions and are subject to contractual data protection obligations.

  • LexisNexis – Tracing members, cleansing data, identity checks and mortality screening
  • Convera UK Financial – Processing overseas payments on our behalf
  • Toplink Envelopes Ltd – Printing and posting member communications
  • Xerox (UK) – Digital printing services
  • Heywood Limited – Pension administration software (Altair) and related support services
  • Spotler – Member communication software
  • Webcurl – Website development and technical support
  • Klaro! – Cookies consent management tool
  • Vimeo Inc. – Hosting and editing video content
  • Zoom – Telephony services
  • Survey providers – Collecting feedback to help us improve Fund services

All data processors are required to keep personal data secure and may only use it for the purposes we specify.

Organisations that use data independently (data controllers)

These organisations receive personal data and are responsible for how they use it under their own legal or professional obligations.

  • Mercer – Actuarial, investment and scheme consultancy services
  • Legal & General – Additional Voluntary Contribution (AVC) provider
  • Osborne Clarke – Legal advisers
  • The Audit Commission – Statutory audit functions
  • Grant Thornton – External audit services
  • One West – Internal audit services
  • South Yorkshire Pensions Authority – National Insurance database and related LGPS functions
  • Other LGPS administering authorities or third party administrators – Where you have previous or concurrent membership of another LGPS fund
  • The Government Actuary’s Department – Actuarial and policy functions supporting the long term sustainability of the scheme
  • The Cabinet Office – National Fraud Initiative
  • Courts of England and Wales – Processing pension sharing orders on divorce
  • Convera UK Financial – Processing international payments in its capacity as a regulated financial services provider
  • Insolvency practitioners – Tracing and legal processing where an employer becomes insolvent
  • Heywood Limited – Integrated Service Provider role within the Pensions Dashboards ecosystem
  • Money and Pensions Service (MaPS) – Operation of the Pensions Dashboards ecosystem under statutory powers
  • Google LLC – Website analytics and performance measurement

Each of these organisations is required to provide its own privacy information explaining how it uses personal data.

Transfers outside the UK

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place to protect it.

How long we keep your data

We retain personal data for as long as necessary to administer the Fund and meet legal obligations. 

In practice, this is the greater of: 

  • the period benefits are payable plus 15 years 
  • 100 years from the member’s date of birth 
  • 100 years from a beneficiary’s date of birth 

Because pensions are long‑term arrangements and we have ongoing legal and regulatory responsibilities, personal data is held in our main pension administration system for extended periods.

At present, it is not always possible to permanently delete records from this system without affecting pension benefit records. Where information is no longer actively needed, its use is limited and access is restricted.

We intend to permanently delete electronic personal data where this becomes possible and where this can be done in line with pension legislation and record‑keeping requirements. More information is set out in our Retention Policy.

Cookies and online services

Our website uses cookies to ensure functionality, analyse usage and improve services. Cookie preferences can be managed via our website or browser settings. More information is available in our Cookies Policy.

Access to our member portal, My Pension Online, relies on your consent. You may withdraw this consent at any time via your account settings. Withdrawing consent will not affect the administration of your pension, which we carry out as a legal requirement. 

Your rights

You have the right to: 

  • access your personal data 
  • request corrections 
  • request restriction or objection in certain circumstances 
  • request erasure in very limited situations 

Some rights may be restricted where data is needed to administer pension benefits. 

Queries and Complaints

If you have any questions about how we use your personal data, or if you wish to exercise your data protection rights, you can contact us at any time.

You can raise a data protection query or complaint by completing our online data protection form.

If you prefer, you can also contact us using the details below.

The information you provide will be used only to investigate and respond to your query or complaint and to meet our legal obligations. Making a data protection complaint will not affect your pension benefits.

Fund Governance Team at APF_Governance@bathnes.gov.uk 

Data protection officer at i-west@bathnes.gov.uk 

If you are not satisfied with our response, you also have the right to complain to the Information Commissioner’s Office (ICO). The ICO will usually expect you to contact us first. Further details are available on the Information Commissioner’s Office website.

Version 7: April 2026

Also interested in

Personal Data Retention Policy
Memorandum of Understanding and Data Protection