This privacy notice explains how and for what purpose(s) Bath and North East Somerset Council (the “Administering Authority”, or “we”) uses personal data about members and beneficiaries (referred to as “you”) of the Avon Pension Fund (the “Fund”). As the Administering Authority of the Fund, we hold certain information about you and from which you can be identified (“personal data”) which we need to administer the Fund.
In this privacy notice we have summarised some of the ways in which we collect and use personal data in accordance with data protection legislation[i].
It is important that you read this privacy notice together with any other privacy notice or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice replaces any general privacy notice we may have previously issued and supplements any other notices and privacy policies we issue that are specific to particular data collection/processing activities.
Why we are providing this notice to you
As the Administering Authority of the Fund, we hold certain information about you and from which you can be identified (“personal data”) which we use to administer the Fund and to pay benefits from it. This notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards that are in place to protect it.
How we comply with the law
The Administering Authority holds personal data about you, in its capacity as a controller, for the proper handling of all matters relating to the Fund, including its administration and management. This includes the need to process your data to contact you, to calculate, secure and pay your benefits, for statistical and financial modelling and for reference purposes (for example, when we assess how much money is needed to provide members' and beneficiaries' benefits and how that money should be invested), and to manage liabilities and administer the Fund generally. Further information about how we use your personal data is provided below.
The lawful basis for our use of your personal data will usually be that we need to process your personal data to satisfy our legal obligations as the Administering Authority of the Fund. However, where that lawful basis does not apply then the lawful basis for our use of your personal data will be one or more of the following:
- we need to process your personal data to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body and/or;
- we need to process your personal data for the legitimate interests of administering and managing the Fund and liabilities under it, calculating, securing and paying benefits and performing our obligations and exercising any rights, duties and discretions the Administering Authority has in relation to the Fund and/or;
- you have given consent to the processing of your personal data for one or more specific purposes and/or;
- because we need to process your personal data to meet our contractual obligations to you in relation to the Fund (for example, under an agreement that you will pay additional voluntary contributions to the Fund), or to take steps, at your request, before entering into a contract.
What personal data we hold, and how we obtain it
The types of personal data we hold and process about you include:
- Contact details, including name, address, telephone numbers and email address.
- Identifying details, including date of birth, national insurance number and employee and membership numbers.
- Information that is used to calculate and assess eligibility for benefits, for example, length of service or membership and salary information.
- Financial information relevant to the calculation or payment of benefits, for example, bank account and tax details.
- Information about your family, dependents or personal circumstances, for example, marital status and information relevant to the distribution and allocation of benefits payable on death.
- Information about any previous membership of other public service pension schemes and other LGPS administering authorities, including your date leaving and whether the previous scheme/authority assessed your eligibility for underpin protection.
We obtain some of this personal data directly from you. This includes collection of data from forms you submit through My Pension Online and the forms on our website. We may also obtain data (for example, salary information) from your current or past employer(s) or companies that succeeded them in business, from a member of the Fund (where you are or could be a beneficiary of the Fund as a consequence of that person’s membership of the Fund) and from a variety of other sources including public databases (such as the Register of Births, Deaths and Marriages), our advisers and government or regulatory bodies, including those in the list of organisations that we may share your personal data with set out below.
Our use of “Special Categories” of personal data
In some circumstances we will need to process “special categories” of personal data in order to calculate and pay appropriate benefits to you. This includes:
- Information about your health, for example, to assess eligibility for benefits payable on ill health, or where your health is relevant to a claim for benefits following the death of a member of the Fund.
- Information about a criminal conviction if this has resulted in you owing money to your employer or the Fund and the employer or Fund may be reimbursed from your benefits.
Where we obtain information concerning certain "special categories" of particularly sensitive data, such as health information, extra protections apply under the data protection legislation. We will only process your personal data falling within one of the special categories with your consent, unless we can lawfully process this data for another reason permitted by that legislation, in which case we will not seek consent. Where we rely on consent to process your personal data, you have the right to withdraw your consent to the processing at any time by notifying the Administering Authority. However, if you do not give consent, or subsequently withdraw it, the Administering Authority may not be able to process the relevant information to make decisions based on it, including decisions regarding the payment of your benefits. We request that any withdrawal of consent is made in writing for record keeping purposes. Consent records are held in line with our retention policies.
Information about others
Where you have provided us with personal data about other individuals, such as family members, dependants or potential beneficiaries under the Fund, please ensure that those individuals are aware of the information contained within this notice.
How we will use your personal data
We will use this data to deal with all matters relating to the Fund and in-house AVC arrangements, including its administration and management. This can include the processing of your personal data for all or any of the following purposes:
- To contact you.
- To assess eligibility for, calculate and provide you (and, if you are a member of the Fund, your beneficiaries upon your death) with benefits.
- To identify your potential or actual benefit options.
- To allow alternative ways of delivering your benefits, for example, through the use of insurance products and transfers to or mergers with other pension arrangements.
- For statistical and financial modelling and reference purposes (for example, when we assess how much money is needed to provide members’ benefits and how that money should be invested).
- To assess and, if appropriate, action a request you make to transfer your benefits out of the Fund.
- To comply with our legal and regulatory obligations as the administering authority of the Fund.
- To address queries from members and other beneficiaries and to respond to any actual or potential disputes concerning the Fund.
- The management of the Fund’s liabilities, including the entering into of insurance arrangements and selection of Fund investments.
- In connection with the sale, merger or corporate reorganisation of or transfer of a business by the employers that participate in the Fund and their group companies.
- To ask you to share your views and participate in exercises such as voluntary surveys.[ii]
- To communicate relevant news and updates.
- To verify your identity for the purposes of your pension administration or when you contact the Fund.
Where possible, when identity checks are necessary (for example, paying death benefits or benefits on retirement), we will check your provided identity documents online. This will be done using our identity checking service provided by LexisNexis (please see our list of data processors for more information).
The Fund is expanding its capacity for digital communications, and the default communication method has been set to reflect this. Therefore, if the Fund has the means to communicate with you via a digital method, i.e. email, it will do so in the first instance. You can opt to receive information via printed communication if you prefer to do so. Your communications preference can be changed at any time though the ‘My details’ section of your My Pension Online Account or by contacting us.
Organisations that we may share your personal data with
From time to time, we will share your personal data with advisers and service providers so that they can help us carry out our duties, rights and discretions in relation to the Fund. Some of those organisations will simply process your personal data on our behalf and in accordance with our instructions; they are referred to as processors. Other organisations will be responsible to you directly for their use of personal data that we share with them; they are referred to as controllers. The controllers may be obliged under the data protection legislation to provide you with additional information regarding the personal data they hold about you and how and why they process that data. Further information may be provided to you in a separate notice or may be obtained from the advisers and service providers direct, for example via their websites.
Whenever one of our advisers or service providers acts as a joint controller with us in respect of your personal data, because we jointly determine the purposes and means of processing it, we will agree with them how we are each going to meet our respective and collective obligations under the data protection legislation. In each case, we will only do this to the extent that we consider the information is reasonably required for these purposes. If you would like more information about how such an arrangement works, please contact us using the contact details below.
Third-Party Organisations and Data Sharing
To deliver our services effectively and meet our legal obligations, we work with a number of trusted third-party organisations. These organisations may process your personal data on our behalf or act as independent data controllers.
Data Processors
These organisations process personal data on our behalf to support the administration and delivery of services:
| Company | Purpose of Data Use |
|---|---|
| LexisNexis | Member tracing, data cleansing, identity verification and mortality checks |
| Convera UK Financial (previously Western Union) | Processing overseas payments |
| Toplink Envelopes | Printing and postage |
| Xerox (UK) | Digital printing services |
| Heywood Limited | Administration software (Altair) |
| Spotler | Member communication software |
| Webcurl | Website development and support |
| Klaro! | Cookies consent management tool |
| Google LLC | Website analytics tool |
| Vimeo Inc. | Video creation/editing |
| Money and Pensions Service (MaPS) | Pensions Dashboard Project (Pensions Dashboard Programme) |
| Zoom | Telephony system |
| Survey providers | Feedback gathering to improve services for members |
Data Controllers
These organisations may receive and process your personal data independently to fulfil their own legal or professional obligations:
| Company | Purpose of Data Use |
|---|---|
| Mercer | Actuarial, investment and scheme consultants |
| Legal and General | Additional voluntary contribution (AVC) provider |
| Osborne Clarke | Legal advisors |
| The Audit Commission | Statutory auditor |
| Grant Thornton | External auditor |
| One West | Internal auditor |
| South Yorkshire Pensions Authority | National Insurance Database |
| Administering authorities of other LGPS funds (or third-party administrators) | Where you have been a member of another LGPS fund |
| The Government Actuary’s Department | Support long-term sustainability and fairness of the scheme (defined actuarial and policy purposes) |
| The Cabinet Office | For the purposes of the National Fraud Initiative |
| Courts of England and Wales | Processing of pension sharing orders on divorce |
| Convera UK Financial | Payments to scheme members with non-UK accounts |
| Insolvency practitioners | For tracing and legal processing where applicable |
All third parties are subject to strict data protection obligations and are only permitted to use your data for specified purposes. We regularly review our contracts and data sharing arrangements to ensure compliance with UK GDPR and other relevant legislation.
In addition, where we make Fund investments or seek to provide benefits for Fund members in other ways, such as through the use of insurance, then we may need to share personal data with providers of investments, insurers and other pension scheme operators. In each case we will only do this to the extent that we consider the information is reasonably required for these purposes.
From time to time, we may provide some of your data to your employer and their relevant subsidiaries (and potential purchasers of their businesses) and advisers for the purposes of enabling your employer to understand its liabilities to the Scheme. Your employer would generally be a controller of the personal data shared with it in those circumstances. For example, where your employment is engaged in providing services subject to an outsourcing arrangement, the Administering Authority may provide information about your pension benefits to your employer and to potential bidders for that contract when it ends or is renewed.
In the event of a Fund employer becoming insolvent, we may need to share personal data with insolvency practitioners to ensure that debts are reclaimed, and that benefits are administered appropriately and completely.
Where requested or if we consider that it is reasonably required, we may also provide your data to government bodies, dispute resolution and law enforcement organisations, including those listed above, the Pensions Regulator, the Pensions Ombudsman and Her Majesty’s Revenue and Customs (HMRC). They may then use the data to carry out their legal functions.
The organisations referred to in the paragraphs above may use the personal data to perform their functions in relation to the Fund as well as for statistical and financial modelling (such as calculating expected average benefit costs and mortality rates) and planning, business administration and regulatory purposes. They may also pass the data to other third parties (for example, insurers may pass personal data to other insurance companies for the purpose of obtaining reinsurance), to the extent they consider the information is reasonably required for a legitimate purpose.
We do not use your personal data for marketing purposes and will not share this data with anyone for the purpose of marketing to you or any beneficiary.
In order to comply with The Pensions Dashboards Regulations 2022, we will share data with the Money and Pensions Service (MaPs) and our third-party AVC providers. These regulations require the sharing of data to match certain members with their pensions and provide information on their pension benefits. More information about the Pensions Dashboard Programme and how MaPS process data can be found on the MaPS and Pensions Dashboard Programme websites.
Transferring information outside the UK
In some cases, recipients of your personal data may be outside the UK. As such, your personal data may be transferred outside the UK to a jurisdiction that may not offer an adequate level of protection as is required by the UK Government.
If this occurs, additional safeguards must be implemented with a view to protecting your personal data in accordance with applicable laws. Please use the contact details below if you want more information about the safeguards that are currently in place.
How long we keep your personal data
We will only keep your personal data for as long as we need to in order to fulfil the purpose(s) for which it was collected and for so long afterwards as we consider may be required to deal with any questions or complaints that we may receive about our administration of the Fund, unless we elect to retain your data for a longer period to comply with our legal and regulatory obligations. In practice, this means that your personal data will be retained for the greater of:
- such period as you (or any beneficiary who receives benefits after your death) are entitled to benefits from the Fund and for a period of 15 years after those benefits stop being paid. For the same reason, your personal data may also need to be retained where you have received a transfer, or refund, from the Fund in respect of your benefit entitlement; or
- 100 years from a member’s date of birth; or
- 100 years from the date of birth of any beneficiary who received benefits from the Fund after the member’s death.
It is our intention to delete electronic data permanently from our records when the functionality becomes available. Please see our Retention Policy for more detail.
Cookies
Our websites use cookies that; are essential (this means they are required to make something on our website function properly), help us to make your experience of using the website better, analyse site traffic, and personalise content. You can manage your cookie preferences at any time using the consent management function on our websites or your browser settings. For more details, please review our Cookies Policy.
My Pension Online (Member Self-Service Platform)
We rely on consent to process your data for the specific purpose of providing you with access to the member self-service portal (‘My Pension Online’). By signing up to access the self-service portal, you provide consent for us to be able to process the required data and therefore allow you access to the member area of the website. Your consent can be withdrawn at any time, through the ‘Security settings’ section of your My Pension Online Account. Please see below for more information about your rights. Please note that we do not rely on consent to process your personal data for the purpose of administering your pension and related processes as we are under a legal obligation to do so under pension laws and regulations.
Your rights
You have a right to access and obtain a copy of the personal data that the Administering Authority holds about you and to ask the Administering Authority to correct or complete your personal data if there are any errors or it is out of date or incomplete. In very limited circumstances, you may also have a right to ask the Administering Authority to restrict the processing of your personal data, or to transfer or (in extremely limited circumstances, such as where your personal data is no longer needed for the purpose for which it is being processed) erase your personal data. You should note that we are not obliged to erase your personal data if we need to process it for the purposes of administering the Fund.
In certain circumstances you have the right to object to the processing of your personal data; for example, you have the right to object to processing of your personal data which is based on the public interest or legitimate interests identified in the section above headed "How we comply with the law", or where processing is for direct marketing purposes.
Queries and Complaints
If you wish to exercise any of these rights or have any queries or concerns regarding the processing of your personal data, including making a complaint about how your personal data has been handled, please contact the Fund’s Governance Team as indicated below.
You also have the right to lodge a complaint in relation to this privacy notice or the Administering Authority's processing activities with the Information Commissioner's Office (ICO) which you can do through the website above or their telephone helpline. The ICO will normally expect you to have raised a complaint with us first.
You can obtain further information about your rights from the Information Commissioner’s Office website or via it’s telephone helpline (0303 123 1113).
As explained in the section above headed "How we will use your personal data", one of the reasons we collect and hold your personal data is to administer your Fund benefits. If you do not provide the information we request, or ask that the personal data we already hold is deleted or that the processing of the personal data be restricted, this may affect our ability to administer your benefits, including the payment of benefits from the Fund. In some cases, it could mean the Administering Authority is unable to put your pension into payment or has to stop your pension (if already in payment).
Contacting us
Please contact the Fund’s Governance Team at APF_Governance@bathnes.gov.uk for further information or to make a data protection complaint.
Data Protection Officer
You may also contact our data protection officer email: i-west@bathnes.gov.uk for further information.
[i] Please note that the relevant data protection legislation includes:
- the UK Data Protection Act 2018;
- the UK GDPR (as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019/419);
- the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) (as amended and incorporated into the laws of England & Wales, Scotland and Northern Ireland);
- the General Data Protection Regulation 2016/679;
- The Data (Use and Access) Act 2025; and
all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications).
[ii] Please note, where the Fund uses third parties to facilitate an exercise, such as a survey, we will issue you with a separate privacy notice which will provide further details, in line with data protection legislation.