INTRODUCTION
LGPS Central Limited respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
It is important that you read this privacy notice together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
LGPS Central Limited is the controller and responsible for your personal data (referred to as “LGPS Central”, “we”, “us” or “our” in this privacy notice).
WHAT IS PERSONAL DATA AND WHAT PERSONAL DATA DOES LGPS CENTRAL HOLD?
The data protection laws define Personal Data as “data relating to living, identifiable individuals
Prospective employees only: We are required by law to treat certain categories of Personal Data with even more care than usual. These are called Sensitive or Special Categories of Personal Data and different lawful bases apply to them. Information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying you, data concerning health or concerning your sex life or sexual orientation will fall within the Special Categories of Personal Data.
The term “process” means any activity relating to Personal Data, including, by way of example, collection, storage, use, consultation and transmission.
LGPS Central is a “Controller” of your Personal Data. This is a legal term – it means that we make decisions about how and why we process your Personal Data and, because of this, we are responsible for making sure it is used in accordance with data protection laws.
It should be noted that LGPS Central’s clients are corporate entities i.e. local government pension schemes rather than individuals. LGPS Central does not hold any Personal Data in relation to the underlying individual members of the pension schemes whose assets LGPS Central manages. Consequently, the Personal Data that we do hold is very limited and primarily relates to our employees, the business contacts of officers within the local government pension schemes whose assets we manage and the business contacts at our service providers, suppliers and other third parties.
The relevant information we collect and hold can be categorised as follows:
Prospective Employees – contact details, identification information, background information employment history, financial information, employment administration information, job performance information, remuneration information, investigation, grievance and disciplinary, benefits information, assets, systems and platform usage and communications information, healthcare and pension arrangements. We may collect some information about prospective employees which falls within the Special Categories of Personal Data (above), including race, ethnicity, religious beliefs, sexual orientation, health and trade union membership. We will use this information where we need to provide appropriate adjustments, services or to enable meaningful equal opportunities monitoring. Also, information relating to criminal convictions and offences will only be collected and stored where this is necessary. This information will only be collected and used where there is requirement for a high level of trust and integrity to be demonstrated and relates to FCA approval processes for specific roles.
Shareholders – the names and contact details of elected members who are shareholder representatives, and the individual officers we interact with, at our local government pension scheme shareholders (known by us as ‘Partner Funds’) together with background and identification information that we are required to collect for regulatory purposes.
Clients – the names and business contact details of the individual officers we interact with at our local government pension scheme clients together with background and identification information that we are required to collect for regulatory purposes.
Service Providers, Suppliers and Contractors – the names and business contact details of the individuals we interact with at our service providers, suppliers and contractors together with background and identification information that we are required to collect for regulatory purposes.
Other Business Partners / Contacts (e.g. banks, brokers, registrars, lawyers, accountants, actuaries, regulators, HMRC, investee companies, property agents etc) – the names and business contact details of the individuals we interact with at these entities together with background and identification information that we are required to collect for regulatory purposes.
Further details of the Personal Data we collect, where we get it from and what we do with it are set out in Appendix 1.
HOW IS PERSONAL DATA COLLECTED?
LGPS Central uses different methods to collect Personal Data including the following:
- you provide us with Personal Data directly, for instance when you apply for a job with us and in the course of your job, when you complete forms provided by us, when you correspond with us and when you enter into a contract with us, as relevant;
- where our clients make investments into LGPS Central’s products we may obtain some Personal Data through the subscription form or application form or to facilitate the performance of a service; and
- we obtain some Personal Data from other sources, including from other people and organisations, including some publicly available sources e.g. Companies House, Registrars and background employment and credit check providers.
You can read more about the sources of Personal Data in the more detailed information set out in as explained in Appendix 1.
If any of the Personal Data you have given to us changes, such as your contact details, please inform us without delay by contacting our Head of IT using the contact details at the bottom of this notice.
HOW DO WE USE PERSONAL DATA?
The Personal Data we obtain and hold is used to enable us to:
- administer your application for a job with us and considering your suitability for the relevant role, conducting verification and vetting including where it is necessary for FCA approval processes for specific roles;
- communicating with you;
- manage and administer our equal opportunities reporting;
- respond to requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities;
- support the sale, transfer or merging of part or all of our business or assets, or in connection with the acquisition of another business;
- provide investment, management and administration services to our clients;
- fulfil our contractual and other obligations to candidates, suppliers, contractors and other business partners; and
- meet our legal and regulatory obligations.
We are required by law to always have a permitted reason or justification (called a “legal basis”) for processing Personal Data. In the vast majority of instances, LGPS Central will use one of the following lawful bases:
- Processing is necessary for the performance of our contract with you;
- Processing is necessary for us to comply with our legal obligations; and
- Processing is for our legitimate business interests – in this instance the processing must be “necessary” and we must balance the interests of the controller with the rights of the individual.
We are required to have an additional justification for processing any Special Category Personal Data relating to you. We will rely upon the following justifications for processing Special Category Personal Data:
- Processing is necessary to protect your vital interests or those of another person and you or they are physically or legally incapable of giving consent;
- Processing is necessary for our establishment, exercise or defence of legal claims; and
- Processing is necessary for reasons of substantial public interest.
It is important that the Personal Data we hold is accurate and current and, therefore, you, the Data Subject, should advise us as soon as possible in the event of any changes.
WHO DO WE DISCLOSE PERSONAL DATA TO?
We will only use your Personal Data for our internal business purposes. We do not sell any Personal Data to third parties and we do not share Personal Data with third parties for the third parties’ marketing purposes.
From time to time, we may ask third parties to carry out certain business functions for us, such as the administration of our payroll and our IT support. We may need to disclose Personal Data strictly on a need-to-know basis to our service providers, contractors, suppliers and other parties such as fund administrators, banks, brokers, registrars, lawyers, accountants, actuaries, regulators, payroll, pension providers, life assurance provider and HMRC.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. Before we disclose your Personal Data to our service providers, we will make sure that they have appropriate security standards in place to make sure your Personal Data is protected, and we will enter into a written contract imposing appropriate security standards on them. We do not allow our third-party service providers to use your Personal Data for their own purposes outside of the reasons we supplied it to them (although some of them will be controllers in their own right – for instance lawyers, accountants, regulators, pension providers, life assurance provider and HMRC; and some of them will need to use it for compliance with their own legal and regulatory compliance purposes). We only permit them to process your Personal Data for specified purposes and (if they are processors acting on our behalf) in accordance with our instructions.
In certain circumstances, we will also disclose your personal data to other third parties who will receive it as controllers of your personal data in their own right, in particular if we need to disclose your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our customers or others.
In addition to/supplementary to those persons mentioned above, we are likely to share your Personal Data with the following categories of recipients:
- clients;
- consultants and professional advisors including legal advisors, auditors and accountants;
- LGPS Central group entities;
- courts, court-appointed persons/entities, receivers and liquidators;
- business partners and joint ventures;
- trade associations and professional bodies;
- insurers; and
- governmental departments, statutory and regulatory bodies including the Financial Conduct Authority, Department for Work & Pensions, Information Commissioner’s Office, the police and Her Majesty’s Revenue and Customs.
WHAT DO WE DO TO KEEP PERSONAL DATA SECURE?
We have put in place appropriate physical and technical measures to safeguard the Personal Data we collect in connection with our services. In addition, we limit access to Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Personal Data on our instructions and are subject to a duty of confidentiality.
However, please note that although we take appropriate steps to protect Personal Data no device, computer system, transmission of data or wireless connection is completely secure and, therefore, we cannot guarantee the absolute security of Personal Data shared with us over the internet.
INTERNATIONAL TRANSFER OF PERSONAL DATA
The Personal Data that we collect may be stored and processed in the United Kingdom and European Economic Area (“EEA”) or transferred to, stored at, or otherwise processed outside of the United Kingdom.
Where Personal Data is going to be part of a ‘Restricted Transfer’, we must ensure that the Personal Data is kept secure and properly protected. A ‘Restricted Transfer’ is a transfer of Personal Data to another country or territory which is not deemed to provide adequate protection for personal data by its laws and so for which mechanisms for transfer are needed, including appropriate transfer agreements and mechanisms (such as the EU Model Clauses). These will be put in place to help ensure that (for example) our third party service providers provide an adequate level of protection for Personal Data. We will only make Restricted Transfers of Personal Data in accordance with applicable laws.
DATA RETENTION – HOW LONG IS PERSONAL DATA STORED / KEPT?
LGPS Central retains Personal Data in line with its Data Retention Policy and for as long as necessary to fulfil the purposes for which the Personal Data has been collected as outlined in this Privacy Notice unless a longer retention period is required by law. Personal Data is kept under regular review to ensure that it is not held longer than is strictly necessary, whilst taking account of LGPS Central’s other regulatory obligations such as the requirement to retain evidence of anti-money laundering checks or Regulated references.
When Personal Data is no longer required for the purpose it was collected or as required by applicable law, it will be deleted or in certain circumstances returned to you in accordance with applicable law.
ACCESSING PERSONAL DATA AND YOUR RIGHTS
LGPS Central will collect, store and process Personal Data in accordance with your rights under the UK General Data Protection Regulation (UK GDPR). Under certain circumstances you have the following rights in relation to your Personal Data:
- the right to request details of your Personal Data held by LGPS Central and to request copies of such information (this is more commonly known as submitting a “data subject access request”)
- where LGPS Central’s use of Personal Data is based upon your consent, the right to withdraw such consent at any time;
- the right, in certain circumstances, to request LGPS Central to receive your Personal Data which you have provided to us and which is processed by us by automated means or to have it transmitted direct to another organisation;
- the right to challenge the accuracy or completeness of your Personal Data and to request LGPS Central to rectify or update any Personal Data that is incorrect or complete;
- the right to have Personal Data erased in certain specified circumstances;
- the right to object to or ask us to restrict the processing your Personal Data;
- the right to object to specific types of processing of Personal Data, for example where it is being used for direct marketing
- the right, in certain circumstances, not to be subject to decisions being taken solely on the basis of automated processing g. profiling).
HOW CAN YOU ENFORCE YOUR RIGHTS?
If you wish to enforce any of your rights under the UK GDPR please contact us using the details below. A response to the request will be made without undue delay and no later than one month from receipt of such a request. We will not charge a fee for processing such a request.
If you are concerned that we have not complied with your legal rights under applicable Data Protection Laws, you may contact the Information Commissioner’s Office (www.ico.gov.uk ) which is the data protection regulator in the UK. Alternatively, if you are based outside the UK, you may contact your local data protection supervisory authority.
THIRD PARTY LINKS AND PRODUCTS ON OUR SERVICES
Our websites, applications and products may contain links to other third party websites that are not operated by LGPS Central, and our website may contain applications that you can download from third parties. These linked sites and applications are not under LGPS Central’s control and, as such, we are not responsible for the privacy practices or the content of any linked websites and online applications. If you choose to use any third party websites or applications, any Personal Data collected by the third party’s website or application will be controlled by the privacy notice of that third party. We strongly recommend that you take the time to review the privacy policies of any third parties to which you provide Personal Data.
CHANGES TO THIS PRIVACY NOTICE
We will update this Privacy Notice from time to time and hence it is important to check the “Date Notice Last Updated” legend at the bottom of this Notice. Any changes will become effective upon our posting of the revised Privacy Notice.
We will provide notice to you where any of the changes are material and, where required by applicable law, we will obtain your consent. We will provide this notice by e-mail or by posting notice of the changes on our website.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at GeneralEnquiries@lgpscentral.co.uk
You can also complain to the ICO if you are unhappy with how we have used your data using the reporting tool at this link Make a complaint | ICO .
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk
Last updated: January 2024
Appendix 1
Categories of Personal Data
Category | Type of personal data |
Categories of data subject |
Collected from |
---|---|---|---|
Contact Information |
Name(s)Address(es)Email address(es) including business email address(es)Contact details including mobile telephone number(s) |
Employees Clients Shareholder representatives Service providers, suppliers and contractors, other business partners / contacts |
You |
Identity and Background Information |
Details of education and qualifications and results Career history, experience and skillsPassport information Driving licence information Psychometric test results Right to work, residency and/or other visa information (where unrelated to your race or ethnicity) Curriculum Vitae (CV) or resume and professional profile Image or photographs Application form Evaluative notes and decisions from job interviews Preferences relating to job location and salary Conflicts of interests (including where related to family networks) |
Employees Clients Service providers, suppliers and contractors, other business partners / contacts |
You Recruitment consultants and agencies Your previous employers Publicly available information from online resources |