Your Personal Data
The Society of Pension Professionals (“SPP”/”we”) collect and hold personal data about employees of our Members and other contacts for the purposes of our activities. The new General Data Protection Regulations (“GDPR”) come into force in May 2018, and will apply to how we do this. We want to take this opportunity to update you on how we collect, use and process your personal data.
What we need
We will be what is known as a ‘Data Controller’ of the personal data you provide to us. We only collect basic personal data about employees of our Members and other contacts, including name and contact details (physical and email). Employees of our Members provide the information held in respect of them and it is an individual’s decision as to whether it is work or personal details provided. The database also includes information concerning role, employer organisation, any areas of special interest and membership of, or willingness to be a member, of Council, a Committee or a working party. The information collected does not include any sensitive personal data or any other special types of information.
SPP may from time to time decide to collect other information from Members for the purposes of its activities, but only with individual consent, in the case of data relating to individuals
The legal basis for holding and processing your personal data is your consent, where you have provided this, and otherwise our legitimate interest.
Why we need it
We need to know your basic personal data mainly in order to provide you with news on SPP’s activities, publications and events. We will only use the information held for the legitimate purposes of SPP in the furtherance of its objectives as notified to the Members.
What we do with it
The information SPP holds is maintained on a database hosted by SPP, to which the SPP secretariat has access.
We will not process data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed or would otherwise reasonably expect this.
We have a Data Protection policy, to govern the effective and secure processing of your personal data.
All the personal data we process is processed by the SPP Secretariat in the UK. However, for the purposes of safekeeping, this information may be backed up on servers within the EEA. For the purposes of backing – up, we may also make use of third party providers with servers located outside the EEA. Any transfer or processing of data out of the EEA will be protected by appropriate safeguards as required by law.
Who has access
Access to personal data is restricted to the SPP.
Any changes to an individual’s contact details are only made on the instruction of the individual or on the instruction of another party , whom he or she has authorised to do so. It is the responsibility of individuals to ensure that we keep their personal details up to date.
On occasion, contact details may be released to facilitate communication between employees of Members or other contacts, but not without the permission of the individuals concerned.
No third parties will have access to personal data unless the law allows.
How long we keep it
We will retain personal data for no longer than necessary. Records relating to individuals will be maintained for no more than six years after the end of the last year in which an individual was actively engaged with the Society. If a Member decides not to renew membership, and advises the Secretariat that details of their employees should be removed, they will be deleted (unless a legal exemption applies).
What are your rights
You may request to see the information we hold about you to check its accuracy. If you wish to raise a complaint about how we have handled your personal data, you can contact the SPP Secretary, who will investigate the matter.
If you are not satisfied with our response, or believe we are not meeting legal requirements, you can complain to the Information Commissioner’s Office (ICO) (Wycliffe House, Water Lane, Wilmslow SK9 5AF, https://ico.org.uk, 0303-123 1113)
April 11th 2018