(“the Scheme”)

Data protection regulation is, obviously, extremely important to ensure that personal information is kept securely and used only for a legitimate purpose.  The Trustees and their advisers have been complying with the current Data Protection Laws since they came into force in 1998.

From 25 May 2018 the law changed to tighten further the protection of personal data.  This doesn’t just apply to pension schemes; every company and organisation in Europe that has access to personal data has to comply with the law.

Under the regulations the Trustees are “Data Controllers”.  This means that we decide how and why your data is used.  As Data Controllers, the Trustees collect and process your personal data for the purposes of complying with their legal obligations to administer the Scheme and for their other legitimate interests relating to the operation of the Scheme.

What is personal data?

This is information that could be used to identify you as an individual such as, National Insurance Number, date of birth, gender, marital status, length of employment, home address and bank details.  Please note that as well as holding your personal data we may also hold information about your dependants.

Who has access to my data?

The administrator who looks after your member records and calculates your pension benefits is the organisation that holds complete records of all members of the Scheme.  The payroll provider holds data to enable it to make pension payments for the Scheme. The Scheme Actuary needs access to some of that data in order to assess how well funded the Scheme is and sometimes in order to assist in calculating benefits.  From time to time, other organisations will also need access to your data; for example, the Scheme Auditor will see limited amounts of personal data in order to ensure that the Scheme’s finances are in order and that the correct benefits are being paid out.  The Scheme’s legal adviser may need to be consulted on individual cases and if you are a pensioner, we have to provide information to Her Majesty’s Revenue and Customs (HMRC) so that they know what tax has been deducted from your pension.

Your previous employer within the Ballyvesey Holdings Group also holds your data to comply with its legal obligations as one of the participating employers of the Scheme.  It also has a legitimate interest in the Scheme being run in a cost-effective way and may have an interest in offering certain options to members in the future.

All organisations that require access to your personal data have to comply with the regulations and the Trustees and their advisers will check to make sure that your data is secure in their hands.  A full list of the organisations with whom we share your data is available on request (from the address shown at the end of this notice). Where these organisations are Data Controllers in their own right, a copy of their Privacy Notice is available to you on request.

In future, when there are significant changes to the Scheme (or any activity whatever its nature) that require us to use your personal data, we will explain why it is being used and whether you need to provide consent.


Where we have information in relation to proposed beneficiaries, who may become eligible to a benefit on a member’s death, we will advise the individual of their data protection rights when and if a benefit becomes payable from the Scheme.

What will you do with my personal data and how long will you keep it?

The reason we hold individual member records (that contain personal data) is so that the correct benefits can be calculated as and when they fall due for payment and for the purposes of providing a statement of benefits prior to payment.

We will need to hold your personal data for many years, probably until long after your own death and that of any dependant to whom a pension might be payable on your death, as there are occasions when a review of historical member information is necessary.  One of the most recent examples of this is HMRC’s decision to cease providing data relating to the past practice of contracting out of the State Pension Scheme.  This has forced the Scheme’s administrator to review records covering the past 40 years and more to make sure that every member’s contracted out record is correct and in line with that held by HMRC.

What rights do I have?

You have the right to see your own pension scheme record, (this is known as a Subject Access Request) and to request that we rectify any errors in data that we hold about you.  Relevant contact details for exercising these rights are provided on page 3.  In addition, you will (under certain circumstances) have the right to be forgotten or have your personal information deleted.  However, without your personal information, the Scheme administrator will not be able to calculate or pay your benefits. This is but one of the valid reasons why your data is kept and used by the Scheme.

There may be occasions when we will wish to provide a third party not directly connected with the management of the Scheme with access to your data or to use especially sensitive information such as information about your health. We will not do so without your permission. You will have the right to refuse permission and to withdraw your consent at any time.  However, if you do and this results in us not having sufficient data or information to administer your benefits, we may not be able to calculate or pay out the benefits to which you are entitled.

If you are unhappy with the way your data has been used, you can complain to the Information Commissioner’s office (ICO) at the address below:

Information Commissioner’s Office

Wycliffe House

Water Lane



Tel: 0303 123 1113 (local rate)


Our Contact details:

If you wish any further information or clarification, please contact the Trustees at the following address:

In writing to:

Deborah Grant, C/o XPS Group, PO Box 562, Middlesborough, TS1 9JA

Alternatively, you can email queries to:


For and on behalf of the Trustees of the Ballyvesey Group Pension Scheme

10 October 2023