Privacy notice

The Trustee of the Hewlett-Packard Retirement Benefits Plan (‘the Plan’)

This notice sets out how we use personal information about members of the Hewlett-Packard Limited Retirement Benefits Plan and their dependants and nominated beneficiaries (‘you’).

We are committed to protecting your privacy and operate a strict policy in respect of your personal information. The privacy notice is updated from time to time.

1) Our contact details

Name: Kerry Merryweather, Plan Secretary on behalf of the Trustee of the Hewlett-Packard Ltd Retirement Benefits Plan
Email: sta.hpplan@zedra.com
Telephone: 01727 733 150
Address: Zedra Inside Pensions, Third Floor Trident House, 42-48 Victoria Street, St Albans, AL1 3HZ

If you have any questions about administration or about your own benefits, please contact our third-party administrator Trafalgar House Pensions Administration (THPA):
Email: hp@thpa.co.uk
Telephone: 020 8090 8051 Monday to Friday from 9am to 5.30pm.
Address: Trafalgar House, PO Box 119, Blyth, NE24 9EN

Or sign in to your own secure member record: www.myworkpension.co.uk

2) What type of information we have

We currently collect and process the following information in order to carry out the administration of the Plan and meet our legal obligations and duties:

  • Personal details such as your name, gender, date of birth, home address including postcode, national insurance number, bank account details, marital status, dependants and country of residence.
  • Information relating to your benefits, including your member reference number, the date you joined or left the Plan, your earnings, pensionable earnings, the category and value of contributions and benefits that you receive, your retirement age, and any relevant matters impacting your benefits such as additional voluntary contributions, pension sharing orders, tax protections or other adjustments.
  • Health details in relation to any claim to ill health retirement or incapacity to manage your own affairs.
  • Records of communications with you.
  • In rare cases, information relating to convictions or offences to the extent they impact on the payment of benefits.

3) How we get the information and why we have it

Most of the personal information we process is provided to us directly by you, we also receive personal information from the following sources your employer, former employer, other pension schemes, tracing agents and our medical advisers in certain circumstances and for the general administration of the Plan. This means we will use your information for the following purposes:

  • To record your contributions, track entitlements and pay benefits.
  • To communicate in relation to your contributions, entitlements and benefits.
  • To obtain actuarial valuations and other professional advice.
  • To deal with any complaints you might make.
  • To conduct elections and elect trustees.
  • To meet our on-going regulatory and compliance obligations.
  • To conduct statistical and reference exercises.

We carry out these obligations because we are under a legal duty to manage the Plan on behalf of the members.

Under the General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • We have a legal obligation.
  • We have a legitimate interest.
  • Your consent. You are able to remove your consent at any time. You can do this by contacting Trafalgar House Pensions Administration (details in section 1). Please also refer to section 6.

4) What we do with the information we have

We use the information that you have given us for the general administration of the Plan. We carry out these obligations generally because we are under a legal duty to manage the Plan on behalf of the members. This means we will use your information for the following purposes:

i. We will manage our internal systems processes and our use of technology, including testing and upgrading of systems. We do this because we have a legitimate interest in ensuring that our systems and processes operate correctly and effectively.

ii. We will provide you with updates about the Plan, newsletters and flyers, and obtain your feedback about the operation of the Plan. We do this because we have a legitimate interest in keeping you up to date with developments affecting the Plan and to check we are running the Plan effectively. You can ask us to stop these communications as set out below.

iii. We will try to locate you if you move without providing us with new contact details. We do this as we have a legitimate interest in being able to contact you about the Plan and to pay your benefits.

iv. We will seek to confirm if you are still entitled to your benefits by confirming that you are still alive and that your dependants are still entitled to any benefits they receive. We do this as we have a legitimate interest in only paying benefits to those entitled to them.

v. We disclose your information to third parties at your request, such as in relation to transfers to other schemes. We do this because you have consented to this disclosure.

vi. We will use your information in order to prevent or detect crime. We do this because we have a legitimate interest in protecting the Plan from criminal activity. We will also disclose your information to third parties where we are required to disclose that information by law or by an order of the court.

vii. We will undertake activities involving third parties from time to time to help us manage the liabilities of the Plan, such as obtaining life insurance, longevity hedging, scheme mergers, bulk transfers, pension increase exchanges and enhanced transfer value exercises. We do so because it is in our legitimate interests to ensure the Plan can continue to meet its liabilities.

viii. We will consider requests by you to access your benefits on the grounds of ill-health. This will require us to consider information about your medical condition. You will be asked to consent to this use at the time you ask us for those benefits.

ix. We will keep details of any beneficiary you nominate to receive your benefits. You will be asked to consent to this at the time you submit your nomination and also be asked to confirm that the beneficiary also consents to that use.

We may share this information with third parties to carry out the general administration of the Plan, and provide your benefits as summarised below:

  • Service providers, such as Trafalgar House, who use the information on our instructions. We use these service providers to administer the Plan on our behalf, provide us with information technology services, archive our records, send mailings and run our payroll. Sometimes, these service providers may access the information from their bases outside of the UK and the European Economic Area in order to provide their services. If they do this, we will take steps to ensure that the access to data from those countries is done in full compliance with data protection law and good information security practice, so as to safeguard your information.
  • Our professional advisers to obtain legal, actuarial, investment, covenant, audit and medical advice.
  • Our providers of additional voluntary contributions.
  • Tracing agents who locate missing members and confirm continuing entitlement to benefits.
  • HM Revenue & Customs, the Department of Work & Pensions and regulatory bodies such as the Pensions Regulator.
  • The Pensions Ombudsman and Money Helper, where you have consented to that disclosure.
  • Other members of the Hewlett-Packard group, where acting as Guarantor for the Plan.
  • Your employer or former employer.
  • Insurance, reinsurance companies and independent financial advisers where we seek to manage the liabilities of the Plan.
  • If you are based outside the EU, we will transfer your information outside of the EU in order to pay you. In this case, we will also transfer your information outside the EU in order to trace you if we lose contact with you, and to confirm your continuing entitlement to benefits. We will also transfer your information outside the EU if you ask us to transfer your information to an overseas pension provider. We do this because you have consented to this disclosure to allow us to make such overseas payments or because we have taken other measures to ensure that we continue to protect your information.

5) How we store your information

Your information is securely stored by our suppliers who have access under reasons mentioned in section 4.

We keep your information for the longer of:
(a) the period required in order to meet our legal or regulatory responsibilities,
(b) the period envisaged within our record retentions policy.

We determine the period envisaged within such documentation with regard to the Plan’s operational and legal requirements, such as facilitating the payment of benefits to you or your nominated beneficiaries, calculating and managing the liabilities of the Plan, and responding to legal claims or regulatory requests.
In general, we will retain your information for 12 years after all entitlements to your benefits cease. For example, information will be retained for 12 years after the death of a member and their nominated beneficiaries (if any). We will then dispose your electronically held information by deletion, and secure disposal of hard copy records (if any).

6) Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You have rights under data protection law to access and correct your information and (in some circumstances) to restrict its use or have it deleted.

You also have the right to object to the processing of your information in some circumstances, and to tell us that you do not wish to receive newsletters and flyers about the Plan.

You also have the right to withdraw your consent to the use of your information, to the extent such use is based on your consent (primarily relating to sensitive personal data, as described in sections 4 parts viii and ix above).

Withdrawal of your consent will not affect our ability to process data for the other activities listed in section 4.

You can notify us of your withdrawal of consent by contacting us at the address in section 1.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at sta.hpplan@zedra.com if you wish to make a request.

7) How to complain

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Helpline number: 0303 123 1113
Website: https://ico.org.uk/

8) Sharing data with financial advisers

From time to time as part of its proper management of the Plan, the Trustee creates industry-standard offerings for the Plan’s existing deferred and pensioner members. The Trustee will share details of members’ pension benefits (“members’ data”) with the partnered financial adviser, to allow the partnered financial adviser to provide financial advice to members on the structure and nature of the relevant offering or on members’ standard retirement options (as relevant).

Under the ‘business as usual’ (“BAU”) process the partnered financial adviser will access the deferred member’s data only once the member has contacted the partnered financial adviser. At this point, the partnered financial adviser is an independent controller of the member’s data. Please refer to the partnered financial adviser’s privacy policy here www.origenfs.co.uk/privacy-policy

Under the pension increase exchange (PIE) process member data will not be shared with the partnered financial adviser until the expiry of a notice period under which a member, under the age of 80, may opt-out. Members over the age of 80 may opt-in within the notice period to take up PIE.

The personal data subject to the sharing is the members’ data. This data is routine information relating to the members’ pensions, including their:

  • personal identifier;
  • date of birth;
  • current pension;
  • PIE pension;
  • break even and cross over ages;
  • at retirement pension options; and
  • transfer value details.

The sharing of this member data with the partnered financial adviser is compatible with the purposes for which the member data was collected. The Trustee has taken appropriate measures to limit the amount and nature of members’ data that is shared with the partnered financial adviser.

Where the partnered financial adviser receives a member’s data under the PIE or BAU process but does not receive a follow-up enquiry from the relevant member, such member’s data will be deleted after 12 months.

9) Scheme Actuary

The Trustee, Aon and the individual appointed as scheme actuary each act independently from one another as “data controllers”, and are each committed to protecting your information and acting in accordance with your rights under data protection law. The Trustee, Aon and the scheme actuary are not “joint controllers”, and process personal data differently and separately. Aon and the scheme actuary process personal information to fulfil the duty of care that scheme actuaries (or providers of actuarial services) are required to undertake under their appointment.

For information on how Aon and the scheme actuary use and disclose your personal information, the legal bases for their use of information, and how to exercise your data protection rights in respect of their use of information, please see their privacy notice at www.aon.com/unitedkingdom/privacy.jsp

You can also find out the name of your scheme actuary by checking the latest version of the Plan’s financial statements on the Plan website: https://hprbp.com/

 10) Cookies

Cookies are small files which are transferred to your device when you visit a website.

Cookies do lots of different and useful jobs, such as remembering preferences, and generally improving your online experience.

There are different types of cookies. Some cookies are strictly necessary for the website to function, and others, such as analytics or advertising cookies, require your consent. They all work in the same way but have minor differences.

When you visit https://hprbp.com we use cookies to:

  • Help us make sure that the website is working properly and fix any errors
  • Help us understand how people are using the website, so we can make them better
  • Collect information on which web pages visitors go to most often so we can improve our online services

11) External websites

https://hprbp.com includes links to various websites owned and managed by other bodies and organisations. For example, Trafalgar House’s pension portal (‘My Work Pension’), Hewlett Packard pensioner associations and Legal & General’s ‘Manage your account’ service. These websites have their own privacy and cookie policies. Therefore, please remember the information you give them will follow their own rules, and you should refer to each external website’s own policies for details.

12) Changes to our Privacy Notice

From time to time, and as we deem necessary (or as may be required by law), we may change this Privacy Notice. You will be deemed to have accepted the terms of the Privacy Notice on your first use of the website following the alterations. We recommend you check this page regularly to keep up to date.