The Data Protection Act 2018 (DPA) requires organisations to be more transparent and accountable to individuals about how it manages and controls their data.

This Privacy Notice, sets out how the West Midlands Pension Fund manages its members' data, including who it shares data with and for what purpose it might be used.

Purpose and background

The City of Wolverhampton Council (The Data Controller) administers the Local Government Pension Scheme (LGPS) on behalf of all public body employers throughout the West Midlands, including the 7 District Councils and trades as the West Midlands Pension Fund administering the Local Government Pension Benefits of over 300,000 members.

The Fund holds personal information about individuals so that it can provide the pension services to members and employers. The Fund has a legal basis for the holding and processing of data which is section 8 (c) of the DPA. To elaborate, section 8 (c) states:

[...] processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of the controller's official authority includes processing of personal data that is necessary for- (sub section c) the exercise of a function conferred on a person by an enactment or rule of law,

The Fund holds information about individuals so that it can provide statutory and best practice services (as outlined by the Fund's Regulators) to members and other stakeholders. Information is held to ensure the Fund fulfils its statutory duty to pay pension benefits to eligible individuals when they fall due. The Fund has a legal obligation and statutory duty to provide individuals with certain information under a number of regulations including:

  • The Occupational and Personal Pension Schemes (Disclosure of Information) Regulations 2013 [SI 2013/2734]
  • The Pensions Act 2011(Transitional, Consequential and Supplementary Provisions) Regulations 2014 [SI 2014/1711]
  • The Occupational and Personal Pension Schemes (Disclosure of Information) Amendment Regulations 2015 [SI 2015/482]
  • The LGPS Regulations 2013 up to and including the amendments made through Statutory Instrument 2015 No. 755 (LGPS REGS)
  • The Public Services Pensions Act 2013
  • The Pensions Act 2004
  • The Pensions Act 2021

Under these regulations the Fund has a legal requirement to provide individuals with the following:

  • Basic information to members on the LGPS on joining or upon request by other validated parties
  • Information to early leavers and those retiring from the LGPS
  • Information on request relating to transfers to and from the LGPS
  • Issue Annual Benefit Statements to all eligible active and deferred members of the LGPS no later than the 31 August each year.
  • Information regarding changes to the regulations that govern the LGPS that may affect the calculation of benefits

The Fund may, if it chooses, pass certain details to a third party, if that third party is carrying out an administrative function of the Fund, for example, the Fund's appointed Actuary organisation. Any such arrangements will be governed by a Data Sharing Agreement.

By law, the Fund are also required in certain circumstances to share information with government organisations such as Her Majesty's Revenue and Customs (HMRC) and the Department of Work and Pensions (DWP) so that they can monitor our performance and ensure that public funds are safeguarded. This also includes Guaranteed Minimum Pension (GMP) Reconciliation.

Collection of Information

The Fund collects information from scheme members' employers regarding their employment (salary, contact information, and past service details). Information is also obtained directly from the member in regard to other pension benefits they may hold. This information is required by statute in order to manage and administer a member's pension account.

The Fund reviews the information received from employers, ensuring it is relevant to the performance of its duty as a local government pension provider. This ensures that the information it holds is specific and relevant for the purposes it was collected.

The Fund may hold information which is not immediately relevant (nomination details of third parties for example) however, due to the nature of the pension provision, the benefits may become payable at any given date. This information would be relevant and required at the point the pension benefits are payable.

The Fund may use tools to collect data from members to support service delivery. This is often on a feedback basis and is voluntarily provided. These tools include but are not limited to:

  • Survey Monkey
  • Menti Metre
  • Eventbrite

Who we may share your information with?

The Fund may share or disclose your information to any of the following bodies or organisations, where necessary to administer the scheme in line with statutory obligations and/or to comply with contractual obligations relating to it. In certain circumstances, these bodies may also be data controllers in their own right. These organisations in respect of the Fund are as follows:


Hymans Robertson

  • Type of service/provider: Scheme Actuary & Benefits Consultant
  • Reasons for sharing data: Statutory - To calculate the value of the Fund's assets and liabilities based on its membership profile and to set employer contribution rates based on that information

Prudential

  • Type of service/provider: Scheme AVC Provider
  • Reasons for sharing data: Statutory - To facilitate the creation and maintenance of individual member's AVC accounts. The Fund is required by law to have an additional voluntary contribution provider (AVC). Through this arrangement, Prudential may have access to your contact details in order to provide information and options in relation to AVCs. 

Grant Thornton

  • Type of service/provider: Scheme Auditor
  • Reasons for sharing data: Statutory - To facilitate the statutory duty of the auditing of the Fund's Annual Report and Statement of Accounts and internal controls.

Citibank

  • Type of service/provider: Overseas Payments Provider
  • Reasons for sharing data: By authority / instruction from the scheme member - To transmit payments to scheme members with non-UK bank accounts.

South Yorkshire Pension Fund

  • Type of service/provider: LGPS National Insurance Database
  • Reasons for sharing data: Best practice across LGPS for fraud prevention and to ensure accuracy of benefits - To enable the Fund to identify if their members have benefits in other LGPS schemes to ensure that appropriate benefits are paid.

National Fraud Initiative

  • Type of service/provider: Regulators: the government, law enforcement bodies including local and foreign courts, tribunals and arbitrators, other judicial committees of enactments of laws.
  • Reasons for sharing data: Statutory - To comply with the Fund's statutory duty in the management and administration of benefits, this includes participation in the Cabinet Office's National Fraud Initiative for the purposes of the prevention and detection of fraud against the Fund and organisations within the public sector and the Government Actuary's department for the calculation of the triennial assessment of the cost of the Local Government Pension Scheme on a national basis as per the Public Service Pensions Act 2013.

Government Actuary Department

  • Type of service/provider: Regulators: the government, law enforcement bodies including local and foreign courts, tribunals and arbitrators, other judicial committees of enactments of laws.
  • Reasons for sharing data: Statutory - To comply with the Fund's statutory duty in the management and administration of benefits, this includes participation in the Cabinet Office's National Fraud Initiative for the purposes of the prevention and detection of fraud against the Fund and organisations within the public sector and the Government Actuary's department for the calculation of the triennial assessment of the cost of the Local Government Pension Scheme on a national basis as per the Public Service Pensions Act 2013.

The Pensions Regulator

  • Type of service/provider: Regulators: the government, law enforcement bodies including local and foreign courts, tribunals and arbitrators, other judicial committees of enactments of laws.
  • Reasons for sharing data: Statutory - To comply with the Fund's statutory duty in the management and administration of benefits, this includes participation in the Cabinet Office's National Fraud Initiative for the purposes of the prevention and detection of fraud against the Fund and organisations within the public sector and the Government Actuary's department for the calculation of the triennial assessment of the cost of the Local Government Pension Scheme on a national basis as per the Public Service Pensions Act 2013.

The Scheme Advisory Board

  • Type of service/provider: Regulators: the government, law enforcement bodies including local and foreign courts, tribunals and arbitrators, other judicial committees of enactments of laws.
  • Reasons for sharing data: Statutory - To comply with the Fund's statutory duty in the management and administration of benefits, this includes participation in the Cabinet Office's National Fraud Initiative for the purposes of the prevention and detection of fraud against the Fund and organisations within the public sector and the Government Actuary's department for the calculation of the triennial assessment of the cost of the Local Government Pension Scheme on a national basis as per the Public Service Pensions Act 2013.

EQUINITI

  • Type of service/provider: Pension Administration System Software Provider
  • Reasons for sharing data: Software required to support statutory functions - To provide software management support in the delivery of the Fund's electronic pension case management and benefit calculation system.

CIVICA – On Demand Digital Mail

  • Type of service/provider: Third party printing provider
  • Reasons for sharing data: Statutory - To support the Fund in the production of written communication with members regarding their benefits.

Target Professional Services Limited

  • Type of service/provider: Tracing Service Third Party Contractor
  • Reasons for sharing data: Best practice to support statutory functions and service delivery - To accurately trace eligible members or third parties in order to fulfil statutory functions such as correct payment of benefits. The Fund upholds a Data Sharing Agreement with this party.

Available upon Request

  • Type of service/provider: Other Third Party Contractors
    Reasons for sharing data: Best practice to support statutory functions and service delivery - The Fund contracts third party organisations on an ad-hoc basis to carry out services as and when required on our behalf. Information regarding these organisations is available upon request. Where services are required on an ongoing basis, the Fund upholds Data Sharing Agreements with relevant data processors.


Who else may have access to your information?

The Fund procures the services of various providers to support its management and administration of the scheme. Those suppliers may have access to the personal data held by the Fund for the purposes of supporting the IT infrastructure only, they will not have access to the information for any other purpose.

The West Midlands Integrated Transport Authority Pension Fund is subject to an insurance buy-in, data is therefore shared with the provider Prudential.

Where members are subject to a TUPE arrangement, under instruction from the current employer the Fund may be required to share pension benefit information with any new employer.

Retention Periods

Under data protection laws, individuals have the right to have the information held about them deleted or removed from databases maintained by data controllers.

The Fund, in providing statutory duties under the regulations has determined that it cannot permanently delete a member's record. Should a member transfer out of the scheme, the Fund will retain a basic record confirming the member's name, contact, date of birth and national insurance number and any relevant documents determined by the Fund to support future statutory processing. The basic member details are required to be retained to enable the Fund to comply with statutory and legal obligations such as fraud prevention and GMP reconciliation. Data is held securely, as outlined in the Data Management Framework.

Compliance

Data subjects have the right to lodge a complaint with higher supervisory authorities if they suspect a data controller has unlawfully restricted access to their data or if the data controller has refused their request to the erasure of specified data without sufficient grounds. s.51 of the DPA fully outlines the circumstances where such complaints can be made.

Please refer to the Funds' Data Protection Policy for our statement with regards to our Data Subjects' individual rights under current data protection legislation.  

The supervisory authority that regulates the Information Governance of the Fund is the Information Commissioners Office (ICO). For more information making a complaint about how data controllers such as the Fund handle/process your data please contact the ICO.   

To contact the Fund for any further queries in regard to our Privacy Notice or data protection matters, please email our Data Protection Officer at wmpfdataprotectionofficer@wolverhampton.gov.uk

For more information relating to a member's rights under data protection law, please click on "Your Rights" tab on the left hand side. 

Your rights

What are your rights under Data Protection law?

One of the key obligations of organisations who manage, and control individuals' data is to ensure the individual is informed about their rights under Data Protection Laws, which gives them control over how their information is used and by whom.

The right to be informed

The Fund's Privacy Notice outlines what personal information the Fund will hold, who it will share it with and for how long the information will be held.

Should an individual feel that the information supplied in this Privacy Notice is inadequate or that it does not inform them about the how their information is used by the Fund, please contact the Fund's Data Protection Officer for more information at wmpfdataprotectionofficer@wolverhampton.gov.uk

The right of access

This is an individual's right to obtain 

  • confirmation that data is being processed
  • access to personal data
  • access to policies and information held by the Fund about how it uses data

This right enables individuals to verify that the Fund is using data appropriately as well as providing access to obtain copies of information it holds.

Individuals are entitled to see the information held and can request a copy by emailing wmpfsar@wolverhampton.gov.uk. Copies of the information requested will be provided within one month of receiving a validated request, where the individual member can be identified, with their identification verified through supporting information. However, should a request be more complex, the Fund's administering authority (City of Wolverhampton Council) may write to an individual or third party, informing them of any potential delay and when the information will be provided.

The right to rectification

Individuals have a right to have information amended or rectified if they believe it is inaccurate or incomplete.

If you believe any personal information we hold about you to be incorrect, please email us and we will amend the information accordingly.

The Fund operates a self-service platform called "Pensions Portal" where members can amend details the Fund holds about them, including name, address, bank details and nominations. Members are encouraged to use this platform to ensure the information the Fund holds about them is accurate and up to date. The Fund's Pensions Portal can be accessed at Pensions Portal.

The right to erasure / the right to be forgotten

This right allows individuals to request a company or body to delete any or all information they hold about them. However, the right to erasure does not provide an absolute 'right to be forgotten'. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:

  • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
  • When the individual withdraws consent
  • When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing
  • The personal data was unlawfully processed (i.e. otherwise in breach of the DPA)
  • The personal data must be erased in order to comply with a legal obligation

The Fund, in providing statutory duties under LGPS regulations has determined that it cannot permanently delete a member's record. Should a member transfer out of the scheme, the Fund will retain a basic record confirming the member's name, contact, date of birth and national insurance number and any relevant documents determined by the Fund to support future statutory processing. The basic member details and documents are required to be retained to enable the Fund to comply with statutory and legal obligations such as fraud prevention and GMP reconciliation.

The right to restrict processing

Individuals have a right to limit how the Fund uses data, including who it shares it with.

A request for information to be used for limited purposes will not result in the deletion of the information the Fund holds. Requests to restrict processing will be considered on a case by case basis, with the decision determined by the Fund's Data Protection Officer.

The Fund publishes a Privacy Notice which outlines how it uses data and who it shares it with. Should you wish the Fund to limit how we use your data please email wmpfdataprotectionofficer@wolverhampton.gov.uk  with the reasons for your request.

The right to data portability

This right enables individuals to obtain copies of the information the Fund holds in a format that is easily transferred to either individuals or another organisation.

This is particularly relevant to members who may choose to transfer out of the Fund to another LGPS Fund or a separate pension provider. The Fund will provide the information it holds to a new pension provider in a format that they can use. The transfer of pension benefits would not take place without the consent of the scheme member. In all cases the Fund would retain basic information about a member who has transferred out to prevent fraud and support the Fund's ability to respond to statutory queries (HMRC/GMP).

The right to object

In addition to the right to limit the use of data, individuals also have a right to object to the use of data for certain actions.

The Fund may share information with third parties, such as consultants or service providers. Under data protection laws you can object to the Fund sharing your data with these third parties.

Should an individual exercise their right to object, it will not limit the information they receive from the Fund, as it may still be required by law to provide certain information, such as annual benefit statements. Where individuals exercise their right to object, the Fund will take all reasonable steps to ensure requests are complied with, but that it also fulfils any legal obligation it has to provide information or supply services.

Children's data

Data protection laws specifically ensure the protection of children's data, as children may be less aware of the risks and consequences associated with the processing of their personal data.

Any information held by the Fund which relates to the personal data of a child under 13 is held with the consent of the parent or the person with legal parental responsibility.

Children aged 13 - 16 are generally regarded as having the appropriate level of understanding to provide their own consent for the use of their data, provided the Privacy Notice has been written in a way they can understand.

What data do we hold?

The West Midlands Pension Fund is required to hold information about its members to enable its management and administration of their pension benefits.

The personal details the Fund is required to hold are determined by law and the Fund will not hold any information which is not necessary to the management of member benefits.

What personal data is held

The Fund is regulated by the Pensions Regulator who has adopted Codes of Practice outlining the specific scheme data which is required for Funds to manage and administer pension benefits. This data is divided as Common Data (Data all Funds are required to hold about their members) and Conditional Data (Data which is specific to the West Midlands Pension Fund as a Local Government Pension Scheme)

Common Data Includes

  • Name
  • Date of Birth
  • National Insurance Number
  • Sex
  • The Date employment began with an eligible employer
  • Expected retirement date
  • Membership status (Active, Deferred, Retired)
  • Last status event
  • Address
  • Postcode

Conditional Data includes

  • Salary and Earnings (including casual hours and overtime)
  • Date of joining or leaving the pension scheme
  • Date of Retirement (if applicable)
  • Contribution history
  • Spousal history including any pension sharing orders

For more information on common and conditional data held by the Fund please visit the Pension Regulator's website.

Who is a 'Data Subject'?

Data protection law defines individuals whose data we hold as 'Data Subjects'. We have identified the following types of members as Data Subjects:

  • Active members
  • Pensioners
  • Deferred members
  • Ex-spouses
  • Former members
  • Potential beneficiaries
Where is my data stored?

All Local Government Pension Schemes collect and hold records about scheme members' identities and their time in the scheme in order to calculate and pay out benefits. Record keeping is a vital part of running a scheme and failure to maintain complete and accurate records means the Fund is at risk of failing to meet its legal obligations. Crucially, it can affect the Fund's ability to complete basic functions such as paying members the right amount at the right time and issuing annual benefit statements as required under the Local Government Pension Scheme Regulations.

Scheme employers of the Fund have access to their scheme member's records and data and are able to upload documents and queries to the Fund. This process assists in the management of our member data.

The City of Wolverhampton Council support the Fund's management of its computer systems and all software is managed in connection with the Council's Cyber Security Policy.

What is your data being used for?

The Fund will only use our members' data for the purposes of administering pension benefits. In order to administer those benefits we are required to undertake certain statutory duties.

The Fund has also produced Data Maps for each of its processes where a member's data is used to provide a service. The Fund has identified the following processes;

  • Active Member
    This relates to an individual who has joined an employer within the West Midlands Pension Fund and is entitled to join the Fund as a contributing member. View the Active member data map in the Downloads section.
     
  • Deferred Member
    This relates to an individual who has been employed by an employer in the West Midlands Pension Fund and was therefore a member of the Fund, but who has now left the employment of that employer and chose to retain their pension benefits although are no longer actively contributing to them. View the Deferred member data map in the Downloads section.
     
  • Pensioner Member
    This relates to an individual who is now in receipt of their pension benefits having been an active or deferred member of the Fund. View the Pensioner data map in the Downloads section.
  • Third Party Beneficiary
    This relates to an individual whose spouse or family member were a member of the West Midlands Pension Fund and who on their death nominated an individual to receive their pension benefits after they have died, this person is known as a third party beneficiary. View the Third party data map in the Downloads section.
  • Additional Voluntary Contributions
    This relates to an individual who, in addition to their statutory benefits, have chosen to take out additional voluntary contributions with the Fund's AVC provider, Prudential. View the AVC data map in the Downloads section.
  • Employer Admissions
    There are occasions where new employers join the West Midlands Pension Fund and information regarding their employees are passed to the Fund to manage their pension benefits. View the Employer admission data map in the Downloads section.

For more information you can view our Data Maps in the Downloads section.

Who is processing your data?

In order to comply with our statutory duty to provide pension benefits, there are certain occasions when we are required to share your data with third parties. This will be shared in limited circumstances in compliance with our legal duties.

Who is processing your data?

  • Employer
  • Auditor
  • Third-party contractors
  • Trustees
  • Investment adviser
  • Legal adviser
  • Actuarial adviser