Group Life Master Trust Data Protection Policy

1. Purpose

This notice applies to all potential beneficiaries of a number of Group Life Master Trusts where PTL Governance Limited acts as Trustee.

Looking after the personal data we hold as part of our beneficiary investigations is hugely important to us. We want you to be confident that your data is safe and secure with us, understand how we use it, and who we share it with.

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this notice, which:

a) Sets out the types of personal data held by PTL Governance Limited as Trustee to the Group Life Master Trusts (GLMT)
b) Explains why we hold and how we use your personal data
c) Explains the rights and choices you have when it comes to your personal data.

It is the responsibility of Data Controllers to explain their data processing activities to affected individuals. This Data Protection Notice provides information regarding the data processing activities of the Trustee, as Data Controller.


2. Definitions

This section sets out the definitions of key words and phrases referred to throughout the notice.

Data Controller is an organisation that decides how personal data will be processed. The Data Controller for this notice is the Trustee of a number of GLMTs (see definition below).

Data Processors are organisations that process personal data on the instructions of a Data Controller.

Group Life Master Trust is a trust used by employers to provide life assurance benefits for their employees; when a benefit becomes payable, the Trustee must decide who will receive the benefit or a share of it.

Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights in the public interest.

Management Information is summary data prepared to measure service levels and number of activities completed.

Personal Data is the term we use to describe your personal information. Further details of the personal data that we hold are contained in section 3.4 below. Personal data may be available in different formats; for example, electronic or paper.

Service providers are organisations appointed by the Trustee to help them fulfil their duties to support the GLMT administration (e.g. HSBC, our bank responsible for making payments).


3. Policy Requirements

3.1    Identifying Purpose

We use your information for the following purposes:

a)    Communicating with you in relation to determining recipients of death benefits.

b)    General administration of the GLMT by the Trustee and its service providers, including for reviews we conduct for Management Information purposes.

3.2    Basis for processing Personal Data

Our use of your information as described above is permitted by applicable data protection law because it is:

(i)   Necessary for our legitimate interests in pursuing the purposes set out in (a) and (b) above.
(ii)  In some cases, necessary to meet our legal or regulatory responsibilities, such as disclosures referred to in (b) above in response to legal and other regulatory requests.

3.3    Sources of Personal Data

Personal data can be sourced:

  • Directly i.e. personal data we receive directly from you.
  • Indirectly i.e. personal data we collect from other sources such as the employee who nominated you as a potential beneficiary, the deceased’s employer or solicitor managing their estate.

 

3.4    Personal Data we collect and how we collect it

We collect personal data directly and indirectly as described above. We then retain personal data including: contact details, gender, name, age and details of your financial dependency to the deceased. Additionally, we collect details of your bank/payment details if we decide to make a payment to you.


3.5    How and why we use Personal Data

We collect and use personal data about you to help the Trustee decide the recipient/s of death benefits due.

This may involve, amongst other things, the following:

  • For the Trustee to comply with its legal and regulatory obligations or good practice for example in relation to taxation and submitting reports to HMRC.
  • For research, statistical or analytical purposes, for example producing Management Information for the insurance company for the GLMT.


3.6    Sharing your Personal Data

We may share your personal data with:

  • Service providers such as suppliers that provide us with IT support or professional service companies to give us advice (such as law firms)
  • Regulatory bodies, such as HMRC.

We will obtain your consent before sharing any sensitive personal data about you such as information relating to sexual orientation or health.

 

3.7    Collection, Use, Disclosure and Storage of Personal Data outside of the European Economic Area

We do not share your information outside of the European Economic Area.

 

3.8    How we protect your Personal Data

We know how important it is to protect and manage your personal data and have the following measures in place to do this.

We use computer safeguards such as cyber security software and firewalls, and we enforce physical access controls to our buildings and files to keep this data safe. We protect the security of your information while it is being transmitted by encrypting it.

We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data.

We will ask for proof of identity before we make any payment to you.


3.9    How long your Personal Data is retained

We need to store personal data about you. We do our best to make sure that all of this information is kept securely and that we only store it for as long as we need it.

We will keep your information in accordance with PTL’s Data Protection Policy, which is modified or amended from time to time and is available on request. Documents subject to legal or regulatory hold are retained as long as the legal or regulatory hold remains in place.


3.10    Enquiries

If you have any questions regarding the processing of your personal data by the Data Controller please contact:

Data Privacy Manager
PTL Governance Limited
Park House
Park Square West,
Leeds,
LS1 2PW

Any complaints should also be addressed as above. You can also lodge a complaint about our processing of your personal information with the office of the Information Commissioner (www.ico.org.uk).


3.11    Exercising Your Rights

You have rights of access to and rectification or erasure of your personal data in certain circumstances. You can also restrict or object to the processing of your data (unless the processing is necessary for us to meet our legal obligations) although this may affect the Trustee’s ability to pay benefits to you under the GLMT.

You also have the right to withdraw your consent to the use of your information, to the extent such use is based on your consent.

You may exercise your rights by contacting us at the address shown above.


4     Policy Review and Update

The Trustee Data Protection Notice is non-contractual. It is maintained by the Trustee and made available on the PTL website.

 

May 2018