Pensions and Lifetime Savings Association (PLSA) Privacy Notice
This privacy notice explains how the PLSA collects and uses personal data in line with the General Data Protection Regulation (GDPR) and other UK data protection laws. This notice relates to individuals connected through an organisation’s membership of the PLSA, suppliers, individuals with an interest in pensions who have attended events or training supplied by the PLSA, or individuals who have agreed to receive emails from us.
Personal data we process
The Pensions and Lifetime Savings Association is the data controller. Our named contact is: Mark Cooke, COO firstname.lastname@example.org.
Personal data is information about an individual that allows someone to directly, or indirectly, identify a natural, living person. It does not include anonymised information. We may hold personal data because you, or an organisation you work for, or supply services to (such as a trusteeship), supplied it to us, or because it is publicly available.
The categories of personal data we collect include title, name, job title, work email address or in some cases personal email address, postal address and telephone number. We will also hold information about your attendance at events and training and related information such as food allergies and session preferences. Sometimes we will also collect additional personal data that you share with us in meetings or by email which we will record to inform services we offer to you and our work as a trade association. We additionally hold information as to whether we can share your personal data with named third parties – we will always ask you to opt in to do this on a case by case basis and you can always choose to change those preferences. We have sharing agreements with all of our third parties, in order to ensure compliance with the GDPR.
We may also collect information from you as a result of our website cookies, which are text files placed on your computer to log information, track visitor behaviour and compile statistical reports and email tracking software, which means we can monitor our email marketing and member benefits. You can set your browser not to accept cookies but this might affect the performance of some website features. For more information you can read our cookies policies here.
You do not have an obligation to provide us with your personal data but we will not be able to supply you with information relating to our services if you do not do so and we will not be able to perform our contractual obligations to you as a paid-up member.
How we use your personal data
We process your personal data for the purposes of pursuing our business interests as a trade association.
- Operating our trade association day to day including responding to queries.
- Keeping you updated about the pensions and lifetime savings industries.
- Sending you information about the PLSA’s policy work, research, and business services relating to pensions and lifetime savings.
- Organising events and training on pensions and lifetime savings.
- Ensuring compliance with IT policies and information security.
- Collecting information on your preferences and your specific interests in policy and events subjects.
We process your personal data on the following legal basis:
Contract: If you are a member of the PLSA, you have a contractual relationship with us. In the pursuit of that contract, we process your personal data and we require to hold the contact information of one individual in order to send that individual information relevant to the organisation’s membership with PLSA.
Legitimate interest: We may process your personal data or contact you when we have a legitimate business interest in doing so, as long as it does not infringe on your personal privacy rights. This can include communications about information on the PLSA’s policy work, and PLSA events and training.
Consent: We hold the personal data of individuals who have signed up to our services by contacting us directly.
We always seek consent when sharing data or using data in a way that does not fall under contractual obligations, legal obligations and/or our legitimate business interest. You can withdraw your consent at any time.
Who we share your information with
We share your information with third party service providers where they reasonably require it in order to perform their contractual obligation or other legitimate business interests. Our service providers include:
- A call agency which conducts some marketing and meeting set up for us. eg Perfect Pitch
- Research agencies eg Opinium, ICM, Breaking Blue, ComRes
- Third parties included in our events organisation, such as our event app, badging, scanning and live web streaming suppliers eg Crowd Compass, Reftech and Amigo.
- Event Sponsors (we will however, seek your express consent for your details to be shared) eg Investment and fund management organisations (Asset managers, investment consultants, custodians, drawdown management companies, banks, insurers and brokers, buyout companies and private equities funds) and Professional Administration and support (solicitors, actuaries, independent trustees, accountants, third party administrators, service providers to asset managers, buyout companies and private equities funds)
- Publishers, including the supplier of our Yearbook and the publishers of the magazines which provide member benefits – LAPF magazine, Pensions Expert, Pensions Age and Pensions Insight magazine. You can opt out of receipt of these at any time.
- Mailing agencies to fulfil the design and postage of publications, such as our Made Simple guides eg Arc, Full Spectrum
- Mailing agencies to fulfil the legal obligations of the PLSA as a Company limited by Guarantee. eg Snapmail
- If you serve on a PLSA committee, we may also share your details with other attendees and committee members – eg committee agendas, minutes and delegate lists.
All our partners with whom we share data are GDPR compliant and we have signed agreements with us.
Transferring information outside the EU
Rarely, we may need to transfer your personal data to third parties outside the EEA in order to achieve our objectives around data processing. In this event we will only transfer personal data if the third party is in a country that has been confirmed by the EC to provide adequate protection or the third party has agreed by written contract to comply with the protections required by UK data protection law.
Keeping your personal data
We will retain your personal data for as long as is necessary for us to fulfil the purposes for which we collected it and for as long as we have business reasons for doing so. If we have a data breach we will inform the Information Commissioners Office (ICO) within 72 hours of the breach and we are reviewing our internal safeguarding policy.
Your rights and responsibilities
You have the right:
To be informed: You have the right to know what personal data we hold on you and for what purpose.
Of access: You have the right to access to your personal data (through a ‘subject access request’)
To restrict processing: You can withdraw your consent to our processing your personal data.
To rectification: You can have details corrected where we hold inaccurate personal data
To erasure: You have the right to be forgotten and to have your personal data deleted if you no longer wish for us to hold it.
To data portability: You can ask us to send you, or another organisation, your personal data in a format that can be read by computer.
To object: You can complain to the ICO and other supervisory authority.
Related to automated decision-making processes and particularly marketing. You will always be able to opt-out from our marketing communications and you can withdraw consent at any time.
We will not charge a fee for you to access your personal data. However, we may request an extension if the request is clearly deemed excessive.
Questions and complaints
Questions about this policy should be directed to Mark Cooke, COO – email@example.com. You also have the right to lodge a complaint with the ICO. www.ico.org.uk