The Pensions Regulator (TPR) is a data controller for the purposes of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We process personal data we hold for the purpose of the exercise of any of our statutory functions and objectives. We may also process personal data under other legislation such as the Fraud Act. This includes, for the avoidance of doubt, taking regulatory or enforcement action for breach of any of these legislation.
Exchange allows you to provide information about your work-based pension scheme to TPR, as statutorily required. Failure to do so may lead to enforcement action being taken against you. In some circumstances other information may be required from you. This will relate to or be in connection with our statutory functions in relation to your pension scheme. Where you provide personal data of another individual we ask that you ensure you have the necessary consent or authority to do so.
We will only store your personal data for as long as TPR’s retention schedule allows. During this time, you may be able to exercise certain rights in relation to your personal data such as the right to access, objection and data portability. If you feel that we have handled your personal data in a manner inconsistent with your rights, you may lodge a complaint with the Information Commissioner’s Office (ICO).
If you have any questions about how we handle your personal data please contact our Data Protection Officer (DPO) by email at firstname.lastname@example.org or you can write to us at Napier House, Trafalgar Place, Brighton, BN1 4DW. Further information on how your personal data is used, kept secure and your rights can be found by reading our privacy notice.