Your Pension - Your Future 

We, the Trustees of the Zurich Financial Services UK Pension Scheme will use your personal details to assess, deal with and pay any benefits you may be entitled to under the rules of the Zurich Financial Services UK Pension Scheme and also (if applicable) of Zurich Financial Services UK (Unregistered) Life Insurance Scheme. We will handle your data in compliance with all relevant data protection legislation, including from May 2018 in compliance with the General Data Protection Regulation (GDPR).

The Trustees are joint data controllers with two other third parties; the Scheme Actuary and the Scheme auditor, in respect of your personal information for the purposes of applicable data protection legislation. They are required to notify you with the following information regarding the collection, holding, use, disclosure and transfer (collectively known as 'processing') of personal information (or data) relating to you. 

Personal information collected about you

In addition to any information supplied by you, personal information about you may be obtained from other sources, particularly the Zurich group and, where applicable, any former pension scheme or employer of yours. The information may include such things as dates of birth and earnings (in order to calculate benefits and contributions) and bank account details (in order to pay pensions). Other personal information may be held, such as a member’s wishes with regard to the distribution of any lump sum death benefit. If health or other sensitive information is to be processed, you will be contacted separately.

Use of personal information

Under the GDPR the Trustee is permitted to process personal information to administer the scheme and generally to fulfil its legal and regulatory obligations. It may also process personal information in connection with legal proceedings or disputes or where it has some other legitimate interest in doing so; e.g., members’ personal information may help the Trustee and its advisers derive an appropriate investment strategy for the defined benefits section of the Scheme.

Disclosure of personal information

Personal information may be transferred to and processed by the ZPen Team and other third parties and contractors involved in the running of the Scheme. These include service providers who carry out administration functions, the Scheme Actuary who carries out periodic valuations of the Scheme’s assets and liabilities, Hymans Robertson (read the Scheme Actuary's privacy notice), the Scheme auditor, Ernst & Young (read our auditor's privacy notice) and other professional advisers.

In addition, personal information may be converted into pseudonymised form so that it can be shared with a service provider in order to provide longevity (life expectancy) analytics and related information for the purpose of valuing the scheme's liabilities.

Also Zurich's computer systems are used for scheme purposes and so personal information will be stored on them. Zurich and other third parties and contractors will be subject to confidentiality requirements under which they may only access and process personal information as described in this notice. Personal information may also be transferred to others where they have a legitimate interest in processing it or the trustee is required by law to provide the information, including:

• Zurich group companies (e.g. to formulate a compensation or termination package);
• any buyer or prospective buyer of any Zurich company or business (e.g. for due diligence purposes);
• other pension schemes and insurance companies to whom transfer payments may be made or benefits secured; and
• HM Revenue & Customs, the Pensions Regulator and other statutory bodies

We have a legitimate interest in properly administering the Scheme. For this reason we will from time to time share your personal data with insurers. We will share some limited personal data when we are looking at purchasing and pricing up insurance contracts called 'annuities' (unless that can happen based on anonymised data). We will share additional personal data when we purchase that type of insurance contract from the chosen insurer. 

We would assess whether your own interests, rights and freedoms under data protection laws are such that they outweigh our own legitimate interest in purchasing these types of insurance contracts to properly administer the Scheme. This would have to be assessed each time we look at purchasing these types of insurance contracts. 

We would notify members to explain about the particular annuity policy and who the insurer is at the appropriate time if we do purchase these types of policies.

Retention of personal information

In the main the personal information obtained will be retained indefinitely as benefit claims and queries may be made at any time but any details which the Trustee considers need no longer be retained will be erased.

Transfers of personal information outside the UK

Under the GDPR personal information may be transferred to any country within the European Economic Area (EEA) or which is recognised by the European Union as having comparable data protection laws, such as Switzerland. Whilst not currently envisaged it is possible that personal information may be transferred and processed elsewhere in future. The Trustee will ensure that if the transfer is not otherwise authorised, protections similar to those in the EEA apply to the information. For example, the recipient may have contracted to protect the information or, if it is in the US, it might be a certified member of the EU-US Privacy Shield scheme. You may obtain further information and a copy of any applicable contractual provisions by contacting the Scheme Secretary.

Your rights

You have a number of rights in relation to the personal information which is held about you, including:

• the right to see the personal information and to be provided with details regarding the processing of it;
• the right to have the personal information rectified if it is inaccurate or incomplete;
• the right to request that the personal information is erased or, in certain circumstances, to object to it being processed or to request that its processing is restricted. Please note however that any exercise of these rights will not be binding on the Trustee insofar as the Trustee is entitled to retain and process the information; and
• the right to complain to the data protection regulator, the Information Commissioner’s Office, which may be contacted via its website or telephone 0303 123 1113.