What information we hold and what we do with it
HSBC Bank Pension Trust (UK) Limited (the “Trustee”) is the trustee of the HSBC Bank (UK) Pension Scheme (the “Scheme”).
We gather, hold and use personal information (also known as personal data) relating to members and former members of the Scheme, their family and dependents. We are committed to protecting, keeping secure and processing fairly and lawfully the personal information we gather, hold and use. This Privacy Notice explains how we do this.
We will amend this Privacy Notice from time to time to keep it up to date.
This Privacy Notice is available on futurefocus. If you would like a hard copy please use the contact details in section 12 below.
Where you have provided us with personal data about other individuals, such as family members or your other dependents, please ensure that they are aware of the information contained within this notice.
1 About the Trustee
For the purposes of the data protection laws, we are a 'controller' of the personal information we gather, hold and use about you, your family and other dependents as we decide the purposes for and how the personal information we gather and use is processed.
2 The kinds of personal information we gather and use
We use different types of personal information depending on a person’s circumstances at the time. This may include some or all of the following information about you, your family and other dependents:
name (including former names), date of birth, gender, status – whether single, married, in a civil partnership or other relationship akin to marriage or civil partnership, postal address (and former addresses), telephone number(s), email address, recordings of phone calls made to the Scheme administrator(s), Cookie id, IP address, browser type, browser version, national insurance number, employee and/or scheme number, tax details, details of bank account for the purpose of paying benefits, details about your dependants and/or beneficiaries (including their names and possibly details of their gender), relevant employment information (including current and past salary and benefits information, employment dates, absence information, details of salary sacrifice arrangements and working hours), details about pension benefits and, where you have a DC pension pot, relevant details including investment choices, contribution history and your intended retirement date. We will also retain copies of identification materials e.g. passports/birth certificates etc., where appropriate.
As part of running the Scheme, we may also need to hold and process particularly sensitive information about you and/or your dependants and beneficiaries (known as “sensitive personal data” or “special categories of personal data”). See section 5 below for further details.
3 How we gather your personal information
We gather personal information from many sources including the following:
• directly from you / the Scheme member
• Scheme related websites
• from your current or former employer, including any payroll provider
• from persons acting as personal representatives of a deceased person’s estate
• from a public body such as HMRC
• from public databases such as the Register of Births, Deaths and Marriages
• from other pension schemes, where transfers into the Scheme have been made
• from an independent financial adviser, solicitor, medical professional or other person instructed by you to provide us with information
• from other third parties including, for example, your next of kin or anyone else entitled to benefit from your membership of the Scheme
• our advisers or others set out in section 7 below.
4 Our legal basis for using your personal information
We use personal information to comply with our legal obligations to provide benefits as well as complying with the legal requirements governing the operation of pension schemes. In addition, we have a legitimate interest in processing personal information about you so that we can, amongst other things, properly administer the Scheme and calculate and pay benefits.
Although you can object to processing on this latter ground, this objection can be overridden where there are compelling reasons (e.g. because we need to process personal information to meet our legal obligation to pay benefits).
5 Special categories of data
Special categories of personal information include information about an individual’s health or sexual orientation or information about a criminal conviction (this will be particularly relevant to us where a conviction has resulted in an individual owing money to an employer or former employer and that employer may be reimbursed from the person’s benefits). Further legal grounds apply before we can process special categories of personal data, these being that:
• you must give your explicit consent (unless an exemption applies)
• where you have made the special category of personal information manifestly public
• the information is required to establish, exercise or defend legal claims.
Where we have your consent, you have the right to withdraw it. We will let you know how to do that at the time we gather your consent.
6 How we use your personal information
We gather, hold and use personal data to meet the legal requirements referred to in section 4 above:
• to provide benefits as they fall due and ensure they are paid to or in respect of the right person
• to manage liabilities
• for internal statistical, financial modelling and reference purposes (e.g. when we assess how much money is needed to provide members’ benefits and how that money should be invested)
• to administer (where relevant) DC members’ DC pension pots including the allocation of contributions and implementing investment choices
• to communicate with members and others and help with the development of communication strategies to provide an enhanced member experience
• to provide members with education and guidance services.
We may, subject to compliance with the data protection laws, process personal information for another purpose if that purpose is compatible with the purposes set out above.
7 Sharing your personal information with others
We share personal data we hold with trusted third parties including those set out below.
For administration purposes:
• personnel in the Pension Scheme’s Executive (including any secondees engaged to provide professional services to the Pension Scheme’s Executive or Trustee from time-to-time)
• members’ and beneficiaries’ own advisers (where they have authorised information to be shared)
• the Scheme’s administrators, being responsible for the day-to-day administration of the Scheme
• the advisers and printers who help to prepare the various communications which are sent to members and others
• appointed providers of life insurance and additional voluntary contributions
• tracing bureaus for mortality screening, existence checking and locating, and subsequently verifying the identity of, members and other beneficiaries (both in the UK and overseas)
• organisations to whom personal information is sent to effect pension payments
• the Scheme’s professional advisers, including the Scheme actuary, actuarial advisers, auditor, medical advisers, investment advisers, benefit consultants and lawyers.
For compliance purposes:
• Government and regulatory bodies (we can be fined and subject to other action if we fail to provide certain information to certain authorities)
• UK courts for the purposes of processing pension sharing orders
For other purposes:
• HSBC and other HSBC Group employers (and potential purchasers of any part of the Group’s business) so that they can understand, monitor and evaluate their liabilities to the Scheme and implement liability management exercises and for any other purpose for which the HSBC Group has a legitimate interest in processing personal information relating to members and beneficiaries of the Scheme
• where we seek to provide benefits in other ways, such as with insurance or by facilitating the provision of annuity options, then we may need to share personal information with insurers and other pension scheme operators
• insurance companies and other organisations for the purposes of liability and risk management exercises.
If this link does not work please copy and paste it into a new tab.
8 Security and save storage of your personal data
The security of the data we hold is very important to us and we take this seriously. We will use appropriate procedures and security features to process and protect your information as will the third parties we engage for the purposes of the Scheme. Any transfer of your personal data is done securely and consideration is always given to the most secure and efficient way of doing this, such as with the encryption or pseudonymisation of personal data.
9 International transfers
The data protection laws restrict transfers of personal information outside of the UK, unless there is adequate protection for the data or prescribed steps have been taken to ensure that the data is protected. Where any third party engaged by us or a third party with whom we share data wishes to process data in a country or territory which has not been deemed to provide adequate protection by the Information Commissioner’s Office (the “ICO”), they must inform us and commit to ensuring that such processing complies with the stringent security measures we require and the data protection laws (e.g. by standard contractual clauses being put in place). Further details of any measures in place may be obtained using the contact details in section 12 below.
10 How long we keep your personal information for
We keep all personal information safe and secure and only hold it for as long as necessary. We will keep relevant personal information for as long as is required to meet the purposes for which it was collected. In practice, this means for the life of the member, or the life of the last remaining beneficiary associated with the member, plus 7 years.
However, there may be reasons why we need to keep personal information for longer such as for claims, data migration or archiving purposes. We will review the personal information we hold in relation to the Scheme every three years. If the decision is taken that certain personal information is no longer needed, the personal information will generally be destroyed, erased or made inaccessible.
11 Your privacy rights
You have the following legal rights in relation to the personal information we hold about you:
• Access to your personal information – you can request access to a copy of the personal information that we hold about you. Please make all requests in writing. You may be asked for evidence of your identity. Information will generally be provided to you free of charge, although we can charge a reasonable fee in certain circumstances. Please note that we can in some circumstances refuse to act on requests.
• Correction – you can ask us to change or complete any inaccurate or incomplete personal information held about you.
• Erasure – you can ask us to delete your personal information where it is no longer necessary for us to use it or where we have no lawful basis for keeping it.
• Restriction – you can ask us to restrict the personal information we use about you in certain circumstances, for example, whilst a complaint about its accuracy is being resolved.
• Objection – you can object to us processing your personal information on the grounds of legitimate interests.
Please note that your objection to processing, and/or your request to restrict processing or to erase your personal information, can be overridden in certain circumstances.
Make a complaint - if you are not satisfied with our response to any query you raise with us, or you believe we are processing your personal data in a way which is inconsistent with the law, you can complain to the Information Commissioner’s Office (“the ICO”) whose helpline number is: 0303 123 1113. The details for the ICO’s website are ico.org.uk.
12 Who to contact about your personal data
If you wish to:
• obtain a hard copy of this Privacy Notice
• see your personal information or exercise any of the rights mentioned at section 11 above
• make a complaint about how we have handled your personal information
Please contact the HSBC Administration Team at Willis Towers Watson using the contact details set out below
Willis Towers Watson
PO Box 652
Surrey RH1 9AL
Phone: 01737 227575
From 30 May 2022, if you are a hybrid, DB or Pensioner member you will need to contact the Scheme Administrators, Equiniti. Please use the appropriate details below.
Phone: 0371 384 2631
Deferred DB or Pensioner members:
Phone: 0371 384 2620
HSBC Bank (UK) Pension Scheme, PO Box 5227, Lancing, BN99 9FN