Privacy Notice

Last Updated: May 2026

This Website Privacy Notice applies to Smart Pension Ltd, registered in England and Wales (No. 09026697) with its registered address at 136 George Street, London W1H 5LD and its affiliates ("Smart", "we", "us", "our"), in respect of the smart.co website and explains how Smart collects and processes personal data when acting as a "data controller" – for example, when you interact with us directly, such as through our website or communications.

This Website Notice only applies to smart.co website. If you are a member or client of the Smart Pension Master Trust or use any of our other pension-related services, please refer to the relevant Privacy Notice available on our website.

Personal Data We Collect, Purposes and Legal Basis

When you contact Smart directly or use our website, Smart may collect and use personal data for its own purposes. In these cases, Smart acts as a data controller.

We may collect the following types of personal data:

  • Basic identification and professional information, such as your name, surname, job title, location and the company or organisation you represent. 
  • Contact information including your email address, telephone number, and any other details you choose to provide.  
  • Website usage and technical data, such as IP address, browser and device information, and interactions with our site. 

We use cookies and similar technologies to support the operation of our website and to distinguish you from other users of the website. This helps us to provide you with the best online experience when using our website. For more information on how we use cookies, please visit our Cookie Notice for more details about our use of cookies.

Our website uses anonymous tracking through local storage to monitor website performance and user interactions. These identifiers do not contain any personal information and cannot be used to identify you. This allows us to understand how the site is used and improve its performance.

Who do we share your Personal Data with?

Smart may share Personal Data with other companies within the Smart Group of companies when such sharing is necessary to fulfill our contractual obligations to Customers and to ensure seamless service delivery. This intra-group sharing is conducted under strict controls and is limited to information necessary for service provision. 

Smart also maintains strategic collaborations with carefully selected third-party service providers, known as processors, to enhance our ability to deliver services to our Customers. Personal Data is shared with our processors only under strictly controlled conditions that ensure appropriate protection and legitimate use. 

In addition, Smart may disclose Personal Data when required to do so in order to comply with a legal obligation, lawful request, or regulatory requirement.

International Data Transfers

Where Personal Data is transferred outside the UK or the European Economic Area (EEA), whether within the Smart Group or to authorised third-party service providers, Smart ensures that such transfers are protected through appropriate safeguards. 

These may include the use of UK-approved Standard Contractual Clauses or other legally recognised transfer mechanisms, alongside technical and organisational controls to ensure the continued protection of Personal Data.

How long do we keep your Personal Data?

Smart will maintain and preserve your Personal Data for as long as we have a legal obligation, contractual requirement, or legitimate business need to retain such information according to our own policies. 

When establishing a retention period for specific categories of Personal Data, we consider who we collected the data from, our need for the Personal Data, why we collected the Personal Data, and the sensitivity of the Personal Data. When we have no ongoing legal basis to process your Personal Data, we will either permanently delete or anonymise it. 

Security 

Smart has implemented a robust and comprehensive set of technical and organisational measures designed to protect the Personal Data. Our security framework aligns with ISO/IEC 27001 for Information Security Management, underpinned by formal policies and procedures.

We safeguard against risks such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data that is transmitted, stored, or otherwise processed. Our ISO 27001 certification, along with our adherence to best practices and security standards, demonstrates our commitment to ensuring the confidentiality, integrity, and availability of data.

Your rights in relation to Personal Data processing

Individuals have enhanced rights attached to Personal Data that Smart processes about them. The rights available to individuals include:

  • To obtain information on the Personal Data processed concerning you and to obtain a copy of such data (right of access); 
  • To rectify  any inaccurate Personal Data and, having regard to the purposes of the processing, the completion of incomplete Personal Data (right to rectification); 
  • If there are legitimate reasons, to request the deletion of the Personal Data (right to erasure); 
  • To request the restriction of the processing of the Personal Data, if the legal requirements are met (right to restriction of processing); 
  • To withdraw your consent to processing at any time, if the data processing is based on consent, provided that such withdrawal does not affect the lawfulness of the previous processing of your data (consent withdrawal); 
  • To receive the Personal Data provided by you in a structured, commonly used and machine-readable format and to transfer this Personal Data to another controller or, if technically feasible, to have it transferred by us (right to data portability); and 
  • Not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you in a similar way, if the legal requirements are not met (not to be subject to automated processing). 
  • To object, where applicable law provides, to the processing of your data (right to object): 
    • which is being processed for the purposes of our legitimate interests (where applicable and depending on the country you are based) unless such interests outweigh your individual rights; and/or 
    • for direct marketing purposes, without any special reason

Contact Us 

We have appointed a Data Protection Officer who oversees questions in relation to this notice.  If you do have any questions about our privacy policy,  or wish to exercise any of your rights or would like to make a complaint, please contact privacy@smartpension.co.uk. We will acknowledge your complaint within 30 days of receipt and respond without undue delay. 

In the event that you are dissatisfied with the outcome of your complaint, you then have the right to escalate it to the Information Commission (formerly Information Commissioner’s Office), the UK's independent body set up to uphold information rights. You can find out more about the Information Commissioner's Office on its website

Changes to the Notice

We keep this Notice under regular review and may change it at any time. We will tell you about any significant changes. Any changes we may make to this Notice in the future will be posted on this page. Please check frequently to see any update or changes to this Notice.