Privacy Policy

Updated January 2025

Introduction

This privacy policy (Policy) is issued by the Trustee of the Smart Pension Master Trust and tells you how your personal information is collected and processed. 

The Smart Pension Master Trust is a pension scheme, authorised and regulated by The Pensions Regulator, that helps members save for their retirement.

Smart Pension Limited is the scheme funder of the Smart Pension Master Trust (Smart Pension). 

This Policy applies to all members (both active and deferred, as well as those accessing their benefits), former members, employers, advisers, and beneficiaries of the workplace pension scheme (the Smart Pension Master Trust). It also applies to visitors to our websites and other individuals who contact us or interact with us through our websites.

More about Smart

Pension products

If you want further information on our pension products, visit: www.smartpension.co.uk, and www.smartretire.uk

Members

For information specific to members, please visit www.smartpension.co.uk/members.‍

Data controllers

The Trustee and Smart Pension are joint data controllers in relation to your personal information. They are responsible for the collection, use and processing of your personal information in accordance with applicable data protection laws. 

The Trustee is registered with the Information Commissioner’s Office under number ZA135972. 

Smart Pension is registered with the Information Commissioner’s Office under number ZA070575.

What is personal information?

Personal information broadly means information that identifies (or which could, with other information that we hold or are likely to hold, identify) a living individual. This includes any information you provide to us or is provided to us by someone on your behalf such as your employer, financial adviser and other third parties including government agencies such as HM Revenue & Customs.

What types of personal information do we hold?

We collect and process the following information about you:

  • Personal details such as your name, gender, age, date of birth, contact details (e.g., your address and postcode, email address, telephone, and mobile numbers), and identifiers such as your national insurance number, pension or member reference number and employee number (where applicable).
  • Details of your family, lifestyle, and social circumstances. This could include details about your current marriage or civil partnership, any previous relationships and details of your family and dependants.
  • Employment details such as your earnings, length of service, employment and career history, recruitment and termination details, absence record, job title and job responsibilities.
  • Other financial details such as any other income, other pension arrangements, bank account details (e.g., to process pension payments) and your tax code.
  • Information about your physical or mental health (where there is a legal basis for us to do so under data protection laws).
  • Information about criminal convictions if these relate to money owed to your employer in circumstances where they are entitled to be reimbursed from your pension benefits.
  • Information about your dependents and beneficiary nominees. 

If we ask you for other information in future (for example, about your health), the Trustee will explain whether you have a choice about providing it and any consequences if you don’t do so.

Where do we get your personal data from?

You may provide your information to us by: 

  • Filling in forms on our website, when you register with us, request information, report problems or require additional services.
  • Corresponding with us and our service providers (such as by the secure mail in your account area, email, letter, text, phone or otherwise).
  • Completing a survey request.
  • Your distribution of any referral or affiliate link.
  • Participating in competitions and promotions run by Smart Pension.

The Trustee may receive your information from you, your representative or adviser, your employer, their representative or adviser and/ or Smart Pension.

Smart Pension may receive your information from another scheme if you have transferred benefits from that scheme, government agencies such as HM Revenue & Customs, ; and publicly accessible sources (e.g., the electoral roll) if the Trustee has lost touch with you and is trying to find you.

Sometimes the Trustee will obtain your personal information from trustees of other pension schemes who are considering making a ‘bulk transfer’ of assets from those other schemes into the Smart Pension Master Trust. Before that kind of transfer could happen, the Trustee would need to evaluate, negotiate, and prepare for it.

This would include testing that the personal information coming across is sufficient for the transfer to happen properly in accordance with the rules of the Smart Pension Master Trust. This testing is necessary for the legitimate interests of the Trustee in deciding whether to give effect to the transfer.

The Trustee has carefully balanced its legitimate interests against your own rights and freedoms under data protection laws. The categories of personal data shared with the Trustee for this testing are as described in the section “Information the Trustee holds”. If the transfer doesn’t proceed after completion of the testing, the Trustee will securely return or destroy your personal information, unless a copy must be retained to defend legal claims or for other reasons in relation to legal claims.

Other information we may hold about you

Smart Pension may collect details about your visits to our website, including your IP address, browser type, traffic data, length of visit, resources used or viewed, location data, operating system and similar information. Smart uses cookies when you visit our website (unless your browser settings do not allow this). This information allows us to monitor engagement, performance, improve design and functionality as detailed below.

Please visit our Cookie Policy for more details about our use of cookies.

Use of Artificial Intelligence

We may use artificial intelligence (AI) models in the course of providing services to you to enhance your user experience. We will not use your information to train the AI model. When you interact with the AI model, further information will be provided on how the model processes your information. We never use AI for automated decision-making. 

How do we use your information?

We use the personal information we hold about you for a number of reasons including the following: 

  • To carry out our responsibilities and administer your pension benefits. 
  • To verify your identity. 
  • Communicate with you and inform you of changes to the Smart Pension Master Trust and/ or your pension benefits. 
  • Comply with our legal obligations or to comply with regulatory reporting and disclosure requirements. 
  •  Prevent and detect financial crimes such as money laundering. 
  • Improve our services and processes. 

Using your information in accordance with the Data Protection Laws

Data protection laws require us to meet certain conditions before we can use your personal information. We rely on the legitimate interest condition that allows us to use your personal information to comply with our legal obligations in relation to the Smart Pension Master Trust. 

We will keep the amount of personal information collected and the extent of any processing to a minimum.

We will only process 'sensitive' or 'special categories' of personal information (e.g., information about your health) where you have explicitly consented to this or where there is an alternative legal basis for processing this information(e.g., it is required by law). This may mean that you will be asked to sign consent forms in the future. If you don't consent to our processing this information when asked to do so, it may mean that we are unable to pay benefits to you or your dependents. Once you have given your consent, you can withdraw it at any time by writing to us using the contact details below.

We will only process information about criminal convictions if these relate to money owed to your employer in circumstances where they are entitled to be reimbursed from your benefits and either you consent to this, or the processing is necessary for the exercise of a legal claim.

What do we do with the information?

We may use your personal information for a number of purposes relating to the administration of the Smart Pension Master Trust, including the following:

  • To calculate and pay benefits. This includes providing you with details of your benefits and options under the Smart Pension Master Trust and dealing with any queries that you have about these. It also includes providing Smart Retire, an online drawdown facility where members can view the values of their investment, submit requests to switch money between investment funds, modify a repeating monthly withdrawal and request occasional lump sum withdrawals.
  • To carry out our obligations arising from any agreement that we have with, or concerning you and to provide you with the information, benefits, and services that you request from us.
  • To notify you about services provided to members of the Smart Pension Master Trust and any changes to those services or to enable you to access those services.
  • For statistical, financial modelling, funding, accounting, and reference purposes.
  • For internal record keeping.
  • For risk management purposes, including the insurance or management of risks or of the Smart Pension Master Trust's benefits.
  • Complying with our legal obligations, any relevant industry or professional rules and regulations or any applicable voluntary codes.
  • Complying with demands or requests made by any relevant regulators, government departments and law enforcement or tax authorities or in connection with any disputes or litigation.
  • In connection with any sale, merger, acquisition, disposal, reorganisation, or similar change of Smart's business.

In addition, Smart Pension may use your information:

  • To ensure that our website is as fast and efficient as possible, and compatible with your software and settings.
  • To enable our subcontractors to provide aspects of our services to you.
  • To analyse and improve the services we provide.
  • To allow you to use different resources and materials on our website.
  • To allow you to access certain details about your benefits via Alexa skill or Google Home (please also see our Terms and Conditions).
  • To personalise the way information on our website is presented to you.
  • To allow you to share content and materials on our website via social media or other communication means.
  • To give you information on products and services which you have asked for or which we think may be of interest to you.
  • To track the use of referral links you have shared.
  • To verify your identity securely, including by using biometric data, where you have provided your explicit consent, and working with trusted third-party services providers.

Marketing

Members

The Trustee will not use your personal information for marketing purposes.

However, Smart Pension may process your personal information to send you marketing communications that we believe may be of interest or benefit to you based on the ongoing service relationship between you and Smart Pension. We rely on our legitimate interest to keep you informed about our similar goods and services, relevant news, updates and offers.

We are committed to being transparent about how we use your personal information. You can opt out of (unsubscribe) marketing communications from us at any time by:

If you choose to opt out of marketing communications, please note that we may still contact you for statutory communication purposes required by law or necessary for the management of your membership in the Smart Pension Master Trust.

Employers and advisers

Smart Pension will rely on its existing commercial relationship with our employer customers to provide limited communications in respect of similar products or services (known as the 'soft-opt-in' under data protection laws).

Our customers are provided with the opportunity to opt-out (unsubscribe) on each communication.

How long do we keep your information for?

We will hold your personal information on our systems for as long as is necessary to provide benefits to you or your dependents.

So, for example, if your pension is paid when you retire, we will hold your information for the rest of your life, until your pension ceases on your death. If a pension is payable to any of your dependants after your death, we will then continue to hold your information until their pension ceases. We will then continue to hold your information for an indefinite period after all benefits payable to you and your dependants have ceased in case there are any further queries about your membership of the Smart Pension Master Trust.

If you cease to be a member of the Smart Pension Master Trust (e.g., because you transfer your benefits to another pension arrangement), we will hold your information while you are a member and then for an indefinite period after you cease to be a member, in case any further queries arise about your membership of the Smart Pension Master Trust.

Who do we share the information with?

Where appropriate for the purposes of administering the Smart Pension Master Trust and providing other products and services on Keystone we may share your information with:

  • The Smart Pension Master Trust's administrator, Smart Governance Limited, company number 12295061 and with registered office at 136 George Street, London, W1H 5LD. The administrator uses the information to administer the Smart Pension Master Trust, including to calculate and pay benefits. The administrator uses a sub-contractor to perform agreed administrative functions.
  • The Smart Pension Master Trust's professional advisers. These organisations use the information when advising the Trustee and carrying out their professional obligations.
  • The Smart Pension Master Trust's insurers and annuity providers (and other insurers or brokers for the purpose of obtaining quotations relating to the Smart Pension Master Trust or its benefits), investment managers, banks, and other service providers.
  • Any financial adviser, employer, or other organisation appointed by the Trustee, Smart Pension, or your employer to advise you or your employer about your options under the Smart Pension Master Trust or any adviser appointed by you where you have asked us to provide them with details of your pension benefits. We may also share data with your employer whilst you are still employed by them, where they request this on your behalf to manage their obligations under the Smart Pension Master Trust, and advisers or other third parties who may access general statistical information to support service improvements on behalf of Smart or employers without identifying individual members.
  • Any other person who is authorised to act on your behalf.
  • Companies within the Smart Group and their professional advisers.
  • Regulators, government departments, law enforcement authorities, tax authorities and insurance companies.
  • UK Pensions Dashboards Programme, an electronic communications service intended to be used by individuals to access information about their pensions in one place. Associated data processing activities will be carried out by the Money and Pensions Service, an independent body sponsored by the Department for Work and Pensions.
  • Any relevant ombudsman, dispute resolution body or the courts.
  • Persons in connection with any sale, merger, acquisition, disposal, reorganisation, or similar change in the Smart business.
  • Third parties providing services for the online Smart Retire drawdown facility. This will include payroll processing and identity verification checks.
  • Third-party service providers who we collaborate with to provide our products and services for our customers.
  • Pension industry bodies, to enable research-related initiatives to provide pension data analysis, including developing better evidence of people’s savings habits, with the purposes of optimising individuals’ decision-making and improving the outcomes for members and industry stakeholders.

The entities listed above may also share personal data with their own business suppliers, for example in relation to the operation of IT systems or where they outsource part of their services.

Smart may also share personal data with third-party service providers to process your information on our behalf. These third parties will be required to strictly comply with the instructions of the Trustee and/ or Smart Pension as applicable. Some of these third-parties may also be data controllers under the data protection laws. Please contact Smart and the Trustee using the contact details below if you have any queries about how they use your personal information.

Please note that some of the Smart Pension Master Trust's former service providers may continue to hold information about you for their own record-keeping purposes once they have ceased to be involved with the Smart Pension Master Trust.

Where we store your personal data

Our systems store your personal information on our secure servers within the UK. In certain circumstances, it may be necessary for us to transfer your personal data to our affiliates, subsidiaries, and service providers located outside the UK or the EEA in connection with the provision of our services or as part of our normal course of business, for example, where the Smart Pension Master Trust's service providers host data outside the UK or the EEA. 

Where your personal data is being transferred to countries outside the UK or EEA either by us or by our service providers acting on our behalf, we will ensure that appropriate safeguards and necessary organisational and technical measures are in place to protect your personal data in accordance with the data protection laws.

Your rights in relation to your personal information

The following section explains your rights. The various rights are not absolute, and each is subject to certain exceptions or qualifications. Please note that we may be unable to delete or remove your data whilst we still need this to administer the Smart Pension Master Trust.

1. Right to be informed

You have the right to be provided with clear, transparent, and easily understandable information about how we use your information and your rights. Therefore, we are providing you with the information in this Privacy Policy.

2. Right of access

You have the right to obtain a copy of your information (if we’re processing it), and certain other information (similar to that provided in this information notice) about how it is used. This is so you’re aware and can check that we are using your information in accordance with data protection law. We can refuse to provide information where to do so may reveal personal data about another person or would otherwise negatively impact another person’s rights.

3. Right to rectification

You can ask us to take reasonable measures to correct your information if it’s inaccurate or incomplete. E.g., if we have the wrong date of birth or name for you.

4. Right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, e.g., where we need to use the information, in defence of a legal claim.

5. Right to restrict processing

You have the right to ‘block’ or suppress further use of your information when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

6. Right to data portability

You have the right to obtain and reuse certain personal data for your own purposes across different organisations. E.g., if you decide to move services, this enables you to move, copy or transfer your information easily between different service providers (or directly to yourself) safely and securely, without affecting its usability. This only applies to the information that you have provided that is being processed with your consent (if relevant) or to perform a contract that you are a party to, which is being processed by automated means. We do not expect this right to be relevant in the context of the services that we provide.

7. Right to object

You have the right to object to certain types of processing, on grounds relating to your situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by us or by a third party such as the Trustee. We will be allowed to continue to process the information if we can demonstrate “compelling legitimate grounds for the processing which override [your] interests, rights and freedoms” or we need this for the establishment, exercise, or defence of legal claims.

Security

We will use strict procedures and security features to safeguard against the risks that are relating to personal data processing, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

All our employees and any third parties we engage to process data are obliged to respect the confidentiality of such data provided to us and as required under applicable data protection or other legislation.

Smart Pension became ISO/IEC 27001 certified on 12 October 2021. The scope of this Information Security Management System (ISMS) is information security arrangements associated with the provision of pension and retirement technology services by Smart.

Any complaints?

If you are not happy with the way in which your personal information is held or processed, please contact us using the details below. You also have the right to complain about data protection matters to the Information Commissioner’s Office, the UK's independent body set up to uphold information rights. You can find out more about the Information Commissioner's Office on its website.

Changes to this Policy

We keep this Policy under regular review and may change it at any time. We will tell you about any significant changes. Any changes we may make to this Policy in the future will be posted on this page. Please check frequently to see any updates or changes to this Policy. This Policy is current as of 14 January 2025.

How to contact us?

If you have any queries about this Policy, please contact privacy@smartpension.co.uk or complete this form.

If you have any other questions about the Smart Pension Master Trust, visit www.smartpension.co.uk/contact-us to find out the best way of contacting us for your question.