Privacy Notice
1. Purpose
Looking after the personal data we hold for you as a member of the Scheme is hugely important to us. We want you to be confident that your data is safe and secure with us, and understand how we use it and who we share it with.
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That's why we've developed this privacy notice, which:
a) Sets out the types of personal data held by Tesco Stores Limited on behalf of the Trustee
b) Explains how and why we hold and use your personal data
c) Explains when and why we will share your personal data within the Tesco Group and with other organisations
d) Explains the rights and choices you have when it comes to your personal data
It is the responsibility of Data Controllers to explain their data processing activities to affected individuals. This Data Protection Notice provides information regarding the data processing activities of both the Trustees and the Scheme Actuary, as both entities are Data Controllers.
2. Scope
This policy applies to all members of the Scheme. It applies regardless of whether you still work for Tesco or not.
Where applicable, we also collect information about your dependants or next of kin. Before providing us with any such information, you should provide a copy of the information in this notice to those individuals.
3. Definitions
This section sets out the definitions of key words and phrases that will be referred to throughout the policy:
Data Controllers are organisations that decide how personal data will be processed. The Data Controller for this privacy notice is the Trustee of the Tesco PLC Money Purchase Pension Scheme.
Data Processors are organisations that process personal data on the instructions of Data Controllers.
Information Commissioner's Office (ICO) is the UK's independent body set up to uphold information rights in the public interest.
Personal Data is the term we use to describe your personal information. Further details of the personal data that we hold are contained in section 4.4 below. Personal data may be available in different formats, for example, electronically and paper form.
Service providers are organisations appointed by (i) the Trustee to help them fulfil their duties such as the Equitable Life for investment services, printers for member communications, tracing agencies for locating missing addresses etc; and (ii) Tesco Stores Limited to support the administration of the Scheme.
4. Policy Requirements
4.1 Identifying Purpose
We use your information for the following purposes:
a) communicating with you in relation to your pension and benefits (including disclosures to service providers for printing and other communication services), handling requests for transfers and allocation of death benefits, dealing with complaints, and making disclosures at your request such as providing retirement quotations;
b) for general administration of the Scheme by the Trustee and its service providers, including: to record and pay benefits; for checks, communications and disclosures of information in response to legal and other regulatory requests (including disclosures to HMRC for reconciliation or tax purposes); for reviews we or our administrators conduct for statistical and reference purposes; and for other administrative activities that may become necessary from time to time (like member tracing) should we happen to lose contact with you and to prevent fraud (which require disclosures to tracing and other agencies); and
c) when we disclose information to other members of the Tesco Group and their service providers, such as for administration and audit purposes.
4.2 Basis for processing Personal Data
Our use of your information as described above is permitted by applicable data protection law because it is:
(i) necessary for our legitimate interests in pursuing the purposes set out in (a) and (b) above, and for the Tesco Group's legitimate interests in pursuing the purposes set out in (c) above;
(ii) in some cases, necessary to meet our legal or regulatory responsibilities, such as disclosures referred to in (b) above in response to legal and other regulatory requests; or
(iii) in limited circumstances, processed with your consent which we obtain from you from time to time, such as when you ask us to make disclosures (e.g. to IFAs or new pension providers) or allocate benefits (e.g. in the context of a divorce) or where the Scheme rules require you to provide information which we cannot otherwise process without your consent.
4.3 Sources of Personal Data
Personal data can be sourced:
4.4 Personal Data we collect and how we collect it
We collect personal data directly and indirectly as described above. We then retain personal data including: contact details, gender, name, age and details of your pension account, copies of communications/ correspondence and certain sensitive personal data such as medical/health records and details of your relationships, if applicable.
4.5 How and why we use Personal Data
We collect and use personal data about you throughout your membership of the Scheme in order to:
This may involve, amongst other things, the following:
o At what age members die
o The pension options members select
4.6 Sharing your Personal Data
We may share your personal data with third parties, where any instances of sharing data will include sensitive personal data we will obtain consent from you prior to doing so. We may share your data with the following parties:
4.7 Collection, Use, Disclosure and Storage of Personal Data outside of the European Economic Area
The use and disclosure of your information for the purposes described above may involve transferring your information outside of the European Economic Area (for example to Tesco's shared service centre in Bengaluru). In those cases, except where the relevant country has been determined by the relevant public authority to ensure an adequate level of data protection, we will ensure that the transferred information is protected by a data transfer agreement in the appropriate standard contractual clauses (SCC) form approved for this purpose by the relevant authority. A copy of the SCC can be found on the European Commission's website, https://ec.europa.eu/.
4.8 How we protect your Personal Data
We know how important it is to protect and manage your personal data and have the following measures in place to do this.
We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to colleagues who need it to carry out their job responsibilities. We protect the security of your information while it is being transmitted by encrypting it.
We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you.
4.9 How long your Personal Data is retained
We need to store Personal Data about you. For example, we'll need to hold your address so we can contact you. We do our best to make sure that all of this information is kept securely and that we only store it for as long as we need it.
We will keep your information in accordance with Tesco Group's Colleague Records Policy, which is modified or amended from time to time and is available on request. Documents subject to legal or regulatory hold are retained as long as the legal or regulatory hold remains in place.
4.10 How to update or correct your Personal Data
It is really important we hold accurate Personal Data for you and that you notify us of any changes to your data so it can be updated as soon as it changes. This would include things like
4.11 Enquiries
If you have any questions regarding the processing of your personal data please contact one of the following:
Head of Pension Operations
Shire Park,
Kestrel Way,
Welwyn Garden City,
Hertfordshire,
AL7 1GA
Email: Pensions.dept@tesco.com
Alternatively, you can contact:
Data Protection Officer (Tesco Group)
c/o Group Legal
Shire Park,
Kestrel Way,
Welwyn Garden City,
Hertfordshire,
AL7 1GA
Email: DPO@tesco.com
Any complaints should be addressed to the Pensions Administration Manager, Pensions Department at the above address. You can also lodge a complaint about our processing of your personal information with the office of the Information Commissioner (www.ico.org.uk).
4.12 Exercising Your Rights
You have rights of access to and rectification or erasure of your personal data in certain circumstances. You can also restrict or object to its processing and to require certain of your information to be transferred to you or a third party, which you can exercise by contacting us at the details set out above.
In some cases, it may be necessary to obtain additional information from you, such as in order to carry out your request for a transfer or allocation of benefits. We will notify you when your information is required for this purpose.
You also have the right to withdraw your consent to the use of your information, to the extent such use is based on your consent.
5 Policy Review and Update
The Privacy Notice is non-contractual. It is maintained by the Trustee. The Trustee will contact you regarding any material change that is made to the Notice.
Looking after the personal data we hold for you as a member of the Scheme is hugely important to us. We want you to be confident that your data is safe and secure with us, and understand how we use it and who we share it with.
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That's why we've developed this privacy notice, which:
a) Sets out the types of personal data held by Tesco Stores Limited on behalf of the Trustee
b) Explains how and why we hold and use your personal data
c) Explains when and why we will share your personal data within the Tesco Group and with other organisations
d) Explains the rights and choices you have when it comes to your personal data
It is the responsibility of Data Controllers to explain their data processing activities to affected individuals. This Data Protection Notice provides information regarding the data processing activities of both the Trustees and the Scheme Actuary, as both entities are Data Controllers.
2. Scope
This policy applies to all members of the Scheme. It applies regardless of whether you still work for Tesco or not.
Where applicable, we also collect information about your dependants or next of kin. Before providing us with any such information, you should provide a copy of the information in this notice to those individuals.
3. Definitions
This section sets out the definitions of key words and phrases that will be referred to throughout the policy:
Data Controllers are organisations that decide how personal data will be processed. The Data Controller for this privacy notice is the Trustee of the Tesco PLC Money Purchase Pension Scheme.
Data Processors are organisations that process personal data on the instructions of Data Controllers.
Information Commissioner's Office (ICO) is the UK's independent body set up to uphold information rights in the public interest.
Personal Data is the term we use to describe your personal information. Further details of the personal data that we hold are contained in section 4.4 below. Personal data may be available in different formats, for example, electronically and paper form.
Service providers are organisations appointed by (i) the Trustee to help them fulfil their duties such as the Equitable Life for investment services, printers for member communications, tracing agencies for locating missing addresses etc; and (ii) Tesco Stores Limited to support the administration of the Scheme.
4. Policy Requirements
4.1 Identifying Purpose
We use your information for the following purposes:
a) communicating with you in relation to your pension and benefits (including disclosures to service providers for printing and other communication services), handling requests for transfers and allocation of death benefits, dealing with complaints, and making disclosures at your request such as providing retirement quotations;
b) for general administration of the Scheme by the Trustee and its service providers, including: to record and pay benefits; for checks, communications and disclosures of information in response to legal and other regulatory requests (including disclosures to HMRC for reconciliation or tax purposes); for reviews we or our administrators conduct for statistical and reference purposes; and for other administrative activities that may become necessary from time to time (like member tracing) should we happen to lose contact with you and to prevent fraud (which require disclosures to tracing and other agencies); and
c) when we disclose information to other members of the Tesco Group and their service providers, such as for administration and audit purposes.
4.2 Basis for processing Personal Data
Our use of your information as described above is permitted by applicable data protection law because it is:
(i) necessary for our legitimate interests in pursuing the purposes set out in (a) and (b) above, and for the Tesco Group's legitimate interests in pursuing the purposes set out in (c) above;
(ii) in some cases, necessary to meet our legal or regulatory responsibilities, such as disclosures referred to in (b) above in response to legal and other regulatory requests; or
(iii) in limited circumstances, processed with your consent which we obtain from you from time to time, such as when you ask us to make disclosures (e.g. to IFAs or new pension providers) or allocate benefits (e.g. in the context of a divorce) or where the Scheme rules require you to provide information which we cannot otherwise process without your consent.
4.3 Sources of Personal Data
Personal data can be sourced:
- Directly i.e. personal data we receive directly from you, or;
- Indirectly i.e. personal data we collect from Tesco Group or receive from third parties such as tracing agencies if we have lost contact with you.
4.4 Personal Data we collect and how we collect it
We collect personal data directly and indirectly as described above. We then retain personal data including: contact details, gender, name, age and details of your pension account, copies of communications/ correspondence and certain sensitive personal data such as medical/health records and details of your relationships, if applicable.
4.5 How and why we use Personal Data
We collect and use personal data about you throughout your membership of the Scheme in order to:
- Maintain our relationship with you
- Make sure we can communicate details of your pension at the right time
- Comply with applicable laws
This may involve, amongst other things, the following:
- Administering payroll for your pension.
- In order for the Trustee to comply with their legal and regulatory obligations or good practice for example in relation to taxation and submitting reports to the Pensions Regulator.
- For research, statistical or analytical purposes, for example producing reports that tell us:
o At what age members die
o The pension options members select
4.6 Sharing your Personal Data
We may share your personal data with third parties, where any instances of sharing data will include sensitive personal data we will obtain consent from you prior to doing so. We may share your data with the following parties:
- Service providers such as suppliers that provide us with IT support or professional service companies to give us advice (such as law firms, accountants and consultants).
- Government, public and regulatory bodies, law enforcement agencies, or as otherwise permitted or obliged by law
4.7 Collection, Use, Disclosure and Storage of Personal Data outside of the European Economic Area
The use and disclosure of your information for the purposes described above may involve transferring your information outside of the European Economic Area (for example to Tesco's shared service centre in Bengaluru). In those cases, except where the relevant country has been determined by the relevant public authority to ensure an adequate level of data protection, we will ensure that the transferred information is protected by a data transfer agreement in the appropriate standard contractual clauses (SCC) form approved for this purpose by the relevant authority. A copy of the SCC can be found on the European Commission's website, https://ec.europa.eu/.
4.8 How we protect your Personal Data
We know how important it is to protect and manage your personal data and have the following measures in place to do this.
We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to colleagues who need it to carry out their job responsibilities. We protect the security of your information while it is being transmitted by encrypting it.
We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you.
4.9 How long your Personal Data is retained
We need to store Personal Data about you. For example, we'll need to hold your address so we can contact you. We do our best to make sure that all of this information is kept securely and that we only store it for as long as we need it.
We will keep your information in accordance with Tesco Group's Colleague Records Policy, which is modified or amended from time to time and is available on request. Documents subject to legal or regulatory hold are retained as long as the legal or regulatory hold remains in place.
4.10 How to update or correct your Personal Data
It is really important we hold accurate Personal Data for you and that you notify us of any changes to your data so it can be updated as soon as it changes. This would include things like
- Address
- Name (we'll need proof of this such as marriage, civil partnership or deed poll certificate)
4.11 Enquiries
If you have any questions regarding the processing of your personal data please contact one of the following:
Head of Pension Operations
Shire Park,
Kestrel Way,
Welwyn Garden City,
Hertfordshire,
AL7 1GA
Email: Pensions.dept@tesco.com
Alternatively, you can contact:
Data Protection Officer (Tesco Group)
c/o Group Legal
Shire Park,
Kestrel Way,
Welwyn Garden City,
Hertfordshire,
AL7 1GA
Email: DPO@tesco.com
Any complaints should be addressed to the Pensions Administration Manager, Pensions Department at the above address. You can also lodge a complaint about our processing of your personal information with the office of the Information Commissioner (www.ico.org.uk).
4.12 Exercising Your Rights
You have rights of access to and rectification or erasure of your personal data in certain circumstances. You can also restrict or object to its processing and to require certain of your information to be transferred to you or a third party, which you can exercise by contacting us at the details set out above.
In some cases, it may be necessary to obtain additional information from you, such as in order to carry out your request for a transfer or allocation of benefits. We will notify you when your information is required for this purpose.
You also have the right to withdraw your consent to the use of your information, to the extent such use is based on your consent.
5 Policy Review and Update
The Privacy Notice is non-contractual. It is maintained by the Trustee. The Trustee will contact you regarding any material change that is made to the Notice.