Privacy

Who are we

We are the Railways Pension Trustee Company Limited, RAILPEN Limited, RAILPEN Investments Limited (each with its registered address at 100 Liverpool Street, London EC2M 2AT) and each is registered with the Information Commissioner's Office (ICO) as a separate 'data controller' in respect of personal information handled for the Railways Pension Scheme (the 'Scheme'), the BT Police Superannuation Fund, the British Railways Superannuation Fund, or any other pension fund administered by Railpen (each a 'Fund').

We are also a data processor for personal data handled on behalf of our clients in pension schemes such as Zurich, United Utilities and Schneider amongst others.

This privacy notice is intended to give you a clear picture of how we handle and protect your personal information. It describes what we collect about you, why, how it is handled, with whom we share it, and where and how long we handle it before it is securely destroyed.

Whose personal information we handle

We handle and protect personal information relating to members of the Schemes (and Funds) we administrate and:

their employers
their next of kin
their representatives
their nominees
their beneficiaries

Why we use personal information

For data protection purposes we justify the handling of any personal information we receive based on:

our legitimate interests - handling your personal information to calculate and provide benefits to our members or others entitled to receive them as part of our pension Schemes
our legal obligations - handling personal information because we are legally required to do so
your consent - members using our portal or visiting our website can give and withdraw their consent to the use of all non-essential

Below are the purposes we have identified to handle and protect your personal information. *LI indicates the reasons premised upon Legitimate Interests.

Reasons for handling your personal information	Examples
Manage security incidents and breaches	Deal with incidents and breaches reported about IT hardware and software holding your information
Review rights requests	Review your data protection rights requests and provide you access to or act on requests to change, delete, suppress, object to or appeal against how we handle and protect your information
Execute client trading on behalf of Members (LI)	Carry out intersection and external Scheme and TUPE transfers
Undertake case committee reviews (LI)	Distribute your information to committee members for example, to decide on benefits to be provided based on ill health retirement
Make payments following a transfer out of the Schemes (LI)	Support requests to transfer you out of our pension Schemes and to another one
Pay benefits at retirement (LI)	Obtain documents such as original birth/marriage certificates or copy of passport/driving licence and bank details so your benefits can be paid to you
Update bank details (LI)	Input new bank details received from a member or a bank
Record changes of name (LI)	Update records to reflect a change of name following marriage or change of personal circumstances
Record benefits nominees (LI)	Input details of your nominees provided on Nomination form onto our systems
Handle reports of a death (LI)	Handle your reports of deceased members, such as setting up and paying out to dependants and other beneficiaries
Handle queries (LI)	Respond to your queries
Enrol individuals onto our portal and websites (LI)	Register you on our portal so you can access your pension information there
Share information with external Scheme advisers (LI)	Share your information with scheme actuaries so they can validate our calculations of the benefits you receive
Record Letters of Authority (LI)	Log your Letters of Authority so your proxies can handle your pension on your behalf
Provide estimates of benefits and transfer quotes (LI)	Calculate your benefits due to member on retirement or transfer
Manage benefits following a Divorce (LI)	Collate and record documentation receiving Scheme details in order to provide benefits to your ex-spouses
Return original Certificates (LI)	Return, following collation and recording, to you the original certificates that you, your relatives or your representatives etc. supplied to us
Ill health and serious ill-health retirement grounds (LI)	Collate documentation relating to your health condition and personal circumstances to support providing you with benefits prior to your retirement on ill-health/serious ill-health grounds
Oversee the administration of the pension Schemes (LI)	Investigate, monitor, and prepare control and regulatory reports about how we handle pension benefits, members like you and those related to you and the Schemes more generally
Manage TUPE transfers (LI)	Update your records should you be TUPE'd from one section of the RPS (Railways Pension Scheme) Scheme to another
Enrol new entrants (LI)	Obtain your details to be set up and record that you are a new member of our pension Schemes/other schemes we administrate
Oversee our Master Trust (LI)	Oversee the operation of our Master Trust pension Schemes
Undertake Quality Assurance reviews (LI)	Monitor the quality of business processes associated with dealing with you and our members
Provide legal advice (LI)	Provide legal advice or legal support in relation to Railpen's business
Approve and post journals (LI)	Post new journals to the ledger in line with good accounting practices
Perform bank reconciliations	Reconcile bank transactions to our ledger
Carry out banking activities (LI)	Download statements to handle cash as it comes in and out of the business
Pay supplier invoices for work rendered (LI)	Pay supplier invoices
Manage financial transactions (LI)	Manage CHAPS and BACS transactions in order to pay members and collect contributions
Produce treasury forecasts (LI)	Produce forecasts about what cash is in the bank
Perform control monitoring (LI)	Investigate, monitor, and prepare control and regulatory reports into we handle our accounts
Prepare annual accounts (LI)	Produce audited accounts
Produce cashflow forecasting (LI)	Provide forecasted payments in and out to our various internal and external stakeholders
Manage travel and accommodation booking	Manage Railpen's travel and accommodation bookings
Make CHAPS payments (LI)	Make ad hoc payments
Manage security incidents (LI)	Manage information security incidents and alert our regulators and those such as you that may be affected
Undertake internal audits (LI)	Assess whether our business processes are in line with legislation, regulation, industry best practice and internal policy which may mean accessing information about you
Carry out fraud investigations	Investigating suspected attempts of fraud by you to deceive Railpen for your own profit
Investigate issues brought to our attention by whistleblowers	Investigate allegations or concerns made via our confidential whistleblowing hotline. This may require reviewing information about you

*Cookies deployed on our websites and portal are as follows:

What personal information we handle

In order to handle your personal information for the above reasons we may collect and use the following types of personal information about you and, in some circumstances, your spouse, civil partner, partner or dependants:

Personal details

Financial details

Details about others

Name
Postal address
Email address
Pension Reference Number
Correspondence
NI number
Employee number
Payroll ID
Photo ID (Passport/driving licence)
Birth, death, marriage certificates
Gender
Your employer's ID
Your pension scheme ID
Date you joined our Scheme
Date your contributions began

Salary
Bank account details
Pension forecasts i.e. death benefit salary, total pensionable salary, contributions made

Marital status
Dependants
Nominees

What special category and sensitive personal information we handle

We also handle the following 'special categories' or more sensitive personal information:

Health data - information about your health conditions could be collected from you should you apply for ill health or serious ill-health retirement

Reasons for handling your sensitive and special category personal information	Examples
Substantial public interests	for a substantial public interests which are contained in the UK Data Protection Act
Vital interests	protect yours or someone else's vital interests - usually by making a disclosure to a third-party to support you or a third party with whom you have some involvement
Explicit consent	with your explicit consent from time to time we will need your valid explicit consent to handle your personal information if no other appropriate data protection legal basis exists

Don't drop the ball on your retirement planning

Where we get your personal information from

Personal information received by Railpen usually comes from yourself, a current or former employer, government agency, any financial or other advisers or representatives acting on your behalf. We also use several suppliers that allow us to verify the accuracy of personal information handled by us (for example, to trace current addresses or verify its continuing existence).

In certain circumstances, we may ask you for information relating to your health. For example, if you are applying for ill health benefits. In some circumstances, additional medical information may be required from your doctor or appropriate medical adviser. We will explain to you at the time why we need that information and how we intend to use it. You do not have to provide the information requested from you, but there may be a delay in the payment of benefits if that information is not provided.

You may also need to provide us with personal information relating to other people (such as your spouse, civil partner, or dependants) for example when completing a nomination form. When you do so, you will need to check with them that they are happy for you to share their personal information with us and for us to use it in accordance with this privacy notice.

If you are acting on behalf of a child, we may also hold and use your personal information, which will be dealt with on the same basis as set out earlier.

With whom we share your personal information

From time to time, we may need to share your information with other parties. Where this is necessary, we are required to comply with all relevant data protection legislation. The types of third parties we may need to share of your information with include:

Employers and other pension schemes	Professional advisory services	Regulators and government agencies	Suppliers to Railpen
your current or former employer - for the purposes of operating the Schemes; other pension schemes connected with you or your relatives, nominees, or other beneficiaries	an actuary that is appointed to provide advice on whether the Schemes are fully funded and operating properly. For example, whether we have calculated your benefits properly. an auditor so that they can prepare the annual accounts and audit them for us; a legal adviser so that they advise us on all legal issues *affecting the Schemes or Fund;*	government agencies (for example, HM Revenue and Customs) regulators police judicial authorities	companies that provide services to us such as help us store and share information or to verify your identity as well as to prevent and detect fraud

Certain third parties (most notably, the Scheme's actuary and other professional advisers) are themselves subject to certain legal or regulatory obligations (including professional codes of practice). They will be responsible for their own handling of the information we share with them.

Sharing your personal information overseas

Our core systems, data, and administration services are all carried out and stored within the UK.

Where it is necessary to transfer personal information i.e. send, store or allow access to your personal information outside the UK we will ensure that the correct safeguard is used so that the data is protected to an equivalent extent as it would be if it remained in the UK. This is usually by transferring to a country that is approved as having essentially equivalent data protections under the UK Adequacy Regulation.

Alternatively, we carry out a Transfer Risk Assessment, and where appropriate, the receiving party putting in place an International Data Transfer Agreement designed by the ICO or the EU's Standard Contractual Clauses with an addendum agreed by the ICO and UK Government to recognise it as a valid control under UK. If necessary and based on our Transfer Risk Assessment, we may ask them to put in place additional measures to protect your personal information.

How we keep your personal information secure

We are committed to protecting your personal information from loss, misuse, disclosure, alteration, unauthorised access, and destruction. We take all reasonable precautions to safeguard the confidentiality of personal information.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Although we make every effort to protect your personal information the transmission of information over the internet is not completely secure. As such, you acknowledge that we cannot guarantee the security of personal information transmitted to us over the internet, and that any such transmission is at your own risk.

Once we have received your personal data, we will use strict procedures and security features to prevent unauthorised access (and take steps to ensure that any third parties with whom we share your personal data do the same).

How long we keep your personal information

We will only retain your personal information for as long as necessary. Necessity will be based on our legal obligations, regulatory guidance, and industry good practice. We have documented how long we keep records containing personal information and why in policies and standards on retention and destruction.

In some circumstances, we may anonymise your personal information instead of destroying it so that it can no longer be associated with you but where anonymised data can be used to add value to our products and services.

Our standard policy is for information or data to be kept for only as long as necessary for the purposes set out above. It is then disposed of in a managed and secure way. However, as pensions are a long-term saving vehicle, it may be necessary to retain your personal data for the remainder of your life and any dependants' lives in order to determine your entitlement to and pay the benefits you may be entitled to, along with any dependants' benefits payable.

Your rights

You have several rights under data protection law. These include the right to:

receive a copy of the personal data we hold about you
request personal data to be amended if it is inaccurate or incomplete
request the deletion or removal of personal data where there is no compelling reason for its continued use
block or restrict the processing of your personal data
object to the processing of your personal data

There is also a right in GDPR (General Data Protection Regulation) to receive your personal data (in a structured, commonly used, and machine-readable format) and to transfer your data to another service provider or data controller. This right applies where your data is being processed on the basis of your consent or in line with a contract to which you are party. Please note, that for the majority of members, this is not applicable as we rely on our legitimate business interest to collect and process your data rather than individual consent or contracts.

In order to exercise any of the above rights please write to the DPO (Data Protection Officer) at the address under the 'Our Data Protection Officer' section.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to provide our services to you (such as paying you your pension), or we may be prevented from complying with our legal obligations (such as to prevent fraud).

We may also not be able to support you if you do not provide us with up-to-date personal information. Therefore, please do keep us updated of any changes in your personal circumstances.

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Your rights to lodge a complaint with the Regulator

At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner's Office. Please refer to the ICO website or call them on 0303 123 1113. Of course, we hope that we can resolve your issue quickly and fairly ourselves.

Our Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at DataProtectionTeam@railpen.com or write to:

Railpen
7th Floor
100 Liverpool Street
London
EC2M 2AT

If you are unhappy with how your personal information is being handled, you also have the right to make a complaint to the Information Commissioner's Office, an independent body set up to uphold information rights, which will investigate your complaint.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

This privacy notice was updated January 2024.

Also in this section

Each of Railpen Limited (registered in England and Wales No. 2315380) and Railway Pension Investments Limited (RPIL) (Registered in England and Wales No. 1491097) is a wholly owned subsidiary of Railways Pension Trustee Company Limited (Registered in England and Wales No. 2934539). Registered office for each company: 100 Liverpool Street, London EC2M 2AT. RPIL is authorised and regulated by the Financial Conduct Authority for some of its activities. The administration of occupational pension schemes is not a regulated activity. Full details about the extent of RPIL's authorisation and regulation by the Financial Conduct Authority are available from us on request.

Name	Category	Duration	Cookie Description
_ga	Analytics - Google	Persistent	Stores and counts pages viewed
_gat		Persistent	Reads and filter requests from bots
_gid		Persistent	Stores and count pages viewed
_hjAbsoluteSessionInProgress	Analytics - Hotjar	Persistent	Detects the first page view session of a user
_hjFirstSeen		Persistent	Identifies a new user’s first session
_hjIncludedInPageviewSample		Persistent	Determines if a user is included in the data sampling defined by our site's "pageview limit"
_hjIncludedInSessionSample		Persistent	Determines if a user is included in the data sampling defined by our site's "daily session limit"
_hjSessionUser_1850450		Persistent	Detects when a user first lands on a page and recalls data whenever user visits site so that behaviour in subsequent visits to the same site will be attributed to the same user ID
_hjSession_1850450		Persistent	Detects data in current session (visit to the site) and attributes requests made by the user during that visit
__cf_bm	Analytics - Vimeo	Persistent	Distinguishes between humans and bots to ensure use of their website is valid and free from abuse
player		Persistent	Saves the user's preferences when playing embedded videos from Vimeo
vuid		Persistent	Collects data on the user's visits to our website, such as which pages have been read
ApplicationGatewayAffinityCORS	Essential	Session	Azure user session cookie is set whenever website is run on Azure Cloud Computing Platform. This enables web browser traffic to be assigned to a single server during certain sections of the website.
ApplicationGatewayAffinityCORS		Session	Azure user session cookie
sf-prs-lu		Session	Saves the landing URL
sf-prs-ss		Session	Logs the time of first page visit
sf-tracking-consen		Session	Logs the tracking consent choice made by users for…
va_tkn	Functional - Virtual Assistant	Session	Virtual Assistant user session cookie help chat bot