Data Protection Policy
Documents
1.0 Purpose
This policy is based on the U.K. Employee Data Privacy Guidelines issued by Cummins Inc. ("Cummins"). It describes the standards that Cummins UK Pension Plan Trustee Limited (the “Trustee”) has put in place for collecting, Processing, sharing and storing Personal Data pertaining to all Members of the Cummins UK Pension Plan (the “Plan”). The Trustee's standards for collecting, Processing, sharing and storing Personal Data are designed to comply with Data Protection Legislation.
The Trustee is a "data controller" for the purposes of Data Protection Legislation.
2.0 Scope
This policy applies to all Personal Data related to Members of the Plan and controlled by the Trustee.
Members may provide information about other individuals (such as their partner or children) who would, or might, become entitled to a benefit from the Plan on the Member's death. The Trustee has taken advice and has concluded that it may legitimately retain such information for the purposes of properly administering the Plan. Any such information is held solely for the purposes of paying benefits should the Member die.
After a Member's death, the Trustee may receive information about potential recipients of a death benefit from third parties, such as solicitors or the Member's family. Such information is usually given subject to a duty of confidentiality. Its Processing is necessary to enable the Trustee to identify to whom a benefit should be paid and, where the Trustee must exercise its discretion, so that the Trustee can comply with its duty under trust law to take into account all relevant factors.
3.0 Defined Terms
- Data Protection Legislation means the E.U. General Data Protection Regulation (2016/679) (as retained under UK law (the “UK-GDPR”)), the Data Protection Act 2018 and any other UK law concerning the protection of Personal Data;
- Member refers to any individual in respect of whom the Trustee Processes data (so including dependants, survivors, and potential beneficiaries) except where the context requires otherwise.
- Personal Data means any information relating to an identified or identifiable Member insofar as that information has been obtained by the Trustee in the context of the Plan. This can include a person's name and address or other identifying information about them.
- Process or Processing is broadly defined and includes any manual or automatic operation on Personal Data, including its collection, recording, organization, storage, modification, retrieval, use, transmission, dissemination or publication, as well as blocking, erasure or destruction.
- Sensitive Personal Data means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; genetic data; biometric data; data concerning health or a Member's sex life or sexual orientation; and Personal Data relating to criminal convictions and offences or related security measures.
4.0 POLICY
4.1 General Rule
The Trustee collects, Processes, shares, and stores Personal Data in connection with the Plan and does so in compliance with Data Protection Legislation.
Under Article 6 UK-GDPR, the Trustee may only Process Personal Data where one or more lawful grounds apply.
Having taken advice, the Trustee is satisfied that its Processing of Personal Data relating to Members is lawful on one or more of the following grounds:
- The Processing is necessary for the purposes of the legitimate interests (for the purposes of Article 6(1)(f) UK-GDPR) pursued by the Trustee in its capacity as trustee of the Plan and by Cummins EMEA Holdings Limited to help it make decisions relevant to its role as principal employer.
- The Processing is necessary for compliance with a legal obligation to which the Trustee is subject (see Article 6(1)(c) UK-GDPR). The Trustee has legal obligations under the trust deed and rules and general law. In addition, pension scheme trustees are subject to general obligations relating to the operation of their occupational pension scheme. As examples, the Pension Schemes Act 1993 and associated regulations set out requirements for the disclosure of information to Members; and section 249A of the Pensions Act 2004 requires occupational pension scheme trustees to establish and operate internal controls, which includes maintaining accurate, up to date and secure records.
In relation to legitimate interests, the ICO's guidance expects data controllers to consider a three-stage process. Applying that to the Plan, the Trustee's approach is as follows:
- Purpose test: is the Trustee pursuing a legitimate interest? The ICO expects data controllers to identify why they want to Process the Personal Data, what they are trying to achieve, and what would be the impact if they couldn't Process it. The Trustee's primary function is to pay to Members the benefits they are entitled to under the Plan rules. Members clearly benefit from having the Plan properly administered and benefits paid when due. The Trustee is therefore satisfied that it is pursuing a legitimate interest.
- Necessity test: is the Processing necessary for that purpose? The ICO expects data controllers to consider whether the Processing they are doing is necessary for the legitimate interest identified – and that "necessary" means "the processing must be a targeted and proportionate way of achieving your purpose. You cannot rely on legitimate interests if there is another reasonable and less intrusive way to achieve the same result". The Trustee is satisfied that the Processing it carries out is necessary to achieve its legitimate interest: administering the Plan, paying benefits as required under the rules and making decisions relevant to the Plan would not be possible without the Processing of Personal Data. The Trustee collates Personal Data that it needs for this purpose (including for the purposes of estimating the liabilities of the Plan and future cash-flows).
- Balancing test: do the individual's interests override the legitimate interest? The ICO requires data controllers to balance their interests against the individual’s. In particular, the ICO considers that "if [the individuals] would not reasonably expect you to use data in that way, or it would cause them unwarranted harm, their interests are likely to override yours". The Trustee is satisfied that individuals' interests are in fact aligned with the Trustee's legitimate interests – Members benefit from the data Processing by having the correct benefits paid to them. The Trustee considers that its use of Personal Data to properly administer the Plan and pay Members’ benefits accords with what individuals would expect. No harm (warranted or otherwise) is reasonably likely to come to individuals from the Processing.
The Trustee is therefore satisfied, following this 3-stage process, that it can lawfully Process Personal Data on the basis of its legitimate interests.
Access to the Personal Data is aligned with the professional responsibilities of the individuals who are given access, and limited in accordance with Data Protection Legislation.
4.2 Data Collection
The Personal Data that the Trustee collects and Processes in relation to the Plan is limited to that which is relevant and/or required for enrolling Members in the Plan and administering the Plan. Generally, the data elements that are collected include:
- Identity – Full name, gender (to the extent permitted), date and country of birth, nationality (to the extent permitted), address, home telephone number, WWID, e-mail, passport number, work permit number, national insurance number, banking direct deposit details, expected retirement date, and disability rate (if applicable).
- Family Information – Marital status, full name and date of birth of spouse, partner, and dependents or beneficiaries.
- Employment Terms and Conditions – employee type (e.g. full or part-time), business address, hire date, termination date, job title, pay grade, job description, work telephone number and e-mail address, business unit, and location salary and other compensation elements, pension fund contributions, tax and source tax deductions, absence management (in particular sick leave, special leave of absence, parental leave).
4.3 Limitations on Sensitive Personal Data
The Trustee is likely to Process health-related Sensitive Personal Data (e.g. absence records associated to illness or accident, maternity leave, disabilities, exposures, work-related injuries or claims etc) in relation to considering eligibility for ill health benefits or benefits payable on death. Where the Trustee needs to Process Sensitive Personal Data, it will ensure that its Processing satisfies an additional condition under Article 9 UK-GDPR in addition to the general lawful grounds of Processing set out above under 4.1.
The Trustee has been advised that its Processing of Sensitive Personal Data satisfies one or more of the following Article 9 conditions:
- the Member has given explicit consent to the Processing of their Personal Data for one or more specified purposes (Article 9.2(a));
- the Processing is necessary for the purposes of carrying out its obligations and giving effect to specific rights of Members in the field of employment, social security and social protection law, as authorised by Data Protection Legislation (Article 9.2(b)); and/or
- the Processing is necessary for the establishment, exercise or defence of legal claims, or whenever courts are acting in their judicial capacity (Article 9.2(f)).
The Trustee will only collect, Process, share and store Sensitive Personal Data to the extent necessary for the Trustee to carry out its obligations under the Plan.
4.4 Processing Activities
All of the Trustee's Processing activities relate to its primary function to administer the Plan.
4.5 Disclosure and Sharing
The Trustee limits access to the Personal Data collected in relation to the Plan to individuals whose job responsibilities require such access. The Trustee also shares that data with third parties who assist it in managing and administering the Plan. The third parties are required to provide written assurances that they will uphold an equivalent level of protection for the Personal Data, and comply with Data Protection Legislation. The Trustee does not permit those third parties or anyone else assisting them to use Members’ Personal Data for a purpose unrelated to the Plan.
The Trustee may from time to time need to make some of the Personal Data available to:
- government agencies (for example tax authorities or social security services) or judicial authorities, where there is a legitimate reason to do so;
- law enforcement or oversight agencies;
- the Trustee’s professional advisers;
- where appropriate, Cummins' professional advisers;
- individuals within Cummins whose job responsibilities require such access; and
- third parties who assist the Trustee in administering the Plan and making payments to Members.
If Personal Data is shared with any third parties, the Trustee requires that they undertake to Process the Personal Data only on the Trustee’s behalf and subject to the Trustee’s instructions and to implement appropriate security measures to keep the Personal Data confidential. The Trustee also conducts evaluations of those third parties that Process significant Personal Data in advance of retention, to ensure that they are fully able to uphold a level of protection for the Personal Data that is aligned with Data Protection Legislation and commensurate with the sensitivity of the data.
4.6 Cross-Border Transfers
As noted above, because not all countries require the same privacy and security standards, the Trustee has taken appropriate measures to comply with the requirements of Data Protection Legislation to ensure that its data transfer obligations fulfil or exceed relevant data protection requirements, and to ensure that the Personal Data is appropriately safeguarded if it is transferred outside of the U.K. In general, the Trustee rely on the E.U. Standard Contractual Clauses and the U.K. ICO’s international data transfer addendum for transfers of U.K. Personal Data to countries not covered by UK 'adequacy regulations'. UK adequacy regulations set out in law that the legal framework in that country, territory, or international organisation, or in a particular sector in a country or territory, has been assessed as providing ‘adequate’ protection for people’s rights and freedoms about their personal data.
4.7 Security Measures
The Trustee has implemented appropriate technical and organizational security measures to minimize the risk of unauthorized or unlawful disclosure or access to, or accidental or unlawful loss, destruction, alteration or damage to a Member’s Personal Data. These measures will help ensure an appropriate level of security in relation to the risks inherent to the Processing and the nature of the Personal Data to be protected.
The Trustee has obtained from those third parties who have access to the Personal Data in the course of their job a commitment to respect the confidentiality of Personal Data.
4.8 Retention and Storage
The Trustee recognises that Members' Personal Data should not be held longer than is necessary. However, the Trustee considers that it is important to retain Members' Personal Data indefinitely, but subject to review. In reaching this conclusion, factors the Trustee has taken into account include the following:
- obligations under the Plan are inherently long-term: the Trustee could be paying a pension (or survivors' pension) to or in respect of someone who first became a member of the Plan decades ago;
- there are numerous examples of disputes about what a member's benefits under a pension scheme should be, or whether an individual is a member of a scheme. Resolution of such disputes often involves consulting documents that date back over several decades;
- issues surrounding the reconciliation and equalisation of guaranteed minimum pensions (GMPs) are a further example of the importance of the long term retention of data;
- long term retention of data is commonly considered appropriate and proper by those in the pension industry responsible for running pension schemes;
- insurers may require retention of data in order for any claims to be investigated and their validity assessed; and
- should the Trustee propose to enter into a bulk annuity buy-in or buy-out contract with an insurer, historic data may be required in order correctly to assess entitlement to benefits under the Plan.
The Trustee will review its retention of data policy biannually to consider whether the policy remains appropriate.
Personal Data is held in paper, electronic, and other formats, and must be securely stored and only accessible following Trustee authorisation.
4.9 Individual Rights
Members may contact the Trustee if they would like to access the Personal Data that the Trustee holds about them, or to exercise other individual rights (e.g. rectification or amendment, erasure, right to be forgotten, right of data portability, or right to object to Processing). Members may access information concerning the source of the Personal Data, the purposes for which the Personal Data is being used, and details of the parties with whom the Trustee may share the Personal Data.
Please note that some of these rights are limited, and the Trustee has the right to collect, Process, share and hold Personal Data to perform its obligations as the trustee of the Plan.
For further details regarding the Personal Data that the Trustee holds, or if a Member has a complaint about the Trustee's use of their Personal Data, the individual may contact the Trustee via the Plan administrator, Isio at [email protected] or telephone 0800 122 3266.
5.0 DATA PROTECTION PRINCIPLES
The following data protection principles apply to Personal Data collected, Processed, shared and stored by the Trustee:
- Fair and Lawful Processing – the Trustee Processes Personal Data in a lawful, fair, and transparent manner in relation to the Member. This includes providing proper notice to the Member.
- Purpose Limitation – the Trustee collects, Processes, shares and stores Personal Data for specific, explicit, and legitimate purposes and does not further Process the data in a manner that is incompatible with those purposes.
- Adequate, Relevant and Not Excessive – the Trustee takes steps to ensure that the Personal Data that it collects, Processes, shares and stores is limited to what is necessary in relation to the purposes for which the data is Processed (i.e., data minimization).
- Accurate and Kept Up to Date – the Trustee provides Members with mechanisms to update their information on file with the Trustee and the Plan administrator.
- Retention Limitation – the Trustee takes steps to ensure that the Personal Data that it collects, Processes, shares and stores is retained for no longer than is necessary.
- Security, Integrity and Confidentiality – the Trustee takes steps to ensure that the Personal Data that it collects, Processes, shares and stores is appropriately safeguarded against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
- Accountability – the Trustee takes steps to be responsible for and be able to demonstrate compliance with the data protection principles applicable to the Personal Data that it collects, Processes, shares and stores.
6.0 PRIVACY NOTICES
Members are informed about the Personal Data collected, how the data will be Processed, the general categories of third parties with access to the data, how to exercise individual rights or file claims, how the data is safeguarded, whether it is transferred to other countries (and if so, how it is protected), and general retention times via the Plan’s privacy notice (Privacy notice - Cummins UK Pension Portal (cumminsukpensions.co.uk)).
Members may provide information about other individuals (such as their partner or children) who would, or might, become entitled to a benefit from the Plan on the Member's death. The Trustee, having taken advice, considers that it would not be appropriate – by trying to send a quasi-privacy notice to someone – to disclose to that person that the Member had nominated them for a death benefit. That information should be kept confidential and used only in the event of benefits becoming payable on the Member's death. The Trustee also considers that it would not be appropriate to send a Privacy Notice to individuals where Personal Data has been disclosed by a solicitor or provided by a third party in relation to the distribution of benefits after a Member's death.
The Trustee will keep this approach under review – including taking into account any guidance produced by ICO, industry standards set by appropriate bodies and the requirements of trust and pension law.
7.0 DATA PROTECTION OFFICER AND DATA PROTECTION IMPACT ASSESSMENTS
The Trustee has considered the requirements under Data Protection Legislation to appoint a data protection officer ("DPO") or to carry out a data protection impact assessment ("DPIA") in certain circumstances.
The Trustee understands that it is not currently required to appoint a DPO because it does not fall within the remit of Article 37(1) UK-GDPR for the following reasons:
- the Trustee is not a public authority or body;
- the core activities of the Trustee do not consist of Processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systemic monitoring of data subjects on a large scale; and
- the core activities of the Trustee do not consist of Processing on a large scale of Sensitive Personal Data or Personal Data relating to criminal convictions and offences.
The Trustee will, however, keep this conclusion under review, including any guidance issued from ICO, or practice in other similar schemes.
Under Article 35 UK-GDPR, an organisation is required to undertake a DPIA "where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons".
The Trustee does not believe that the nature of its Processing (which, as set out in section 4 above, is fundamentally aimed at ensuring that the correct benefits are paid to the correct Members at the correct time) is such that there is likely to be a high risk to the rights and freedoms of Members. As a result, the Trustee does not believe that it is necessary for it to undertake any DPIAs.
Again, as with DPOs, the Trustee will keep this conclusion under review, including any guidance issued from ICO, or practice in other similar schemes.
8.0 QUESTIONS OR CONCERNS
Members may ask questions or raise concerns about their data by writing to the Trustee via the Plan administrator, Isio at [email protected] or telephone 0800 122 3266. The Trustee also has an internal dispute resolution process for addressing concerns if a Member is not satisfied with the outcome of the matter. Members also have the right to contact the ICO.
9.0 DATA PROTECTION DOCUMENTATION
The Trustee maintains a record of relevant data protection documentation so as to demonstrate its compliance with Data Protection Legislation. This includes, for example, copies of its notices to Members and service providers, as well as copies of access requests and responses, and record keeping relating to training, periodic monitoring, and remediation measures.
10.0 PERIODIC REVIEWS AND MONITORING
On a periodic basis, the Trustee monitors adherence to this policy. If gaps are found, they will be corrected in a timely manner, commensurate with the level of risk presented by the gaps.
This policy will be reviewed periodically. As appropriate, it will be updated to ensure that it remains consistent with Data Protection Legislation and evolving security threats.
11.0 ENFORCEMENT FOR VIOLATIONS
Violations of this policy may result in disciplinary measures commensurate with the violation.
12.0 ADDITIONAL INFORMATION
If any questions or comments related to this policy, please contact the Trustee.