Policies

Our online security, privacy, cookie, and terms of use policies

Privacy Policy

Last updated: November 2025

How Pense Ltd collects, uses, shares and protects personal data under UK data protection law.

Pense Ltd – Privacy Notice

1. Purpose

This Privacy Notice explains what you can expect from Pense Ltd when we collect and use your personal data. It sets out why we process your information, how we do it, the lawful bases we rely on, and the circumstances in which we may share it. It also explains your rights under UK data protection law.

2. Data Controller

Pense Ltd is the data controller for the personal data we process in connection with pension and retirement-related enquiries, illustrations, advice and applications.

If, in a specific situation, we act solely on another organisation's instructions, we will make it clear that we are acting as a data processor.

This Privacy Notice does not apply to data collected or processed by pension or annuity providers in their own capacity as data controllers. For details of how providers handle your information, please refer to their own privacy notices and direct any questions about that processing to them.

You can contact us via:

  • Email: compliance@pense.co.uk
  • Phone: 01302 496300
  • Post: Data Protection Team, Pense Ltd, 1 Derwent House, Richmond Business Park, Sidings Court, Doncaster DN4 5NL.
3. How We Process Personal Data

Most of the data we process is provided by you as part of our discussions about your circumstances.

We get limited data from Companies within our Group or third parties, normally your name, contact details and basic information about your current pension, if you have enquired about pensions or annuities.

If you're applying for a job with us, we'll tell you how we use your information in a separate note which we'll send as part of any application. You can request this using any of the methods above.

3.1. Information We Collect

The information we collect may include:

  • Identification information such as name, date of birth, gender, and ID documents such as a copy of your passport or driving licence.
  • Contact details such as address, telephone number, email, and a copy of a utility bill.
  • Financial information such as pension values, policy references, retirement date, income, expenditure and property information.
  • Interaction information such as call notes and appointment details.
  • Soft contextual information provided by you relating to your objectives, circumstances or communication preferences, such as future plans or retirement goals.
  • Technical information such as IP address, device type and unique identifiers.
  • Special category data such as health information where required for underwriting or enhanced annuity quotes, including height, weight, smoking status and relevant medical conditions. We only collect this with your explicit consent.
3.2. What We Do and Why

In relation to your personal data that we process as a controller, data protection law requires us to have a valid reason to process it for each of the different purposes for which we use that information. The law refers to each reason as a lawful basis.

Responding to your enquiry (Legitimate interest)

We use your information to understand your circumstances, respond to your request and answer your questions.

Providing illustrations (Legitimate interests, necessary for a contract with you, explicit consent)

We need personal data to provide you with personalised illustrations. This might include health data. We'll ask for your consent and explain why we need that before we take any special category data.

We use a third party, IRESS, to provide illustrations, so we share information about you to generate illustrations. We may use a third party to post these illustrations to you.

Processing applications (Legitimate interests, necessary for a contract with you, legal obligation, explicit consent)

If you choose to apply for a product, we will use the information you have given us to fulfil that application.

This means any information you provide will be shared with a third party, the provider you choose, and for pensions, with your old provider. You will be asked to give your consent before an application is made.

To meet our obligations under the Money Laundering Regulations 2017, we use Compliance Assist to verify your identity and carry out required anti-money laundering checks. Documents we may request include:

  • A copy of ID documentation, such as your passport or driving licence.
  • A utility bill dated within the last 3 months.

Running and improving our websites (Legitimate interests)

We need to understand where and how our sites are accessed to make sure they work for you.

Analysing customer journeys and improving processes (Legitimate interests)

We use technical and personal data to understand what we can do to improve things for our customers.

Marketing (Consent, legitimate interests)

We use personal and technical data to keep you up to date about our services and services relevant to the enquiry you make. You can opt out of marketing at any time.

Call recordings (Legitimate interest, fraud prevention, establish, exercise or defend legal claims, preventing or detecting unlawful acts)

We record all our calls to monitor our service, keep records of what we have agreed and to cut down on paperwork.

This data will be held electronically on secure servers, only for as long as it's needed. We don't make any decisions by automated processing, a person always has the final say.

3.3. Phone, Email or Letter?

We do what we can over the phone and e-mail, because it's instant and efficient. We don't like sending too much information by e-mail, especially when it relates to your personal information: it's encrypted when it leaves us but e-mail isn't the most secure way of communicating, so please bear that in mind if that's how you want to communicate with us.

There are some things we like to send out by letter to make sure you have a permanent hard copy.

3.4. Cookies

Cookies are little bits of information, unique to you, that our websites send to your device. They allow us to remember where you've been if you access our sites again, and sometimes track where you've been on our sites. If we use cookies, it's in line with current EU and UK laws.

Cookies are used by us to work out how many unique users we get to our sites, recognise if a user has visited us before, and log information about your device to allow us to track website usage and resolve problems. We use Google Analytics to gather statistics on site usage; Google may aggregate data they receive and their use of data is subject to their own privacy policy.

We also use cookies to customise the website to mobile, tablet and desktop users, and track how effective our advertising has been.

For more information on our use of cookies, please refer to our Cookie Policy.

4. Sharing Personal Data

We only share your data when lawful and necessary. This may include:

  • Responding to your enquiry or processing your application.
  • Where you instruct us to.
  • Meeting legal or regulatory obligations.
  • Engaging trusted service providers such as:
  • Illustration tools such as IRESS.
  • Identity-verification partners.
  • IT hosting, cloud services and system administration.
  • Website and analytics providers.
  • Customer service or mailing partners.
  • Marketing and analytics partners such as Google, where you have consented.
  • Professional advisers including legal, audit, insurance or compliance advisers.
  • Government agencies or law enforcement where required.
  • Review platforms such as Trustpilot.

We do not sell your personal data.

5. International Transfers

Your data may be transferred outside the United Kingdom, for example when a service provider is located overseas. In these situations, we make sure at least one of the following safeguards is implemented:

  • Relying on declarations of adequacy made by regulators or governments.
  • Using standard contractual clauses approved by relevant regulators or governments where necessary.
  • Ensuring that recipients are subscribed to recognised international frameworks.
  • Such alternative measures as are valid and appropriate from time to time.

Please contact us using the details at the beginning of this notice for more information about the protections that we put in place and to obtain a copy of any relevant documents.

6. How Long We Keep Your Data

Pensions and equity release are long-term products, and the FCA requires firms to retain sufficient records to evidence the suitability of advice and recommendations. Advice may be reviewed many years after it was given.

For this reason, we keep information used to assess suitability for as long as necessary to meet our legal, regulatory and contractual obligations, and to respond to potential queries or claims.

If you have contacted us but not proceeded with an application or received advice, we review your information annually and delete what is no longer needed. You may also ask us to delete information we do not need to retain.

We determine retention periods by considering the nature and sensitivity of the data, the risk of harm from unauthorised access, the purpose for which the data is processed and applicable legal and regulatory requirements.

7. Your Rights

You have rights around what happens to your personal data which can be exercised in certain circumstances. They are not absolute rights.

  • Right of access: we will supply a copy of your personal data on request. You can contact us at compliance@pense.co.uk.
  • Right to rectification: if you think we have something wrong, you can tell us and we'll put it right.
  • Right to erasure: you can ask us to delete personal data. If you have made an application with us there are certain things we have to keep to comply with law or regulation.
  • Right to restriction of processing: if you think we are handling your data inappropriately, but you still want us to retain it, you can ask us to restrict what we do with it.
  • Right to object to processing: where we are relying on our or a third party's legitimate interest or for the purpose of direct marketing.
  • Right to withdraw consent at any time when processing relies upon consent. This will not affect the lawfulness of any processing carried out before you withdraw consent.
  • Right to data portability: you can ask us to transfer data we hold about you to someone else.
  • Right to complain to a data protection regulator. In the UK the regulator is the Information Commissioner's Office. Please visit www.ico.org.uk for further details.

If you wish to exercise any of the rights set out above, please contact us at compliance@pense.co.uk.

The Information Commissioner's Office has more information about each of these rights here: https://ico.org.uk/for-the-public/

Questions about our policies?

Our team can help explain how these policies apply to your account, data, and service use.

Contact us