Pense Ltd – Privacy Notice
1. Purpose
This Privacy Notice explains what you can expect from Pense Ltd when we collect and use your personal data. It sets out why we process your information, how we do it, the lawful bases we rely on, and the circumstances in which we may share it. It also explains your rights under UK data protection law.
2. Data Controller
Pense Ltd is the data controller for the personal data we process in connection with pension and retirement-related enquiries, illustrations, advice and applications.
If, in a specific situation, we act solely on another organisation’s instructions, we will make it clear that we are acting as a data processor.
This Privacy Notice does not apply to data collected or processed by pension or annuity providers in their own capacity as data controllers. For details of how providers handle your information, please refer to their own privacy notices and direct any questions about that processing to them.
You can contact us via:
Email: compliance@pense.co.uk
Phone: 01302 496300
Post: Data Protection Team, Pense Ltd, 1 Derwent House, Richmond Business Park, Sidings Court, Doncaster DN4 5NL.
3. How We Process Personal Data
Most of the data we process is provided by you as part of our discussions about your circumstances.
We get limited data from Companies within our Group or third parties (normally your name, contact details and basic information about your current pension) if you have enquired about pensions, or annuities.
If you’re applying for a job with us, we’ll tell you how we use your information in a separate note which we’ll send as part of any application, you can request this using any of the methods above.
3.1. Information We Collect
The information we collect may include:
• Identification information (name, date of birth, gender, ID documents such as copy of your passport or driving licence)
• Contact details (address, telephone number, email, copy of a utility bil)
• Financial information (pension values, policy references, retirement date, income, expenditure, property information)
• Interaction information (call notes, appointment details)
• “Soft” contextual information provided by you relating to your objectives, circumstances or communication preferences, such as future plans or retirement goals
• Technical information (IP address, device type, unique identifiers)
• Special category data such as health information where required for underwriting or enhanced annuity quotes (height, weight, smoking status, relevant medical conditions). We only collect this with your explicit consent
3.2. What We Do and Why
In relation to your personal data that we process as a controller, data protection law requires us to have a valid reason to process it for each of the different purposes for which we use that information. The law refers to each reason as a “lawful basis”. We have set out below, a description of the ways we may use your personal data, and which of the lawful bases we rely on to do so, shown in brackets.
Responding to your enquiry (Legitimate interest)
We use your information to understand your circumstances, respond to your request and answer your questions.
Providing illustrations (Legitimate interests, necessary for a contract with you, explicit consent)
We need personal data to provide you with personalised illustrations. This might include health data, we’ll ask for your consent and explain why we need that before we take any special category data.
We use a third party (IRESS) to provide illustrations, so we share information about you to generate illustrations. We may use a third party to post these illustrations to you.
Processing applications (Legitimate interests, necessary for a contract with you, legal obligation, explicit consent)
If you choose to apply for a product, we will use the information you have given us to fulfil that application.
This means any information you provide will be shared with a 3rd party (the provider you choose), and for pensions, with your old provider. You will be asked to give your consent before an application is made.
To meet our obligations under the Money Laundering Regulations 2017, we use Compliance Assist to verify your identity and carry out required anti-money laundering checks. Documents we may request include:
• a copy of ID documentation, such as your passport or driving licence
• a utility bill dated within the last 3 months
Running and improving our websites (Legitimate interests)
We need to understand where and how our sites are accessed to make sure they work for you.
Analysing customer journeys and improving processes (Legitimate interests)
We use technical and personal data to understand what we can do to improve things for our customers.
Marketing (Consent, legitimate interests)
We use personal and technical data to keep you up to date about our services and services relevant to the enquiry you make. You can opt out of marketing at any time.
Call recordings (Legitimate interest, fraud prevention, establish, exercise or defend legal claims, preventing or detecting unlawful acts)
We record all our calls to monitor our service, keep records of what we have agreed and to cut down on paperwork.
This data will be held electronically on secure servers, only for as long as it’s needed (see section 6 – How long do we keep your data?).
We don’t make any decisions by “automated processing”, a person always has the final say
3.3. Phone, Email or Letter?
We do what we can over the phone and e-mail, because it’s instant and efficient. We don’t like sending too much information by e-mail, especially when it relates to your personal information: it’s encrypted when it leaves us but e-mail isn’t the most secure way of communicating, please bear that in mind if that’s how you want to communicate with us.
There are some things we like to send out by letter to make sure you have a permanent “hard copy”.
3.4. Cookies
Cookies are little bits of information (unique to you) that our websites send to your device. They allow us to remember where you’ve been if you access our sites again, and sometimes track where you’ve been on our sites. If we use cookies, it’s in line with current EU and UK laws.
Cookies are used by us to work out how many unique users we get to our sites, recognise if a user has visited us before, and log information about your device to allow us to track website usage and resolve problems. We use Google Analytics to gather statistics on site usage; Google may aggregate data they receive and their use of data is subject to their own privacy policy.
We also use cookies to customise the website to mobile / tablet / desktop users, and track how effective our advertising has been (by recording which links, etc, got you to us in the first place).
For more information on our use of cookies, please refer to our Cookie Policy.
4. Sharing Personal Data
We only share your data when lawful and necessary. This may include:
• responding to your enquiry or processing your application
• where you instruct us to
• meeting legal or regulatory obligations
• engaging trusted service providers such as:
• illustration tools (e.g., IRESS)
• identity-verification partners
• IT hosting, cloud services and system administration
• website and analytics providers
• customer service or mailing partners
• marketing and analytics partners (such as Google), where you have consented
• professional advisers (legal, audit, insurance or compliance advisers)
• government agencies or law enforcement where required
• review platforms such as Trustpilot
We do not sell your personal data.
5. International Transfers
Your data may be transferred outside the United Kingdom (for example, when a service provider is located overseas). In these situations, we make sure at least one of the following safeguards is implemented:
• Relying on declarations of adequacy made by regulators or governments (e.g. adequacy decisions/regulations).
• Where the third country where data is being sent is not subject to such declaration, the standard contractual clauses approved by relevant regulators or governments, as applicable.
• Ensuring that the recipients are subscribed to recognised international frameworks, e.g. the UK-U.S. data bridge.
• Such alternative measures as are valid and appropriate from time to time.
Please contact us using the details at the beginning of this privacy notice for more information about the protections that we put in place and to obtain a copy of any relevant documents
6. How Long We Keep Your Data
Pensions and equity release are long-term products, and the FCA requires firms to retain sufficient records to evidence the suitability of advice and recommendations. Advice may be reviewed many years after it was given.
For this reason, we keep information used to assess suitability for as long as necessary to meet our legal, regulatory and contractual obligations, and to respond to potential queries or claims.
If you have contacted us but not proceeded with an application or received advice, we review your information annually and delete what is no longer needed. You may also ask us to delete information we do not need to retain.
We determine retention periods by considering the nature and sensitivity of the data, the risk of harm from unauthorised access, the purpose for which the data is processed and applicable legal and regulatory requirements.
7. Your Rights
You have rights around what happens to your personal data which can be exercised in certain circumstances (they are not absolute rights):
• Right of access – we will supply a copy of your personal data on request, you can contact us at compliance@pense.co.uk.
• Right to rectification – if you think we have something wrong, you can tell us and we’ll put it right.
• Right to erasure – you can ask us to delete personal data, because you don’t want us to hold it any more. Please note if you have made an application with us there are certain things we have to keep to comply with law or regulation. We’ll tell you if there’s anything we can’t delete, and why.
• Right to restriction of processing – if you think we are handling your data inappropriately, but you still want us to retain it, you can ask us to restrict what we do with it.
• Right to object to processing – where we are relying on ours or a third party’s legitimate interest to do so or for the purpose of direct marketing.
• Right to withdraw consent - at any time when processing relies upon consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
• Right to data portability – you can ask us to transfer any data we hold about you to someone else.
• Right to complain to a data protection regulator - if you are concerned about the way we have processed your personal information. In the UK the data protection regulator is the Information Commissioner’s Office (ICO). Please visit the ICO’s website for further details (www.ico.org.uk).
If you wish to exercise any of the rights set out above, please contact us at compliance@pense.co.uk.
The Information Commissioner’s Office has more information about each of these rights here https://ico.org.uk/for-the-public/.