InvestAcc Pension Administration

Log In to Online Services | Sign Up to our Newsletter

Our Privacy Policy

Our Privacy Policy

YOUR PRIVACY IS IMPORTANT TO US

We are committed to protecting and respecting your privacy and this policy (Policy) (together with our Terms and Conditions and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us in connection with the products or services we offer, including by or through this website (Services). Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

This website is not intended for children and we do not knowingly collect personal data relating to children via this website.

This Policy applies to the following three companies, which are collectively referred to as “InvestAcc”, “we” or “us”:

  • InvestAcc Pension Administration Limited (Company number 07118349), which provides pension scheme administration services to new and existing SIPP and SSAS scheme customers;
  • InvestAcc Pension Trustees Limited (Company number 02875892), which provides professional trustee and pension scheme administration services to new and existing SIPP and SSAS customers; and
  • InvestAcc Limited (Company number 02719226), which provides professional trustee and pension scheme administration services to a small number of established SIPP and SSAS customers.

We will let you know which entity will be the controller for your personal data when you purchase a Service. InvestAcc Pension Administration Limited is the controller and responsible for this website.

Your personal data are held and processed by InvestAcc in accordance with applicable data protection laws, including the Data Protection Act 2018 (DPA 2018) and the UK GDPR.

THE TYPES OF PERSONAL DATA WE MAY COLLECT FROM YOU

Personal data means any information about an individual from which that person can be identified. We may collect and process the following personal data about you:

  • Identity Data: including first name, last name, any previous names, marital status, title, date of birth and gender, including in connection with the beneficiaries of our Services.
  • Contact Data: including postal address, email address and telephone numbers.
  • Financial Data: including bank account and payment card details.
  • Transaction Data: including details about payments to and from you, other details of Services you have purchased from us, if you contact us a record of that, including letters you send to us, meeting notes and all inbound and outbound telephone conversations.
  • Technical Data: including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.
  • Profile Data: including your username and password, the Services you have purchased, your interests, preferences, feedback and survey responses.
  • Usage Data: including information about how you interact with and use our website and Services.
  • Image Data: including CCTV footage when you visit one of our offices.
  • Marketing and Communications Data: including your preferences in receiving marketing from us and our third parties and your communication preferences.

We may also collect and use the following sensitive or special categories of personal information about you:

  • Health Data: in the event an application is received from you wishing to receive the benefits of our Services prior to the age 55 as a result of serious ill health, the information contained in a doctor’s report, including evidence that you are unable to work as a result of injury, sickness, disease, disability or any other reason which could meet the requirement to qualify for early retirement on the grounds of serious ill health.

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

We record all inbound and outbound telephone conversations for training purposes, to comply with legal obligations applicable to us (e.g. rules laid down by the Financial Conduct Authority) and to enable conversations to be retrieved and considered in support of any investigation we may undertake in answer to a claim or complaint against InvestAcc. We will not share recorded telephone conversations with other parties unless in the defence of a claim or complaint.

We may collect information you provide us with regarding beneficiaries for pension products you have with us. We may also collect information on children where a parent or guardian acts on their behalf in relation to a Service with us, or where they have been named as a beneficiary. Except in relation to children (as explained in the previous sentence), if you provide us with personal data about another person, you must ensure that before you provide us with their personal data, you have their agreement to do so and that they are aware of the ways in which we use personal data as set out in this Policy.

The information we collect about you is not publicly accessible data. If we did not have this information, you (or your family) may not receive the benefits to which you are entitled under the provided by InvestAcc.

HOW AND WHEN WE COLLECT YOUR PERSONAL DATA

We collect the majority of the personal data that we process about you directly from you, including when you provide this to us by:

  • Registering on our website or otherwise contacting us to obtain information relating to us or our Services;
  • Communicating with us by phone, email or otherwise, or when you complete a questionnaire or survey;
  • Engaging with us on social media;
  • Subscribing to our emails or other marketing communications;
  • Purchasing Services, and other interactions we may have with you in connection with our Services;
  • Contacting us by any means (including via email, telephone, web message, etc.) with questions, queries or complaints.

We may receive personal data about you from various third parties that we engage with in order to assist us with providing Services to you, including:

  • Our marketing agents: we may collect marketing information from marketing companies who send customer communications and direct marketing materials on our behalf;
  • Our data analytics providers: we may collect data analytics information from companies that provide us with data analytics services;
  • Credit Bureaus: we may collect information on your account, payment and credit history, including information from credit bureaus and service providers we use to process payments; and
  • Our other third-party providers: we may collect and share information with other third-party providers who provide support and services to us, or in relation to whom we are engaged, including social media provider, search engines and data analytics or advertising intermediaries who may collect data direct from their own cookies and websites.

HOW WE USE YOUR PERSONAL DATA

Whenever we process your personal data, we are required by law to have a ‘legal basis’ for doing so. The legal bases we use to process your personal data will generally be one or more of the following:

  • Contractual necessity: where it is necessary to enable us to comply with our contractual obligations to supply you with the Services you want;
  • Legitimate interests: where it is necessary for our legitimate business interests in administering our relationship with you and running our business effectively. Where ‘legitimate interests’ is our legal basis for processing your personal data, we will take into account any potential impacts on your rights, freedoms, and interests;
  • Legal compliance: where it is necessary for us to process your personal data to enable us to comply with a legal or regulatory obligation; and/or
  • Consent: where we have asked for and gained your consent to use your information for particular purposes, for example, to send you marketing communications. We will also rely on your explicit consent wherever we need to process your sensitive or special categories of personal data about you.

There are many ways we will need to use your personal data in the context of your relationship with us. We have set out the main purposes in the table below and we have indicated the main applicable legal bases of processing. In some cases, more than one legal basis may apply to our use of your personal data and there may be other specific uses which are linked to or covered by the purposes set out below.

If you would like further information on the specific legal bases which we rely on in relation to any of the processing purposes we have set out below, please contact us using the details set out in the ‘Contact’ section below.

Purpose for ProcessingTypes of personal dataLegal Basis
To carry out our obligations arising from any contracts entered into between you and us, and to provide you with our Services·       Identity Data

·       Contact Data

·       Financial Data

·       Transaction Data

·       Profile Data

·       Usage Data

·       Contractual Necessity
·       Health Data·       Consent
To send you service messages about our Services·       Identity Data

·       Contact Data

·       Transaction Data

·       Technical Data

·       Profile Data

·       Usage Data

·       Legitimate Interests: to contact you whenever we need to and provide you with relevant Service information
For the effective running of pension schemes provided by InvestAcc·       Identity Data

·       Contact Data

·       Financial Data

·       Transaction Data

·       Profile Data

·       Usage Data

·       Image Data

·       Marketing and Communications Data

·       Legitimate Interests: to ensure our Services are run and provided effectively; and/or

·       Legal Compliance: where we have a legal obligation in connection with the way we run and provide our Services

To improve the Services we offer·       Identity Data

·       Contact Data

·       Transaction Data

·       Technical Data

·       Profile Data

·       Usage Data

·       Consent: where personal data are captured by way of cookies or you have positively opted in to sharing personal data for marketing purposes; and/or

·       Legitimate Interests: in relation to personal data we otherwise capture across our business and use to ensure our Services are of the highest quality for our customers

To personalise your customer experience on our website. For this purpose, we use Cookies and similar technologies. For more information about how we use Cookies, please see our Cookie Policy.·       Identity Data

·       Contact Data

·       Technical Data

·       Profile Data

·       Usage Data

·       Marketing and Communications Data

·       Consent: where personal data are captured by way of cookies which require you to positively opted in; and/or

·       Legitimate Interests: in relation to personal data we otherwise capture across our business and use to tailor your customer experience

To send you marketing emails about our Services, events or features that we think may be of interest to you·       Identity Data

·       Contact Data

·       Transaction Data

·       Technical Data

·       Profile Data

·       Usage Data

·       Marketing and Communications Data

·       Consent: where personal data are captured by way of cookies or you have positively opted in to sharing personal data for marketing purposes; and/or

·       Legitimate Interests: where you are an existing customer, we also rely on our legitimate interests to increase our customer engagement

To send you any postal marketing materials about our Services, events or features that we think may be of interest to you·       Identity Data

·       Contact Data

·       Marketing and Communications Data

·       Legitimate Interests: to increase our customer engagement and boost our target audiences
To improve our marketing communications. For this purpose, we use Cookies and similar technologies for data analytics purposes. For more information about how we use Cookies, please see our Cookie Policy.·       Identity Data

·       Contact Data

·       Technical Data

·       Profile Data

·       Usage Data

·       Marketing and Communications Data

·       Consent: where we collect Technical Data via cookies, we do this on the basis of your consent, or in the case of essential cookies, on the basis of our legitimate interests in order to operate this website and ensure its security

·       Legitimate Interests: to offer you the most tailored and bespoke customer experience

To allow you to update and manage your contact and marketing preferences·       Identity Data

·       Contact Data

·       Technical Data

·       Profile Data

·       Usage Data

·       Marketing and Communications Data

·       Consent: where personal data are captured by way of cookies or you have positively opted in to sharing personal data for marketing purposes; and/or

·       Legitimate Interests: otherwise where we process your personal data to ensure that you have control over your own contact and marketing preferences

To respond to any enquiries and/or complaints·       Identity Data

·       Contact Data

·       Financial Data

·       Transaction Data

·       Technical Data

·       Profile Data

·       Usage Data

·       Image Data

·       Marketing and Communications Data

·       Legitimate Interests: to manage our relationship with you and ensure that we are able to support you with any queries or complaints
To update our records·       Identity Data

·       Contact Data

·       Financial Data

·       Transaction Data

·       Technical Data

·       Profile Data

·       Usage Data

·       Image Data

·       Marketing and Communications Data

·       Legitimate Interests: to ensure that we have accurate and up to date information.
To administer and protect our business and this website, including to prevent or detect fraud or abuses of our website and safeguarding your personal and financial data·       Identity Data

·       Contact Data

·       Financial Data

·       Transaction Data

·       Technical Data

·       Profile Data

·       Usage Data

·       Legal Compliance: where the activity is to ensure we meet our legal obligations and prevent or detect fraud;

·       Contractual Necessity: where we process personal data to ensure appropriate steps are taken to meet the terms in our contract with you, including payment of taxes or otherwise; and/or

·       Legitimate Interests: otherwise to protect our business and customers

To comply with our financial record keeping obligations·       Identity Data

·       Contact Data

·       Financial Data

·       Transaction Data

·       Legal Compliance as applicable where we have a legal duty to meet; or

·       Legitimate Interests: where we otherwise process data to ensure that we are compliant with our legal obligations

To protect our customers, offices, assets and partners from crime. For this purpose, we use CCTV. Wherever we use CCTV for this purpose, we will provide appropriate signage to inform you that this is the case.·       Image Data·       Legal Compliance: as applicable where we have a legal duty to meet; or

·       Legitimate Interests: where we otherwise process personal data to ensure the security of our premises, our staff and our customers

To develop, test, maintain and improve our systems and website·       Technical Data

·       Profile Data

·       Usage Data

·       Legitimate Interests: to ensure that our systems and website are secure and reliable
To comply with our legal obligations (where applicable) to share personal data with law enforcement and/or government bodies·       Identity Data

·       Contact Data

·       Financial Data

·       Transaction Data

·       Technical Data

·       Profile Data

·       Usage Data

·       Image Data

·       Legal Compliance: as applicable where we have a legal duty to meet
To enable our third-party service providers to carry out technical or other functions on our behalf·       Identity Data

·       Contact Data

·       Financial Data

·       Transaction Data

·       Technical Data

·       Profile Data

·       Usage Data

·       Image Data

·       Marketing and Communications Data

·       Legitimate Interests: to ensure that our Services are appropriate and (where applicable) delivered in a timely fashion
To anonymise and aggregate your personal data for our own data analytics purposes·       Technical Data·       Legitimate Interests: to allow us to make improvements to our Services

 

Consent

Where consent is our legal basis for processing your personal data, you can withdraw your consent at any time, and we will then stop any future processing for that purpose. If you wish to withdraw your consent, then please contact us using the details set out in the ‘Contact’ section at the end of this Policy.

If you choose not to share your personal data with us, or refuse certain contact permissions, we may be unable to provide some of the Services you’ve asked for.

Legitimate Interests

Where required under applicable data protection laws, we have determined, acting reasonably and considering the circumstances, that we are able to rely on legitimate interests as the lawful basis on which to process your personal data in certain circumstances (as set out in the table above).

We have reached this decision by carrying out a balancing exercise to make sure our legitimate interest is not overridden by your privacy rights as an individual, and we consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests as:

  • we process your personal data only so far as is necessary for such purpose; and
  • it can be reasonably expected for us to process your personal data in this way.

MARKETING AND YOUR RIGHTS

If you are an existing customer or you have consented to receiving marketing communications by phone, email or direct message, or otherwise in connection with postal marketing, we may send you information on any events or news about our Services that we believe may be of interest to you. You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your personal data) if we intend to use your personal data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by refusing your consent at the time of collection, at any time by using the ‘unsubscribe’ link in any marketing email we send you, or at any time by contacting us using the details set out in the ‘Contact’ section at the end of this Policy.

Our website may, from time to time, contain links to and from the websites of our members, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

DISCLOSURE OF YOUR INFORMATION

We sometimes share your personal data with third parties so that they can assist us in providing Services to you. These third parties will only process your personal data on our specific instructions, and we remain responsible for ensuring that your personal data are protected and processed lawfully by anyone that we share it with.  Some examples of these third parties are set out as follows:

  • Direct marketing companies who help us send customer marketing communications;
  • Advertisers and advertising partners, such as advertising networks and social media platforms;
  • Technology partners involved in the operation and support of our website and business systems, including Google Analytics;
  • Payment services providers who help us to process payments, prevent fraud and reduce credit risk.

In some specific circumstances, we may also share your personal data with third parties who process it for their own purposes. Those third parties will have their own legal obligations to protect your personal data, and you will have legal rights that you can enforce directly against them. Some examples of these third parties are set out as follows:

  • The police and other law enforcement agencies, for the purpose of preventing and detecting fraud (including fraudulent transactions) and criminal activity;
  • Government bodies or other regulatory bodies, where requested or if we consider that it is reasonably required, so that they can carry out their legal functions;
  • Insurers or other organisations, where a claim is made or could be made against us. For example, we may send CCTV footage and information contained in our accident logs to our insurers;
  • Our professional advisors, including without limitation tax, legal, insurance, or other corporate advisors who provide professional services to us; and
  • HMRC or other tax bodies or agencies as necessary to comply with our legal and regulatory obligations.

If we sell, transfer or merge parts of our business or our assets, or if we buy or acquire any business or assets, we may share the personal data held by us with the prospective buyer or seller of such business or assets. If substantially all of our assets are acquired by a third party (or subject to a reorganisation within our corporate group), personal data held by us will be one of the transferred assets.

Social Media Platforms

We use a number of social media platforms to communicate with you and to promote our Services. We do this in a number of ways:

  • we may share your personal data with social media platforms so we can identify you on those channels and engage with you;
  • we also share data to find other people with similar interests to our customers;
  • the social media platform processes data we submit for the purpose of matching, online targeting, measurement, reporting and analysis; and
  • we use cookies on our website which sends data to the social media platforms about you and actions you take (subject to you consenting to such cookies being placed).

Where we share personal data with social media platforms as described above, we are joint controllers with these platforms for certain processing activities. Each of the platforms and us have:

  • entered into an agreement to set out each party’s responsibilities for the personal data they process;
  • we have agreed that we will provide you notice of the relationship and provide you with information relating to their privacy policy; and
  • agreed that in relation to their processing of personal data where they are our joint controller, you would contact them direct to exercise your rights.

For further information about how these third-party social media platforms process and use the personal data we share with them, please read their privacy policies which can be found on each platform’s own website, as follows:

We use Google Analytics on our website (Google Privacy Policy). This means that we may use cookies to collect online identifiers about your use of our website, including Technical Data, which we may use for the purpose of better understanding our customers and your use of our website. Google may transfer the personal data collected by it on our behalf outside of the United Kingdom. See here for further information on Google Analytics.

If you would like further information about any of the third parties with whom we share your personal data, please contact us using the details set out in the ‘Contact’ section below.

COOKIES

Cookie is a general term often use to describe a number of technologies. Cookies are small text files that are stored on your computer or other device by any websites that you visit. Web beacons and pixels are tiny invisible images placed within email messages which tell us if you have opened an email and how you interreacted with it. For the purpose of this Policy and our Cookie Policy, we refer to all of these technologies as “cookies”.

We may collect information about your computer or other device, including where available your IP address, operating system and browser type, for system administration, to improve the structure and content of our website, to make our website easier to use, to support the provision of information and functionality to you, as well as to provide us with information about how our website is used so that we can make sure it is as up to date, relevant and error free as we can and to report aggregate information to regulators and our members as requested and appropriate (this is statistical data about our users’ browsing actions and patterns, it does not identify any individual).

We also use cookies to try to ensure that our emails and electronic marketing messages which we send to you reflect the interests of our customers and website users.

Further information about how our website use cookies can be found in our Cookie Policy.

HOW AND WHERE WE STORE YOUR PERSONAL DATA

The personal data that we collect from you will not be transferred to, and stored at, a destination outside the UK.

All information (including personal data) you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet (including email) is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

PERSONAL DATA RETENTION

We have a retention policy which means we do not keep information we hold about you for longer than necessary unless we there is a legal obligation to do so.

YOUR LEGAL RIGHTS

You have the following rights in relation to the personal data that we hold about you:

  • The right to request access to your personal data (commonly known as a “data subject access request”). This enables you to request a copy of the personal data we hold about you and to check we are processing it lawfully.
  • The right to request correction of the personal data we hold about you. This enables you to request that we correct any incomplete or inaccurate personal data that we hold about you.
  • The right to request erasure of your personal data in some circumstances. This enables you to request that we erase your personal data where there is no good reason for us continuing to process it.
  • The right to object to us processing your personal data. This enables you to object to us processing your personal data where we are relying on our legitimate interest as a legal basis for processing, or where we are using your personal data for direct marketing purposes.
  • The right to restrict our processing of your personal data. This enables you to ask us to suspend the processing of your personal data in certain circumstances.
  • The right to data portability. In certain circumstances this enables you to request that we provide you, or a third party, with a copy of the personal data that you provided to us in a structured, commonly used, machine-readable format.
  • The right to stop us using your personal data for direct marketing purposes. This can be by a specific channel or all marketing channels.
  • The right to request that we review any decision made solely on the basis of automatic processing of your personal data. This right applies where no person was involved either in the processing, nor in reviewing the outcome of the processing which led to the decision.
  • The right to withdraw your consent. As detailed above, wherever you have given us your consent for any of our processing purposes, you have the right to withdraw that consent at any time.

How to exercise any of your rights

Further information about your rights in the UK can be found on the Information Commissioner’s Office (ICO) website here: https://ico.org.uk/

For more information on your legal rights, or if you would like to exercise any of them, please contact us using the details set out in the ‘Contact’ section at the end of this Policy.

To protect the confidentiality of your personal data, we will ask you questions in order to verify your identity before proceeding with any requests to exercise your rights.

MAKING A COMPLAINT

If for any reason you are not satisfied with our response, you can make a complaint to the ICO at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

CHANGES TO THIS POLICY

We may update this Policy from time to time at our sole discretion. Any changes we may make to this Policy in the future will be posted on our website and we encourage you to review this Policy periodically. If you continue to use the Services after we change this Policy, then you accept all such changes.

TERMS AND CONDITIONS

For our Terms and Conditions please click here.

CONTACT

If you have any questions, comments or requests regarding this Policy, or if you or if you would like to exercise any of your legal rights, please contact us by email at:  [email protected]

Last updated: 08 October 2024

InvestAcc, Solway House Business Park, Kingstown, Carlisle, CA6 4BY.

InvestAcc Pension Administration Limited and InvestAcc Limited are both Regulated and authorised by the Financial Conduct Authority.