Privacy Policy

1. Introduction

This is our privacy policy. It tells you how we process (eg. collect, keep, use and delete) data that you, or others, may have provided when using our website or App for the purposes of operating your Penfold pension. Please read this policy to understand how we treat your information in line with the Data Protection Act 2018 and the UK General Data Protection Regulation (‘UK GDPR’).

We may change this notice from time to time by updating this policy. You should check the Website page it is located on (Privacy Policy | Penfold Pension (getpenfold.com)), from time to time to ensure that you are happy with any changes. If there are any significant changes we will notify you of these directly.

2. Who We Are and How to Contact Us

Our company name is Penfold Savings Limited and our registered address is The Ministry, 79-81 Borough Rd, London, SE1 1DN.

We have appointed a Data Protection Officer who is responsible for our privacy policy: Martin Kuzmicki. They can be contacted at DPO@getpenfold.com.

3. Data Controller

We are the controller of, and are responsible for, your personal data.

4. Personal Data We Collect

We may collect, keep and use the following data about you:

• Recorded information that you have provided us over the telephone, email, intercom service or post. This includes a record of conversations (written or spoken) that we have with you;
• Identity information, such as: name, national insurance number, date of birth, username;
• Contact information such as: residential address, email address and telephone number;
• Amounts of personal pension contributions, how much you have paid into your pension, by what payment method and dates of payments;
• Amounts of pension contributions from your employer, the nature of those contributions (eg. salary sacrifice) and whether you have opted-out or stopped contributing to your workplace pension;
• Family and beneficiaries: if you provide us with information about your family or nominated beneficiaries it’s important that they are aware that you have done this, and we will treat their information in line with this policy;
• Special category data: some information about you requires additional protection. This will most likely be medical history or health data, where this has been provided by you, for example, for the purposes of accessing ill-health benefits. It also includes data about your religious, political or philosophical beliefs; racial or ethnic origin; sex life or sexual orientation; trade union membership or genetic/biometric data. It is very unlikely that we will request any of the latter information;
• Financial Data, which includes bank account and payment card details;
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website;
• Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
• Usage Data includes information about how you use our website, products and services;
• Third-party data, if you have agreed to allow another person (eg. employer, financial advisor or relative) to provide us with information about yourself. Or, if we have got information about you from an external source (eg. a identity verification provider through which we perform identity and anti-money laundering (AML) checks);
• Public sources: we may collect information about you from public sources. This includes the Electoral Register, Companies House or information published by the press or social media.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

5. How We Use What We Collect

We use information about you to:

• To sign you up as a Penfold customer and set up your Penfold account;
• To provide (and monitor and improve) our pension services to you eg. making contributions, fund choices, withdrawals, transfers, customer service, in-App services and website content;
• To perform our key pension administration services such as claiming tax relief, providing you with legal or regulatory communications, dealing with death or serious ill-health cases;
• Ensure your employer is performing their auto-enrolment obligations (eg. making payments on time, managing opt-outs, assisting with re-enrollment);
• Send you communications we think may be of interest to you or enable you to get full value from your Penfold pension eg. newsletters, emails;
• Ensure our compliance with key regulatory obligations such as ensuring that we know our customers and preventing financial crime, or other criminal or legal breaches;
• Identifying vulnerable customers to help us to decide if we need to take further action to assist them;
• Ensure that our key partners (who are essential to enable us to provide you with a pension service) can carry out their jobs. This includes:
• our staff in Estonia (employed by Penfold Technologies OU) that assist with the administration of your pension;
• our identity verification partner (to ensure that we and you are protected from fraud or financial crime);
• cloud-server companies (to store all of the data that we have safely and securely);
• payment processing companies (who ensure that your contributions are paid);
• employers (responsible for payment of workplace pensions);
• Other partners, with whom your employer (if we are providing their workplace pension) has an agreement with to provide employees with support or assistance with their pension arrangements;
• Ensure that we have effective risk management and audit arrangements. This means we may share some of your information with professional audit or legal advisers;
• Share with anyone who you have given us permission to share it with eg. persons who we partner with and may provide financial services to customers, people who you have asked to represent you, like solicitors, financial advisers or relatives;
• Assist authorities to prevent or stop financial crime, terrorism, money laundering, tax evasion or other legal or regulatory investigations. This may include other financial services providers, regulatory bodies, the police or any other third party where necessary to meet our legal obligations.
• Please note that we will only provide your information to third parties who have agreed to treat it confidentially and keep it secure.

6. The Legal Basis for Being Able to Collect your Information

UK law sets out specific reasons by which we can lawfully process your personal data. We’ll only use your personal data when one of these grounds is present. Below you can see how we use your personal data and the legal grounds for doing so. Please note that some legal grounds may be applicable to more than one type of data. We mention the most relevant one below.

We may also transfer your information (please see 'Personal Data We Collect') outside the UK for the purpose of providing our services to you. Where this is done we will have the appropriate protections in place to ensure that your data has equivalent protections to those provided by UK law.

Please contact us if you have any questions about any of the information provided:

Legal grounds: Consent

Your consent must be freely given, informed, specific, unambiguous and by a positive action by you.

Use of your information: Pension account information

You may have given us a letter of authority (LOA) stating that a third-party can manage or have access to your pension details.

Or, you may have a financial adviser, or other person assisting you with your finances, that you permit to have access to your pension details.

We will only provide third-party information that you have consented to them getting.

Use of your information: Third party data

We may request information about your family members, household or beneficiaries if this is necessary for the purposes of administering your Penfold pension. We will tell you why we are requesting this information. You may agree to provide us with this information.

Use of your information: Third party marketing

There may be products or services that our partners provide that we consider may be relevant to you. But, we will always get your consent before sharing your information with a third-party for marketing purposes.

You can opt-out of getting such marketing by contacting us or using the opt-out links that will be part of such marketing communications.

Use of your information: Medical Information

To decide on a request for early withdrawal on ill-health grounds we will require information from a medical professional or GP. Usually this will come from you, but we will ask for your consent if we need to contact them ourselves.

Use of your information: Vulnerability Information

You may provide us information about your personal circumstances that may reveal you are a vulnerable customer.

Use of your information: Cookies

On our website we use ‘third party’ cookies that collect information about how our individuals use our website. Please see our Cookies Policy for more information.

Legal Grounds: Necessary for the Performance of a Contract

Personal data that you provide may be used by us when it’s necessary to enter into or perform the contract.

Use of your information: Setting up and operating your Penfold pension

This covers the following, and may involve the transfer of your information to a third-party if it’s necessary for us to perform our contract with you:

• Processing your application (including necessary verification and AML checks);
• Making and receiving payments;
• Managing changes of personal details eg. address, bank account;
• Responding to your communications or complaints;
• Giving effect to your fund choices;
• Managing cancellation, transfer or withdrawal requests;
• Arranging for the safe custody and protection of your money or assets;
• Ensuring the security and integrity of your Penfold account (including the IT infrastructure that enables us to provide our service);
• Processing a ill health or death benefit claim;
• Arranging for tax relief;
• Notifying you of changes to our terms and conditions or other policies; and
• Administering your pension, in any way that is not caught above.

Use of your information: We use your personal data to comply with legal obligations, such as the following:

• Verifying your identity, residence and tax status to comply with laws on taxation and the prevention of financial crime, terrorist financing and sanctions compliance;
• Providing you with necessary legal and regulatory communications;
• Providing regulators and HMRC with mandatory returns or information;
• Complying with our regulatory or legal obligations as set out by such bodies as HMRC, the Financial Conduct Authority or The Pensions Regulator;
• Complying with court orders or requests for information from law-enforcement agencies, such as the police.

Legal Grounds: Necessary for Legitimate Interests

We use your information when we have a ‘legitimate interest’, and this interest is not outweighed by your privacy rights. Whenever we use this legal ground we balance the legitimate interest (either ours or another’s) against your reasonable expectations about how we use your data.

Use of your personal data: Use data analytics on customer use of our website or App.

• Legitimate interests: Ensuring the security and integrity of our website or App (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data;
• Legitimate interests: Maintaining up-to-date and correct records for purposes of audits, risk-management and financial stability of Penfold;

Use of your personal data: We may contact you to research our products or services, or invite you to take part in a competition. You will receive marketing communications from us if you have requested information from us or opened an account with us and you have not opted out of receiving that marketing.

• Legitimate interests: To ensure that we offer relevant and effective products or services that our customers can engage with, are suitable for them and provide value for money; to grow our business, develop our brand and ensure good communication with customers.

Use of your personal data: Use data analytics on your use of our website or App to improve our website, products/services, marketing, customer relationships and experiences

• Legitimate interests: To study how customers use our products/services, to develop them and make them more effective, to ensure appropriate targeting of customers, to grow our business and to inform our marketing strategy.

Use of your personal data: Provide partner organisations with information about customer fund choices, contribution, transfer or withdrawal activity.

• Legitimate interests: To assist us, our partners and our customers to better understand their pension choices and behaviours, to improve the efficiency of our service and enhance customer experience.

7. Use of Artificial Intelligence

We may use artificial intelligence (‘AI’) to support the provision of our products and services and to help us achieve the purposes for processing your personal data described in this notice. If we use AI to process your personal data for any new purposes, we’ll either update this notice or tell you separately that we are doing so. Examples of how we use AI includes things like helping with customer service queries.

We may also use your data to train and analyse the performance of our AI. We’ll only do this if it’s not possible to anonymise your data. We don’t allow third parties whose AI systems or models we use to use your personal data for their own training purposes.

8. What if You Don’t Want Us to Have Any of Your Information?

If you do not agree with the contents of this policy, you may wish to cease viewing/using this Website, and or refrain from submitting your personal data to us. But, this is likely to mean that we cannot provide services to you, and we may have to close any pension plans or accounts that you have with us.

The same applies if we need to ask you for information about yourself (or another person) and you do not provide that to us. This may mean that we cannot provide you with some, or all, of our products or services.

9. Your Rights

If you have any requests concerning your personal data or any queries with regard to this notice, please contact us through the Contact Us section of our Website.

We are registered with the Information Commissioner’s Office (ICO); our Registration number: ZA505781.

Information on the Data Protection Act 2018 and the General Data Protection Regulation (the GDPR) is also available on the Information Commissioner’s website at https://ico.org.uk/. Under the GDPR, your individual rights in relation to your personal data are as follows:

• the right to be informed about the personal data being processed,
• the right of access to the data,
• the right to rectification,
• the right to erasure,
• the right to restrict processing,
• the right to data portability (to receive electronic copy of your personal data),
• the right to object to processing of your personal data and
• the right not to be subject to automated decision-making. including profiling.

To make use of your rights please contact us via hello@getpenfold.com. If you are unhappy with our response you can make a complaint to the ICO via Make a complaint | ICO

10. Subject Access Rights

You have a right to a copy of and details of the personal data we hold about you. To obtain a copy of this, please contact us using the details set out in the Contact Us section of our Website. No charge will normally be made by us for providing this information. If your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.

11. Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

12. Technical Information

For the most part, you may visit our website without having to identify yourself. However, certain technical information is normally collected by us as a standard part of our services. This information relates to your IP address, information about your device and other technical information your browser provides us with, and data about your use of our website (such as when you use the website and how you interact with its content). If you call us, additional information such as your telephone number may be saved as a standard part of that communication.

12.1 Location Data

Certain services may involve the use of your location data. Use of your location data is, however, subject to your prior consent for each service.

Personal data obtained from third parties. We may obtain personal data about you from third party sources such as social media analytics, and from the following partners: Contego Solutions Limited (trading as “Northrow”) (company registered number 7358038).

12.2 How Do We Secure Your Personal Data?

We have robust procedures in place within our business:

• to protect data against accidental loss,
• to prevent unauthorised access, use, destruction or disclosure,
• to ensure business continuity and disaster recovery where required,
• to restrict access to personal information,
• to conduct privacy impact assessments in accordance with the law and our business policies,
• to train staff and contractors on data security, and
• to manage third party risks, through use of contracts and security reviews.

12.3 How Long Do We Keep Personal Data?

We will keep your personal data only for so long as we need to do so, depending upon the nature of the data and our processing, and the grounds upon which we collected it. Your personal data will be deleted if we no longer need it

But, even if you are no longer a Penfold customer, we are obliged to keep certain records of our relationship to comply with rules set out by the Financial Conduct Authority or The Pensions Regulator or for legitimate business purposes. For example some information about pension transfers must be kept indefinitely; we must keep records of opt-outs from workplace pensions for at least 4 years, and, generally, keep your personal details for up to 6 years, once our relationship has ended.

Information we use for marketing purposes will be kept by us until you notify us that you no longer wish to receive this information. If you do notify us that you no longer wish to receive marketing information, we will keep an encrypted version of your contact information to ensure we respect your wishes.

13. Other Websites

Our website may contain links to other websites which are outside the control of Penfold and are not covered by this privacy notice. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy notice which may be different to the privacy notice of Penfold. You should exercise caution and look at the privacy notice applicable to the website in question.

14. Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see Use of Cookies.

15. Use of Cookies

A cookie is a small piece of code, sent from a website to a user’s internet browser, which allows that website to track the user’s previous activity when they return to that website. This allows us to provide you with the experience that you expect from us and lets us continually improve our service.

You can block cookies by changing the settings on your browser, but if you do you will not be able to access all or parts of our website. The types of cookies we may use are:

• Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website. or make use of e-billing services.
• Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
• Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
• We do not have any control over the use of cookies by third parties, including our partners and affiliates. To manage cookies from third party websites, you will need to visit their site to adjust your settings.

If you want more information about how cookies operate, or how to manage them, please visit About Cookies at http://www.aboutcookies.org.uk/.

Use of this website is subject to our terms of use