Border to Coast Pensions Partnership Limited (“Border to Coast”, “we”, “our” and “us”) is a Data Controller and is committed to protecting the privacy and security of the Personal Data that we hold.
This notice is intended to explain how we collect, use and protect your Personal Data.
WHO WE ARE
Border to Coast is a UK based investment manager established to manage the assets of twelve local government pensions scheme funds. Our objective is to provide improved investment performance and investment outcomes for the funds we manage.Border to Coast is committed to handling Personal Data fairly and lawfully and takes its data protection obligations very seriously. Border to Coast ensures that it processes Personal Data in compliance with applicable data protection laws, including without limitation, the General Data Protection Regulation 2016/679 (“GDPR”) and any UK law equivalent.
WHAT IS PERSONAL DATA AND WHAT PERSONAL DATA DOES BORDER TO COAST HOLD?
The data protection laws define Personal Data as “data relating to living, identifiable individuals”. It should be noted that Border to Coast’s clients are corporate entities i.e. local government pension schemes rather than individuals. Border to Coast does not hold any Personal Data in relation to the underlying individual members of the pension schemes whose assets Border to Coast manages. Consequently, the Personal Data that we do hold is very limited and primarily relates to our employees, the business contacts within the local government pension schemes that we manage and the business contacts at our service providers, suppliers and other third parties.The information we collect and hold can be categorised as follows:
Employees and Prospective Employees – contact details, identification information, background checks, employment history, performance information, remuneration, healthcare and pension arrangements.We may also collect Sensitive personal information including race, ethnicity, religious beliefs, sexual orientation, health and trade union membership. We will only use this information where we need to provide appropriate adjustments, services or to enable meaningful equal opportunities monitoring.Also, information relating to criminal convictions and offences will only be collected and stored where this is necessary for carrying out the rights and obligations of the data controller (Border to Coast) or data subject (Colleagues or Candidates). This information will only be collected and used where there is requirement for a high level of trust and integrity needs to be demonstrated and relates to FCA approval processes for specific roles.
Clients – the names and business contact details of the individuals we interact with at our local government pension scheme clients together with background and identification information that we are required to collect for regulatory purposes.
Service Providers, Suppliers and Contractors – the names and business contact details of the individuals we interact with at our service providers, suppliers and contractors together with background and identification information that we are required to collect for regulatory purposes.
Other Business Partners / Contacts (e.g. banks, brokers, registrars, lawyers, accountants, actuaries, regulators, HMRC, investee companies, property agents etc) – the names and business contact details of the individuals we interact with at these entities together with background and identification information that we are required to collect for regulatory purposes.
HOW IS PERSONAL DATA COLLECTED?
Border to Coast uses different methods to collect Personal Data including the following:
- personal details provided directly by employees, candidates, their former employers, clients, suppliers & contractors and other business contacts; and
- Third parties and publicly available sources e.g. Companies House, Registrars and background employment and credit check providers.
It should be noted that the Border to Coast website does not capture or record any Personal Data relating to website users/visitors.
HOW DO WE USE PERSONAL DATA?
The Personal Data we obtain and hold is used to enable us to:
- provide investment, management and administration services to our clients;
- fulfil our contractual and other obligations to employees, candidates, suppliers, contractors and other business partners; and
- meet our legal and regulatory obligations.
Under the GDPR a firm must have a legal basis / justification for processing personal data. In the vast majority of instances, Border to Coast will use one of the following justifications:
- Performance of a contract;
- Compliance with legal obligations; and
- Legitimate business interests – in this instance the processing must be “necessary” and must balance the interests of the controller with the rights of the individual.
We may combine the Personal Data that we collect from Data Subjects with information obtained from other sources to the extent permitted by law.
It is important that the Personal Data we hold is accurate and current and, therefore, you, the Data Subject, should advise us as soon as possible in the event of any changes.
WHO DO WE DISCLOSE PERSONAL DATA?
We will only use your Personal Data for our internal business purposes. We do not sell any Personal Data to third parties and we do not share Personal Data with third parties for the third parties’ marketing purposes.However, we may need to disclose Personal Data strictly on a need to know basis to our service providers, contractors, suppliers and other parties such as banks, brokers, registrars, lawyers, accountants, actuaries, regulators, payroll, pension providers, life assurance provider and HMRC.All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
WHAT DO WE DO TO KEEP PERSONAL DATA SECURE?
We have put in place appropriate physical and technical measures to safeguard the Personal Data we collect in connection with our services. In addition, we limit access to Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Personal Data on our instructions and are subject to a duty of confidentiality.However, please note that although we take appropriate steps to protect Personal Data no device, computer system, transmission of data or wireless connection is completely secure and, therefore, we cannot guarantee the absolute security of Personal Data.
INTERNATIONAL TRANSFER OF PERSONAL DATA
The Personal Data that we collect may be stored and processed in the European Economic Area (“EEA”) or transferred to, stored at or otherwise processed outside the EEA. Where Personal Data is transferred outside the EEA we will take all steps reasonably necessary to ensure that the Personal Data is kept secure and treated in accordance with this Data Protection Notice and the requirements of applicable law wherever the data is located. Appropriate transfer agreements and mechanisms (such as the EU Model Clauses) will be put in place to help ensure that our third party service providers provide an adequate level of protection for Personal Data. We will only transfer Personal Data outside the EEA in accordance with applicable laws or where the Data Subject has given us consent to do so.
DATA RETENTION – HOW LONG IS PERSONAL DATA STORED / KEPT?
Border to Coast retains Personal Data in line with its Information Governance and Record Retention Policies and for as long as necessary to fulfil the purposes for which the Personal Data has been collected as outlined in this Data Protection Notice unless a longer retention period is required by law. Personal Data is kept under regular review to ensure that it is not held longer than is strictly necessary, whilst taking account of Border to Coast’s other regulatory obligations such as the requirement to retain evidence of anti-money laundering checks or Regulated references.When Personal Data is no longer required for the purpose it was collected or as required by applicable law, it will be deleted or in certain circumstances returned to the Data Subject in accordance with applicable law.
ACCESSING PERSONAL DATA AND YOUR RIGHTS
Border to Coast will collect, store and process Personal Data in accordance with the Data Subject’s rights under the GDPR. Under certain circumstances the Data Subject has the following rights in relation to their Personal Data:
- the right to request details of their Personal Data held by Border to Coast and to request copies of such information.
- where Border to Coast’s use of Personal Data is based upon their consent, the right to withdraw such consent at any time;
- the right, in certain circumstances, to request Border to Coast to transmit their Personal Data direct to another organisation;
- the right to request Border to Coast to rectify or update any Personal Data that is incorrect or complete;
- the right to have Personal Data erased in certain specified circumstances;
- the right to request Border to Coast to stop processing their Personal Data and to only store such Personal Data;
- the right to object to specific types of processing of Personal Data, for example where it is being used for direct marketing; and
- the right, in certain circumstances, not to be subject to decisions being taken solely on the basis of automated processing (e.g. profiling).
HOW CAN A DATA SUBJECT ENFORCE THEIR RIGHTS?
If you wish to enforce any of your rights under the GDPR please contact us using the details at section 14. A response to the request will be made without undue delay and no later than one month from receipt of such a request. We will not charge a fee for processing such a request.If you are concerned that we have not complied with your legal rights under applicable Data Protection Laws, you may contact the Information Commissioner’s Office (www.ico.gov.uk) which is the data protection regulator in the UK. Alternatively, if you are based outside the UK, you may contact your local data protection supervisory authority.
THIRD-PARTY LINKS AND PRODUCTS ON OUR SERVICES
Our websites, applications and products may contain links to other third party websites that are not operated by Border to Coast, and our website may contain applications that you can download from third parties. These linked sites and applications are not under Border to Coast’s control and, as such, we are not responsible for the privacy practices or the content of any linked websites and online applications. If you choose to use any third party websites or applications, any Personal Data collected by the third party’s website or application will be controlled by the Data Protection Notice of that third party. We strongly recommend that you take the time to review the privacy policies of any third parties to which you provide Personal Data.
CHANGES TO THIS DATA PROTECTION NOTICE
We will update this Data Protection Notice from time to time and hence it is important to check the “Date Notice Last Updated” legend at the bottom of this Notice. Any changes will become effective upon our posting of the revised Data Protection Notice.We will provide notice to Data Subjects where any of the changes are material and, where required by applicable law, we will obtain your consent. We will provide this notice by e-mail or by posting notice of the changes on our website.
CONTACT US / FURTHER INFORMATION
If you have any questions concerning the content of this Data Protection Notice, including any requests to exercise your legal rights, the relevant contact details are set out below.