Privacy Policy

We take privacy seriously.  We are committed to ensuring the security of your personal information (your ‘personal data’).  This notice (together with our cookies policy and  terms of use) sets out how we obtain, use, store and dispose of your personal data.  If we make changes to how we use your data it will be explained on this page.

How we use your data depends on the services we’re providing and this is explained in each of the areas below.

Unless otherwise stated:

  • “We” and “XPS Pensions Group” includes the following companies:
    • XPS Pensions Group plc 
    • Punter Southall Limited
    • PS Administration Limited
    • Punter Southall Investment Consulting Limited
    • Xafinity Consulting Limited
    • Xafinity SIPP Services Limited

It also includes the above companies when trading as:

    • XPS Administration
    • XPS Group
    • XPS Investments
    • XPS Pensions
    • XPS Pensions Group
    • XPS Transactions
    • XafinitySimply SIPP
    • XafinitySIPP
    • XafinitySSAS
  • “You”, “the user” and “data subject” means the person about whom we hold data.

We use the term “data controller” and “data processor” throughout this document.  In simple terms: 

  • A “data controller” is the person who determines what data to collect and how to use it.
  • A “data processor” acts for a data controller and is instructed by the data controller on what data to collect and how to use it.

Both a data controller and a data processor are legally responsible for ensuring that data is handled in accordance with the laws on data protection.

Set out below are details of how each part of the XPS Pensions Group processes data for each of its services.  Click on each link to read more.

 

The Scheme Actuary’s role is mainly to advise the trustees on how well the pension scheme is funded.  In order to be able to advise the trustees, the Scheme Actuary may need to access personal scheme member information.

The Scheme Actuary is a Data Controller alongside the pension scheme trustees. 

In some cases the Scheme Actuary will act “in common” with the pension scheme trustees and in other cases the Scheme Actuary will act “jointly” with the pension scheme trustees. In either case, both are legally responsible for compliance with data protection laws in relation to each of their respective processing activities. 

Scheme member data is provided by the pension scheme trustees and their appointed pension scheme administrator.  Some information may also be provided directly by the sponsoring employer.

Certain calculations and advice must, by law, be provided by the Scheme Actuary to the pension scheme trustees. 

Your data will only be used by the Scheme Actuary in accordance with the Terms of Engagement with the pension scheme trustees and professional guidance standards.  The Scheme Actuary will only ask for your personal information if it is necessary to provide these specific services.

Your information is used to:

  • advise on and value the pension scheme’s liabilities, and assess how any shortfall can be funded;
  • advise on or calculate the benefits available to individuals under various scheme options (e.g. on transfer to another scheme); and
  • advise the pension scheme trustees on the scheme’s investments.

The information the Scheme Actuary may need about you in order to provide this service includes:

  • name;
  • date of birth;
  • sex;
  • marital status and dependant’s date of birth and sex;
  • address;
  • employment service information;
  • salary and pension amounts; and
  • whether a pension in payment resulted from ill health retirement. In this circumstance, the Scheme Actuary does not process data about your state of health, only that you are in receipt of such a pension, and this data will only be used if passed to the Scheme Actuary by the scheme trustees or pension scheme administrator.

Information is only shared with third parties if it’s necessary for the provision of services as the Scheme Actuary.  This means that your information may be shared with:

  • the pension scheme trustees;
  • our Associates, but only for the purposes of providing Scheme Actuary services to the pension scheme trustees;
  • law enforcement agencies (subject to any requests being legally made);
  • regulators as required (including HMRC, the Pensions Regulator, the Financial Conduct Authority and the Information Commissioner’s Office);
  • fraud prevention agencies so that we may comply with money laundering and financial crime prevention laws; and
  • certain approved suppliers used by XPS Pensions. These may include suppliers of printing and mailing services, offsite storage, hosting of administration systems, computer systems databases, information technology services and electronic and paper documentation management.

Your data is not shared with any other party and will not be transferred to anyone outside the European Economic Area.

You have the right to:

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete; and
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully.

XPS Pensions’ role is to provide the pension scheme trustees and / or sponsoring employer defined benefits scheme actuarial consulting services.  As these services are aimed at the pension scheme trustees and the sponsor of those pension funds, we do not normally seek to process your personal information. 

However, we are very aware that in dealing with the pension scheme trustees, the sponsor of those pension funds and the appointed advisers and administrators, we may process your personal information. 

The XPS Pensions group company working with your pension acts as a Data Controller alongside the pension scheme trustees and / or sponsoring employer.  In some cases we will act “in common” with the pension scheme trustees and / or sponsoring employer and in other cases we will act “jointly” with the pension scheme trustees and/or sponsoring employer.  In either case, both are legally responsible for compliance with data protection laws in relation to each of their respective processing activities. 

Your data is provided to us by the pension scheme trustees and their appointed pension scheme administrator. Some information may also be provided directly by the sponsoring employer.

XPS Pensions has what’s called a ‘legitimate interest’ to process your data, via an appointment by the pension scheme trustees and / or sponsoring employer to provide actuarial consulting services.

Your data will only be used in accordance with our Terms of Engagement with the pension scheme trustees and / or sponsoring employer and only if it is necessary for us to undertake these services.

Your information will be used to:

  • advise the pension scheme trustees and / or sponsoring employer on the pension scheme’s assets and liabilities including calculating and valuing benefits;
  • provide technical guidance on pensions legislation to the trustees, the sponsoring employer and certain members of the pension scheme.

The information we need about you in order to provide these services includes:

  • name;
  • date of birth;
  • sex;
  • marital status and dependant’s date of birth and sex;
  • address;
  • employment service information;
  • salary and pension amounts; and
  • whether a pension in payment resulted from ill health retirement. In this circumstance, we don’t process data about your state of health, only that you are in receipt of such a pension, and this data will only be used if passed to us by the scheme trustees or pension scheme administrator.

We only share your information with third parties if it is necessary for us to provide our services. This means that your information may be shared with:

  • the pension scheme trustees and / or sponsoring employer;
  • the pension scheme administrator and the various advisers appointed by the pension scheme trustees;
  • our Associates, but only for the purposes of providing actuarial consulting services to the pension scheme trustees and / or sponsoring employer);
  • certain approved suppliers used by XPS Pensions. These may include suppliers of printing and mailing services, offsite storage, hosting of administration systems, computer systems databases, information technology services and electronic and paper documentation management.

Your data is not shared with any other party and will not be transferred to anyone outside the European Economic Area.

You have the right to:

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully;
  • object to our processing based on legitimate interests; however, you must have grounds (to object) based on your particular situation.
  • The Scheme Actuary’s role is mainly to advise the pension scheme trustees on how well the pension scheme is funded. In order to be able to advise the trustees, the Scheme Actuary may need to access your personal information; 
  • XPS Pensions’ role is to provide the pension scheme trustees and / or sponsoring employer, defined benefits scheme actuarial consulting services. As these services are aimed at the pension scheme trustees and the sponsor of those pension funds, we do not normally seek to process your personal information.  However, we are very aware that in dealing with the pension scheme trustees, the sponsoring employer and the appointed advisers and administrators, we may process your personal information. 

The Scheme Actuary is a Data Controller alongside the pension scheme trustees.  The XPS Pensions group company acts as a Data Controller alongside the pension scheme trustees and / or sponsoring employer. 

In some cases the Scheme Actuary and the XPS Pensions group company working with your pension will act “in common” with the pension scheme trustees and / or sponsoring employer and in other cases we will act “jointly” with the pension scheme trustees and / or sponsoring employer. 

In either case, both are legally responsible for compliance with data protection laws in relation to their respective processing activities.

Your data is provided to us by the pension scheme trustees and their appointed pension scheme administrator. Some information may also be provided directly by the sponsoring employer.

  • The Scheme Actuary must, by law, provide certain calculations and advice to the pension scheme trustees;
  • XPS Pensions has what’s called a ‘legitimate interest’ to process your data, via an appointment by the pension scheme trustees and / or sponsoring employer to provide these Services.

Your data will only be used in accordance with our Terms of Engagement with the pension scheme trustees and / or sponsoring employer and only if it is necessary for us to undertake these services.

Your information will be used to:

  • advise on and value the pension scheme’s liabilities, and assess how any shortfall can be funded;
  • advise on or calculate the benefits available to individuals under various scheme options (e.g. on transfer to another scheme);
  • advise the pension scheme trustees on the scheme’s investments;
  • provide technical guidance on pensions’ legislation to the trustees, the sponsoring employer and certain members of the pension scheme.

The information we need about you in order to provide these services includes:

  • name;
  • date of birth;
  • sex;
  • marital status and dependant’s date of birth and sex;
  • address;
  • employment service information;
  • salary and pension amounts; and
  • whether a pension in payment resulted from ill health retirement. In this circumstance, we don’t process data about your state of health, only that you are in receipt of such a pension, and this data will only be used if passed to us by the scheme trustees or pension scheme administrator.

 

We only share your information with third parties if it is necessary for us to provide our services. This means that your information may be shared with:

  • the pension scheme trustees and / or sponsoring employer;
  • the pension scheme administrator and the various advisers appointed by the pension scheme trustees;
  • our Associates, but only for the purposes of providing our services to the pension scheme trustees and / or sponsoring employer);
  • law enforcement agencies (subject to any requests being legally made);
  • regulators as required (including HMRC, the Pensions Regulator, the Financial Conduct Authority and the Information Commissioner’s Office);
  • fraud prevention agencies so that we may comply with money laundering and financial crime prevention laws; and
  • certain approved suppliers used by XPS Pensions. These may include suppliers of printing and mailing services, offsite storage, hosting of administration systems, computer systems databases, information technology services and electronic and paper documentation management.

Your data is not shared with any other party and will not be transferred to anyone outside the European Economic Area.

You have the right to:

  • request copies of the personal data we hold about you and we will provide that within 30 calendar days. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully;

You also have the right, although only in respect of our provision of actuarial consulting services, to: 

  • object to our processing based on legitimate interests; however, you must have grounds (to object) based on your particular situation.

XPS Investments’ role is to provide the pension scheme trustees and / or sponsoring employer defined benefits scheme and/or defined contribution scheme investment consulting services.  In this Notice we refer to ‘pension scheme trustees and/or sponsoring employers’ as ‘our client’. As these services are aimed at our client, we do not normally seek to process your personal information.

However, we are very aware that in dealing with our client and the appointed advisers and administrators, we may process your personal information.

The XPS Pensions Group company working with your pension acts as a Data Controller alongside our client. In some cases the Investment Adviser will act “in common” with our client and in other cases the Investment Adviser will act “jointly” with our client. In either case, both are legally responsible for our own compliance with data protection laws in relation to each of our respective processing activities.

Your data is provided to us by the pension scheme trustees and their appointed pension scheme administrator. Some information may also be provided directly by the sponsoring employer.

XPS Investments has what’s called a ‘legitimate interest’ to process your data, via an appointment by our client to provide investment consulting services.

Your data will only be used in accordance with our Terms of Engagement with our client and only if it is necessary for us to undertake these services.

Your information will be used to advise the pension scheme trustees and / or sponsoring employer on the pension scheme’s assets strategy, including the possible purchase of annuities.

We only share your information with third parties if it is necessary for us to provide our services. This means that your information may be shared with:

  • the pension scheme trustees and / or sponsoring employer;
  • the pension scheme administrator and the various advisers appointed by the pension scheme trustees;
  • our Associates, but only for the purposes of providing investment consulting services to our client);
  • certain approved suppliers used by XPS Investments. These may include suppliers of printing and mailing services, offsite storage, hosting of administration systems, computer systems databases, information technology services and electronic and paper documentation management.

Your data is not shared with any other party and will not be transferred to anyone outside the European Economic Area.

You have the right to:

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully;
  • object to our processing based on legitimate interests; however, you must have grounds (to object) based on your particular situation.

When providing the XafinitySIPP and the SimplySIPP, Xafinity SIPP Services Limited is a Data Controller.  This means that we’re legally responsible for complying with data protection laws.

When providing the XafinitySSAS, Xafinity SIPP Services Limited is a Data Controller in common with the SSAS trustees.  This means that we are each legally responsible for our own compliance with data protection laws in relation to each of our respective processing activities.   

We take this from your completed application form together with any other data provided by you or your appointed financial adviser or other personal representative.

When you sign a Xafinity SIPP application, you enter into a contract with Xafinity to allow us to set up and administer the SIPP.  It is therefore necessary for Xafinity to process your data in order to do this.

For the Xafinity SSAS, Xafinity has what’s called a ‘legitimate interest’ to process your data, via an appointment by the Trustees to provide administration services to the scheme.  Xafinity processes your data under this service agreement in order to administer the scheme.    

For SIPP and SSAS, Xafinity also processes your data in order to comply with our legal obligations as Trustee and/or Scheme Administrator (as defined by HMRC) of the scheme. 

‘Administering’ your pension plan means:

  • managing contributions made to the SIPP or SSAS;
  • arranging investments as instructed by you (SIPP member or SSAS trustees), your financial adviser or other personal representative;
  • issuing you with information about your benefits under the SIPP or SSAS (including quotations);
  • paying claims from the scheme;
  • providing annual valuations and, for the SIPP, illustrations of your prospective benefits as required by law;
  • notifying you of any changes to Xafinity’s terms and conditions as required; and
  • notifying you of any regulatory changes that may affect the contributions allowable into, and benefits out of, your SIPP or SSAS.

‘Legal processing’ may include:

  • disclosing details to HMRC for tax purposes;
  • disclosure to law enforcement agencies and courts;
  • various regulatory returns to Financial Conduct Authority and/or the Pensions Regulator.

Your data will only be used by Xafinity for these purposes.

We only ask you for information about you that is necessary to set up and administer your SIPP or SSAS; without this information, we may not be able to provide these services.  The information we need about you in order to provide these services includes:

  • personal information, including full name, approximate salary, national insurance number, date of birth and planned retirement age;
  • eligibility criteria including your nationality, residency, employment status and if you are a member of your employer’s pension scheme;
  • if you are subject to a bankruptcy order;
  • your contact details (postal address, e-mail and phone number);
  • contribution information;
  • beneficiary information (where appropriate);
  • your bank details (when you wish to start taking benefits);
  • other pension schemes of which you are a member (should you wish to transfer benefits into or out of your SIPP or SSAS; and
  • health information, including medical reports. We will only ask for this information if you wish to claim benefits on health grounds and we will need your specific consent in this instance.   

We’ll only share your data with third parties if it’s necessary to administer your SIPP or SSAS. This means that your information may be shared with:

  • any party appointed by you, including your investment managers, legal and financial advisers, or personal representatives;
  • investment providers holding your SIPP or SSAS’s underlying assets;
  • the SIPP or SSAS client bank provider;
  • law enforcement agencies (subject to any requests being legally made);
  • fraud prevention agencies so that we may comply with money laundering and financial crime prevention laws;
  • regulators as required (including HMRC, the Pensions Regulator, the Financial Conduct Authority, the Information Commissioners Office);
  • certain approved suppliers used by Xafinity. These may include suppliers of payroll services, printing and mailing services, offsite storage, suppliers of administration systems, hosting of various computer systems, information technology services and electronic and paper documentation management; and
  • other pension schemes of which you are a member (should you wish to transfer benefits into or out of your SIPP).

We’ll need your consent (or that of your personal representative) to share your data with anybody else.

Your data will not be transferred to anyone outside the European Economic Area.

You have the right to:

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully;
  • withdraw your consent to us processing your health information (which we will only obtain for the purposes of you claiming benefits on health grounds). Any processing we undertake shall remain lawful until such time as you withdraw consent; and
  • for SSAS only, to object to our processing based on legitimate interest; however you must have grounds (to object) based on your particular situation.

When providing the XafinitySIPP and XafinitySSAS, we deal with pension scheme property (including commercial land) investments for our clients, including the underlying property tenants.

Where personal data is obtained, Xafinity SIPP Services Limited is a Data Controller (XafinitySIPP) or a Data Controller (XafinitySSAS) in common with the SSAS trustees. This means that we’re legally responsible for complying with data protection laws.

We take this from our property lease questionnaire and the executed lease, together with any other data provided by you or your appointed solicitor. We may receive these directly from you, the SIPP member(s) or SSAS trustees.

We provide services to our SIPP and SSAS clients in order to administer their pensions.  In working alongside our clients, their advisers, or directly with you, we may process your personal information.

We administer our clients’ pensions under our contractual documentation and so have a “legitimate interest” to process your data in order to provide our services.  This is a necessary requirement otherwise we will not be able to provide our services.  

Processing your data may include administrative back up on:

  • property insurance;
  • rent payments, rent reviews and lease renewals;
  • VAT returns when applicable;

Your data will only be used by Xafinity for these purposes.

We only ask you for information about you that is necessary to provide our services to our clients (SIPP member(s) or SSAS trustees).  The information we need about you in order to provide these services includes:

  • formal tenant(s) details;
  • your contact details (postal address, e-mail and phone number);

Although not deemed personal data, we also need details on rent being, or to be, paid, together with the lease rent review dates and expiry date.

We’ll only share your data with third parties if it’s necessary to provide our services to our clients.  This means that your information may be shared with our clients including any of their personal representatives, together with;

  • lenders (to the pension scheme), the various appointed legal, financial and environmental advisers and other property parties such as surveyor or valuer, insurer, manager, head-tenant, developers and if applicable, 3rd party owner(s);
  • a prospective purchaser if and when the property is to be sold;
  • law enforcement agencies (subject to any requests being legally made) and fraud prevention agencies so that we may comply with money laundering and financial crime prevention laws; and
  • certain approved suppliers used by Xafinity. These may include suppliers of printing and mailing services, offsite storage, information technology services and electronic and paper documentation management.

We’ll need your consent (or that of your personal representative) to share your data with anybody else.

Your data will not be transferred to anyone outside the European Economic Area.

You have the right to:

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully; and
  • to object to our processing based on legitimate interest; however you must have grounds (to object) based on your particular situation.

Our role is to provide your pension scheme with administration services. As these services are provided to the pension scheme trustees or your employer, we do not seek to process your personal information for our own purposes.

XPS Administration is a Data Processor for the pension scheme trustees or your employer. The pension scheme trustees or your employer are the Data Controller.

The pension scheme trustees or your employer will give you a full privacy notice explaining how they use your information. The information set out below is to help you understand what XPS Administration does with your information when we provide our services.

Where you have subsequently left your employer, references to ‘employer’ in this notice also mean your former employer.

The pension scheme trustees or your employer give us details of all members of the pension scheme.  You may have provided some of this information in an application form that you completed to join the scheme.

We have a contract (known as a Terms of Engagement) with the pension scheme trustees or your employer to administer the scheme on their behalf.

Your data will only be used in accordance with our Terms of Engagement with the pension scheme trustees or your employer and only if it is necessary for us to undertake these services.

Administering your pension scheme means:

  • managing contributions made to the scheme;
  • arranging investments as instructed by you or the trustees;
  • issuing you with information about your benefits under the scheme (including quotations);
  • paying claims from the scheme;
  • providing valuations; and
  • dealing with queries from pension scheme members.

Your data will only be used by XPS Administration for these purposes.

Your information is provided to us by the pension scheme trustees or your employer (or you, if you completed an application form).  We may ask you for information on behalf of the pension scheme trustees, but this will only be for the purposes of administering your pension scheme, such as when you decide to take benefits from the scheme.  

Your data may be shared with certain approved suppliers used by XPS Administration.  These include suppliers of printing and mailing services, offsite storage, suppliers of administration systems, hosting of various computer systems, information technology services and electronic and paper documentation management.

We may also be obliged to share your data with:

  • law enforcement agencies (subject to any requests being legally made);
  • fraud prevention agencies so that the scheme may comply with money laundering and financial crime prevention laws;
  • regulators as required (including the Pensions Regulator); and
  • other parties as disclosed in the pension scheme trustee’s full privacy notice.

We’ll need your consent (or that of your personal representative) to share your data with anybody else and your data won’t be transferred to anyone outside the European Economic Area.

The pension scheme trustees will provide you with full information about your rights.  When we provide administration service, you have the right to:

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully; and
  • withdraw your consent to us processing your health information (which will only be the case if you have sent us that information). Any processing we undertake shall remain lawful until such time as you withdraw consent.

XPS Group’s role is to provide employers with Healthcare consulting services.  As these services are aimed at your employer who is the scheme’s sponsor, we do not normally seek to process your personal information. 

However, we are very aware that in dealing with your employer, we may process your personal information. 

XPS Group is a Data Processor for the Healthcare Scheme’s sponsoring employer. 

Your employer gives us details of the employees who are or will be members of your employer’s Healthcare Scheme.  Where you have subsequently left your employer, references to ‘employer’ in this notice also mean your former employer.

 

XPS Group process your data, via an appointment by the pension scheme trustees and / or sponsoring employer to provide Healthcare consulting services.

Your data will only be used in accordance with our Terms of Engagement with the pension scheme trustees and / or sponsoring employer and only if it is necessary for us to undertake these services.

We use your information to liaise with the insurer who will set up and administer the Healthcare Scheme for your employer.  We will also deal with queries from employees who are members of the Healthcare Scheme.  It is therefore necessary for XPS Group to process your data in order to do this. ‘Setting up’ and ‘administering’ the Healthcare Scheme means:

  • Working with the insurer and your employer to obtain the best cover and rates for the Scheme;
  • Dealing with any queries you may have about the Scheme (including any claims); and
  • Providing a continuation service if you leave the employer but want to continue as a member of the Scheme.

Your data will only be used by XPS Group for these purposes.

We do not ask you for any information directly. The only information you need to give is that required by the Scheme’s insurer when you become a member or when you make a claim. This will be requested by an application form or claim form. You can always send this directly to the insurer.

If you provide us with information we’ll share this with the insurer providing your Healthcare Scheme.  Your data may also be shared with certain approved suppliers used by XPS Group.  These include suppliers of printing and mailing services, offsite storage, suppliers of administration systems, hosting of various computer systems, information technology services and electronic and paper documentation management.

We may also be obliged to share your data with:

  • law enforcement agencies (subject to any requests being legally made);
  • fraud prevention agencies so that we may comply with money laundering and financial crime prevention laws; and
  • regulators as required (including the Financial Conduct Authority).

We’ll need your consent (or that of your personal representative) to share your data with anybody else and your data won’t be transferred to anyone outside the European Economic Area.

You have the right to:

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully;
  • withdraw your consent to us processing your health information (which will only be the case if you have sent us that information). Any processing we undertake shall remain lawful until such time as you withdraw.

XPS Pensions’ role is to provide financial advisers with calculations that allows the financial adviser to provide advice on transferring pensions from defined benefit schemes.  As these services are aimed at the financial adviser, we do not normally seek to process your personal information. 

However, we are very aware that in dealing with your adviser, we may process your personal information. 

XPS Pensions is a Data Processor for the financial adviser. 

You financial adviser gives us details of the individuals who have appointed them because those individuals are considering transferring from an employer’s defined benefit scheme.  The financial adviser must carry out a financial comparison between the defined benefit scheme and an arrangement you might be transferring to.  Our role is to provide that financial comparison. Where you have subsequently left your employer, references to ‘employer’ in this notice also mean your former employer.

XPS Pensions process your data, via an appointment by the financial adviser to provide pension transfer comparison services.

Your data will only be used in accordance with our Terms of Engagement with the financial adviser and only if it is necessary for us to undertake these services.

Providing a pension transfer comparison service means:

  • obtaining information about the pension scheme of which you are a member or deferred member;
  • calculating your entitlement under that scheme; and
  • providing a comparison between your employer’s pension scheme and an alternative scheme.

Your data will only be used by XPS Pensions for these purposes

We do not ask you for any information directly. Your information is provided to us by your financial adviser.

Your data may be shared with certain approved suppliers used by XPS Pensions.  These include suppliers of printing and mailing services, offsite storage, suppliers of administration systems, hosting of various computer systems, information technology services and electronic and paper documentation management.

We may also be obliged to share your data with:

  • law enforcement agencies (subject to any requests being legally made);
  • fraud prevention agencies so that we may comply with money laundering and financial crime prevention laws; and
  • regulators as required (including the Financial Conduct Authority).

We’ll need your consent (or that of your personal representative) to share your data with anybody else and your data won’t be transferred to anyone outside the European Economic Area.

You have the right to:

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully;
  • withdraw your consent to us processing your health information (which will only be the case if you have sent us that information). Any processing we undertake shall remain lawful until such time as you withdraw consent.

Xafinity Consulting Limited, Punter Southall Limited, Punter Southall Investment Consulting Limited and PS Administration Limited (collectively XPS Pensions Group) and Xafinity SIPP Services limited (“we” for the purposes of this section and “we” shall be interpreted accordingly) may from time to time contact you to inform you about products and services we offer.

We are Data Controllers and this means that we are legally responsible for compliance with data protection laws when we use your data. 

We will collect information relating to you that you provide when you:

  • register on our Websites (Xafinity.com and puntersouthall.com);
  • fill in a contact form on our Websites;
  • become a XPS Pensions Group client with us for any service;
  • login to www.xafinity.com;
  • respond to a survey;
  • request to download guides or other resources on our Websites;
  • you attend a seminar/event and agree in principal to our marketing communications; or
  • otherwise opt-in to receive communications from us.

We do occasionally purchase lists of contact details and will only do so from reputable brokers.  We will undertake thorough due diligence to ensure we only provide communications as ‘business to business’ and that we believe will be relevant to you;

Note our Websites:

  • use cookies to distinguish you from other users. Details of the cookies we use are set out in our separate Cookies Policy;
  • include social media features, such as the ‘Share This’ button. We collect information from social media activity. Depending on the network this will include basic account information such as name, email address, company and job title and any other details you choose to share according to your particular social media account settings. Your interactions with these features are governed by the privacy statement of the companies that provide them;
  • include external links to third party websites. We have no control over and are not responsible for these websites or the use of your information by third parties. You should check the privacy notices on any third party websites to ensure that you are satisfied regarding their privacy practices, prior to sharing any personal information.

 

 

We’d like to keep you up to date with information about our events, products and services by providing you with company news, product and technical information and updates, and survey participation (our marketing communications).

For the purposes of this privacy notice, your data will only be used to provide our marketing communications. 

We use the information we collect from any social media activity to help us improve our understanding of our users and what they want. We may use it to assist us in arranging more personalised commercial opportunities. We also use this information to ensure we provide the best possible content, tailoring where we can to our users interests. We never disclose your personal details.

Although we hope you find our communications informative, you can decide to stop them by clicking on the unsubscribe link which will be provided at the bottom of all marketing communications.  Alternatively you can contact us, the details of which are provided at the end of this notice. 

Where we collected your information prior to 25th May 2018 we have recorded you under ePrivacy Regulations as: 

  • a ‘business to business’ subscriber (e.g. a company or a limited liability partnership) and so we have a ‘legitimate interest’ to process your data for the purposes of providing company news, product and technical information and updates, and survey participation (our marketing communications);
  • an ‘individual’ subscriber and so have obtained your explicit agreement to us providing our marketing communications.

Where collection of your information is after 25th May 2018;

  • we obtain your explicit agreement to us providing our marketing communications.

The information we ask about you is as follows:

  • Full name;
  • Company Name & Address
  • Phone number
  • E-mail address;

We may share your data between associated companies, but only where relevant to you, and not with any other parties.

Your data is not shared with, or will be sold to, any other party and will not be transferred to anyone outside the European Economic Area.

You have the right to:

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully;
  • object to us providing you with marketing communications. Every communication we send you will include your right to opt-out of receiving marketing communications. Alternatively, our contact details are provided at the end of this notice.

XPS Pensions are a Data Controller when providing Expert Witness services.  We only process personal information on the instruction of an instructing solicitor.  We are also legally responsible for complying with data protection laws. 

Our instructing solicitor gives us details of your data.  If you have provided a letter of authority, additional information may have been received from your employer and / or its pension scheme.

XPS Pensions has what’s called a ‘legitimate interest’ to process your data, via an appointment by our instructing solicitor to provide Expert Witness services.  Your data will only be used in accordance with this appointment and only if it is necessary for us to undertake these services.

We may be provided with ‘Special category personal data’, for example whether a pension in payment resulted from ill health retirement.  In this circumstance, we don’t process data about your state of health, only that you are in receipt of such a pension, or eligible for one, and this data will only be used if passed to us by our instructing solicitor, or is included in legal productions for Court.

We use your information to assess loss of pension rights or loss of earnings.

Your data will only be used by us for these purposes.

We do not ask you for any information directly.  The only information we process is that provided by our instructing solicitor. Typically this will include:

  • dates of birth and retirement;
  • date of marriage and separation (divorce cases);
  • date of incident (pension loss cases);
  • service dates and dates of incidents;
  • salary history;
  • accrued and prospective pension rights including special terms and conditions; and
  • eligibility for ill health benefits.

Your information will only be shared with offsite storage firms as approved suppliers used by XPS Pensions.

We may also be obliged to share your data with:

  • law enforcement agencies (subject to any requests being legally made); and
  • fraud prevention agencies so that we may comply with money laundering and financial crime prevention laws.

We will need your consent (or that of your personal representative) to share your data with anybody else.

Your data will not be transferred to anyone outside the European Economic Area.

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully;
  • object to our processing based on legitimate interests; however, you must have grounds (to object) based on your particular situation.

When you buy shares in XPS Pensions Group plc it is a legal requirement that your name, address and the number of shares you hold are made available on a Register of Members.  XPS Pensions Group plc’s share registrar is Equiniti Group plc and they administer shareholder information on our behalf.

XPS Pensions Group plc acts as a Data Controller when holding shareholder information.  We have appointed Equiniti Group plc to carry out share registration services and in providing this service Equiniti acts as a Data Processor.  You can find detailed information about how Equiniti process shareholder information on their website (https://equiniti.com/uk/privacy/) and we have also included key information about how we both process your information in this section.

Your data is collected when you apply to trade in XPS Pensions Group plc shares.  Information may also be collected if you contact either XPS Pensions Group plc or Equiniti Group plc via e-mail, phone, live chat, social media channels etc. 

When administering the Share Register, Equiniti Group plc may also obtain information from third parties when carrying out identity and financial crime checks, including information from credit reference agencies, fraud detection agencies and registration/stockbroking industry exchanges.

XPS Pensions plc Group has a legal requirement to process your data in order to comply with the laws for listed companies (including rules for trading on a stock exchange).  This includes keeping a register of shareholders as well as communicating required information such as details of General Meetings, dividend information and other important shareholder news.

Once you cease to hold shares, XPS Pensions Group plc has a legitimate interest in retaining your information for legal and regulatory purposes.

The information we need about you in order to meet our responsibilities includes:

  • name;
  • address;
  • phone number and other contact information such as e-mail address;
  • identification numbers (such as an account number);

XPS Pensions Group plc will only use your data for these purposes.

We only share your information with third parties if it is necessary or a legal requirement. This means that your information may be shared with:

  • Equiniti Group plc for the purposes of providing shareholder services;
  • Service suppliers to facilitate website, e-mail, IT and administration services;
  • Professional advisers, such as lawyers, when we require advice from them;
  • Your agent or other advisers with your consent;
  • Credit reference agencies and fraud detection agencies as part of identification procedures;
  • Fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services;
  • Your Official Receiver or appointed insolvency practitioner if we receive notice of your insolvency, bankruptcy or insolvency proceedings / arrangement;
  • certain approved suppliers used by XPS Pensions Group plc. These may include suppliers of printing and mailing services, offsite storage, hosting of administration systems, computer systems databases, information technology services and electronic and paper documentation management;
  • regulators, supervisory and law enforcement authorities, and other agencies where we may be subject to a legal obligation to share information.

When providing shareholder services, Equiniti Group plc carries out some overseas processing.  This is explained in more detail on their website and is subject to the use of appropriate model clauses.  It includes sharing data with:

  • Members of the Equiniti Group based in India; and
  • E-mail service providers based in the United States of America.

You have the right to:

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully;
  • object to our processing based on legitimate interests; however, you must have grounds (to object) based on your particular situation.

This privacy statement is applicable to each and all of our websites. When we refer to “Websites” in this section we mean sites using the following addresses:

These websites are operated by Xafinity Consulting Limited, Punter Southall Limited, Punter Southall Investment Consulting Limited and PS Administration Limited (XPS Pensions Group).

XPS Pensions Group is a Data Controller(s) for the purposes of this section and this means that we are legally responsible for compliance with data protection laws when we use your data. 

When you access XPS Pensions Group websites, we may collect information from you as follows:

  • If you fill in a form on the websites. For example when you register to use a website, subscribe to a service, post material, request further services or report a problem with the websites.
  • If you contact us, we may keep a record of that correspondence.
  • We may ask users to complete surveys for research purposes, although users do not have to respond to them.
  • We keep records of transactions that users carry out through a website, including details of visits to the websites and the resources that users access.

We will not ask you for information unless it is clear why we need it and you are given an opportunity to object to us using it.

We may use data about you as follows:

  • to ask you about our websites and/or personal data collected;
  • to understand how our websites are used by carrying out statistical analysis;
  • to ensure that the content of our websites is presented in the most effective manner for you and for your computer;
  • to give you information, products or services that you request from us or which we feel may interest you, where you have consented for us to do so or we have a legitimate interest in doing so. You will always be given the opportunity to ask us to stop providing this information; and
  • to carry out our obligations arising from any contracts entered into between you and us.

We may share your data between associated companies, but only where relevant to you, and not with any other parties.

Your data is not shared with, or will be sold to, any other party and will not be transferred to anyone outside the European Economic Area.

You have the right to:

  • request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
  • correct any information that is incorrect, inaccurate or incomplete;
  • restrict what we do with your information until we correct it or if you believe we are using your data unlawfully;
  • object to us providing you with marketing communications. Every communication we send you will include your right to opt-out of receiving marketing communications. Alternatively, our contact details are provided at the end of this notice.

We will retain copies of data for as long as instructed by our client as data controller.  At the end of any contract for services, only one copy of the data will be retained for legal and compliance purposes, including to demonstrate:

  • compliance with regulatory rules (e.g. Financial Conduct Authority); and
  • that XPS Pensions Group is meeting its contractual and legal obligations.

This means that we keep all of your information whilst we provide a service and until any possible legal responsibilities or liabilities have ended.  This means that we will normally hold your information for:

  • when providing Healthcare Consulting services to your employer, for a period of 6 years following the end of our services to your employer. Your employer may, however, ask us to retain information for longer for legal or regulatory reasons;
  • when providing Transfer Value Analysis to your financial advisers, for a period of 6 years following the end of our services to your financial adviser. Your financial adviser may, however, ask us to retain information for longer for legal or regulatory reasons;  
  • otherwise 12 years;

At the end of this period we will securely destroy you information unless we are instructed to retain it by the data controller.

We may retain your information for a number of reasons, including to demonstrate:

  • that the pension scheme has complied with its rules;
  • our compliance with regulatory rules (e.g. HMRC, Financial Conduct Authority, the Pensions Regulator, the UK Listing Authority);
  • our compliance with the Companies Act;
  • our compliance with actuarial practice; and
  • that we meet our contractual and / or legal obligations.

This means that we keep personal data whilst we provide our services, even if you cease to be a member, and following the termination of our services to the pension scheme trustees and / or sponsoring employer, until any possible legal responsibilities or liabilities have ended.  This means that:

  • we will normally hold personal data for 12 years following our ceasing to provide services. However, in a small number of cases, the Financial Conduct Authority requires records to be retained indefinitely (relating to pension transfers into personal pensions from defined benefit schemes);
  • when providing Expert Witness services, we will normally hold your personal data only until the case has completed, and thereafter only hold the letter of instruction, our calculations and our report. These will be held for a period of 7 years once our appointment has terminated.  Any other information will be destroyed upon terminated of the action.
  • Our share registrar shall retain shareholders personal data for the duration of your entry on the (shareholders) register of Members and for a period of up to 12 years following your last entry on the Register or completion of services e.g. payment of unclaimed dividends;
  • we shall keep your information so long as required to provide you with our marketing communications. If you decide to opt-out of our communications, we shall retain limited information on a suppression list in order to ensure we do not add you back on to our mailing list and to demonstrate compliance with this legal obligation.
  • if you are a XafinitySIPP or XafinitySSAS property tenant, we shall keep your information whilst we provide services to our clients, even if you cease to be a property tenant, and following the termination of our services to our clients until any possible legal responsibilities or liabilities have ended. This means that we normally hold personal data for 12 years following our ceasing to provide services. We do not use your data to provide you with marketing communications.

XPS Pensions Group has formal documented Information Security and Data Protection policies that set out the security measures currently implemented and maintained.  These core policies are supported by additional policies covering the use of data encryption, the physical security of offices and data centres and acceptable usage of email, internet facilities and telephone. Copies of these policies are available on request.

We reserve the right to make changes to this privacy statement at any time by amending this page. 

If you’re not happy with how we process your data you will have the right to complain to the Information Commissioner and we can provide details about how to do that.  We can be contacted at the addresses below:

[Pension Scheme name]
Xafinity Consulting Limited
Phoenix House
1 Station Hill
Reading
RG1 1NB
[SIPP or SSAS name]
Xafinity SIPP Services Limited
Scotia House
Castle Business Park
Stirling
FK9 4TZ
XPS Expert Witness
Xafinity Consulting Limited
Scotia House
Castle Business Park
Stirling
FK9 4TZ
[Pension Scheme name]
Punter Southall Limited
Punter Southall Investment Consulting Limited
PS Administration Limited
11 Strand
London
WC2N 5HR

Like many websites, this service uses cookies. Our Website uses cookies to distinguish you from other users. A cookie is a small text file which is placed onto your computer, mobile phone and tablet device (or any other device which uses a web browser) when you access our Website. This helps us to provide you with a good experience when you browse our Website and enables us to improve our services.

It is important for us to use them because we can deliver an efficient service to you and also analyse customer journeys through the Sites to inform future enhancements.

This cookie policy applies to www.xpsgroup.com and any other websites where a link to this cookie policy is provided and does not apply to any external websites that our website may link to.

Your browser can choose to accept cookies or not, most browsers are configured to initially accept cookies. We will offer cookies to you, and if you do not wish to receive them, you should ensure your browser is setup not to accept them. Please note some parts of our website may not work if cookies are disabled.

For further information about cookies and how to disable them, go to: aboutcookies.org.

We use cookies that are session based and persistent based. Session cookies exist only during one session and disappear when you close your browser or turn off your computer. Persistent cookies remain on your computer until they are deleted. Persistent cookies delete themselves after a period of time but are renewed each time you visit the website.

We use the following types of cookies on this Website:

  • Essential cookies. These are cookies that are required for the operation and efficient working of this Website. This include cookies that enable you to login to our website and services.
  • Analytical cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.

By continuing to use this site, you are accepting our use of these cookies. A full list of the cookies used by our website is below:

Description

Cookie Name Type Lifespan
wow.schedule Communigator Targeting Persistent, 1 hour
wow.session Communigator Targeting Persistent, 1 hour
wow.utmvalues Communigator Targeting Persistent, 1 hour
wow.anonymousId Communigator Targeting Persistent, 2 years
_umta Google analytics cookie to track user count of visits to a site, visit and last visit Analytical Persistent, 2 years
_utmb Google analytics cookie to track when a user visits a site Analytical Persistent, last for 30 minutes
_utmc Google analytics cookie to track when a user leaves a site Analytical Session
_utmz Google analytics cookie to track how a user arrived at the site, including when link was used Analytical Persistent, 6 months
_ga Google Analytics Analytical Persistent, 2 years
_gid Google Analytics Analytical Persistent, 1 day
bcookie LinkedIn Targeting Persistent, 2 years

eMember Cookie Disclosure

eMember 3 Cookies

As of 3.3 HF2
Member and Front End Admin Cookies
Cookie Name Purpose Activated Type Lifespan
ASP.NET_SessionId Session Linking Cookie On visiting the site Security / Functionality Session (Whilst the browser is open)
eMemberAuthCookie Authentication Cookie On logging into the site Security / Functionality Persistent 3 Months
cookieconsent_status Whether the user has consented to cookies On clicking the button to acknowledge that you no longer wish to be reminded about our cookie policy. Legal Persistent 1 Year
SchemeURL A value untied to Session of where to redirect users who have logged out of returned to a now expired session On logging into the site Functionality Persistent 3 Months
Umbraco Backoffice Admin Cookies
Cookie Name Purpose Activated Type Lifespan
UMB_UCONTEXT Umbraco Backoffice Functionality On logging into the Umbraco Backoffice Functionality Persistent 20 mins
XSRF-V Cross Site Request Forgery Prevention for Umbraco Backoffice On logging into the Umbraco Backoffice Security Session (Whilst the browser is open)
XSRF-TOKEN Cross Site Request Forgery Prevention for Umbraco Backoffice On logging into the Umbraco Backoffice Security Session (Whilst the browser is open)

eMember 2 Cookies

As of Final Release
Category Name Purpose Activated Type Lifespan
Strictly necessary eMember (ASP.Net Authentication Token) The eMember (ASPXAUTH) cookie is used to determine if a user is authenticated. If this cookie is disabled it will not be possible to log in. On logging into the site Security Session (Whilst the browser is open)
Strictly necessary ASP.Net_
SessionID (ASP.Net Authentication Token)
This cookie allows the system to hold information when the user moves between pages or performs certain actions. It does not contain any information other than a randomly generated number. This cookie is essential for the system to function correctly. On visiting the site Security / Functionality Session (Whilst the browser is open)
Strictly necessary eMember_
CacheKey
This cookie is used to holds a reference to the session cache. This cookie is essential for the system to function correctly. On logging into the site Functionality Session (Whilst the browser is open)
Functionality eMember_
Eucookie (EU Cookie Content)
Prevents the display of the cookie notification message. If this cookie is disabled then you will be reminded about the cookie policy every time you access the application web-pages. On clicking the button to acknowledge that you no longer wish to be reminded about our cookie policy. Legal Persistent (Available until purged by you in the browser options)

To opt out of being tracked by Google Analytics, you can use Google's opt out browser add-on here.  

As a company we are committed to improving our service to you and as part of this we recognise the importance of website accessibility. We fully support the Web Accessibility Initiative (WAI) Guidelines and endeavour to address accessibility and usability requirements.

The Sites can be viewed with most Internet browsers and, depending upon which Internet Browser you use, there are several ways in which you may be able to make changes to how information is displayed on the pages of the Sites. For example, you may be able to:

  • Change text size and colour (images cannot be changed);
  • Change the page background colour;
  • Change the colour schemes of the Sites with your preferred settings.

To make changes such as these, you may be able to click on the help section of your browser or access the Internet help files provided by the manufacturer of your browser.