• gender,
• national insurance number,
• marital status,
• staff number,
• salary details,
• basic employment details (such as employment start/end dates, working hours, etc.),
• contribution amounts, and
• financial information (such as your bank account, tax details, information about your investments or other pensions).

During your membership of the Fund, you may also have provided us with:

• details of your family, dependants and desired beneficiaries,
• changes to your personal information (such as to your address, email address, marital status, etc.) if applicable,
• birth/marriage certificates and other identity documents that you provide us with (such as copies of your passport or driving licence) which may include biometric data,
• if you were married or in a civil partnership, divorce, dissolution, separation or annulment details,
• transfer details (in and/or out),
• investment choices,
• details of other pension schemes you may have benefits with, and
• in certain circumstances, information about your health, lifestyle and social circumstances (see further information below).

We also collect additional personal information about you through our dealings with you. For example, this will include information you provide when you:

• make any applications, claims or requests,
• correspond with us or any of our appointed representatives, including by email, letter and during telephone calls,
• access our website (including when you make use of the automated ‘password reset’ function which will require you to provide information we need to verify your identity),
• make a complaint, or
• undergo identity verification checks (which may include electronic identity checks and the use of biometric data) prior to the payment of any benefits.

In addition, we also obtain some information about you, your dependants and your nominated beneficiaries from various third parties including:

• government bodies such as HM Revenue & Customs (HMRC), the General Register Office, the Electoral Roll, HM Land Registry, the National Insurance Contribution Office (NICO) and the Department for Work and Pensions (DWP) may send us information about you, for example, about your contracted-out entitlement (HMRC or NICO) or your State Pension benefits (DWP),
• your independent financial adviser (if appointed),
• regulatory bodies,
• the Telephone Directory
• bankruptcy and insolvency registers,
• company registers as available from Companies House,
• medical advisers (including Health Partners (OH) Ltd of Epsom Gateway, Ashley Avenue, Epsom, Surrey, KT18 5AL (Health Partners) who the Trustee has appointed to provide medical services relating to ill-health retirement applications), and
• tracing organisations (which we use to ensure that the information we hold about you and/or your dependants remains accurate).

If you are not a member of the Fund and you contact us to make a claim of entitlement as a beneficiary or for any other purpose, we may collect some of the information detailed above about you to verify your identity (which may include electronic identify verification checks and the use of biometric data) and any connections with or potential entitlements in relation to the Fund.

Lawful representatives

If you are the lawful representative or legal guardian of a member, or an actual or potential beneficiary we will need to collect your contact details in order to enable us to communicate with you in relation to the person you represent.

Using our website

Our website, ePA, is provided by the Scheme Administrator. The Scheme Administrator will be the controller of any technical information collected through your use of this website which may include personal information relating to you, including your log-in details and any cookies stored on your device for the purpose of accessing the website. The Scheme Administrator will process your personal information which is collected by using cookies or similar technologies in accordance with its Site Cookie Notice and Site Privacy Notice. You can access the Scheme Administrator’s notices at any time by following the links at the bottom of the ePA log-in page.

• checking your identity to comply with our legal, regulatory and security requirements,
• providing you with the information that you request from us,
• investigating any complaint you may make,
• providing evidence in any dispute or anticipated dispute between you and us,
• notifying you about changes to your pension,
• providing you with access to our website,
• modelling, profiling, statistical and trend analysis, with the aim of developing and improving the services provided in relation to your pension, assessing the ability of the Fund to pay out its benefit obligations and to monitor its liquidity based on future predictions of longevity, and the assumptions and criteria we apply for the purposes of managing the funding and investment strategy of the Fund, and
• sharing it with third parties for the purposes outlined in the section below.

We will not use or share your personal information with third parties for the purposes of marketing.

• our Auditors - to comply with legal requirements and ensure the Fund and your benefits are being administered properly. The Auditor requires access to your personal information in limited circumstances in order to verify information provided by the Trustee about payments it has made and to review other decisions made by the Trustee in the scope of its appointment as the auditors to the Fund. The Auditors are under professional obligations to keep your information confidential. If you would like to know more about the Auditors, please visit their website.
• our Legal Adviser - for advice and interpretation of law and regulations in connection with your pension. Our Legal Advisor will receive your personal information where necessary in order to provide legal advice to the Trustee on legal or regulatory requirements the Trustee must comply with, any disputes that occur in your relationship with the Trustee, or elsewhere where necessary in order to provide the Trustee with advice on its legal obligations and liabilities. The Legal Advisor is under professional obligations to keep any information received from the Trustee, including your personal information, confidential. For further information on the Legal Advisor, see the Legal Advisor’s website.
• companies we engage to conduct medical assessments, including Health Partners. Health Partners will receive your personal information when you make an application for ill-health early retirement and the Trustee needs medical information in order to make a determination as to whether you qualify for ill-health early retirement in accordance with the rules of the Fund. This information can include your medical records, the results of any medical assessment you undertake with Health Partners and any other information you provide to Health Partners in the course of your ill-health early retirement application. Medical practitioners employed by Health Partners are under professional obligations of confidentiality. For further information on Health Partners, see Health Partners’ website.
• companies we engage to conduct longevity modelling and analysis, including Club Vita LLP of One London Wall, London EC2Y 5EA who provide longevity (life expectancy) analytics and related information for the purposes of helping the Trustee manage the Fund’s liabilities. Club Vita gathers together data relevant to measuring longevity from the membership of over 200 pension schemes, including the Fund, in order to allow each participating scheme to obtain greater insights than would be possible using only the data each scheme holds individually. Club Vita will also use the insights from this pooled data to generate further insights which will be made available to third parties and/or the pensions industry as a whole, but any insights made available to third parties will not contain your personal information. If you would like to know more, information on Club Vita’s service is available on their website.
• insurers and reinsurers for the purposes of obtaining insurance cover and investments, including Legal & General, Pension Insurance Corporation and Rothesay Life. Further information concerning the use of your personal information is available in their privacy notices, which are available online for Legal & General, Pension Insurance Corporation and Rothesay Life.
• our consultants on pensions matters, Hymans Robertson. For further information on Hymans Robertson, see their website.
• companies we engage to provide IT system services, government bodies, law enforcement agencies and crime prevention organisations including HMRC, The Pensions Regulator, The Charities Trust, The Office for National Statistics and the police - for the purposes of crime prevention and detection, and compliance with regulatory requirements, credit reference and identity checking agencies, and consumer reporting and fraud prevention agencies - to check your identity and credit history when we process an application or claim to entitlement,
• tracing organisations, the Land Registry and LexisNexis Risk Solutions UK Limited – to check that the information we hold about you and/or your dependants remains accurate,
• companies that print and distribute mailings,
• at your request, with your independent financial advisor - so that they can advise and provide their services to you. This includes transfer to Liverpool Victoria Financial Advice Services Limited (LV), if you authorise us to transfer your personal data to LV in order to receive financial advice,
• your dependants, beneficiaries or people entitled to benefit under your membership of the Fund, and your current, past or prospective employers.

The Bank holds personal data to comply with its legal obligations as the sponsoring employer of the Fund. It has a legitimate interest in the Fund being run in a cost-effective way. We share your personal information with the Bank and companies within the Bank’s group:

• to help us administer your pension,
• for employment administration purposes,
• for payroll purposes,
• to confirm or correct what we know about you,
• to help us prevent fraud, money laundering, terrorism and other crimes by verifying what we know about you,
• to comply with the law, for example, to enable sharing your personal information with the police or fraud agencies where necessary to prevent fraud,
• in connection with audits of their business, to enable you to receive information about services available to you, and
• to fulfil other business purposes such as product development and website administration.

Your personal data will also be released to other external parties if authorised by you, or as required or permitted by law, or to comply with a judicial proceeding, court order, request from the Pensions Regulator, Pensions Ombudsman or any other regulator or any other legal process served on or involving the Trustees.

When we share your personal data with third parties who perform business services for us, we require them to take appropriate steps to protect your personal information, and only to use the personal information for the purpose of performing those specific services. If you want to know more about our data sharing arrangements, or the data protection practices of the Scheme Actuary, Actuarial Advisor or Legal Advisors, please let us know.

Ensuring that the processing we carry out is lawful

We take appropriate measures to ensure that all processing of your personal information by us, or by our service providers, is lawful. The lawful basis for the processing of your personal information (which is not a special category of personal data) will depend on the purposes for which we process your information.

Sometimes we also need to process your personal information to comply with our legal obligations including in relation to performing anti-money laundering, terrorism prevention and sanctions screening checks, complaints and investigations or litigation.

We have a legitimate interest to process your personal information for:

• the purposes of administering your pension benefits and any payments,
• communications purposes,
• modelling, profiling, statistical and trend analysis to develop and improve the services we provide and the assumptions and criteria we apply for the purposes of managing the funding and investment strategy of the Fund,
• obtaining insurance cover,
• ongoing management of our relationship with you and to maintain contact with you (e.g. providing annual updates), and
• our internal business purposes which include business and disaster recovery, document retention/storage and IT service continuity (e.g. back-ups and helpdesk assistance) to ensure the quality of the services we provide to you.

Some of the information we collect or receive is classed as a special category of personal data. These types of personal information are more sensitive, for example, concerning your health. Sometimes the Trustee may need to process certain special categories of personal data in order to administer your pension or in connection with the Fund’s Internal Dispute Resolution Procedure. We will in most circumstances process this information as necessary for the establishment, exercise or defence of legal claims to benefits or in the performance of our legal obligations in connection with employment, social security, or social protection (as allowed by legislation), or we have obtained your consent (which we will seek at the time we collect the data). Where we are relying on your explicit consent to process your special categories data, you can withdraw it at any time. We may also collect information relating to your health where necessary for health and social care purposes (including in relation to occupational medicine). For further information on how the Trustee ensures that its use of your personal information is lawful, please let us know.

Will we send your personal information outside the UK?

In order for us to administer your pension benefits, your personal information (including special categories of personal information) may be transferred outside of the UK and the European Economic Area (EEA) to our IT providers and other suppliers in connection with their provision of services to us. The EEA comprises those countries that are in the European Union (EU) and some other countries that are considered to have adequate laws to ensure personal information is protected. The Scheme Administrator also carries out some processing of your personal information using its affiliates in India and the Philippines.

When transferring your personal information outside of the UK or the EEA, we will (and will ensure that service providers acting on our behalf agree to) protect it from improper use or disclosure and ensure that appropriate levels of protection are in place. If you would like further information on the protection we have in place with our suppliers outside the UK or the EEA, please let us know.

The Trustee needs to retain accurate records of who has benefit entitlements under the Fund. Pension benefits are built up over such a long period of time, people often forget where they do and don’t have benefits, and by keeping this information, we will be able to assist you should you find this happens to you. Except as provided above, our policy is to retain relevant information about you throughout your membership of the Fund and for a further period of six years after your membership of the Fund ends (i.e. once all benefits have been paid to you and to any eligible beneficiaries).

However, information will be held for longer where: (i) we consider it appropriate in order to ensure the Fund pays the correct benefits and to deal with any queries relating to your benefits which may arise after that time, or (ii) required by law. Our Scheme Administrator’s current policy is to hold on to your personal data for up to 10 years after the termination of their administration services contract with us. This is to protect themselves against any subsequent legal claims.