Privacy Policy
Personal information and what we do with it
We are Cadent Gas Pension Trustee Limited (the ‘Trustee’). We need personal information about you to run the Cadent Gas Pension Scheme (the ‘Scheme’) and pay benefits. Similarly, other parties involved in running the Scheme will sometimes need to make decisions jointly with us about how your personal information will be used for those purposes. These other parties (our ‘Trustee Advisers’) include the Scheme Actuary (currently James Wintle of Willis Towers Watson) and the other third parties as appointed from time to time. If you’d like more details about the arrangement between the Trustee and the Trustee Advisers (including how they’ve shared their duties when they are joint controllers) you can contact the Trustee. Please use our contact details, which are set out below.
In legal terms, the Trustee and the Trustee Advisers are ‘joint controllers’ in respect of this information. This means that we both need to tell you some things about the personal information we have about you and what your rights are in relation to it.
The Scheme Actuary also has its own privacy notice which sets out more detail about the personal data used by the Scheme Actuary and their interaction with the Trustee, a copy of which is available at: https://www.willistowerswatson.com/en-GB/Notices/how-willis-towers-watson-uses-personal-data-for-actuarial-services-to-uk-pension-scheme-trustees.
Except where stated otherwise, ‘we’ means both the Trustee and the Trustee Advisers where they are acting as joint controllers in relation to your personal information (as described above). In this notice, you will see information about what we do with your personal information. We describe who to contact if you wish to exercise your rights under data protection laws in relation to the joint use we make of your information.
What personal information we have
We normally hold some or all of the following types of personal information:
- Your name (including forename and surname), your previous or alternative names, date of birth, national insurance number (‘NINO’) and in some cases a partial NINO for you (this means the first 8 characters from what is usually a 9 digit NINO). Partial NINO can be relevant to pensions dashboards (explained below).
- Your bank account information (where benefits are in payment).
- Your gender. We use this to understand how long you are likely to receive your pension for and as part of your addressee details if we write to you e.g. ‘Mr, Mrs., Ms.…’
- Contact details (including your postal address, postcode, phone number and email address).
- If your benefits from the Scheme derive from your employment, details of your employer when you were building up benefits in the Scheme, how long you worked for them and your salary from time to time.
- Length of pensionable service and pension benefits.
- Whether you are married or in a civil partnership and other information we might need to pay any benefits due on your death.
- Any information you have provided about who you would like to receive any benefits due on your death.
- If your benefits from the Scheme form part of a divorce settlement, details of that settlement.
- Details of any contributions paid by you or on your behalf to the Scheme, including additional voluntary contributions (‘AVCs’).
- Details of any benefits earned in a previous pension arrangement, if you have transferred these into the Scheme.
- Correspondence received about you from HMRC, relating to periods of service when you may have been contracted out of the upper tier of the state pension.
- Correspondence that we may have received about you from your appointed independent financial adviser.
- Electronic ‘pension identifiers’ which are relevant to pensions dashboards (explained below).
We may sometimes use other information about you. This could include information about your health (physical and mental) where it is relevant to, for example, early payment of benefits from the Scheme, or details about personal relationships to determine who should receive benefits on your death (which could include data concerning your sexual orientation). We might also, very rarely, have information about criminal convictions and offences, but only where it is relevant to the payment of Scheme benefits. For pension schemes, these special categories of personal data are most likely to be relevant when dealing with ill-health, divorce and death cases.
We may hold personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and undertake the Processing of genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health (physical and mental) or data concerning an individual’s sex life or sexual orientation.
We also have a legal obligation to carry out due diligence checks in the event of a pension transfer request, which may mean that we are obliged to ask you for additional information. For instance:
- If you wish to transfer to an occupational pension scheme, we have to request evidence that demonstrates an “employment link”. This could include a letter from your employer confirming your employment, a schedule of contributions, payslips and bank statements (the bank account detail on your payslip might be different from the bank details we hold for you).
- If you request a transfer to an overseas pension scheme, we are legally obliged to check that you are resident in the same country as that scheme. This evidence might include utility bills, TV subscriptions, insurance documents relating to your overseas home, address, bank account and credit card statements, evidence of local tax being paid and registration of address with local doctors.
Pensions Dashboards
The government has created a framework for pensions dashboards, designed to help people access information about their pensions online in one place. As part of this, we are required by law to match certain members (who search on dashboards) with their pensions under the Scheme. We must also provide certain pensions information to the dashboards ecosystem (including the identity service, the pension finder service, the consent and authorisation service) so that it can be displayed when certain members ask to see it on a dashboard.
These activities may involve sharing member data with entities within the dashboards ecosystem, non-commercial dashboards and commercial dashboards and with the provider(s)/the administrator we appoint to help us in connecting to dashboards, matching people with their pensions and complying with our other dashboards duties.
As part of these dashboards duties, we may also need to report information (which could potentially include personal data) to other bodies including the Money and Pensions Service, the Pensions Regulator and the Financial Conduct Authority.
Where we get personal information from
Some of the information we have comes directly from you. In addition, UKPO/UK Pensions Operations, who previously administered the Scheme on behalf of the Trustee, may have obtained information from you and passed it to us. Aptia who now administers the Scheme may collect it from you, on our behalf. We may then in turn pass information about you to the Trustee Advisers or we may instruct the administrator to do so. The Trustee is the source of the personal information which the Trustee Advisers have about you.
Sometimes we get information from other sources: for example, from Cadent Gas Limited as your employer (information such as your salary and length of service); from the National Grid UK Pension Scheme because your benefits were transferred from that scheme into this one; from another scheme if you have transferred your benefits from there to this one; from government departments such as HMRC and DWP; and from publicly accessible sources (e.g. the electoral roll) if we have lost touch with you and are trying to find you. We may in turn pass this to the Trustee Advisers (as above).
If we ask you for other information in the future (for example, about your health), we will explain whether you have a choice about providing it and the consequences for you if you do not do so.
Some of your personal data may be collected indirectly through the pensions dashboards ecosystem (including the identity service, the pension finder service, the consent and authorisation service). Where we obtain personal data from the dashboards ecosystem, or during the process of matching members with their Scheme benefits for dashboards purposes, we may retain that data to help demonstrate how and why we concluded that the person is a member entitled to receive information about their benefits on dashboards and to help us administer the Scheme.
Why we hold personal information and how we share it
The Trustee must by law provide benefits in accordance with the Scheme’s Trust Deed and Rules and must also meet other legal requirements in relation to the running of the Scheme. This means that we need to process your personal information to meet our trust law duties and responsibilities and/or legislative and regulatory requirements affecting pension schemes.
We will use your personal information to comply with these legal obligations, to establish and defend our legal rights, and to prevent and detect crimes such as fraud. We may need to share your personal information with other people for this reason, such as courts and law enforcement agencies.
Pensions dashboards regulations impose a legal obligation on us to match certain members with their pensions and provide information on their pension benefits. Testing data and getting ready for pensions dashboards compliance can also be part of our legal obligations.
We also have a legitimate interest in properly administering the Scheme. This includes: paying benefits as they fall due; purchasing insurance contracts; communicating with you; ensuring that correct levels of contributions are paid, benefits are correctly calculated and the expected standards of Scheme governance are met (including standards set out in Pensions Regulator guidance); and testing data and getting ready for pensions dashboards compliance. Where relevant, we may also have a legitimate interest in processing your personal information to secure benefits with an insurer in accordance with the Scheme rules. A balancing test always has to be applied when we rely on legitimate interests, as between our interests and the interests, rights and freedoms of the members (or other data subjects). We make sure that your own interests are not outweighed or prejudiced by our legitimate interests. We will use your date of birth to help us work out how long you are likely to be in receipt of benefits from the Scheme so we can determine the likely cost of such benefits.
In order to achieve all this we may share your personal information with various people, including: any new Trustee directors; Cadent Gas Limited and any other Scheme sponsoring and participating employers; Aptia, the Scheme administrator; the Trustee Advisers; our other professional advisers, including investment advisers, lawyers and advisers delivering guaranteed minimum pensions (GMP) equalisation and rectification services for the Scheme (meaning benefit adjustments/equalisation of male and female members’ benefits for the effect of GMPs); auditors; insurers (more on this below); integrated service providers (relevant to pensions dashboards compliance if they are appointed by the Scheme administrator in future); the pensions dashboards ecosystem (as described above); non-commercial dashboards; commercial dashboards; independent financial advisers; HMRC; DWP; the Pensions Ombudsman; the Pensions Regulator; the Information Commission; the advisers and printers who help us prepare various communications we send to members, such as the annual benefit statement; tracing agencies and providers of mortality checks who we (or Aptia, on our behalf) use to try to trace you if you are not at the address we have on your record; depending upon how we pay pensions, organisations to whom we send personal information in order to effect a BACS transfer in the UK and/or a payment via banking providers when pensions are being paid overseas; beneficiary or mortality tracing agencies; the Scheme’s website host providers; other IT and data storage providers; and such other Third Parties whose services we may require from time to time. If your benefits are transferred to another scheme in the future, we may need to provide the sponsoring employers, trustees and administrators of that scheme with information about you.
Your data may be shared by Aptia with other companies for particular outsourced activities such as bulk printing jobs, confirmation of address/existence, offsite backup and archive; off-site shredding of confidential paper; facilities management, mail, photocopying, reception services; IT/software providers; on-site shredding of confidential paper; printing providers; records management; telephony services, call management and recording; platform provider on specific projects; records management; and with Aptia’s affiliates (companies in its group) who help it to provide its services to the Trustee. In such circumstances Aptia must ensure appropriate safeguards are in place.
When we need to use information about your health (or other very personal information), we may ask for your explicit consent. We will generally rely on consent when processing special categories of personal data. However, sometimes there may be reasons of substantial public interest or law which enable us to use this information without consent where that is necessary to run the Scheme in a sensible way. You can withdraw your consent at any time (please see the section about your rights below for more information about this). This may affect what we can do for you, unless we have another lawful reason for using your information. For example, if you apply for ill health early retirement and consent to us processing your health data for that, but then you withdraw that consent, we will usually be unable to consider your application. If you withdraw consent after our processing, this will not retrospectively affect the processing that has already happened.
Sometimes we need to use your special categories of personal data in order to establish, exercise or defend legal claims.
We may also share your personal information with someone else where you have given your consent – for example, where you request to transfer your benefits out of the Scheme.
The Scheme’s sponsoring and participating employers may also have a legitimate interest in contacting you about your benefits under the Scheme, and any additional options which may be available to you in relation to those benefits. In such circumstances, we may share your personal information with the relevant employers so that they can contact you for that purpose.
We may need to share personal data with insurers in relation to the purchase and pricing of insurance contracts called ‘annuities’ including on a bulk basis for the Scheme (unless that can happen based on anonymized data). Insurers will use that data to verify the assets and liabilities of the Scheme. We may write to you before purchasing an annuity to ask for up-to-date information about your spouse/partner/children/other dependants, for this purpose.
We will share your personal data when we purchase the annuity, and at that stage the insurer will typically share information with its chosen re-insurer. Sometimes the insurer’s privacy notice will mention who its re-insurer is and how to see its privacy notice (either giving you a link to it online or explaining where it can be seen or by providing a copy of it). We will usually need to write to members to explain about the particular annuity and who the insurer is. In this way you can know who holds your personal data and how to exercise your rights against them. The following categories of personal data would typically be shared with insurers: Scheme membership ID number; marital status and details about spouse/partner; date of birth; information about annual pensions increases; pension/benefit amounts payable; age at retirement; service length and retirement date.
Scheme Actuary
The Scheme Actuary is appointed by the Trustee to value the Scheme benefits and carry out other calculations in relation to your Scheme benefits. He will use your personal information for this purpose and has a legitimate interest in doing so. The Scheme Actuary will also use your personal information to comply with his own legal obligations, and may need to share your details with other people for legal reasons, such as courts and law enforcement agencies. He may also share it with his own professional advisers, auditors and insurers, IT and data storage providers and other service providers.
Sometimes, your information may be used by the Trustee and the Scheme Actuary for statistical research, but only in a form that no longer identifies you. In some circumstances the Scheme Actuary may also be able to fulfil the purpose mentioned above using information which the Trustee has anonymised before sharing with him or her.
How to contact the other people we give your personal information to
Some of the people mentioned above just use your personal information in the way we tell them. However, others (including the Trustee Advisers) may make their own decisions about the way they use this information to provide their services, perform their functions, or comply with their regulatory requirements. In such a case, they have responsibilities as controllers in their own right. This means that they are subject to the same legal obligations as us in relation to your information, and the rights you have in relation to your information apply to them, too.
If you want any more information from the Trustee Advisers or from any of the other people who receive your personal information from us, or to exercise any rights in relation to the information they hold, please contact us and we will put you in touch with them (or the Trustee will ask them for the information they have, if they are processors, so that the Trustee can reply to you).
Aptia, the Scheme administrators, will use your personal data together with information from its other clients, on the basis of their legitimate interests, to create insights, reports and other analytics, to learn things and improve its advice, products and services. Aptia does this as a controller, acting independently from the Trustee. The output of these analytics will not identify particular clients or individuals. For further information, please see Aptia’s own privacy notice which is available at: https://aptia-group.com/en-gb/privacy-notice. Aptia’s contact details are provided below in section Queries and further information of this notice.
Auditors
The Scheme auditors are Deloitte, and we sometimes share personal information about members with them. You can read the Deloitte privacy notice on this website:
https://www2.deloitte.com/uk/en/legal/privacy.html.
How long we keep your personal information for
We will not keep your personal information (including if your data originated from the pensions dashboards ecosystem and if you were matched up with the Scheme through that) for longer than is required in order to meet the lawful purpose(s) mentioned above. These are the criteria we apply to determine how long to keep your personal information:
- To meet the requirements of both UK tax and pensions law, we must keep certain personal information (for example, details about the date a member joins the Scheme, their name and address, and details of benefits paid) for a minimum of 6 years.
- However, given the long-term nature of pension schemes, and the possibility of claims being brought in relation to the Scheme many years after an individual has ceased to be a member, we consider that it is necessary to keep personal information for at least the member’s lifetime and for an appropriate period after that time, or for members who transfer out of the Scheme, an appropriate period after the transfer-out, which reflects the potential for queries and complaints. The Trustee considers that it is necessary to retain most personal information for at least a member’s lifetime, and for an appropriate period after that, to take account of the potential for queries and complaints. In the case of transfers-out of the Scheme, data will be held for an appropriate period following the transfer-out and reviewed for deletion if appropriate.
- Data from the pensions dashboards ecosystem is kept for the life of the member record, if we do find a match (i.e. if you are a member of the Scheme).
- If we don’t find a match (i.e. if you are not a member of the Scheme), we will have the Scheme administrator delete the data from the dashboard straightaway.
- If we find a potential match, we will keep the data from the dashboard for 30 days so that we have more time to determine whether there’s a match or not. We will delete it after 30 days if there is no match, or keep it for your lifetime if we do find a match.
Your rights in relation to your personal information
We will always protect individuals’ rights under data protection laws (to the extent applicable) including:
- right to information – you have the right to obtain information about how we process your data. We make that information available to our Scheme members in this privacy notice;
- rights of access (also known as a “data subject access request”) – you have the right to see personal information that is held about you and a right to have a copy provided to you, or someone else on your behalf, in a machine readable (namely, digital) format;
- right to rectification – if at any point you believe that the personal information we hold about you is inaccurate or incomplete, you can ask to have it corrected or completed;
- right to restrict processing – you can require us to limit the processing of your personal information in certain circumstances, for example, whilst a complaint about its accuracy is being resolved;
- right to be forgotten (or to erasure) – you can request that your personal information is deleted altogether in very particular circumstances, such as where the processing we do is based on consent. Usually this right will not be engaged since we do not rely on consent for most of our processing;
- right to object to processing – where we are relying on legitimate interests as a reason for processing, you can object to having your personal data processed, although we can continue our processing where this is justified by our compelling legitimate interests;
- right to withdraw consent – where we have relied on your consent to process your personal information (for example, where you have provided medical information to us as part of an early retirement application on grounds of ill-health and we have your explicit consent to process this), you can withdraw that consent at any time by notifying us. However, withdrawing consent will not affect the processing which took place beforehand and it may be possible for us to continue our processing where this is justified by another lawful reason (as an alternative to explicit consent) such as substantial public interests;
- rights in relation to automated decisions – you have the right not to be subject to the use of entirely automated decisions (including profiling linked to direct marketing) which produce legal effects or significantly affect the individuals. We do not use either of these in relation to personal information and neither does the Scheme Actuary;
- data portability – this is not relevant to the Trustee but it is a right in data protection laws to move, copy or transfer your information; and
- right to make a complaint to the controller – you have the right to complain to us if you think there has been an infringement of data protection laws; and
- rights in relation to transfers outside the UK – where Scheme Personal Data is being transferred outside the UK to countries for which safeguards or other steps are needed, we will tell members about the safeguards put in place, as well as providing details as to who to contact if they wish to obtain a copy or where copies of such safeguards are made available. More details are below.
You can exercise all of these rights free of charge except in some very limited circumstances, and we will explain these to you where they are relevant.
To exercise these rights, please use our contact details, which are set out below. We can also supply more information about these rights to you, on request.
We have agreed with the Trustee Advisers that we will be responsible for dealing with requests from you in respect of your rights if those requests relate to the joint use of your personal information described in this notice. This means if you wish to exercise rights against the Trustee and the Trustee Advisers for what they do jointly with your personal information, you should use the contact details below.
Keeping your information safe
When we pass your information to a third party, we seek to ensure that they have appropriate security measures in place to keep your information safe and to comply with general principles in relation to data protection.
Some of the people we share your information with may process it overseas. This means that your personal information may on occasion be transferred outside the UK. Some countries already provide adequate legal protection for your personal information, but in other countries, additional steps will need to be taken to protect it. We do not allow your personal information to be transferred in this way unless:
- it is transferred at the request and with the consent of the Scheme member in relation to his/her own benefits (or a dependant or beneficiary, as appropriate); or
- the country to which the personal information is being transferred is deemed to provide for adequate protection for personal data by the UK secretary of state and the UK’s Information Commission who (depending on the circumstances) determine adequacy; or
- an appropriate contract based on standard data protection clauses approved by the UK’s Information Commission (for example, the International Data Transfer Agreement, or the UK’s addendum to the EU Standard Contractual Clauses) has been put in place with the third party/parties to which the personal information will be transferred containing appropriate safeguards in relation to it; or
- the transfer is within a group of companies who have obtained Binding Corporate Rules (BCRs).
BCRs are privacy standards approved by the Information Commission for transferring personal data within a corporate group. Aptia has BCRs. They are available here: https://aptia-group.com/en-gb/privacy-notice. For example, Aptia has told us that they will take appropriate steps to ensure your personal data remains protected in accordance with the relevant legal framework, regardless of where your data is processed. Aptia has said that these safeguards include contractual agreements, to ensure your data remains protected regardless of where it is processed. Aptia states that these safeguards are designed to meet the stringent requirements of relevant data protection laws in all jurisdictions where Aptia operates.
Transfers from the UK to the EU or wider EEA, and transfers to countries which provide adequate protections for personal data by their laws, do not need safeguards at this time.
You can contact us for more information about the safeguards we use to ensure that your personal information is adequately protected in these circumstances (including how to obtain copies of this information). Members can contact the Trustee (details below) if they wish to obtain a copy of data transfer mechanisms or for more details about Aptia’s BCRs.
Queries and further information
If you want more information about what we do with your information and what your rights are, please contact the Trustee via Aptia the Scheme administrator at: 0345 528 0601; www.pensionuk.aptia-group.com; Cadent Gas Pension Scheme, Aptia, Maclaren House, Talbot Road, Stretford, Manchester, M32 0FP.
If you have concerns about the way we handle your personal information, you can contact the Information Commission or raise a complaint at www.ico.org.uk/concerns, or call its helpline on 0303 123 1113.
Last updated: October 2025