Privacy

Information about the privacy notice.

General Data Protection Regulations (GDPR)

GDPR is built on a set of clear principles. Personal data must be:

  • handled lawfully and transparently
  • collected only for valid reasons
  • kept accurate and up to date
  • used only when necessary
  • stored only for as long as needed
  • protected from loss, misuse, or unauthorised access

Our privacy notice explains what data we hold about our members:

  • why we need it
  • how we use it
  • who we share it with
  • how long we keep it

The privacy notice also explains members' rights under data protection law.

The data we hold

Oxfordshire Pension Fund holds personal data to administer pension benefits correctly. We hold data such as:

  • names
  • addresses
  • National Insurance numbers
  • salary information

At times, we need to share this information with third parties to meet legal or regulatory obligations. We may share with third parties, such as:

  • employers
  • actuaries
  • auditors
  • HMRC

Our privacy notice lists the organisations we share information with.

Why we keep personal data

Although GDPR includes a 'right to be forgotten', this usually does not apply to pension funds. The law requires the fund to keep certain personal data to administer pensions correctly. Deleting that data could prevent us from meeting our legal duties, so the right to erasure is very limited.

View our data protection policies.

If a data breach occurs that could affect a member's rights or freedoms, we must report it to the Information Commissioner's Office (ICO) within 72 hours. While such incidents are rare, GDPR makes the reporting requirement clear and mandatory. 

How to report breaches of the law to the Pensions Regulator

The fund has a Data Breach Policy that explains:

  • what constitutes a breach of the law
  • who should report it
  • where to report it

Information security

Fund employers

Transfer of information between employers and us usually contains personal and/or financial details. You must ensure that you transfer data securely. You will use the secure online interface, i-Connect, to send monthly data.

You should use the Egress Switch encryption service to send emails containing personal information. Alternatively, you should:

  1. Password-protect content.
  2. Send the password separately.

Scheme members

My Oxfordshire Pension provides secure access to scheme information. It is the main way Pension Services will correspond with scheme members.   

We use the Egress Switch encryption service when sending you emails containing personal and financial details. You can use this service at no additional cost when you reply to us.      

How we use Egress Switch

When we email your personal or financial information, the email will link to the Egress Switch website. Follow the link to set up your account and receive the secure message.

There are instructions on the website, but contact us if you have any difficulties.

Tell us about incorrect information

We need the correct information to assess your benefits and explain them to you. 

Contact your employer to check the details of your pay and contribution rates. 

Use My Oxfordshire Pension to update your address details.

Contact us if:

  • a calculation is wrong
  • the details on your pension record are incorrect
  • we are holding incorrect personal details