Privacy Policy

DM CAGER WORKPLACE PENSION / DMCWP - PRIVACY POLICY IN RESPECT OF CREATIVE PENSION TRUST.

DMCWP, a company registered in England and Wales with company number 09150145, having its registered office at Prince Albert House, 20 King Street, Maidenhead, Berkshire, SL6 1DT and its head office address at Prince Albert House, 20 King Street, Maidenhead, Berkshire, SL6 1DT (“DMCWP” “We”).

Introduction

his Privacy Policy sets out how DMCWP uses and protects any personal data that you provide to DMCWP (including personal data provided through the website https://www.DMCWP.co.uk in respect of the services connected to the Creative Pension Trust (CPT). DMCWP provides services to its business clients throughout the UK in connection with the administration of Auto Enrolment and the submission of data to the Creative Pension Trust, the business client’s chosen qualifying workplace pension scheme for Auto Enrolment purposes. Through providing services to its clients may collect and process personal data about individuals on behalf of its clients or potential clients (“Services”). In addition to this, the Website also collects certain personal data from users, in accordance with this Policy. DMCWP are firmly committed to respecting and protecting the privacy of all personal data received or collected, in strict adherence to Data Protection Legislation (defined below) and best business practice.  DMCWP has established this Policy so that you can understand the care with which we intend to treat your personal data.

How to contact us

If you have any questions regarding your personal data and how we may use it, including any queries relating to this Policy, please contact us at mdubber@dmcwp.co.uk or writing to the” Data Protection enquiry” at the head office address noted above. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. 

Terminology used

DMCWP’s data protection and privacy measures are governed by the (i) the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 (“Data Protection Legislation"). For the purpose of Data Protection Legislation:
  1. Where personal data is provided directly to DMCWP through use of the Website, email, or other means where DMCWP is determining the way in which that personal data is processed, then DMCWP will be a data controller of such information;
  2. Where DMCWP is provided personal data in its capacity of providing Services to its clients, then DMCWP will only process that personal data in accordance with the instructions of its clients and DMCWP will therefore act as a data processor in respect of such personal data; DMCWP’s client will be the data controller of that personal data for that purpose.
Where DMCWP acts as a data processor on behalf of its clients, DMCWP will process that personal data on the instructions of the client, who would have collected that personal data in accordance with that client’s own privacy policy.  The data subject should therefore check the client’s own privacy policy, to ensure they understand how their personal data may be processed.

Personal data and Basis for Collection

Personal data means any data or information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). Where DMCWP is acting as a data controller, DMCWP may collect, use, store and transfer different kinds of personal data about you which DMCWP has grouped together as follows:
  • Identity Data includes first name, last name, username or similar identifier, title, job title and date.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Usage Data includes information about how you use DMCWP’s Services or submit an enquiry or query through the Website.
Subject to where DMCWP needs to verify your identity and you provide your express consent for DMCWP to process such information, DMCWP does not process any Special Categories (as defined by Data Protection Legislation) about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). DMCWP would only collect and process information about criminal convictions and offences as may be required for regulated business activities, as required for regulatory purposes.

If you fail to provide personal data

Where DMCWP needs to collect personal data by law, or under the terms of a contract DMCWP has with you (or our client whom DMCWP acts for) and you fail to provide that data when requested, DMCWP may not be able to perform the contract it has or is trying to enter. In this case, DMCWP may have to cancel the Services but it will notify you (or where appropriate, its client) if this is the case at the time.

How is your personal data collected?

DMCWP uses different methods to collect personal data from and about you including through:
  • Direct interactions. You may give us your contact information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when DMCWP provides its Services; or
  • Enquiries when made through the Website or by email; or
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources such as contact data from providers, including third party debt agencies.

How DMCWP uses your personal data

DMCWP will only use your personal data when the law allows us to, ie, if we have a legal basis for doing so, as outlined in this Policy or as notified to you at the time we collect your personal data, and for the purposes for which it was collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do this.  Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law. Where we act as the data controller for client contact information, we have set out below in the table a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact DMCWP if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you or the company that you are connected to as a new client and verify your identity (where required)  (a) Identity (b) Contact Performance of a contract Consent (for use of special categories of data, in accordance with DMCWP ’s client’s privacy notices)   
To perform anti-money laundering checks (a) Identity (b) Contact   Legitimate interests
To process and deliver the Services including: (a) Manage accounts, payments, fees and charges (b) contacting you and corresponding about the Services   (a) Identity (b) Contact Performance of a contract Necessary for our legitimate interests (to recover debts due to us)
To respond to queries and enquiries   (a) Identity (b) Contact Legitimate interests Performance of a contract
To undertake marketing to you   (a) Identity (b) Contact Legitimate interests
Where we act as a data processor of personal data on behalf of our clients, in accordance with our clients’ instructions or in order to comply with a legal or regulatory obligation.

How your personal data may be shared

Where we act as the data controller for client contact information, or where permitted by DMCWP’s data controller clients, personal data processed by DMCWP may be shared as follows:
  1. with permitted third party contractors of DMCWP for the purposes of performing its Services;
  2. the administrators and trustees of the creative pension trust
  3. where DMCWP is under a duty to disclose your personal data to comply with any legal obligation, or to enforce or apply DMCWP’s or terms and conditions and other agreements;
  4. to protect the rights, property, or safety of DMCWP, DMCWP’s client, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and for compliance with laws;
  5. with the Pensions Regulator and/or Financial Conduct Authority, as may be appropriate for regulatory purposes;
  6. and with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

How DMCWP stores personal data

For secure storage, DMCWP does not transfer your personal data outside the European Economic Area (EEA).

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Personal Data Retention

We will only retain personal data as follows:
  1. where we act as a data controller in connection with client contact information, for as long as necessary to fulfil the purposes we collected it for
  2. where we act as a data processor on behalf of its clients, for the period notified to DMCWP by the data controller client, which will usually be for 6 years after the termination of the Services (unless otherwise required by a regulator or by law);
  3. in either case, for the period required for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.

Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to: 
  1. The right to be informed – this is information on for what purpose we are processing it and what personal data we are processing.
  2. The right of access – you have the right to be provided with copies of the personal data of you that we are processing as well as confirmation of the processing we are doing. You can do this by sending a “subject access request” to the contact details noted above for our consideration.
  3. The right to rectification – if you think the personal data that we hold on you is wrong you can tell us and we will fix it.
  4. The right to erasure (also known as the right to be forgotten) – if you want us to permanently delete the personal data we hold for you then you can ask us to do so.
  5. The right to restrict processing – if you do not like how we are using your personal data then you can let us know and we will stop processing it in that way.
  6. The right to data portability – if you want us to pass on your personal data to someone else then please let us know. This transfer should not affect the integrity or otherwise damage your personal data.
  7. The right to withdraw your consent – you can withdraw your consent for us to process your personal data (if we have relied on your consent to process your personal data) at any time by contacting us. If we have relied only on your consent as the basis to process your personal data then we will stop processing your personal data at the point you withdraw your consent. Please note that if we can also rely on other bases to process your personal data aside from consent then we may do so even if you have withdrawn your consent.
  8. Rights in relation to automated decision making and profiling – if we use either automated decision making or profiling then you have a right to know. Also, we need your consent if either of these are used to make a decision that affects you. As with all consent, you can withdraw it at any time.
To exercise any of the above rights please email your request to: mdubber@dmcwp.co.uk. Where you exercise your right to erasure or where information is deleted in accordance with DMCWP’s retention policy, please note that after the deletion of your personal data, it cannot be recovered, so if you require a copy of this personal data, please request this during the period DMCWP retains the data. Where you exercise your right to request access to the information DMCWP processes about you, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. DMCWP will try to respond to all legitimate access requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Children

The Website is not intended for children and DMCWP will not knowingly collect any personal data from persons under the age of 16 and will immediately delete any such data subsequently so determined.

Complaints

If you would like to make a complaint in relation to how DMCWP may have stored, used or processed your personal data, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk/). DMCWP would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Automated decision making

We may introduce various technologies that may make an automated decision which uses your personal data to reach a specific decision.  If we intend to use such automated decision-making technologies, you will be told at the time we wish to introduce such technologies and we will obtain your consent to such use and processing of your personal data.

External Websites

The Website may, from time to time, contain links to and from the websites of DMCWP partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. DMCWP is not responsible for the content of external internet sites and you are advised to read the privacy policy of external sites before disclosing any personal data.

Use of cookies and tracking technologies by us

We would like to place cookies on your computer to help us make your use of our Website better. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Just so you know, the main cookies on our Website are from Google Analytics tracking and there’s also a session cookie generated by the CMS that is essential to the running of the Website but holds no personal data. Most web browsers allow some control of most cookies through the browser settings.
 To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org/. Consent for cookies: We will assume that if you continue to use our site after reading this legal notice that you consent to the terms of our use of cookies during your visit to any of our websites and/or microsites. We will provide you with a notice of this when you first visit our website, but once you’ve clicked on the notice to indicate you’ve read it, generally we won’t repeat the notice. Other tracking technologies: Some of our website pages utilize cookies and other tracking technologies. A cookie is a small text file that may be used, for example, to collect information about website activity. Some cookies and other technologies may serve to recall personal data previously indicated by a website user. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser, but please note that if you choose to erase or block your cookies, you will need to re-enter your details to gain access to certain parts of the website. Tracking technologies may record information such as internet domain and host names, internet protocol addresses, browser software and operating system types, clickstream patterns and dates and times that our website is accessed. In addition, other tracking technologies may also be used to check engagement with emails or other correspondence we send to you, including details on how many times correspondence is opened and links that might be contained within that correspondence are clicked on.  Our use of cookies and other tracking technologies allows us to improve our website and your experience. Please note that under the GDPR, what the tracking technologies record could include your personal data if we are, for example, tracking your internet protocol address. If you have any questions on this, please contact our data protection officer at mdubber@dmcwp.co.uk. You can also request that we stop processing such personal data. We may also analyse information that does not contain personal data for trends and statistics.

Remember the Risks Whenever You Use the Internet

DMCWP is committed to ensuring that your information is secure and has in place reasonable and proportionate safeguards and procedures to protect your personal data. Whilst DMCWP does its best to protect your personal data, DMCWP cannot guarantee the security of any information that you transmit to DMCWP and you are solely responsible for maintaining the secrecy of any passwords or other account information.

Changes to this Privacy Policy and your duty to inform us of changes

As and when necessary, changes to this Privacy Policy will be posted here. Where changes are significant, we may also email all our registered users with the new details, and where required by law, we will obtain your consent to these changes. This Privacy Policy was last updated on 16th May 2018 *DM Cager Workplace Pensions (DMCWP) is a trading name of DM Cager (Auto Enrolment) Limited/Company Number 09150145