XPS takes looking after your personal information (known as 'data') very seriously. We're committed to ensuring that your data is only used for the specific purposes set out below and that it's secure at all times.
XPS SIPP Services Limited is a Data Controller. This means that we're legally responsible for complying with data protection laws.
Where did we get your data from?
We take this from your completed XPS SIPP application form together with any other data provided by you or your appointed financial adviser or other personal representative.
How will XPS use your data?
When you sign a XPS SIPP application, you enter into a contract with XPS to allow us to set up and administer the SIPP. It is therefore necessary for XPS to process your data in order to do this. 'Administering' your pension plan means:
- managing contributions made to the SIPP;
- arranging investments as instructed by you, your financial adviser or other personal representative;
- issuing you with information about your benefits under the SIPP (including quotations);
- paying claims from the SIPP;
- providing annual valuations and illustrations of your prospective benefits as required by law;
- notifying you of any changes to XPS's terms and conditions as required; and
- notifying you of any regulatory changes that may affect the contributions allowable into, and benefits out of, your SIPP.
XPS also processes your data in order to comply with our legal obligations as Trustee and Scheme Administrator (as defined by HMRC) of the SIPP. Such processing may include:
- disclosing details to HMRC for tax purposes;
- disclosure to law enforcement agencies and courts;
- various regulatory returns to Financial Conduct Authority and/or the Pensions Regulator.
Your data will only be used by XPS for these purposes.
What information do we need and why?
We only ask you for information about you that is necessary to set up and administer your SIPP; without this information, we may not be able to provide these services. The information we need about you in order to provide these services includes:
- personal information, including full name, approximate salary, national insurance number, date of birth and planned retirement age;
- eligibility criteria including your nationality, residency, employment status and if you are a member of your employer's pension scheme;
- if you are subject to a bankruptcy order;
- your contact details (postal address, e-mail and phone number);
- contribution information;
- beneficiary information (where appropriate);
- your bank details (when you wish to start taking benefits);
- other pension schemes of which you are a member (should you wish to transfer benefits into or out of your SIPP; and
- health information, including medical reports. We will only ask for this information if you wish to claim benefits on health grounds and we will need your specific consent in this instance.
Who do XPS share your data with?
We'll only share your data with third parties if it's necessary to administer your SIPP. This means that your information may be shared with:
- any party appointed by you, including your investment managers, legal and financial advisers, or personal representatives;
- investment providers holding your SIPP's underlying assets;
- the SIPP client bank provider;
- law enforcement agencies (subject to any requests being legally made);
- fraud prevention agencies so that we may comply with money laundering and financial crime prevention laws;
- regulators as required (including HMRC, the Pensions Regulator, the Financial Conduct Authority, the Information Commissioners Office);
- certain approved suppliers used by XPS. These may include suppliers of payroll services, printing and mailing services, offsite storage, suppliers of administration systems, hosting ofvarious computer systems, information technology services and electronic and paper documentation management; and
- other pension schemes of which you are a member (should you wish to transfer benefits into or out of your SIPP).
We'll need your consent (or that of your personal representative) to share your data with anybody else.
Your data will not be transferred to anyone outside the European Economic Area.
What are your rights?
You have the right to:
- request copies of the personal data we hold about you and we will provide that within one calendar month. If you wish to do so you should contact us at the address below;
- correct any information that is incorrect, inaccurate or incomplete;
- restrict what we do with your information until we correct it or if you believe we are using your data unlawfully;
- withdraw your consent to us processing your health information (which we will only obtain for the purposes of you claiming benefits on health grounds). Any processing we undertake shall remain lawful until such time as you withdraw consent.XPS has formal documented Information Security and Data Protection policies that set out the security measures currently implemented and maintained. These core policies are supported by additional policies covering our use of data encryption, physical security of our offices and data centres and acceptable usage of email, internet facilities and telephone. Copies of these policies are available on request.
How long do we keep the information for?
We retain your information for a number of reasons, including to demonstrate:
- the scheme has complied with its rules;
- compliance with regulatory rules (e.g. HMRC, Financial Conduct Authority); and
- that XPS is meeting its contractual and legal obligations.
This means that we keep all of your information whilst we administer the SIPP, even if you cease to be a member, and until any possible legal responsibilities or liabilities have ended.
We will normally hold your information for a period of 12 years following closure of your SIPP. However, in a small number of cases, the Financial Conduct Authority requires records to be retain indefinitely (relating to pension transfers into personal pensions from defined benefit schemes).
A copy of our retention policy is available on request.
How to complain
If you're not happy with how we process your data, you will have the right to complain to the Information Commissioner and we can provide details about how to do that.
XPS SIPP Services Limited
Castle Business Park
XPS SIPP Services Ltd isauthorised and regulated by the Financial Conduct Authority. Our FCA Registration Number is 461791. You can check this on the FCA's website at www.fca.org.uk/register. Xafinity Pension Trustees Ltd (1450089) is registered in England at Phoenix House, 1 Station Hill, Reading, RG1 1NB. XPS SIPP Services Ltd is registered in Scotland (No 69096) and its registered office is at Scotia House, Castle Business Park, Stirling FK9 4TZ. 012XSS (05/18)