Privacy notice

Universities Superannuation Scheme (the ‘Scheme’) is the principal pension scheme for academic and comparable staff in UK universities and other higher education and research institutions. It is a hybrid scheme providing both defined benefit (‘DB’) and defined contribution (‘DC’) pension benefits to its members.

This privacy notice explains how the Scheme may use your personal data in its operations (whether you are a member of the Scheme, a spouse or other beneficiary of a member of the Scheme or otherwise engage with the Scheme) and the rights you have in relation to your personal data. For further information on your privacy rights, see ‘Your Data Subject Rights’ below.

For all members, beneficiaries and other individuals that engage with the Scheme, Universities Superannuation Scheme Limited (‘USS’) of the Royal Liver Building, Liverpool L3 1PY (Company Number 01167127) is the sole corporate trustee (the ‘Trustee’) of the Scheme and acts as the Data Controller of your personal data. USS is registered with the Information Commissioner’s Office as a data controller under The Data Protection (Charges and Information) Regulations 2018 with registration number Z5491571. USS is also responsible for this website (www.uss.co.uk) (Website) and for member only accessible areas of the website (https://www.uss.co.uk/members/login) (My USS).

USS Investment Management Limited (USSIM) a company incorporated in England & Wales (Company Number 03380864) and having its registered office at Royal Liver Building, Liverpool L3 1PY, is a wholly-owned subsidiary of USS. Its principal activity is to provide investment management and advisory services to USS. USSIM is registered with the Information Commissioner’s Office as a data controller under The Data Protection (Charges and Information) Regulations 2018 with registration number ZA318116.

USSIM processes significantly fewer personal data than USS and only in very limited circumstances does is process personal data of members or beneficiaries of the Scheme. The majority of the processing that it will engage in relates to investment transactions and investments it manages on behalf of USS. Where there is a difference in the way in which USSIM collect, process or share personal data, this is set out in the relevant “USSIM” sections below. As USSIM does not operate its own website and only processes personal data as a consequence of its appointment as Investment Manager to USS, we have combined the relevant information for both controllers below.

Within the USS group of Companies, we take our respective obligations under data protection and privacy laws very seriously and have appropriate procedures in place to ensure your information and your rights are protected. If you have any questions concerning our use of your personal data, please contact us at dpo@uss.co.uk.

Table of contents

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Who does this notice apply to

Universities Superannuation Scheme Limited

In administering the Scheme, USS will collect personal data concerning a variety of people, both members and non-members of the Scheme. This privacy notice applies to the following categories of person:

Members of the Scheme and individuals associated with them can be divided into different categories dependent on the position in the member journey:
Active Actively paying contributions via their employer payroll into the Scheme
Deferred or Withdrawn Have paid contributions into the Scheme but have left the Scheme, or are no longer paying contributions into the Scheme and have yet to reach retirement age
Pensioner Have retired from the Scheme either on normal or ill health grounds and are receiving pension benefits from the Scheme
Beneficiaries Are actual or potential beneficiaries of a Scheme member
Opted-Out Were automatically enrolled by their employer into the Scheme but have subsequently opted out of the Scheme
Spouses Are the spouse or civil partner of a member of the Scheme
Dependents Are the dependents of a member of the Scheme (either minors or qualifying dependent adults)
Representatives Lawful representatives of a member of the Scheme
When we use the term ‘Members’ in this privacy notice, we are referring to each of the categories of individual above.
Visitors to websites operated by USS. USS websites can be divided into the following categories:
USS Website Our public-facing website
My USS The secure Members-only area of the USS Website
Individuals we communicate with:
Communication Method Type Individuals involved When and how we collect personal data
Member Service Desk Telephone Members Calls are recorded, please see the section on Communication Recording for further details
USS telephone numbers Telephone Members
Non-Members
Calls that are made to the main telephone numbers and individual extension numbers at USS can be recorded. The main contact numbers listed on the Website will have an automated message notifying you of call recording. You may not hear this message when you call extension numbers of individual staff members, but your calls may still be recorded. Call recording without notification is permissible if the call monitoring is used to help establish facts, to comply with regulatory or self-regulatory practices or to ascertain or demonstrate that service standards are achieved (or ought to be achieved); or for the purposes of preventing or detecting crime. USS relies on all of the above as its basis for recording calls without notification in all cases
Website contact form Email Members
Non-Members
Information provided to USS via contact forms on the Website will be processed and stored
Email communication Email Members
Non-Members
Emails sent and received by USS will be archived and retained in line with our data retention policies and practice(s), regardless of content or type
Postal communication Post Members
Non-Members
Postal correspondence sent by us to Members will be stored as an electronic copy against the central member record, as will post received from Members. Post sent and received in relation to non-members will be stored as created and copies will be retained as and when necessary
USS Investment Management Limited

In managing investments and undertaking investment transactions on behalf of USS, USSIM will collect personal data concerning a variety, but limited number, of people connected to each prospective and/or actual transaction, ongoing management of the investments and corporate business functions.

We have divided the types of people against whom we may collect, store and process personal data into two categories:

Persons associated with any investment i.e. any individuals who are a materially associated party to an investment (at deal stage and/or beyond)
Professionals/third party advisers involved with an investment or providing corporate service functions i.e. any individuals involved with but not materially party to an investment (at deal stage and/or beyond) or providing corporate service functions to the business
Individuals USSIM communicate with who are involved with investments transactions, professionals/third party advisers and corporate service functions
Communication Method Type Individuals involved When and how we collect personal data
USSIM telephone numbers Telephone Persons involved with investments Calls that are made to the main telephone numbers and individual extension numbers at USSIM can be recorded. Call recording without notification is permissible if the call monitoring is used to help establish facts, to comply with regulatory or self-regulatory practices or to ascertain or demonstrate that service standards are achieved (or ought to be achieved); or for the purposes of preventing or detecting crime. USSIM relies on all of the above as its basis for recording calls without notification in all cases
Email communication Email Persons involved with investment transactions and/or ongoing management of transactions and corporate service functions Emails sent and received by USSIM will be archived and retained in line with our data retention policies and practice(s), regardless of content or type
Postal communication Post Persons involved with investment transactions and/or ongoing management of transactions and corporate service functions Post sent and received in relation to individuals involved in or dealing with investment transactions and/or the ongoing management of investments will be stored as created and copies will be retained as and when necessary

What personal information do we hold about you?

Personal information or personal data is any information about an individual which can be used to uniquely identify that person. Depending on the nature of your relationship with USS (and/or USSIM), we will collect, store and process the categories of personal data about you listed in the tables below, some of which you may provide to us directly and some of which we may collect from third parties (e.g. your employer).

USS

Members of the Scheme
Personal Data Type Summary Information collected
Core Personal Information This is information which identifies you and is essential for the administration of the Scheme Title, first name(s), surname, addresses, contact telephone numbers, contact email addresses, National Insurance number, gender or gender reassignment status, marital status (as applicable)
Employment information This is information about your employment history related to your membership of the Scheme Name of employer, start and end dates for each period of employment with each employer, contributions to the Scheme, salary details
Pay and banking information This is information we need so when you are entitled to receive benefits that are due to you so we can fulfil our obligations in paying these Bank sort code, bank account number, bank account name, tax status information, pension entitlement information (including withdrawals you have made)
Beneficiary information This is information about family and beneficiary selections you have made which allow us to provide any benefits to those entitled as part of your pension Personal details concerning the spouses, civil partners, dependents members (including minors and qualifying dependent adults) and nominated beneficiaries of Scheme members
Documentary information This is information we have collected in relation to the administration of your pension account Birth certificate(s), marriage certificate(s), death certificate(s), identity documentation (such as copies of passports or driving licenses), records of correspondence (this will include correspondence we have sent to you and correspondence we have received from you or other parties in connection with your pension – correspondence can include postal communication, notes made in relation to telephone conversations and email communication), complaints, tracing and verification activities USS undertakes to administer your pension (such as using services to trace members whose contact details are inaccurate and verifying identity for security reasons)
Visitors to this Website
Personal Data Type Summary Information Collected
Web activity monitoring This is information we collect in relation to behavioural patterns of usage for our public-facing Website. We use third party services to help us capture, store and analyse the information, the About Cookies section of this Website provides more detail. Your Internet Protocol (IP) address is collected by third parties and provided to USS in an anonymized form as part of any web traffic statistics reported to us. Your IP address is not visible to USS. We also receive further information (in anonymized form) about pages you have visited and time spent on our Website. For further information, please see the About cookies section of the Website.
Web form contact information This is information provided by you when completing and submitting any contact form Name, contact details, nature of query and any other personal information you provide when contacting using our website
Visitors to My USS
Personal Data Type Summary Information Collected
Registration information This is information we use to enable you to register for the secure Member’s only area of the USS website (My USS) Membership number, email address, mobile telephone number, password, security question answer (place of birth – if selected), National Insurance number, surname, date of birth, gender
Login information This is information we use to enable you to log into the secure Member’s only area of the USS website (My USS) Username, password, partial membership number, partial PIN number
Pension information This is information we process and display to you as you navigate different areas after you have logged into the secure are of My USS Title, surname, membership number
Web activity monitoring This is information we collect in relation to behavioural patterns of usage for My USS. We use third party services to help us capture, store and analyse the information, the About Cookies section of this Website provides more detail Your Internet Protocol (IP) address is collected by third parties and provided to USS in an anonymized form as part of any web traffic statistics reported to us. Your IP address is not visible to USS. We also receive further information (in anonymized form) about pages you have visited and time spent on My USS. For further information, please see the About cookies section of the Website.
USSIM Persons associated or involved with an investment
Personal Data Type Summary Information collected
Core Personal Information This is information which uniquely identifies you for identification and verification purposes (“Know your customer” documents) as may be relevant to any investment or ongoing management of an investment Passport Number, official identification documents (if not resident in the UK)
Core Personal Identifiers This is information which uniquely identifies you for identification and verification purposes (“Know your customer” documents) as may be relevant to any investment or ongoing management of an investment Passport Number, official identification documents (if not resident in the UK)
Documentary information This is information we have collected in relation to the management of our investments Identity documentation, background information (such as CVs and biographies) records of correspondence (including correspondence we have sent to you and correspondence we have received from you or other parties (such as using services to background check individuals pertinent to an investment)

How do we use your information?

We primarily use your personal data for the purposes of administering and managing the Scheme, its assets and the benefits payable to our Members and their beneficiaries. The table below describes the lawful basis upon which we rely to process your personal data, the purpose for our processing and what personal data we will process. For more information on the lawful bases which we rely on to process your personal data, please see the section ‘Lawful basis of collection and processing’ below.

Below the table, you can also find further details on some additional kinds of personal data we may process about you (such as special category (or sensitive) personal data, spouse / civil partner data and information on the National Fraud Initiative).

Members of the Scheme
Personal Data Processing Purpose Legal Basis for Processing
Core Personal Information For the purpose of administering the Scheme and managing the benefits payable to our Members and their beneficiaries, including internal record keeping. To communicate with you (including correspondence we send to you, receive either from you or from third parties about you, calls we make to you and receive from you or third parties about you). To verify your identity, to prevent and detect fraud and to comply with our legal and regulatory obligations to protect your pension and the Scheme. Legitimate interest to administer the Scheme in an effective manner on behalf of the Trustee Performance of our legal obligations to run the Scheme as directed by the Trustee in compliance with legislation, regulations and guidance from the relevant UK authorities
Employment Information For the purpose of administering the Scheme including calculating benefits in both the USS Retirement Income Builder and the USS Investment Builder. To comply with laws, rules, regulations, guidance and directives applicable to us and/or the Scheme. To comply with and carry out your instructions in relation to your benefits and investment choices including in relation to additional voluntary contributions and voluntary deductions Legitimate interest to administer the Scheme in an effective manner on behalf of the Trustee. Performance of our legal obligations to run the Scheme as directed by the Trustee in compliance with legislation, regulations and guidance from the relevant UK authorities
Pay and banking information To discharge our duty to the Trustee to pay benefits which you are entitled to receive. To discharge our duty to accurately report to the relevant tax authorities on your pensionable tax status and entitlement Performance of our legal obligations to run the Scheme as directed by the Trustee in compliance with legislation, regulations and guidance from the relevant UK authorities. Performance of our legal obligations to report tax liabilities of Members to the relevant tax authorities (e.g. HMRC). Legitimate interest to administer the Scheme in an effective manner on behalf of the Trustee
Beneficiary Information To discharge our duty to the Trustee to pay benefits which your nominated beneficiaries are entitled to receive Performance of our legal obligations to run the Scheme as directed by the Trustee in compliance with legislation, regulations and guidance from the relevant UK authorities. Legitimate interest to administer the Scheme in an effective manner on behalf of the Trustee
Documentary Information For the purpose of administering the Scheme, including internal record keeping. To discharge our duty to the Trustee to manage complaints and disputes effectively. To verify your identity using processes such as the Member providing copies of official identification and/or using tracing services (in instances where we have not got the most up to date contact information). Performance of our legal obligations to run the Scheme as directed by the Trustee in compliance with legislation, regulations and guidance from the Relevant UK authorities. Performance of our legal obligations to protect the personal data of Members of the Scheme in compliance with DPA 2018. Legitimate interest to administer the Scheme in an effective manner on behalf of the Trustee
Special Category Personal Data To conduct assessments in relation to any application received in respect of an early retirement ill health application (partial or full retirement). To conduct appeals in relation to a decision refusing early retirement due to ill health (partial or full retirement). Please see the ‘Special Category Personal Data’ section below
Visitors to this Website
Personal Data Processing Purpose Legal Basis for Processing
Internet Protocol (IP) address To help us identify visitors to our website to allow us to improve and enhance the web-based services we offer to you Legitimate interest to respond to queries received via web forms in the interest of operating an efficient business on behalf of the Scheme
Web form contact information To enable us to respond to queries raised via our web contact form(s) on the Website Legitimate interest to respond to queries received via web forms in the interest of operating an efficient business on behalf of the Scheme
Visitors to My USS
Personal Data Processing Purpose Legal Basis for Processing
Registration Information To help us securely verify the identity of someone attempting to register for access to My USS Performance of a contract (Terms and Conditions of the Website) to which you are a party by using My USS
Login information To help us securely verify identity of visitors to My USS Performance of a contract (Terms and Conditions of the Website) to which you are using a party by using My USS
Core Personal Information To help us effectively service information requests via My USS by securely authenticated visitors Legitimate interest to operate an efficient business on behalf of the Scheme
Employment Information To help us effectively service information requests via My USS by securely authenticated visitors Legitimate interest to operate an efficient business on behalf of the Scheme
Persons associated or involved with an investment
Personal Data Processing Purpose Legal Basis for Processing
Core Personal Information This is information we have collected in relation to the management of our investments Performance of our legal obligations to manage the investments and assets of the Scheme as the Investment Manager for USS
Documentary Information This is information we have collected in relation to the management of our investments Performance of our legal obligations to manage the investments and assets of the Scheme as the Investment Manager for USS
Special Category Personal Data

Some of the information we may need to use is considered sensitive or “special category” personal data such as information concerning your health. We will only use this personal data for limited and specific purposes. For example, any medical information you supply to us either directly or via your employer will be assessed by our independent medical panel for the purposes of evaluating your application for ill health retirement and it may also be used for any assessment of appeals made against our decisions in relation to ill health retirement applications. We will only process this personal data where:

  1. we have a legal basis to process this information under employment, social security, or social protection law,
  2. where the processing is substantially in the public interest in an occupational pensions’ context,
  3. where the processing is necessary for the prevention and detection of fraud,
  4. where it is necessary for a legal claim,
  5. where it is necessary for member ill health assessments, or
  6. where we have obtained your explicit consent (which we will seek at the time we collect the data).
Communication Recording

We monitor, record, store and use any telephone, email or other communication with you in order to maintain a record of the instructions given to us by our Members or requests we have received from other third parties. We also record and retain communications for crime prevention purposes and to comply with our regulatory obligations and use this information for internal training purposes to improve the quality of our customer service.

Spouse data

USS does not always hold sufficient data on retired members’ spouses / civil partners to enable us to accurately calculate and manage the liabilities of the Scheme. To ensure that we have sufficient funds to meet our liabilities to members and their spouses, we collect additional information about spouses / civil partners from third party tracing services. The information we look to collect about spouses / civil partners of our Members is as follows: (i) relationship between the spouse / civil partner and the Member; (ii) month and year of birth; (iii) gender; and (iv) surname of the spouse / civil partner. We have a legitimate interest in collecting this personal data to better understand and manage the Scheme’s liabilities and to ensure that we have adequate funds to meet these of both members of the Scheme and to support the Trustee to appropriately discharge its duties. Should you or your spouse object to our collection and use of this data, please contact us using the details provided below.

National Fraud Initiative

We participate in the National Fraud Initiative (‘NFI’), which is a data matching exercise carried out by the Cabinet Office. We provide the Cabinet Office with particular sets of personal and financial data about our scheme members to conduct this matching exercise. The categories of personal data for private sector companies that may be shared to carry out the NFI exercise are detailed here. You can view further information on the Cabinet Office's legal powers and the reasons why it matches particular information here.

Lawful basis of collection and processing

We take care to ensure that our collection and processing of your personal data is lawful. In the section [‘How we use your information’ above, we have explained which lawful basis is used by us to collect and process your personal data for the various purposes set out above, the following section explains what these are.]

  • Legitimate Interest – means the legitimate interest that USS and the Trustees we act for have in conducting and managing our business to enable us to give you the best service, to meet our obligations as a trustee of a pension scheme and to give you the best and most secure experience. As explained above, we have a legitimate interest in processing your personal data for:
    • the purposes of administering your pension and any payments or benefits owed to you,
    • communicating with you about the Scheme and your entitlements,
    • modelling, profiling, statistical and trend analysis for the purposes of managing the funding and investment strategy of the Scheme and ensuring we can meet our liabilities,
    • ongoing management of our relationship with you, and
    • our internal business purposes which include business and disaster recovery, document retention/storage and IT service continuity (e.g. back-ups and helpdesk assistance) to ensure the quality of the services we provide to you.

    Where we have a legitimate interest and it is necessary to process and collect your personal data, we will take appropriate steps to ensure that this processing does not prejudice your rights and freedoms as an individual. Where we process personal data based on our legitimate interests (or the legitimate interests of a third party) you have a right to object to this processing where you feel that your privacy rights are unfairly impacted by our processing. For further information on this ‘right to object’ and details on how to exercise it, please see ‘Your Privacy Rights’ below.

  • Legal obligation – means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that USS is subject to. For example, we collect certain information from your employer to meet our obligations set out by the Pensions Regulator to automatically enroll you in the Scheme. Additionally, we may also be required by applicable legal obligations to use your personal data in certain ways. For example, we are required to provide information to HMRC about the tax liabilities of our Members.
  • Performance of a contract – means that the processing we undertake is necessary for the performance of a contract between us and you. For example, the My USS terms and conditions form a contract between us and you when you use My USS we need to process certain personal data such as your username and password in order to provide this service to you.
  • Special Category Personal Data – We may need to collect and process special category personal data in order to administer your pension benefits and for other limited purposes. Please see the section ‘Special Category Personal Data’ above for the lawful bases we rely upon when we do so.

Who does USS Share your personal data with?

Within the USS Group

In limited circumstances, your data may be shared with different entities within the USS group. The sharing of this information is done only in support of the Scheme and is not used to directly impact you individually. An example of this would be USS sharing limited amounts of your personal data with one of our investment entities in order to assist with the calculation of future liabilities on the Scheme (also known as funding strategy).

Outside of USS

In fulfilling our obligation to run the Scheme in an effective manner, we will need to share your personal data with the third parties we work with to administer the Scheme. We also receive personal data about you from various third parties as we’ve set out in the table below.

These third parties will include any of your employers (including former employers) who participate in the Scheme and our third-party suppliers who we have engaged to assist us with the administration of the Scheme or our wider business.

The third parties we work with include:

Third party Reason for sharing External Privacy Notice Possible transfer outside European Economic Area
Sponsoring employers To administer the Scheme and to calculate the contributions that you are owed Please contact your employer Dependant on the geographical location of the sponsoring employer
Capita Employee Benefits Limited Capita run our pensions administration platform which we use to administer your pension N/A No
ITM Limited To conduct tracing and existence check activities Click Here Yes
DWP Letter Forwarding Service To conduct tracing and existence check activities N/A No
Equiniti Limited To administer overseas pensioner payments Click Here Yes
The Prudential Assurance Company Limited To administer any additional voluntary contributions (if applicable) Click Here Yes
AON UK Limited as our property insurance broker We may share your personal data with our insurance brokers to the extent necessary in order to deal with any potential or actual insurance related claims in respect of any of our owned properties Click Here Yes
Legal and other professional advisers To provide legal and other professional services in connection with the administration of the Scheme and management of its investments N/A Yes
Mercer Limited To provide actuarial, administration and consultancy services to administer the Scheme Click Here Yes
HMRC To comply with statutory obligations to report on payments we have made to you Click Here No
The Pensions Advisory Service and the Pensions Ombudsman To deal with complaints and resolve disputes The Pensions Advisory Service

The Pensions Ombudsman
No
Adare SEC Limited To produce printed Member specific materials (such as the Annual Member Statements and P60s) N/A No
Medical advisors Assessment of ill health retirement applications (partial and full) N/A No
Authorised agents acting on your behalf (e.g. your solicitor) To process and respond to the request made on your behalf Please contact your agent Dependant on the geographical location of the authorised agent

We also work with a number of other selected third parties to provide both USS and USSIM with services, including companies that provide us with technical services and support and assistance in respect of our website, companies that provide back-office services and companies that provide hosting services.

Additionally, there may be circumstances where we share your personal data in certain scenarios not otherwise include above. For example:

  • if required to do so by law or where we are asked to do so by a public or regulatory authority such as The Pension Regulator, the Information Commissioners Office, law enforcement agencies or the Department for Work and Pensions;
  • if we need to do so in order to exercise or protect our legal rights, users, systems and services (for example, where your personal data is relevant to legal proceedings); or
  • In response to requests from individuals (or their representatives) seeking to protect their rights or the rights of others. We will only share your personal data in response to requests which do not override your privacy interests.

International Transfers

Wherever possible we will ensure your data is processed within the United Kingdom (UK) or European Economic Area (EEA). Certain countries outside the EEA have been approved by the European Commission (EC) as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal data to these jurisdictions. The full list of EC approved countries can be viewed here. However, should it be necessary to transfer your personal data outside the EEA to any countries not on the approved EC list, we will ensure appropriate legal protection is in place to protect your data, including but not limited to, binding corporate rules, model contractual clauses, or other legal grounds permitted by applicable legal requirements. If you would like further information on the protection we have in place with our suppliers outside the UK or the EEA, please let us know.

Data Retention

We will store your personal data for no longer than is necessary for the purposes we collect your data for.

If you are a Member (or a nominated beneficiary of a Member), we have obligations to retain accurate records of your entitlements under the Scheme which can last a considerable time as pension benefits accrue and are paid out over long periods of time. To ensure that we properly discharge our duties to you and your employer, we will retain your personal data from the start of our relationship with you (i.e. when you initially join the Scheme as a Member or are nominated as a beneficiary by a Member) until at least six years after the end of our relationship with you (i.e. once all benefits have been paid to you as a Member and any eligible beneficiaries). As a general rule, this means that we will retain Core Personal Information, Employment Information, Pay and Banking Information, Beneficiary Information and Documentary Information for up to 100 years from the start of our relationship so that we can be sure we have discharged our obligations.

If you are a Visitor to the Website, a Visitor to My USS or an individual we communicate with who is not a Member, we may hold your personal data for a minimum of 6 years from the date of your visit or your most recent correspondence with us in order to comply with our legal obligations and to maintain evidence of our relationship (unless you are also a Member, in which case the longer retention period described above with apply).

There may also be circumstances in which we need to retain your personal data for longer than the periods set out above. For example, where any legal disputes arise between us or where we are required by law to retain your personal data for longer periods.

Your data subject rights

We have set out a summary of your rights in relation to your personal data below. If you would like more details about your rights or to exercise any of these rights, please see the section ‘Contact our Data Protection Officer' below.

  • Request access to your information - commonly known as a data subject access request (SAR). As a data subject you have a right to request details about what personal data of yours USS holds and processes. Upon receipt of a valid SAR we will provide you with a copy of all the personal data we hold about you. In certain circumstances we may obscure or withhold certain information if this is not directly related to you.
  • Request we correct information about you – if the information we hold about you is incorrect, you can request that we make corrections to maintain the accuracy of your personal data. If you are an active member of the Scheme you can ask for us to amend your information via your pensions contact at your employer, who will pass this request on to us. Alternatively, the ways in which you can contact us directly can be found on the contact us page on this website (www.uss.co.uk/public/contact-us).
  • Request we erase information about you – commonly known as the right to be forgotten, you have the right to ask us to delete personal data where there is no good reason for us continuing to process it. You also have the right to ask us to erase personal information where you have exercised your right to object to processing (as detailed below). This right is not absolute, and we may refuse your request in certain circumstances, such as where we are under a legal obligation to retain your information or have another valid reason to continue processing it.
  • Object to processing – where we are relying on a legitimate interest (or the legitimate interest of a third party) to process your personal data, you have the right to object to this processing if you feel that a situation or circumstance particular to you warrants your objection to this processing of your personal data. This is not an absolute right and if we can show compelling legitimate grounds for processing your personal data which override your interests, rights and freedoms, or we need your personal data to establish, exercise or defend legal claims, we can continue to process it.
  • Restrict processing – if you want us to suspend processing your personal data you can request the restriction of processing under certain conditions. We will continue to store this personal data until your request has been confirmed. An example would be if you wanted us to suspend processing your personal data while you establish the accuracy or reason for processing it.
  • Data portability – you have the right to transfer personal data you have provided to us to another party where we are processing this information in order to perform a contract with you or where you have provided your consent for us to do so. We will transfer to you, or a third party upon receipt of valid consent from you, your personal data in a structured, commonly used, machine readable format. We reserve the right to determine the appropriate levels of security required to transmit this personal data to you or your nominated third party.
  • Withdraw consent – There may be certain times where we ask for your clear written consent to process your personal data. Where we do this, you have the right to withdraw this consent at any time.

All requests will be dealt with on an individual basis and the ultimate decision relating to such requests will be made by our Data Protection Officer. We will respond to your request as soon as we can, and by law we have up to one month from the receipt of a valid data subject request to complete the request you have made. If we can show good grounds to request that this time be increased by a maximum of two months, although we will let you know when we need to extend our time to respond and why. We will need to verify your identity as part of the process to protect your privacy and may request identification documents form you, such as a copy of your passport to identify you and a copy of a recent utility bill to verify your address. The one-month period for us to respond to your request will only begin after we have verified your identify.

We may refuse to act on (or charge a fee to respond to) any data subject request which is invalid or excessive (e.g. where you have made repeated requests for the same information). If you feel we are not processing your requests in accordance with the law, in the first instance please contact our Data Protection Officer.

Please note that it is important that the personal data we hold about you is accurate and correct. If any of your personal data changes during your time at USS, please keep us informed, so together we can ensure the accuracy of your personal data.

Security

We take the security of your personal data very seriously. We have put in place technical and contractual measures to prevent the unauthorised disclosure or use of your personal data. We have implemented organisational measures to keep your personal data secure against the threat of human intervention. These measures include training all of our employees, and providing them with regular reminders of their individual obligations and responsibilities. We are accredited to the international standard of information security, ISO27001:2013. This ensures we internally monitor our compliance with a series of technical and non-technical security controls, and we are periodically audited by an external body who check we are maintaining compliance to the international standard. Although we work hard to protect your personal data, no method of security is entirely secure and transmission of personal data via the internet always presents risks. Please contact us using the details on this website if you have any concerns about the security of your personal data.

Our Use of Cookies and Analytics

Our Website uses certain analytics services provided by Hotjar Limited (Hotjar) and Google (Google Analytics). Both services are used to evaluate and analyse how users interact with the Website and My USS, enabling us to make improvement to the functionality and user experience. The use of both of these services and more information about how we use cookies to ensure the functionality of the Website and My USS, and how to disable non-essential cookies, are detailed in the About cookies section of the website.

Contact our Data Protection Officer

To discuss any part of this privacy notice or if you have a query, you can contact our Data Protection Officer by email dpo@uss.co.uk.

Complaints to a Supervisory Authority

You also have the right to complain to a supervisory authority if you believe we are not processing your information in accordance with the law. The supervisory authority for the United Kingdom is the Information Commissioner’s Office (ICO) and their contact details are available on their website https://ico.org.uk. Please be assured that we take all complaints seriously and if you would like to discuss these in the first instance with our Data Protection Officer, then you can email dpo@uss.co.uk.

Updates to this Privacy Notice

We may update this privacy notice with minor amendments from time to time without notice to you and any revised privacy notice will appear on this page. You should check back frequently for any updates or changes to this notice. USS will take reasonable steps to notify individuals when more substantive changes have been made to this privacy notice such as notifying you via our website or including information about changes in our communications with you.