Data Protection and Privacy Notice for M.R.C. Pension Scheme (the "Scheme")
The Scheme trustee, M.R.C. Pension Trust Limited, ("Trustee", "we" or "us") is committed to keeping your personal information secure and handling your personal data lawfully, fairly and transparently.
As trustee of the Scheme, we hold and process personal data of Scheme members and beneficiaries ("you") in order to run the Scheme in our capacity as controller of personal data.
In doing so, we comply with relevant data protection legislation such as the General Data Protection Regulation (Regulation (EU) 2016/679) (as transposed into UK national law by operation of section 3 of the European Union (withdrawal Act 2018) and as may be amended by other laws from time to time) ("UK GDPR") and the Data Protection Act 2018.
This privacy notice ("Notice") provides information about the processing the Trustee oversees in relation to your personal data.
Privacy policy
1. Where we obtain your information and what information we obtain
Sources of personal data
In the course of administering your pension, we may hold information about you which is provided by you, Aptia UK Limited (Aptia) (who administers the Scheme on our behalf), your employer or former employer, other pension schemes or medical advisers, government departments such as HMRC, DWP or publicly accessible records (e.g. the electoral roll) if, for example, we have lost touch with you and we are trying to find you.
Where applicable, we also collect information about your nominated beneficiaries, dependents or next of kin. Before providing us with any such information, you should provide a copy of the information in this Notice to those individuals.
If we ask you for other information in the future (for example, about your health), we will explain whether you have a choice about providing it and the consequences for you if you do not do so.
Types of personal data processed
The information we collect and hold about you includes:
- personal details: such as your name, gender, date of birth, national insurance number, passport or ID number and country of residence;
- business and/or personal contact details: such as home address, telephone numbers and email addresses;
- marital status and relationship data: such as the full name, date of birth, contact details and relationship to your family members, dependants and/or beneficiaries);
- financial information: such as salary, tax information, pension sharing orders and bank account details (in some cases);
- employment information: such as years of service, dates of employment, hours of employment, employment status, salary, employee claims, bonus and benefits;
- information relating to your Scheme benefits: such as your member identifying number (which is assigned to you by the Scheme), the date you joined or left the Scheme, the category and value of contributions and benefits that you receive, and any relevant matters impacting your benefits such as voluntary contributions, pension sharing orders, tax protections or other adjustments; and
We may also process special category data for the purposes of administering the Scheme (for example in relation to ill-health, early retirement or where incapacity or similar reasons determine the benefits paid to you). We will in most circumstances process this data in the performance of our legal obligations in connection with employment, social security and social protection (as allowed by data protection laws). We may also process special category data for the purposes of establishing, exercising or defending legal claims. If there are any occasions where we seek your explicit consent to process special category data, then you can withdraw it at any time.
2. Why we use your information
The law requires that the Trustee only uses your personal data for defined lawful purposes. We have set out in more detail the purpose, type of data and legal basis relied upon by the Trustee in the table below:
| Purposes | Categories of Personal Data | Legal Basis (and special category condition if applicable) |
|---|---|---|
|
Calculating, administering and paying your benefits under the Scheme or following your death |
Personal details; contact details; marital status and relationship data; financial information; employment information and information relating to your Scheme benefits We may process special category data in the form of health information, for example where we process ill-health retirement claims. |
Legal obligation To the extent we process special category data, we rely on the fact that processing is necessary in the field of employment, social security and social protection law in so far as it is authorised by domestic law |
|
Dealing with any queries/complaints/appeals etc. regarding decisions we have made, for example in relation to your or your dependants’ entitlement to benefits under the Scheme |
Personal details; personal contact details; marital status and relationship data; financial information; employment information and information relating to your Scheme benefits |
Consent |
|
Carrying out actuarial valuations and investment of the Scheme’s assets |
Personal details; business and/or personal contact details; marital status and relationship data; financial information; employment information and information relating to your Scheme benefits |
Legal obligation |
|
Establishing a legal defence |
Will depend on the specifics of the legal claim but may include personal details; business and/or personal contact details; marital status and relationship data; financial information; employment information and information relating to your Scheme benefits |
Legal obligation. To the extent that this requires us to process special category data, we rely on the fact that the processing is necessary for the establishment, exercise or defence of legal claims, or whenever courts are acting in their judicial capacity. |
|
Compliance with other legal, regulatory and good governance obligations in relation to administering the Scheme and as otherwise lawfully permitted from time to time e.g., reporting to authorities, HMRC and the pensions regulator or processing as part of the UK Pensions Dashboard Programme. |
Will depend on the specifics of the legal obligation but may include any of personal details; business and/or personal contact details; marital status and relationship data; financial information; employment information and information relating to your Scheme benefits |
Legal obligation. The following examples require reports, responses or other processing of personal data: - Section 249A of the Pensions Act 2004 trustees much operate an effective system of governance including internal controls. - Sections 59-65 of the Pensions Act 2004, (Registrable Information and Scheme Returns) requires information to be sent to the Pensions Regulator. - Chapter III of the UK GDPR requires controllers to respond to data subject requests. - Part 4 of the Finance Act 2004 - tax returns and other information required or may be requested under HMRC rules and guidance. - The Registered Pension Schemes (Provision of Information) Regulations 2006 (SI 2006/567) – requiring certain information and events to be reported to |
|
Consideration of advice on investments to grow scheme assets, production of financial reports, as well as working through fund manager calculations, statistics and achievement standards, and consulting advisors and investment managers to assist. |
Personal details; financial information and information relating to your Scheme benefits |
Legitimate interests in calculating and running reports in order to monitor the Scheme's performance. |
|
Management of IT servers and hosting, IT support functions, and management of information security management system |
Processing could involve processing of any personal data held on the IT systems as required. |
Legitimate interests in ensuring the IT systems run efficiently. |
|
Establishing your identity and that of any other beneficiaries. |
Personal details, ID documentation. |
Legitimate interests in preventing unauthorised access to benefits. |
|
Preventing and detecting fraud |
Will depend on the specifics of the circumstance but could involve any categories of personal details; financial information and information relating to your Scheme benefits. |
Legitimate interests in detecting fraud and preventing harm to other members. |
|
Transferring to another scheme |
All personal details as required by the transferee. |
Consent |
|
Sending updates and newsletters to you. |
Personal details and contact information such as email and postal address. |
Processing is based on the Trustees' legitimate interests of ensuring members and beneficiaries are kept up-to-date with relevant updates. |
|
Managing Additional Voluntary Contribution (AVC) arrangements and coordinating data exchanges with AVC providers. |
Personal details and financial information and information relating to your Scheme benefits. |
Legitimate interests in liaising with other providers with respect to member benefits. |
3. Sharing your information
We may share your information with other entities which act as an independent controller of the personal data:
- any of your employers or former employers who participate in the Scheme;
- our legal advisers (currently DLA Piper UK LLP);
- other professional advisers (including medical advisers, occupational health providers and auditors);
- the Scheme actuary (currently John Coulthard, Aon Solutions UK Limited);
- government agencies and other authorities (including HMRC and the Pensions Regulator) where necessary for the proper administration of your benefits, the prevention of crime or to meet legal and regulatory requirements.
- other persons to whom you have authorised data to be disclosed (for example, the pension scheme receiving a transfer value, or an independent financial adviser);
- other persons who may be involved in, become involved in or responsible for providing or communicating benefits (for example, Like Minds UK Ltd, part of the Independent Governance Group which may send you communications relating to your pensions benefits).
- other organisations providing services to the Trustee, including pensions governance, pensions management services and pensions tracing services, but in each case only in relation to matters connected to the administration of the Scheme and your benefits under it.
We may share your information with other entities which act as a processor of the personal data on our behalf:
- Aptia, as administrator appointed by the Trustee to provide day to day administration services and United Kingdom Research and Innovation (UKRI) who also provide supplementary administration services;
- service providers and partner organisations to the extent that it is necessary for the management and administration of the benefits provided by the Scheme; and
- IT, cyber security and data hosting providers.
We also share your personal data with the UK's Money and Pensions Service as part of the UK's Pensions Dashboard Programme as is required under applicable legislation so that your personal data is visible alongside your other pensions in one place online.
4. Processing your information outside the United Kingdom
The Trustee will ensure the administrator stores your personal data in the United Kingdom and/or European Economic Area.
We may transfer personal data outside the United Kingdom for storage, and other purposes such as obtaining legal and professional advice or receiving services as part of the operation of the Scheme. We will take appropriate steps to make sure that recipients of personal data act in accordance with applicable law and to the extent we transfer your personal data to recipients located outside of the United Kingdom (to countries that have not been granted an adequacy decision by the United Kingdom). We will provide an adequate level of protection of your personal data, including appropriate safeguards in accordance with Article 46 UK GDPR, to secure such transfer is in compliance with data protection laws. We will also take steps to ensure that any third party who transfers your data outside of the United Kingdom shall ensure the relevant safeguards are in place as set out in data protection laws.
Please see the "Contact us" section below if you would like further information about these safeguards.
5. Security of your information
The Trustee is committed to ensuring that your personal information is secure. We have in place appropriate technical and contractual measures to ensure that information is only shared for the reasons, and by the means, set out in this Notice.
The Trustee requires adequate measures to be in place to ensure your information is kept secure when we need to share this with a third party as outlined above.
6. How long do we keep your information?
Pension schemes are long-term. We will keep your personal information for as long as you are a member of the Scheme, which may be for your entire lifetime. We will also retain some information for a period after you leave the Scheme for any reason, e.g. following a transfer out, to enable us to deal with any queries that may arise after you have left or for a period of time following your death. Pension benefits may be paid over a long period to you and your beneficiaries and your right to benefits under the Scheme is based on information which may go back many years. As such, we will keep information until your membership of the Scheme ends, all applicable benefits have been paid to you and your beneficiaries and for a further period of 6 years unless we are legally required to keep your personal data for longer. We review our data retention periods periodically and ensure methods are in place to delete personal data after any such applicable timeframes have expired.
7. Data Protection Officer
We are not required to appoint a Data Protection Officer but ensure that we have appropriate personnel to advise on our compliance with our data protection responsibilities
8. Monitoring and recording
Aptia may monitor, record, store and use any telephone, email or other communication with you in order to maintain a record of any instructions given by you regarding your pension, for training purposes, for crime prevention and to improve the quality of service to Scheme members. This information is stored in line with our retention policy.
9. Your rights
- Right to access: You have rights under data protection law to know what personal information we hold about you, the purpose for which we hold it and the identity of any person to whom it has been disclosed.
- Right to rectification: You may request correction of your personal data that is inaccurate and/or completion of such data which is incomplete.
- Right to erasure: You may request deletion of your personal data, in particular where (i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) you objected to the processing and there are no overriding legitimate interests for the processing, (iii) your personal data has been unlawfully processed or (iv) your personal data has to be erased for compliance with a legal obligation to which we are subject. If you ask us to delete your information, we may not be able to do so, for example due to regulatory and contractual constraints which will be notified to you, if applicable, at the time of your request. For example, we may need to retain certain Personal Data about you if required for us to comply with a legal obligation or for the establishment, exercise or defence of legal claims.
- Right to data portability: You may request to receive your personal data, which you have provided to us, in a structured, commonly used machine-readable format and transmit those data to another controller without hindrance from us, where the processing is based on consent or a contract and the processing is carried out by automated means; in these cases, you may also request to have the personal data transmitted directly to another controller where this is technically feasible.
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our or a third party’s legitimate interest (Art. 6 (1) (f) UK GDPR). We then will no longer process your personal data for the purpose to which you have objected, unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims.
- Right to restrict processing: you have the right to restrict our processing of your personal data in certain circumstances such as where the accuracy of your personal data is contested or the processing is unlawful.
- Right to withdraw consent: You also have the right to withdraw your consent to the use of your personal data, to the extent such use is based on your consent. Please note, however, that this could affect our ability to assess your entitlement to certain benefits, e.g. ill-health early retirement. If you do withdraw consent, then that will not affect the processing based on consent prior to consent being withdrawn.
In any of the situations listed above, in case of doubt about your identity, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.
We aim to respond to your request within one month of receipt but will inform you where we need to extend that timeframe, for example, due to the complexity of the request. We reserve the right to refuse, or to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your personal data, and for any additional copies of the personal data you request from us.
If you have any questions or wish to exercise any of the above rights, or if you have a complaint about the processing of your personal data you can contact us as detailed below.
You also have the right to lodge a complaint about our processing of your personal data with the office of the Information Commissioner (see below).
10. Automated Decision Making
Automated decision making and profiling, including profiling that produce legal effects concerning or otherwise affecting such data subject, are not carried out by the Trustee in relation to the Scheme.
11. Direct Marketing
We may send you updates relevant to the Scheme, however we do not use your data for direct marketing or allow other organisations to use your personal data for the purpose of marketing their goods or services.
12. Contact us
If you have questions regarding your benefits and the Scheme, please contact our administrator at pensionuk.aptia-group.com.
If you would like any further information about the Trustee's approach to data protection and privacy, or to request details about the information we hold or exercise your rights, please contact us by email or post at:
Email: m.lambe@lms.mrc.ac.uk; or
Post: Director of Pensions, MRC Pension Scheme, UKRI, Polaris House, Swindon, SN2 1FL.
13. The Information Commissioner
The Information Commissioner is the UK's independent authority set up to uphold information rights and data privacy for individuals. You have the right to lodge a complaint with the Information Commissioner if you are dissatisfied with any aspect of the way that we collect and use your personal information.
The Information Commissioner's website can be found at www.ico.org.uk or you can call their helpline on 0303 123 1113.
14. Updates and changes
We will keep this Notice under review and may update it from time to time. Any revised policy will appear on the Scheme website www.mrcps.co.uk. Material changes to our processing activities shall be notified to you in an updated version of this Notice. Please check every now and then for any updates.
Last updated: March 2026
15. Other data controllers
Other parties, such as the Trustee's legal advisers and the Scheme actuary, may be data controllers in relation to your data, although the Trustee will be your point of contact. Those parties are required to have their own separate privacy notice. Please contact us if you need further information about finding the relevant privacy notices.