
Privacy policy
Fidra Energy Limited Privacy Notice
We respect your privacy and value the trust you place in us when you share your personal information with us. This notice sets out how we, as data controller, collect and use your personal information, why we use it, with whom we share it and the rights to which you may be entitled.
This notice will be changed from time to time, but if we change anything important about this notice (the information we collect, how we use it or why) we will highlight those changes to you.
Fidra Energy Limited and other members of the Fidra Group of companies (“Fidra” or the “Group”) hold and process personal data about members of the Group and beneficiaries in order to run the Group. In doing so, we comply with relevant data protection legislation.
What do we do with your data
As a data controller, Fidra collects and processes your personal data for the purposes of complying with our legal duties to administer the Group and for other legitimate purposes relating to the operation of the Group. This means that we will generally rely upon the “legal obligations” and “legitimate interests” grounds provided in the applicable law as the legal bases for processing your personal data. Occasionally, we might also seek your consent for processing some of your personal data, for example, your sensitive data.
Whilst much of the data we hold has been provided by members themselves, we also hold and process data provided by the employers which participate in the Group, other schemes from which members have transferred, HMRC, the Department for Work and Pensions (DWP), regulatory bodies and by tracing organisations. We also receive information from members about their proposed beneficiaries, who may be eligible to receive benefits on the member’s death. We assume that you have the consent of those individuals to provide us with this information and that you will share this privacy notice with them. We will not provide a copy of this notice to those individuals, as to do so is likely to seriously impair our ability to properly pay the benefits due under the Group. The personal data we hold about you is used to calculate and pay the benefits you (or your beneficiaries) are entitled to, and this includes your name, address, salary, years of service with the scheme, date of birth, NI number and contact details.
We also hold some special categories or “sensitive” data about individuals for the purposes of administering the Group (for example in relation to ill-health or death benefits). We will in most circumstances process this data in the performance of our legal obligations in connection with employment, social security and social protection (as allowed by legislation). We may also, typically when considering claims, process any sensitive data for the purposes of establishing, exercising or defending legal claims. If there are any occasions where we seek your explicit consent to process sensitive data then you can withdraw such consent at any time.
Who else processes your data
We share your data with third parties to obtain pre-employment references from other employers, obtain employment background checks from third-party providers where required, we may obtain necessary criminal record checks from the Disclosure and Barring Service, or report suspected offences to the appropriate authorities where required. The organisation may also share your data with third parties for the purposes of enforcing its legal rights.
We may share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
We also share your data with third parties that process data on our behalf in connection with payroll, the provision of benefits, provision of the HR Information System and the provision of occupational health services.
Your data may be transferred to countries outside the UK to Ireland which is the current location of the data centre of our HR Information System Provider, Bamboo HR. Data is transferred outside the UK on the basis that the data is strictly controlled as part of our contractual arrangements with the provider.
Storage of your personal data
We take the security of your data seriously. Fidra has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. The organisation has appropriate systems in place that limits access of personal data to managers for their direct reports and human resources.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Your rights
You have the right to access your personal data and require that we rectify any errors in the data that we hold, or request that we erase your personal data. In some circumstances, you can also require that we restrict the way we process your personal data, object to its processing or request a copy of your personal data for the purposes of transmitting the data to another organisation, or to you. Where we have requested and obtained your consent to process particular information, you may withdraw that consent at any time. However, if we do not hold all the data that we require to administer your benefits, we may not be able to pay out the benefits you are entitled to.
To exercise your rights in relation to the personal data we hold about you, please contact us using the details below.
Contact details
If you would like to exercise any of these rights, please contact info@fidraenergy.com.
What if you have a complaint
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.