The Pensions Research Accountants Group (PRAG/we) collect and hold personal data about our members and other contacts for the purposes of our activities, in accordance with the UK Data Protection Act 2018. This Statement provides information on how we collect, use and process your personal data.
PRAG is a data controller of the personal data you provide to us. We only collect basic personal data about members and other contacts, including name and contact details (physical and email). Members provide and maintain the information held in respect of them and it is an individual’s decision whether to provide work or personal details. The database also includes information concerning role, employer organisation (if relevant) any areas of expertise/ special interest and the willingness to be a member of a working party. The information collected does not include any sensitive personal data or any other special types of information.
The Executive may from time to time decide to collect other information from members for the purposes of PRAG’s activities, but only with individual consent. The legal basis for holding and processing your personal data is your consent, where you have provided this, and otherwise our legitimate interest.
We need to know your basic personal data to provide you with news on PRAG activities, publications and events. We will only use the information held for the legitimate purposes of PRAG in the furtherance of its objectives as notified to the members.
The information PRAG holds is maintained on a database which is hosted by a third-party administrator and to which our appointed third-party secretariat has access. The third-party secretariat is a data processor. The engagement terms of any third-party agents or service providers include data protection clauses.
We will not process data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed or would otherwise reasonably expect this.
We have a Data Protection policy in place to govern the effective and secure processing of your personal data.
All the personal data we process is processed by our appointed secretariat in the UK. However, for the purposes of IT hosting and maintenance, this information may be located on servers within the European Economic Area (EEA). We may also make use of third-party providers with servers located outside the EEA (such as Eventbrite and PayPal). Any transfer or processing of data outside of the EEA will be protected by appropriate safeguards as required by law.
Access to personal data is restricted to the database administrator and the secretariat. In corresponding with individuals, emails are sent without disclosing recipients.
Any changes to a member’s contact details are only made by the member using the online functionality of the database. It is the responsibility of members to keep their own personal details up to date.
On occasion, contact details may be released to facilitate communication between individual members or other contacts, but not without the permission of the individuals concerned.
No third parties will have access to personal data unless the law allows.
PRAG will retain personal data for no longer than necessary. Member records will be maintained for no more than six years after the end of the last year of which an individual was a member of PRAG. If a member decides not to renew their membership and advises the Secretariat that their details should be removed, they will be deleted (unless a legal exemption applies).
You may request to see the information we hold about you to check its accuracy. If you wish to raise a complaint about how we have handled your personal data, you can contact our Secretariat who will investigate the matter.
If you are not satisfied with our response or believe we are not meeting legal requirements, you can complain to the Information Commissioner’s Office (ICO).
February 2020