Privacy Policy

Handshake with Clients

Privacy Policy

Quattro Pensions was acquired by the Broadstone group in April 2021 and is now known as Broadstone Pensions Limited. You may see both names and logos used interchangeably throughout the website; this is just for cosmetic purposes, legally they are the same entity (Company Number: 06321397). Throughout the rest of this policy, it will be referred to as Broadstone Pensions Limited.

This Privacy Policy explains how Broadstone Pensions handle and share your data to ensure that your privacy is protected at all times and that compliance with all relevant data protection legislation is achieved.

Who controls your data?

The ultimate data controllers in relation to your scheme are the Trustees. The Scheme Actuary, the Scheme Auditor and the Scheme’s legal advisors are also data controllers in relation to the Scheme. The scheme administrator is generally considered as a data processor in relation to the services provided to the trustees for a pension scheme. Broadstone Pensions may act as a scheme administrator and individuals employed by Broadstone Pensions may act as a Scheme Actuary. You will have been provided with a personalised privacy notice in relation to your Scheme which sets out who provides these services.

The Trustees and all Scheme service providers are committed to protecting and respecting your privacy at all times. Broadstone Pensions will never share your data for marketing purposes and will only share data where it is required to provide the services necessary for running the Scheme and to meet our obligations and those of the Trustees and sponsoring employer of the scheme.

Why do we need to hold your data?

We hold this information so we can administer the Scheme. We use your personal information to enable us to carry out benefit calculations and valuations, assess entitlements to benefits, make payment of benefits and send you correspondence or information in relation to your pension. Without holding your data, we would be unable to calculate or pay your benefits or assess any potential entitlement in relation to your benefits or benefits that may become payable to your dependants.

What data do we collect?

We may collect and process personal information about you including (but not limited to):

  • Personal details to contact or identify you, such as your name, gender, date of birth, national insurance number, address, telephone numbers and email addresses.
  • Employment information, such as service dates and salary information.
  • Personal circumstances, such as marital status and information about dependants, health information, pension sharing or earmarking arrangements, power of attorney details and details of any nominated representative you may instruct to deal with us on your behalf.
  • Other financial information such as income tax information, bank account details, earnings details and protections relating to your pension.

Do we hold any special category data?

There are certain occasions when we may request special category data in order to make decisions on your entitlement such as when requesting early retirement due to ill health. Examples of special category data may include information that could reveal your ethnic or racial origin, religious or political beliefs, sexual orientation or information relating to your health.

When we request this type of data we will obtain your consent to enable us to process this information. Where we have asked for your consent, you may withdraw your consent at any time. However, once a decision has been made we will need to keep evidence of the decision and the decision making process.

On what basis do we process this information?

Legitimate Interests - Your data is processed on the basis of the legitimate interests of both the Trustees and parties acting for the Trustees, such as the scheme administrator in order to properly act on behalf of the scheme and enable us to carry out the above-mentioned services in the running of your pension scheme.

Legal Obligation – Your data is processed because it is necessary for compliance with a legal duty or obligation. This will also apply to other data controllers such as the Scheme Actuary, the Scheme Auditor and the Scheme’s legal adviser.

Contractual – If we have a contract with you, we will be processing your data in order to perform the requirements of that contract.

Where we process or share special category data this will be on the basis of consent which we will obtain when we request the information. Where special category data is retained by us following the provision of a decision, we will do so on the basis that the processing is necessary for the establishment, exercise, or defence of a legal claim.

No automated profiling is carried out by the Trustees or the service providers engaged by the Trustees of the scheme.

Where did the data come from?

The data held originates from either the Sponsoring Employer of the Scheme, or information you have provided to the Trustees either directly or via one of the Trustees’ service providers such as the administrators. Some information may come from other third parties such as HMRC, your bank or the Trustees’ bank. We may occasionally obtain your data through the use of a tracing service if, for example, we become aware that your address information is out of date.

Sharing your data

In order to run the Scheme efficiently, and to comply with legislation, the Trustees may rely on a number of third-party service providers. Therefore, the Trustees may share your data with one or more of the following:

  • Service providers such as the scheme administrator, the Scheme Actuary, the Scheme Auditor, the Scheme’s legal advisers and the Trustees’ bank
  • Insurance Companies
  • Investment managers and Additional Voluntary Contributions (AVC) providers
  • Government bodies such as HMRC, the Department for Work and Pensions and relevant regulatory bodies
  • Your bank or building society, if you are receiving benefits
  • The Sponsoring Employer of the Scheme

Other third parties may include:

IT partners, tracing agencies, external printing companies etc.

Should any unforeseen obligations be placed upon the Trustees or one of their service providers, it may be necessary to share your data with a party not mentioned in this notice should there be a legal or regulatory requirement to do so.

Parties might include:

HMRC, the Police, National Crime Agency, the Department for Work and Pensions, regulatory bodies etc.

Reasons might include:

Calculation and recording information in relation to personal tax or to prevent or detect tax evasion, criminal or fraudulent activities.

When sharing data, only the minimum amount required for the legitimate purpose will be shared. Data will only be shared if it is necessary in order for the third party to carry out their function and wherever possible it will be sent in an anonymous format. Any third parties who we share your data with, other than government or regulatory bodies, will have been subject to appropriate assessment and relevant checks to ensure data is handled securely and in line with data protection laws.

Data is not currently shared with parties located outside the EU. Should this change in the future the Trustees and all parties involved will take appropriate steps to ensure your personal data is protected in accordance with applicable laws.

The current Trustees of the Scheme and other service providers are listed in the Scheme’s Report and Accounts. A copy is available on request from the contact shown below.

How long will we hold your data?

Your data will be retained for no longer than is required for the purposes set out in this notice and to comply with any relevant legislation. This will be for as long as is necessary for the Scheme to provide benefits to you or your dependants and also sufficient information to explain where any entitlement has moved to should it be moved away from the Scheme, or to explain when and how an entitlement has ceased, if this were the case.

It is expected that data will be held for a minimum of 12 years following the cessation of any scheme activity to comply with legal obligations, trust law, and/or the legitimate interests of the Trustees and their service providers.

How do we keep your data secure?

The Trustees and the Scheme’s service providers are committed to protecting your personal data. They take all reasonable steps to safeguard the confidentiality of personal data. The Trustees carry out appropriate assessment and any relevant checks on service providers to ensure adequate organisational and technical measures are in place to safeguard personal data.

Your rights in relation to your personal data

You have the following rights under the Data Protection Laws:

The right to be informed – We have provided this Privacy notice to give you details on the ways in which we use, share and store your data. The right of access – You can request information on the processing of your data and request access to the information we hold on you.

The right to rectification – If your personal data is incorrect or incomplete you can request that we change or update it.

The right to erasure – You can request the erasure of your data if there is no lawful reason as to why it should still need to be processed or stored.

The right to restrict processing – You can request that your data is no longer processed even though it may need to be stored to comply with a legitimate interest or legal obligation or contract if there is no lawful reason to continue actively processing your data.

The right to data portability – You are able to obtain your data to use for your own reasons or to use your data to engage different services.

The right to object – If you felt that we had no lawful reason for processing your data.

Rights in relation to automated decision making and profiling – We do not carry out automated decision making.

The right to complain to the Information Commissioner – If you believe we have not handled your personal data in accordance with Data Protection Laws.

The right to compensation via the UK tribunal service should you suffer any damages due to the contravention of Data Protection Laws.

If you wish to exercise any of these rights, please get in touch using the contact details below.

Should we be unable to comply with your request, we will write to you and explain why.

Following an assessment, we have decided that there is no requirement to appoint a Data Protection Officer (DPO). However, we felt it would be useful to appoint a data protection representative to deal with any questions or queries you may have.

Data Protection Representative contact details

Telephone: 01527 598 688
Post: Compliance
Broadstone Pensions Limited
Prospect House
Fishing Line Road
B97 6EW

Complaints or concerns

If you are not happy in any way with how we have processed or handled your personal information, please contact us using the details above.

You also have the right to complain about data protection matters to the Information Commissioner's Office (ICO).

The ICO is the UK's independent body set up to uphold information rights. You can find out more about the ICO from their website ( The ICO can also be contacted by calling 0303 123


Updates to our Privacy Policy

We may update or amend this Privacy Policy from time to time to comply with law, regulations or to meet changing business requirements. Printed copies are available on request.

This Privacy Policy was last updated in July 2021.