DP Pensions Ltd


Protecting and respecting your privacy is very important to us and we want you to be confident that your information is in safe hands. Looking after the personal information that we collect about our clients and their dependants/beneficiaries is something we take very seriously. Our Privacy Notice lets you know;

  • who controls the personal information collected and how it is used
  • the lawful basis in order to process the data
  • what personal data is
  • how and why we need to collect and store it
  • when and why we share it with other organisations
  • how long we keep it for
  • your rights
  • how to contact us

Who controls the personal information collected and how it is used?

DP Pensions Ltd is the Data Controller for our SIPP clients and D A Phillips & Co Ltd is the Data Controller for our SSAS clients. Any reference to “we” or “us” are to DP Pensions Ltd or D A Phillips & Co Ltd as appropriate. Full details of the companies in our group can be found in our Legal page.

We will process – that means collect, store and use – the information you provide in a manner that is compatible with the EU’s General Data Protection Regulation (GDPR). The personal data we collect from you will be used for the following purposes:

  • The set up and day to day administration of your pension scheme
  • Complying with our legal, regulatory and statutory obligations
  • Sharing your personal data and scheme information with your financial adviser (if you have one)

What is the lawful basis in order to process the data?

We are required to establish the lawful basis we are relying on in order to process your data. The lawful basis we will be relying on is “performance of a contract”.  This lawful basis enables us to fulfil our contractual obligations of setting up and administering your pension scheme.

What is Personal Data?

Under the EU’s General Data Protection Regulation, Personal Data is defined as

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Special Categories of Personal Data

Certain data is classified under the Regulation as ”special categories” including Health Data.

Consent is required for us to process this type of personal data but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.

Why do we need to collect and store personal data?

In order for us to provide you with services, we need to collect personal data for correspondence purposes and/or detailed service provision. Depending on the circumstances, the personal information we gather about you may include:

  • your name
  • address
  • date of birth
  • national insurance number
  • gender
  • nationality
  • marital status
  • spouse’s name
  • spouse’s date of birth
  • occupation
  • email address
  • phone numbers
  • financial information
  • medical information and health status
  • identity details, e.g. driving license or passport information
  • ceding pension scheme information
  • bank details to pay you your pension

This is not an exhaustive list but includes the main data items. Please contact us should you require a full list.

Personal information is collected through our application forms and ongoing correspondence to enable us to verify your identity and allow your pension scheme to be set up. We will also use your personal information to provide ongoing day to day administration of your pension scheme, such as, to process contributions to your plan, pay you your pension benefits and issue annual statements.

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.

Sharing your personal information

We are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. We may pass your personal data on to the following providers in the course of dealing with you:

  • Banks and other investment managers that you to invest your pension scheme funds.
  • Compliance Support
  • HM Revenue & Customs
  • Financial Conduct Authority and other regulators and authorities
  • Other companies within our group
  • Your financial adviser (if you have one)
  • IT services
  • Anti-money laundering service provider
  • Fraud prevention and enforcement agencies

These organisations are obliged to keep your details securely, and use them only to fulfil the service requested. Once your service need has been satisfied or the case has been closed, they will dispose of the details in line with our firm’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do so.

Retention of personal information

We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances, the law sets the length of time information has to be kept, but in most cases, we will use our discretion to ensure that we do not keep records outside of our normal business requirements.

We will normally retain your data for a minimum of 7 years after the cessation of your contract, or longer where the continued holding of it can be legally justified. The length of time that we hold such data will vary depending on the type of data and the reason it was collected. Once your data is no longer needed, it will be securely destroyed.

Your rights

In summary, the General Data Protection Regulation (GDPR) provides the following rights for individuals:

  • You have the right to be informed about the collection and use of your personal data. The details are contained in this Privacy Notice.
  • You have the right to access your personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing. You may make a request to access the information that we hold about you that personally identifies you and can request that it be sent in a structured, commonly used and machine readable format.
  • The right to data portability also allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
  • You also have the right to have your personal data rectified. Personal data can be rectified if it is inaccurate or incomplete.
  • Depending on the circumstances, you may also have the right to “block” or suppress the processing of your personal data, this includes if you believe the data that we hold is not accurate.
  • In certain circumstances you can also request the erasure of personal information we hold about you. Please see the Contact Us section below for details.


We are committed to ensuring your information is protected and held securely. However, the internet is not a secure medium and we can’t accept responsibility for the security of an email during transmission or for non-delivery of that email. We have taken appropriate steps to protect personal information in electronic transfer, e.g. emails. As such please be advised that email attachments are encrypted.


We may wish to contact you in the future regarding products and services that we think may be of interest to you. If we do, we will obtain your consent first before we contact you with any marketing material.

Contact us

If you are concerned about our information rights practices you have the right to raise your concerns with us. You are able to complain about:

  • How your personal data has been processed
  • How your request for access to data has been handled
  • How your complaint has been handled
  • Appeal against any decision made following a complaint about our information rights practices

Upon receiving a complaint we will;

  • Clarify how we have processed your personal data
  • Explain how we have put right anything that has gone wrong

Any complaints regarding your personal data or our information rights practices should be addressed to:

The Compliance Department
DP Pensions Ltd/DP Administration Limited
Bridewell House
Bridewell Lane
TN30 6FA

Telephone: 01580 762 555
Email: enquiries@dapco.co.uk

If you are unhappy with how we have dealt with your complaint you can contact the Information Commissioners Office (ICO) on telephone 0303 123 1113 or www.ico.org.uk