Privacy Notice
Privacy Notice
Trafalgar House Pensions Administration Limited (referred to in this Notice as Trafalgar House, we, us or our) is committed to protecting your privacy and handling your personal data transparently and securely.
This Privacy Notice explains how we collect, use, store and share personal data when we act as a data controller. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (together, the Data Protection Legislation).
Important: pension scheme administration
In many cases, Trafalgar House provides pension administration and related services to trustees and employers. In those circumstances, we typically act as a data processor on behalf of the relevant trustee and / or employer, who will be the data controller. Your pension scheme’s trustee and / or employer will provide their own privacy notice covering that processing.
1. Who we are (Data Controller details)
Controller: Trafalgar House Pensions Administration Limited
Company number: 11101662
Registered address: Ascent 4, 2 Gladiator Way, Farnborough Aerospace Centre, Farnborough, England, GU14 6XN
2. How this Notice applies and who it covers
This Notice applies where Trafalgar House is the data controller of personal data, for example where we process personal data in connection with:
- our website and online services (including enquiries submitted via web forms);
- marketing and communications (where permitted);
- business relationship management (including client and supplier contacts);
- surveys, benchmarking, modelling, analytics, and related professional services;
- corporate governance, regulatory compliance and assurance activities; and
- business change activity, such as due diligence connected with mergers, acquisitions, or restructures.
Where we act as a data processor (for example in pension scheme administration), this Notice does not apply to that processing. Instead, please refer to the relevant trustee or employer privacy notice.
3. Key definitions
Personal data means any information that relates to an identified or identifiable individual. This includes direct identifiers (such as name and contact details) and indirect identifiers (such as online identifiers or IP addresses).
Special category personal data includes information about health, biometric data, religious beliefs, and similar categories which receive extra legal protection.
4. What personal data we collect
We may collect and process the following categories of personal data when we act as controller.
4.1 Categories of personal data
| Category | Examples |
|---|---|
| Identity and contact data | name, job title, employer/organisation, business contact details (email, telephone, address). |
| Communications data | records of correspondence with us (including emails, letters, and notes of calls). |
| Professional and relationship data | information about your role, your organisation’s needs, and interactions with us. |
| Marketing and preferences data | marketing preferences, subscription details, event attendance preferences. |
| Website and technical data | device and browser information, IP address, approximate location derived from IP, page interactions, referral sources, and similar data. |
4.2 Sources of personal data
We may collect personal data from:
- you directly (for example when you contact us);
- your employer or organisation (where appropriate);
- publicly available sources (for example professional directories or corporate websites); and
- our service providers (such as website analytics and communications tools), where permitted by law.
4.3 If you provide information about someone else
If you provide personal data about another person (for example a colleague), you should ensure you are authorised to do so and that they are aware of this Notice where appropriate.
4.4 Children’s data
Our services and website are not directed at children and we do not intentionally collect personal data relating to children.
4.5 Special category data
As a controller, we do not normally collect special category personal data. If, in limited circumstances, we need to process such data, we will only do so where a lawful condition under the Data Protection Legislation applies.
5. How we use your personal data (purposes and lawful bases)
We will only use your personal data where the law allows us to. The lawful bases we rely on may include:
- Legitimate interests (for example to operate, improve and secure our business, to communicate with clients, and to develop our services);
- Contract (where processing is necessary for a contract with you or your organisation, or to take steps at your request before entering into a contract);
- Legal obligation (where we must comply with legal or regulatory requirements); and
- Consent (for example for some direct marketing, where required).
5.1 Purposes and lawful bases
| Purpose | Examples | Lawful basis |
|---|---|---|
| Responding to enquiries and providing information | handling inbound requests, providing service information, arranging meetings. | legitimate interests; contract (pre-contract steps). |
| Delivering professional services (controller activities) | workforce analytics, remuneration surveys and guides, benchmarking, modelling and data analytics. | legitimate interests. |
| Relationship management | managing client and supplier relationships, account administration. | legitimate interests; contract. |
| Marketing communications | sending updates and offers (where you have opted in or where otherwise permitted). | consent and/or legitimate interests (as applicable). |
| Regulatory, legal and compliance | prevention and detection of crime, anti-fraud checks, liaison with regulators. | legal obligation; legitimate interests. |
| Business improvement and security | improving our website, service monitoring, maintaining security. | legitimate interests; legal obligation (where applicable). |
| Corporate transactions | due diligence, restructuring, sale or acquisition activity. | legitimate interests; legal obligation. |
5.2 Compatible use
We will only use your personal data for the purposes it was collected for, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose.
5.3 Automated decision-making
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
6. Marketing
Where we send marketing communications, we will do so in line with applicable UK law (including the Privacy and Electronic Communications Regulations). You can opt out of marketing at any time by using the unsubscribe link in any marketing email or by contacting us using the details in Section 13.
7. Who we share your personal data with
We do not sell your personal data. We may share your personal data with the following categories of recipients where necessary for the purposes described in this Notice:
- service providers who support our operations (for example IT, hosting, communications and analytics providers);
- professional advisers such as lawyers, auditors, and consultants;
- regulators, law enforcement, and public authorities where required by law or where reasonably necessary for compliance, fraud prevention, or the protection of rights; and
- third parties in connection with a business change such as purchasers, sellers, and their advisers, subject to appropriate safeguards.
Where a recipient acts as our processor, we require them to protect your data and only use it in accordance with our instructions. Where a recipient acts as an independent controller, they will be responsible for their own compliance and should provide their own privacy information.
8. International transfers
We primarily store and process personal data in the UK and the European Economic Area (EEA). If we transfer personal data outside the UK or EEA, we will ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement and/or the UK Addendum to the EU Standard Contractual Clauses, an adequacy decision, or another lawful transfer mechanism.
9. How we keep your personal data safe
We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. Examples include access controls, security monitoring, staff training, supplier due diligence, and incident management procedures.
Please note that transmission of information over the internet is not completely secure. Where you submit information to us online, you do so at your own risk.
10. How long we keep your personal data
We keep personal data only for as long as necessary for the purposes described in this Notice, including to meet legal, regulatory, accounting, reporting, and operational requirements.
Where personal data is no longer required, we take steps to securely delete or anonymise it in accordance with our retention policies and procedures.
You can request more information about our retention approach by contacting us using the details in Section 13.
11. Your rights
You have rights under the Data Protection Legislation. These rights apply in certain circumstances and may be subject to legal exemptions.
- right to be informed
- right of access
- right to rectification
- right to erasure
- right to restrict processing
- right to object
- right to data portability
- right to withdraw consent
- rights relating to automated decision-making (we do not use your data in this way)
11.1 How to exercise your rights
To exercise your rights, please contact us using the details in Section 13. We may need to verify your identity before responding.
We aim to respond to your request without undue delay and, in any event, within one month of receipt.
Where requests are complex or we receive a number of requests, we may extend this period by up to a further two months. In such cases, we will inform you of the extension and the reasons for it within the initial one-month period.
If a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request, as permitted by law.
12. Complaints
If you have concerns about how we use your personal data, please contact us first so we can try to resolve the issue.
You also have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk/
13. Contact us
For questions about this Notice, your personal data, or to make a data rights request, please contact:
For the attention of the Data Privacy Manager
Email: compliance@thpa.co.uk
Post: Trafalgar House Pensions Administration Limited, Ascent 4, 2 Gladiator Way, Farnborough, GU14 6XN
14. Cookies and similar technologies
We use cookies and similar technologies on our website. For details of the cookies we use, why we use them, and how you can control them, please read our separate Cookie Policy:
https://trafalgarhouse.co.uk/cookies/
15. Changes to this Notice
We may update this Privacy Notice from time to time to reflect changes in law, our services, or how we process personal data. The current version will always be available on our website.
Last updated: 28 May 2026