On this page
- Terms and conditions
- Linking policy
- Hardware and software compatibility
- Virus protection
- Registering for our online services
- Variation to terms and conditions
- Contact between you and the regulator
- Data Protection Act 1998 and privacy
- Intellectual property
- Privacy notice
- Personal data
- Compliance with the Data Protection Act
- Your rights
- How to make a complaint
- Privacy notice review
- Social media policies
Terms and conditions
The Pensions Regulator (the regulator), is the manager of the website, and may make changes to the content of the website at any time without notice.
By accessing the regulator’s online services you agree to be bound by our terms and conditions, which apply to the services we provide and our websites.
Our policy on linking to and from this website.
Linking to this site
We welcome and encourage other websites to link to the information that is hosted on these pages, and you don’t have to ask permission to link to our website. However, you should not suggest that your website is or contents are associated with, or endorsed by, The Pensions Regulator.
Linking from this site
We link to other Government departments and representative bodies but not individual companies. Where our website contains links to other websites and resources provided by third parties, these links are provided for your information only. We make no warranty of any kind with respect to those websites or content thereof or the completeness or accuracy of those websites. Visitors should take specific advice from a qualified professional, where necessary. Descriptions of, or references or links to other websites within our website are not, and do not imply, an endorsement of those websites or their contents. We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss, disruption or damage that may arise from your use of them.
Hardware and software compatibility
We do not guarantee that this website will be compatible with all or any hardware and software which you may use or that this website will be available all the time or at any specific time.
We make every effort to check and test material at all stages of production. It is always wise for you to run an anti-virus program on all material downloaded from the internet.
Registering for our online services
To register for our online services you must provide us with a working email address and a password. You agree to keep your password secret and safe.
However, if you are using an email address that can be accessed by multiple users, those who have access to that email address and password are jointly responsible for keeping the sign up details secure.
The services are:
- Exchange: a service which allows you to view information online (scheme information and Levy invoices), to send information electronically (scheme returns and corrections to scheme information), to tell us about any material payment failures for defined contribution schemes (maintaining contributions) and to receive information electronically from the regulator (issuance of Levy invoices to designated contacts and the scheme return notice).
- The Trustee toolkit: a service providing online learning for trustees and others to increase their knowledge and understanding of trustee responsibility.
- News-by-email: a subscription service allowing you to keep up-to-date with the regulator’s developments.
- Automatic enrolment declaration of compliance (registration): a service allowing employers to complete the required declaration with the regulator when they have automatically enrolled certain workers into a pension scheme.
When you sign up for Exchange you agree to provide your name, postal address, email address and telephone number. You also agree to submit a number of security questions with answers.
You may change any of your user sign up details. You may also request to be removed as a user.
To login, you will use the email address and password you supplied to verify your identity and to authenticate the scheme information you send. Once you have signed up, you will be provided with a key, which will allow you to access your scheme information via the Exchange system. You agree to keep your key safe and secret. If you give your key to another you are authorising that person to access and use the services on your behalf.
The Trustee toolkit registration
When you sign up for the Trustee toolkit, you will be asked to provide information which includes your name, the type of trustee you are (if you are a trustee), the type of scheme of which you are a trustee and an email address.
This information allows us to provide you with a development record and will inform you of any future releases of the e-learning programme and encourage you to complete the learning programme.
Automatic enrolment declaration of compliance (registration)
When you sign up for automatic enrolment declaration you will be asked to provide information which includes your name, contact details, your code as provided to you by the regulator and details relating to your company.
For more information about what you'll need to provide go to automatic enrolment declaration of compliance (registration).
To receive news-by-email you are asked to provide information which includes your name, email address and your role (where linked to the pension industry).
Variation to terms and conditions
By accepting these terms and conditions you agree that we may:
- Use the services for any part of our dealings with you in relation to any of the services you are signed up for.
- Change, withdraw or add to the services and the website (or their features) or change the way in which you may access the services, all without notice.
- Revise these terms and conditions from time to time as we develop the service. You will be notified of any changes via the email address provided on sign up or via a notification on our website. The changes will apply to the use of our website and services after we have given notice.
If you do not wish to accept the new terms and conditions you should not continue to use the services. If you continue to use the services after the date on which the change comes into effect, your use of the services indicates your agreement to be bound by the new terms and conditions.
You can view our terms and conditions at any time by selecting the 'terms and conditions' link on our website.
Contact between you and the regulator
We will normally use your email address to communicate with you. Alternatively we may contact you using your postal address and telephone number.
Please note that sending information by email is not secure and is done so at your own risk.
Data Protection Act 1998 and privacy
The Pensions Regulator is a data controller under the Data Protection Act 1998. We will hold and process your personal information and any personal information of third parties supplied in accordance with this Act.
Where personal data of third parties is provided by you, we assume that you have obtained the required authority to supply this information unless you tell us otherwise. We will hold and process your personal information and any personal information of third parties supplied in accordance with this Act.
We may use your personal information and any personal information of third parties supplied in connection with any of our statutory functions, including but not limited to, the purpose of internal record keeping, to provide any of our services for which you have registered and to contact you.
We will not transfer, disclose, sell, distribute or lease the information that you have provided to third parties unless we have your permission except where permitted to do so for the purpose of exercising our regulatory functions or where we are permitted or required by law to assist other bodies to exercise their statutory functions. Further information on how your information is used, kept secure and your access rights please see our privacy notice.
EIOPA public register
The Pensions Regulator is required under EU law to provide the following information to the European Insurance and Occupational Pensions Authority (EIOPA) which will then be published on their register: the name, address, cross-border status, and host country or countries of the pension schemes in the regulator’s register. The EIOPA public register of European occupational pension schemes is updated annually and available to view on the EIOPA website.
The Trustee Toolkit
The Trustee toolkit is hosted on our behalf by a third party. The third party has been carefully selected by the regulator, and is contractually bound to handle your information in the same manner as the regulator.
We use 'cookies' which are pieces of data created and stored on your hard drive when you use our online services.
The services and website and all the materials contained in it are protected by intellectual property rights, including copyright, and either belong to the regulator or are licensed to it to use. Materials include, but are not limited to, the design, layout, look, appearance, graphics and documents on the website, as well as other content.
We have made the services and website available to you for your own personal non-commercial use. We may modify, withdraw or deny access to this website at any time.
Any use of materials on this website including but not limited to reproduction for any purpose and modification, distribution or republication should acknowledge the regulator as the source and will be subject to intellectual property rights that attach to such materials.
The Trustee toolkit – the information provided in modules, tutorials and other learning resources on this website are provided solely as an educational tool.
Whilst every effort is made by the regulator (and its authorised subcontractors) to keep secure information submitted to you, you accept the risk that data transmitted electronically via this website or otherwise may be intercepted before reaching its intended destination or accessed by unauthorised third parties and may be exploited unlawfully by such parties.
We are not liable for any harm, loss or damage, howsoever caused, occasioned to you from using these services.
Our privacy notice explains how we look after your personal data.
We gather personal data in a number of ways including:
- functions of the regulator
- pension trustees
- visitors to our website
- staff administration.
If you’ve asked us something we’ll hold your personal data so we can give you the best possible service. We don’t need to collect a lot of information but we do need to know who you are, what you’ve asked and how we can reply to you.
Your personal data and any that you’ve given us about others will be treated in confidence. Sometimes we’ll need to share your personal data with internal and external colleagues so that we can answer your questions. We’ll minimise who we need to share it with, and only share personal details on condition that they treat it in accordance with the Data Protection Act and delete it as soon as possible.
We compile statistics about the number and / or type of enquiries we receive, but these won’t ever reveal personal data.
Functions of the regulator
Our objectives are to protect the benefits of members of work-based pension schemes; reduce the risk of compensation payments from the Pension Protection Fund; promote and improve the understanding of good administration of pension schemes and to maximise employer compliance with automatic enrolment duties.
When things go wrong, we’ll investigate. We’ll gather information, which may include personal data about persons who might be involved. When we collect personal data in this way we’re limited in how we can use it for purposes outside our statutory functions.
If you’re a trustee and complete scheme return details we’ll hold your information so we can contact you if any queries arise. A European directive requires certain scheme information to be published centrally on a European register.
Although not applicable to all, those completing scheme returns should consider the level of personal data being made available as the regulator cannot impose limitations upon its usage.
If you’ve completed or are completing the Trustee toolkit, then we’ll hold some of your personal data. If you forget your login details or its necessary to verify your status we’ll need to match the query to the right person.
As a trustee we’ve got to keep you up to date and we’ll send you information by newsletter (e-mail or post).
Visitors to our website
When you visit our website a cookie identifies and tracks your visit whilst collecting statistical information. Cookies tell us the pages that have been visited and collect information about how many times certain pages have been visited.
The cookie has no way of identifying you, it doesn’t hold any of your personal data nor can it be used retrospectively to track you.
When you view pages on our website and select an option of ‘remember me’, a cookie will be placed on your computer which will remember your computer’s details. The cookie does not seek to identify you as an individual, just the computer used in order to make using the website easier for you next time.
Cookies help us to assess the effectiveness of our website and can provide useful information following publications. For more information about the cookies that we use go to cookies.
If you’ve ‘signed up’ to receive any of the regulator’s news services we’ll only hold the information that we need to deliver the service. Emails you’ll receive give you the option to stop receiving these emails and we will remove your personal data from our list and delete it.
If you currently work / have worked for the regulator, we’ll hold your personal data in line with employment law. We’ll only hold what we need depending on the status of your employment and won’t keep it for any longer than we do need it.
Information is the regulator’s greatest asset, without it we can’t function. We’ve put processes in place to protect information, to maintain our reputation. The regulator holds ISO 27001 accreditation and complies with our responsibilities to protect personal data under the Data Protection Act 1998.
Sometimes we’ll need to share information. We might share personal data with other agencies, but only to the extent that it’s fair and lawful to do so. If we do, we’ll advise them how to handle your personal data.
The regulator is a partner in a number of agreements to share and receive personal data. This helps us to carry out our statutory functions and helps other agencies to carry out theirs.
We often publish information of regulatory action(s) we have taken. Any publication will be in accordance with the Data Protection Act 1998.
Compliance with the Data Protection Act
We comply with the principles of the Data Protection Act 1998 by taking all reasonable steps to ensure that:
- Personal data is only used when it is fair and lawful to do so.
- Personal data, obtained for a specific, lawful reason is not subsequently processed for a further incompatible purpose.
- Only necessary personal data will be gathered.
- Personal data held will be accurate and kept up-to-date.
- Personal data will not be held longer than is necessary.
- Individuals can access information about themselves in accordance with their rights under the Data Protection Act 1998.
- Personal data will be held safely and securely.
- Personal data will be only be transferred outside of the European Economic Area if the proper protections are put in place.
If we hold your personal data then you have rights in relation to what we do with it:
You can ask for a copy of the data we hold about you by making a ‘subject access request’. If you wish to make such a request please write to us:
The Data Protection Officer
The Pensions Regulator
If you’re not happy that the data we hold about you is accurate, you can ask us to correct any changes.
If our usage of your personal data would cause substantial damage or distress to you, you can ask us to stop.
Requests should be sent to the address above.
How to make a complaint
If you’re not happy with how we handle your personal data please tell us, for more information about our complaint process go to how to make a complaint.
Privacy notice review
Social media policies
The @TPRgovuk Twitter account is managed by the digital marketing team, on behalf of colleagues across The Pensions Regulator. The information we provide is for guidance only and should not be taken as a definitive interpretation of the law.
We may use some automation (such as tools that generate tweets from RSS feeds). If you follow us, you can expect between two to five tweets a week covering the following:
- Alerts about new content on our website (including updates to codes and guidance)
- Information on key speaker engagements
- Attendance of events
- RSS feeds of:
- press releases
- blog postings on preparing for automatic enrolment.
Due to resources, we infrequently review our follower list. We may automatically follow back accounts that aren’t spam. Being followed back does not imply endorsement of any kind.
We will update and monitor our Twitter account during office hours, Monday to Friday. Twitter may occasionally be unavailable and The Pensions Regulator accepts no responsibility for lack of service due to Twitter downtime.
@Replies and direct messages
We welcome feedback and ideas from all our followers however we are not able to reply individually to the messages we receive via Twitter.
The digital media team reads all @replies and direct messages and ensures that any emerging themes or helpful suggestions are passed to the relevant teams within The Pensions Regulator.
We cannot engage in issues that are outside the regulator's statutory remit or respond to questions which it would be inappropriate for the regulator as a public authority to provide an answer.
The usual ways of contacting The Pensions Regulator for official correspondence and those enquiries requiring a response are detailed in the contact us section of our website.
We have created our google+ pages for you to share and discuss topics relating to the regulation of work-based pension schemes in the UK.
We encourage discussion between our followers and circles however we may not be able to engage in direct responses via google+.
Discussions are monitored by our google+ page managers and they may direct a query through existing communication channels where appropriate.
We do not encourage or endorse any commercial endorsements or third party promotions that appear on our google+ pages.
Our google+ terms of membership
If you choose to connect to our google+ pages we ask that you adhere to the terms listed below:
- be respectful of other users of the page
- stay on topic and do not post content that is unrelated to the purpose of this page
- do not use language that is offensive, inflammatory or provocative
- do not post material if you know or suspect that doing so may breach the law
- do not post personal information – addresses, phone numbers, email addresses or other online contact details – relating either to you or other individuals
- do not register more than one user account per person
- do not impersonate or falsely claim to represent a person or an organisation
- do not attempt to log on using another person’s account
- please provide truthful and accurate submissions (do not provide submissions where you are not sure of their truthfulness or factual accuracy)
- do not make any commercial endorsement or promotion of any product, service or publication.
Failure to adhere will result in your postings being removed and could result in your connections being blocked.
See related content
How we're making our web content more accessible for people with disabilities, and user friendly for everyone.