Privacy Policy
Last updated: October 2025
1. Introduction
This Privacy Policy explains how PKL Pensions Ltd (“we”, “our”, “us”) collects, uses, stores, and protects personal information obtained through our independent pensions platform, website, and related services.
We are committed to safeguarding your privacy and ensuring that all personal data is handled securely and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using our website or services, you agree to this Privacy Policy.
2. Who We Are
PKL Pensions Ltd operates an independent platform that connects workers and employers to approved UK workplace pension providers.
We are not a pension provider or financial adviser. Our role is to facilitate secure, compliant data exchange between workers, employers, and authorised pension schemes.
Registered office:
International House, 12 Constance Street, London E16 2DQ
Telephone: 0208 064 3117
Email: info@pkl-pensions.com
Website: https://www.pkl-pensions.com
PKL Pensions Ltd is registered with the Information Commissioner’s Office (ICO) as a data controller.
ICO Registration Number: [to be inserted once issued]
3. Information We Collect
We may collect and process the following types of information:
a) Personal information (workers and employers)
- Full name
- Contact details (email, phone number, postal address)
- Employment details (employer name, job title, payroll reference)
- Pension provider selection and scheme details
- Identification data used for verification
- Communications and correspondence records
b) Technical information
- IP address and browser type
- Device identifiers and operating system
- Basic website usage data collected via cookies (see Cookie Policy)
c) Employer account data
- Organisation name and contact information
- Payroll or HR system identifiers (where relevant)
- Compliance and audit records linked to data transfer logs
4. How We Use Your Information
We use your data only for legitimate business purposes, including:
- Facilitating secure pension provider connections between workers and employers
- Maintaining compliance with auto-enrolment regulations
- Creating and managing user accounts
- Providing technical and customer support
- Communicating about system updates and security
- Meeting legal, regulatory, or contractual obligations
- Conducting internal audits and data-integrity checks
We do not use your information for marketing, profiling, or automated decision-making.
5. Lawful Bases for Processing
| Purpose | Lawful Basis |
|---|---|
| Delivering services to workers and employers | Contractual necessity |
| Communicating about user accounts | Legitimate interests |
| Meeting statutory or regulatory requirements | Legal obligation |
| Securing and protecting data | Legitimate interests / Legal obligation |
| Responding to rights requests | Legal obligation |
Consent is sought only for optional communications or cookie tracking.
6. How We Share Your Data
We share limited information only where necessary to deliver our services:
- With authorised UK pension providers chosen by the worker
- With the worker’s employer or payroll provider to process contributions
- With trusted data processors supplying secure IT or hosting support
- With regulators or authorities where required by law
All transfers are encrypted, restricted, and covered by data-processing agreements.
We never sell or share data for marketing.
7. International Data Transfers
All data is stored and processed within the United Kingdom.
If exceptional transfers occur (e.g. cloud redundancy), they will only go to destinations offering adequate protection as defined by UK GDPR.
8. Data Retention
Data is retained only as long as necessary:
- Worker and employer records — up to 6 years after service end
- Compliance and audit logs — up to 7 years
- General enquiries — up to 12 months after resolution
When no longer required, data is securely deleted or anonymised.
9. Your Data Rights
Under UK GDPR you have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request erasure (“right to be forgotten”)
- Restrict or object to processing
- Data portability (where applicable)
- Complain to the Information Commissioner’s Office (ICO)
Contact us at info@pkl-pensions.com to exercise these rights.
We will respond within one month.
10. Data Security
We employ robust safeguards:
- Encryption in transit and at rest
- Role-based access controls
- UK-based secure servers
- Regular security audits and penetration testing
- Staff training on data protection and confidentiality
In the unlikely event of a data breach, affected users will be notified in accordance with UK GDPR.
11. Cookies
Our website uses cookies to operate effectively and to understand basic usage patterns.
For full details, please see our Cookie Policy.
12. Links to Other Websites
Our website may link to external pension providers and third-party resources.
We are not responsible for their content or privacy practices and recommend reading their privacy notices before submitting personal data.
13. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in law or practice.
The latest version will always display the “Last updated” date above.
14. Contact Us
Data Protection Officer
PKL Pensions Ltd
International House, 12 Constance Street, London E16 2DQ
Telephone: 0208 064 3117
Email: info@pkl-pensions.com
Website: https://www.pkl-pensions.com
If you are not satisfied with our response, you may contact the Information Commissioner’s Office via www.ico.org.uk.
