Privacy Policy

MyCSP Website Privacy Notice

If MyCSP administers your pension please see the Privacy Notice on the PCSPS website:

https://www.civilservicepensionscheme.org.uk/privacy-policy/

As an employer and a service provider, MyCSP takes the privacy of your personal information very seriously and we only process personal information where we have a lawful basis to do so. If you are an employee (or ex-employee) of MyCSP, this is our legal obligations as an employer and if we provide services to you, this will be our contract with you.

We handle your information securely and confidentially, and we will not sell your information to third parties. Before you use our website, we ask that you read and understand the terms of this notice. This notice covers the MyCSP website and services offered through the website. Please note that when you provide information and allow us to collect information about you, you also consent to us using it and contacting you (by email, post or telephone) for the purposes set out in this notice and you agree that this will not constitute a breach of the Privacy and Electronic Communications Regulations 2003. We may need to update this Privacy Notice from time to time, so please check back regularly. If the changes are significant, we will provide a more prominent notice.

Your information

We may collect information about you when you register for services on this website, or when you become an employee of MyCSP. This information can include your name and title, date of birth, gender, marital status, address, telephone number, email address, National Insurance Number (NINo), medical records, salary details and employment history.

How we use your information

The information we collect allows us to administer you as an employee or client:

  • As an employee, although not an exhaustive list, we process your personal information to pay you a salary, provide you with benefits and support you when you are unwell, amongst other requirements.
  • As a client we use your personal information to contact you to provide you with the services you have paid for.

We do not use your information for any other purposes than those described above. We do not use your personal information for marketing. We also do not conduct any automated decision making or conduct profiling based on the information we hold about you.

Retention of information

We may need to retain certain information about you for legal and regulatory reasons. Currently, we retain all personal information for six years after a contract expires, or an employee ceases to work for MyCSP. All personal information is held in accordance with the registration we have with the Information Commissioner’s Office (ICO). We also take security very seriously, so while we hold your information, we make sure it is safe. Find out more in the Security section below.

Sharing your information

If requested by the police or other regulatory or government authority investigating suspected illegal activities, we are obliged to share personal information with them. We will also share personal information with Equiniti Group Human Resources and Payroll if you are an employee of MyCSP as Equiniti Group provides these functions for MyCSP. If you are a client of MyCSP, we will not share your information with any other party that is not already referred to above.

Whilst we may share your information, we will never sell it.

Your information will also not be transferred to countries outside the European Economic Area unless the data subject specifically requests this.

Security

Security is our priority. We are accredited annually by Government to process classified information up to official and are certified to a number of industry recognised standards, including ISO27001, which maintains the highest levels of security across our entire business.

We are also subject to annual IT Health Check and Cyber Essential assessments by an independent organisation and the result of these assessments are shared with Government.

Your rights as a data subject

You have certain rights as a data subject; these are:

  • The right to be informed;
  • The right of access;
  • The right to rectification;
  • The right to erasure;
  • The right to restrict processing;
  • The right to data portability;
  • The right to object;
  • Rights in relation to automated decision making and profiling

For MyCSP employees (and ex employees)

As our lawful basis to process your personal information is to meet a legal obligation (we are your employer), you do not have the right to erasure, the right to restrict processing or the right to object, as we would be unable to meet these obligations and you would be negatively impacted.

If you wish to exercise your right to access your personal information, you can submit a Subject Access Request to our Data Protection Office (DPO) - please see contact details below.

Data Protection Officer

MyCSP has a designated Data Protection Officer - Darren Munton. He is contactable on 01903 835666. You may wish to contact our DPO should you have questions about how we process your personal information, how we secure it or have any concerns about your personal information. You may also wish to contact our DPO should you suspect a breach of your personal information has occurred.