Safeguarding Policy

Our Commitment

PensionTech is committed to safeguarding the interests and wellbeing of all clients, with particular attention to those who may be vulnerable. We handle sensitive pension and personal financial data with the utmost care, and we maintain robust policies and training to ensure our services are delivered safely, ethically, and in full compliance with applicable law.

This policy applies to all staff, contractors, and partners who handle client information or deliver services on behalf of PensionTech.

1. Sensitive Data Protection

1.1 What We Collect

To carry out a pension audit, we may collect and process the following categories of sensitive personal data:

Full name, date of birth, and National Insurance number
Employment history, start and end dates, and pensionable service records
Pension scheme membership details and scheme reference numbers
Annual benefit statements, service extracts, and pension projections
Details of career breaks, maternity/paternity leave, or part-time working patterns
Transfer records and any previous pension arrangements

1.2 How We Protect It

All data is transmitted and stored with AES-256 encryption
Access to client data is restricted to authorised staff on a need-to-know basis
We do not sell, share, or transfer personal data to third parties except where required to deliver the audit service (e.g. our partner, Audit My Pension, for NHS pension cases)
Documents are retained for 12 months post-audit and then securely deleted, unless a longer retention period is requested or legally required
All systems are subject to regular security review

1.3 GDPR Compliance

We are registered with the Information Commissioner's Office (ICO) and process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our lawful basis for processing is the performance of a contract and, where applicable, legitimate interests.

Clients have the right to access, rectify, restrict, or erase their personal data at any time. Requests should be directed to support@pensiontech.uk.

2. Vulnerable Adults

2.1 Recognising Vulnerability

We recognise that many of our clients are approaching or have recently entered retirement — a period that can coincide with health challenges, bereavement, cognitive decline, or financial stress. PensionTech is committed to identifying and supporting clients who may be in vulnerable circumstances.

Indicators of vulnerability that our staff are trained to recognise include (but are not limited to):

Difficulty understanding or processing written information
Signs of undue pressure from a third party
Expressed financial distress or urgency inconsistent with their situation
Indicators of cognitive impairment or confusion about their own circumstances
Requests made on behalf of a client without clear authority or consent

2.2 Our Response

Where vulnerability is identified or suspected, staff are required to:

Take additional time to explain the service and confirm the client's informed consent
Offer alternative communication formats where appropriate (e.g. larger print, phone call follow-up)
Decline to proceed where there is any doubt about consent or undue influence
Escalate the case to a senior member of staff for review
Signpost the client to independent support services if appropriate

PensionTech will never exploit a client's vulnerability to encourage unnecessary or disproportionate service uptake.

3. Staff Training & Competence

3.1 Induction Training

All staff who handle client data or interact with clients directly must complete the following before doing so:

Data protection and GDPR awareness training
Safeguarding and vulnerable client awareness training
Information security and data handling procedures
PensionTech code of conduct and ethics policy

3.2 Ongoing Training

Training is refreshed annually or whenever material changes to regulation or policy occur. Staff are expected to:

Stay current with changes to UK GDPR guidance from the ICO
Report any suspected data breaches or safeguarding concerns to the Designated Safeguarding Lead immediately
Participate in periodic case reviews and quality assurance exercises

3.3 Designated Safeguarding Lead

PensionTech maintains a designated safeguarding lead responsible for oversight of this policy, staff training, and handling escalated client concerns. Safeguarding concerns can be reported confidentially to support@pensiontech.uk.

4. Scope of Service & Non-Advice Boundary

PensionTech provides pension audit analysis — we identify and report on potential errors, omissions, and discrepancies in pension records. We do not provide financial advice, pension advice, or any regulated activity as defined by the Financial Services and Markets Act 2000.

Clients are strongly encouraged to consult a regulated Independent Financial Adviser (IFA) before taking action based on our audit reports. Where clients are identified as vulnerable or at particular financial risk, this recommendation is made explicit in both our report and any direct communications.

5. Policy Review & Accountability

This policy is reviewed annually and updated as necessary to reflect changes in law, regulation, or best practice. Significant changes will be communicated to all relevant staff.

Any client who has concerns about how their data has been handled, or who believes they have been treated inappropriately, should contact us in the first instance at support@pensiontech.uk. If concerns are not resolved to your satisfaction, you may escalate to the Information Commissioner's Office (ICO) at ico.org.uk.