1. Background

Muse Advisory understands that your privacy is important to you and that you care about how your personal data is used. We respect and value your privacy and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations & your rights under the law.

2. Information about Muse Advisory

Muse Advisory Limited is registered under Company Number 05948671 - our registered office is:
KD Tower, Suite 10, The Cotterells, Hemel Hempstead, HP1 1FW.

We are members of PASA, Pensions and Lifetime Savings Association and The Society of Pension Professionals.

Muse Advisory is an independent consulting business that works with trustees and sponsors to help them govern, manage and administer their pension schemes effectively. Unique research and an independent perspective, coupled with a pragmatic approach that only a truly experienced team can deliver, means Muse Advisory offers an unparalleled service in the market.

Muse Advisory’s key consulting business areas are:

• Administration Consulting
• Outsourced Pensions Management
  
• Governance and Trustee Effectiveness
• Investment Governance
• Adviser and Provider Reviews
• Risk management

3. What does this Notice cover?

This Privacy Notice explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

4. What is personal data?

Personal data is defined by the UK General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as "information that relates to an identified or identifiable individual."

Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The ways that we use personal data are set out below.

5. What are your rights?

This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions, using the details below. Under the UK GDPR, you have the following rights, which we will always work to uphold:

1. The right to be informed about our collection and use of your personal data;
2. The right to access the personal data we hold about you;
3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete;
4. The right to be forgotten i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold;
5. The right to restrict (i.e. prevent) the processing of your personal data;
6. The right to data portability - this means that you can ask us for a copy of your personal data that we hold to re-use with another service or business;
7. The right to object to us using your personal data for a particular purpose or purposes;
8. Rights relating to automated decision-making and profiling - we do not use your personal data in this way.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided below.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

6. How do we collect personal data?

Directly: We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us with their business card, contact us via our website, attend meetings or events that we host or visit our office. We may also obtain personal data directly when, for example, we are establishing a business relationship or performing professional services through a contract.

Indirectly: We may obtain personal data indirectly about individuals from a variety of sources, including our clients. We may attach personal data to our customer relationship management records to better understand and service our business clients and individuals, satisfy a legal obligation, or pursue our legitimate interests. Examples may be:

• Public sources: personal data may be obtained from public registers (such as Companies House), news articles and Internet searches;
• Social and professional networking sites: if you register or login to our website using social media (e.g., LinkedIn, Google, or Twitter) to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want shared with us;
• Business clients: our business clients may engage us to perform professional services which involves sharing personal data they control as part of that engagement. Our services may also include processing personal data under our clients’ control on our hosted software applications, which may be governed by different privacy terms and policies;
• Recruitment services: we may obtain personal data about candidates from an employment agency, and other parties including former employers, and credit reference agencies.

7. What personal data do we collect?

We may collect some or all of the following personal data (this may vary according to your relationship with us):

• Name;
• Business name;
• Business address;
• Job title;
• Email address;
• Telephone number(s).

8. How do we use your personal data?

Under the UK GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes:

• Providing and managing your account;
• Supplying our services to you - your personal details are required in order for us to enter into a contract with your organisation;
• Personalising and tailoring our services for you;
• Communicating with you - this may include responding to emails or calls from you;
• Supplying you with information by email that you have not opted-out to receive (you may unsubscribe or opt-out at any time by sending an email to [email protected]);
• Inviting you to events that we may organise or sponsor.

With your permission and/ or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email and/ or telephone with information and news on our services. To help measure the success of a marketing campaign, we use limited tracking pixels which can either be triggered by a visitor to our website or when a recipient opens up our email marketing message e.g. used when we issue our regular Muse News. This simply lets us know whether the recipient has opened up the email and which webpages they have visited. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the UK GDPR, and you will always have the opportunity to opt-out.

9. How long will we keep your personal data?

We will not keep your personal data for any longer than is necessary considering the reason(s) for which it was first collected.

Records relating to individuals will be kept as follows:

• Marketing: we will hold your data for a period of 6 years. You will have the opportunity to opt out or update or delete data at any point should you need to do so and details are set out in this policy as to how to do that;
• Contracted services: we will hold your data for 7 years in line with our regulatory requirements.

10. How and where do we store or transfer your personal data?

We will only store your personal data within the UK. This means that your personal data will be fully protected under the UK GDPR or to equivalent standards by law.

The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:

• We will not process personal data obtained for one purpose, for any unconnected purpose, unless the individual concerned has agreed or would otherwise reasonably expect this;
• Access to personal data is carefully controlled and restricted to appropriate individuals within Muse Advisory;
• Any changes to an individual’s contact details are only made on the instruction of the individual or on the instruction of another party, whom he or she has authorised to do so;
• Personal data will only be accessed and updated through a central database or in Exchange. No copies will be saved to any other computers, laptops, tablets or mobile devices or transferred unless specifically authorised by Muse Advisory and subject to appropriate safeguards.

11. Do we share your personal data?

We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:

• Parties that support us as we provide our services (e.g., providers of telecommunication systems, IT system support and cloud-based software services, survey software providers, marketing services providers);
• Our professional advisers, including lawyers, auditors and insurers;
• A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger/ acquisition of part or all of our business or assets, or any associated rights or interests;
• Payment services providers;
• Law enforcement or other government and regulatory agencies (e.g., HMRC) or to other third parties as required by, and in accordance with, applicable law or regulation;
• Recruitment services providers.

12. How can you access your personal data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held) - this is known as a 'subject access request'.

If you would like to exercise your right to access your data, please email us at ‘[email protected]’.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within one month of receiving it. In some cases however, for example if you have made a number of requests or your request is complex, we may need extra time to consider your request and we can take up to an extra two months to respond. If we do need the extra time, then we will let you know within one month that we need more time and why. You will be kept fully informed of our progress.

13. What about personal data security?

We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.

14. How do you contact us?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:

• Email address: [email protected];
• Telephone number: 020 3740 0111;
• Postal Address: Muse Advisory Limited, KD Tower, Suite 10, The Cotterells, Hemel Hempstead, HP1 1FW.

15. Former employees and associates of Muse Advisory

A “fuller” version of our Privacy Notice for former employees and associates of Muse Advisory is available on request.

16. Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

This Policy shall be reviewed regularly by the Directors, no less frequently than once every two years, to ensure that it remains up-to-date and fit for purpose. Any changes will be made available via our Muse website.

Terms of Use

1. User Agreement

This is the User Agreement for the Muse Advisory website - an on-line information website operated by Muse Advisory.

As a user of this website you acknowledge that any use of this website you make is subject to our terms and conditions below. Before using this website please read through these terms and conditions.

2. General

Muse Advisory reserves the right to change these terms and conditions at any time. It is your responsibility to read the terms and conditions on each occasion you use this website. Your continued use of the website shall signify your acceptance to be bound by the latest terms and conditions. Any such changes will take effect when posted on the website.

3. Limitation of Liability

Although every effort is taken to ensure that only the most accurate information is presented on the website, such information is presented without expressed or implied guarantee or warranty and may be changed at any time without notice. Muse Advisory does not assume responsibility for erroneous information, nor occurrences which result from such information. The opinions expressed within this web site and subsequent linked documents, are those of the respective authors and do not necessarily represent the opinions of Muse Advisory.

4. Use of Copyrighted Materials

You acknowledge and agree that all copyright, trademarks and all other intellectual property rights in all materials and/or content made available as part of your use of this website shall remain at all times vested in us or our licensors. You are permitted to use this material only as expressly authorised by us or our licensors.

You acknowledge and agree that the material and content contained within this website is made available for your personal non-commercial use only and that you may only download such material and content for the purpose of using this website. You further acknowledge that any other use of the material and content of this site is strictly prohibited and you agree not to directly or indirectly breach our intellectual property rights.

5. Links To Third Party Sites

This website may contain links to third-party websites - such links are provided purely as a convenience to our readers. We accept no liability of any description in respect of the contents of such materials or sites. We should not be taken to be endorsing, publishing, permitting or authorising such sites or materials.

Updated: November 2023