We take data seriously: that's why we've maintained our accreditation under ISO 27001 (the international standard for information security management) since 2011. It's also why we've developed a comprehensive data privacy compliance programme. Our Trust Centre helps us to deliver on our commitment to the data protection principles, and in particular, that of lawfulness, fairness and transparency.
Important notice (1 December 2020): We have updated our list of data sub-processors. You can view the updated list here.
ISO 27001:2013 Hymans Robertson’s Information Security Management System is certified to ISO 27001:2013. (Certificate Identity Number: 14125886). We're also Cyber Essentials certified.
We've produced some FAQs about our use of cloud computing, which you can read here.
We maintain a comprehensive data privacy compliance programme under the direction of our Data Protection Officer. Click here to find out more about our GDPR implementation project and our data privacy compliance programme.
We've also prepared some short Sixty Second Summaries on specific GDPR issues. You can read more about these below.
One of the significant changes in UK data protection law arising from GDPR is the need for greater transparency when processing personal data. Privacy notices are an important tool in meeting the requirements. You can find out more about the privacy requirements in our sixty second summary.
For data protection purposes, actuarial firms and individual scheme actuaries (as specialist service providers) may be considered to be ‘joint controllers’ of personal data, together with the pension schemes’ trustees. The actuarial firm, scheme actuary and the trustees need to agree their respective responsibilities. You can find out more on the Joint Controller issue in our sixty second summary. Click here for private sector schemes or here for local government pension funds.
For Administering Authorities of local government pension funds, we’ve made available our view of the arrangement between us as joint controllers, where this is applicable. Click here for more details.
We use sub-processors to provide core IT and other business services. Click here for more details.
We provide actuarial services to both private-sector pension schemes and local government pension funds. If you are a member of one of the schemes or funds that we advise, you can read about how we use your personal information. You should read this along with your scheme or fund's own privacy notice.
Click here for private-sector pension schemes
Click here for local government pension funds