This policy applies to all employees, partners, and third-party service providers of CardinalStone Pensions who have access to personal data collected and processed by us. Its purpose is to:

• Ensure the secure and lawful handling of personal data.
• Protect the rights and freedoms of individuals whose data we process.
• Establish guidelines for data management, processing, and retention.

• Personal Data: Any information relating to an identified or identifiable individual (e.g., name, contact details, financial information).
• Processing: Any operation performed on personal data, including collection, storage, use, and deletion.

We adhere to the following key principles:

1. Lawfulness, Fairness, and Transparency:

Personal data will be processed lawfully, fairly, and in a transparent manner.

2. Purpose Limitation:

Data will be collected for specific, legitimate purposes and not further processed in a manner incompatible with those purposes.

3. Data Minimization:

We only collect data that is relevant and limited to what is necessary for the intended purpose.

4. Accuracy:

We take steps to ensure that personal data is accurate and kept up to date.

5. Storage Limitation:

Data is retained only for as long as necessary to fulfill the purpose of processing or comply with legal requirements.

6. Integrity and Confidentiality:

Data is processed in a manner that ensures security, including protection against unauthorized access, accidental loss, or destruction.

CardinalStone Pensions collects and processes personal data for:

• Opening and managing Retirement Savings Accounts (RSAs).
• Administering pension contributions and withdrawals.
• Complying with legal and regulatory obligations.
• Providing personalized customer support and services.

We employ robust security measures to ensure the protection of personal data, including:

• Encryption of sensitive data during transmission and storage.
• Restricted access to data based on roles and responsibilities.
• Regular security audits and assessments to identify vulnerabilities.
• Training employees on data protection best practices.

Personal data may only be shared under the following circumstances:

• To comply with legal or regulatory requirements.
• With trusted third-party service providers who process data on our behalf under strict confidentiality agreements.
• With explicit consent from the data subject.

We ensure that any transfer of personal data outside the jurisdiction complies with applicable data protection laws and regulations.

Individuals whose data we process have the following rights:

• Right to Access: Obtain information about how their data is processed and request access to their personal data.
• Right to Rectification: Request corrections to inaccurate or incomplete data.
• Right to Erasure: Request the deletion of personal data under certain conditions.
• Right to Restrict Processing: Limit the processing of their data in specific situations.
• Right to Data Portability: Receive their personal data in a structured, commonly used, and machine-readable format.
• Right to Object: Object to data processing based on legitimate interests or direct marketing.

Individuals whose data we process have the following rights:

• Right to Access: Obtain information about how their data is processed and request access to their personal data.
• Right to Rectification: Request corrections to inaccurate or incomplete data.
• Right to Erasure: Request the deletion of personal data under certain conditions.
• Right to Restrict Processing: Limit the processing of their data in specific situations.
• Right to Data Portability: Receive their personal data in a structured, commonly used, and machine-readable format.
• Right to Object: Object to data processing based on legitimate interests or direct marketing.

For questions or concerns regarding this policy or the handling of personal data, please contact our Data Protection Officer (DPO):

CardinalStone Pensions

Email: 

Phone: 

Address: