HomePrivacy Policy

Privacy policy

Your privacy rights in relation to Real Accounts and Nest Insight

The UK General Data Protection Regulation (‘UK GDPR’) and the Data Protection Act 2018 (‘Data Protection legislation’) regulate how we process your personal information. The purpose of this policy is to explain how we collect and use your personal information and how we comply with Data Protection legislation. It is important that you read this information.

The Real Accounts project is led by Nest Insight in collaboration with the Centre for Personal Financial Wellbeing at Aston University and the Yunus Centre for Social Business and Health at Glasgow Caledonian University (‘Collaborators’). Nest Insight is part of the National Employment Savings Trust Corporation (Nest) which is the Trustee and provider of the Nest pension scheme (the scheme). Nest Insight is a public-benefit research and innovation centre. Nest Insight was set up by Nest Corporation to find ways to support low and moderate-income workers to be financially secure both today and into retirement. For privacy information on Nest’s management of the scheme please visit nestpensions.org.uk

In this policy, we explain some things about the personal information Nest Insight and the Collaborators hold (whether we collect this from you or it is provided to us), and your rights regarding this information. Please read it carefully, together with any other privacy notices and information that we provide you, from time to time.

Outline of policy:

  1. Your privacy rights in relation to the Real Accounts project
  2. Processing your data for research purposes
  3. Processing your data for marketing and other non-research purposes
  4. Security and your data rights

Your privacy rights in relation to the Real Accounts project

The Real Accounts project is a primary research project that will follow the financial lives of low- to moderate-income UK households. We will collect personal data during the duration of the project together with our Collaborators and we will each act as Joint Controllers. This means that we jointly decide the purpose for which your personal data is used and we are jointly responsible for protecting your personal data and ensuring that it is processed in accordance with the requirements of the Data Protection legislation.

We may collect and receive different types of personal information about you. Personal information we hold about you includes any information that identifies you (e.g. name, address, phone number etc.). It can also include personal information which relates to specific topics which are thought to be more privacy sensitive and called special categories of information (e.g. information about your health, your ethnicity, religion etc.). When we use special categories of data, we will ask for your explicit consent.

Processing your data for research purposes

The Real Accounts website relates only to the Real Accounts project. Nest Insight and the Collaborators will process your data in connection with the Real Accounts project based on your Consent. Further information about how your data will be processed in connection with the Real Accounts project if you want to take part in the research study can be found in the Participant information and Fair processing notice which will be provided to all research participants. For information about how data is processed for research purposes in any other Nest Insight research, please see the Nest Insight privacy policy.

Processing your data for marketing and other purposes

We may receive personal information about you if you:

  • attend Nest Insight events, meetings or conferences, you may exchange business contact information and/or business card contact details with Nest Insight
  • submit your information via the mailing list sign-up box on the Real Accounts website or contact Nest Insight directly via realaccounts@nestcorporation.org.uk.

We may also receive information about you from third-parties or through our social media sites where you have provided your consent.

How we’ll use your personal information

We will rely on your consent as the legal basis for processing your personal information. You can easily withdraw your consent at any time. We explain how you can do so each time we ask for your consent.

Nest Insight may send you (via email):

  • communications about, or invitations to participate in, events, research topics, ideas and programmes
  • communications to inform you about published results of Nest Insight programmes and research.

Nest Insight may send you requests to provide your opinion on the events you have been involved in. We may share anonymised feedback on events you have attended within Nest Insight to improve our services.

What personal information we use and how long we keep it

Data we may use for marketing communication and keeping you informed

This may include data such as your surname, forename(s), job title, organisation you work for, telephone number, correspondence address and email(s).

How long we keep it for the purpose of marketing communication and keeping you informed

We’ll keep this information for however long you continue to wish to receive communications from the Real Accounts project via Nest Insight. You can choose to unsubscribe via the link at the bottom of the emails we send you, or you can let us know via realaccounts@nestcorporation.org.uk that you no longer wish to receive communications from the Real Accounts project via Nest Insight. We will remove your contact details from the Real Accounts mailing list within 1 month of receiving your request to ensure you do not receive further communications from the Real Accounts project via Nest Insight in the future. We may also send you emails from time to time to confirm if you wish to still receive communications from us.

If you have subscribed to the Nest Insight mailing list and no longer wish to hear about Nest Insight’s wider research, events, or partnership opportunities, you can let us know by contacting Nest Insight: insight@nestcorporation.org.uk.

Other data we may use for other purposes

If we use your personal information for any other purpose we will notify you (through fair processing notices we issue to you at the time of collecting the data), of how this will be processed and how long we will keep this data for.

In addition, we may keep your personal information for a longer period of time than mentioned above for archiving or research purposes, or in the event of ongoing disputes, claims or complaints. In such cases, we’ll consider the nature, degree of sensitivity, and volume of your personal information that needs to be kept. We’ll also take into consideration the purpose for extending the retention period and whether this purpose could be achieved through other means.


From time to time, we may need to pass your personal information on to trusted third-parties.

Third-party processors and websites

When we share data with third-parties, they may be a processor acting on instructions from us or a controller in their own right. We seek to ensure that we have the necessary safeguards and security measures in place when we use third-party processors. When we outsource any processes, we ensure any supplier or contractor we use has adequate security measures in place. We also require them to comply with data protection principles as part of our contract with them.

The Real Accounts website or the information we provide you with may, from time to time, contain links to and from third-party websites, including those of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites may have their own privacy policies. We don’t accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

For compliance purposes

Nest Insight may need to pass your personal information as requested and required to The Pensions Regulator, the Pensions Ombudsman, the Department for Work and Pensions and Her Majesty’s Revenue and Customs, in accordance with our legal obligations for compliance purposes.

In order to comply with our legal, regulatory and statutory obligations, sometimes we also need to pass your personal information to third-parties, such as courts, law enforcement agencies, our insurers, our auditors, and our professional advisers.

Security and your data rights

We want to ensure that we process accurate information about you and need your help to make sure that we do this. If you notice that any of your personal information is incorrect or if any personal information about you changes, please see below on how you can correct your personal information.

Security and safe storage of your personal information

The security of your personal information is very important to us and we take this matter very seriously. We’ll use appropriate procedures and security features to process and protect your information. We have in place a robust framework to ensure the security of your data.

The Real Accounts website is hosted by Nest Insight and the information security management systems operated by Nest Corporation and our IT managed services provider are both independently certified to the ISO 27001 standard. This gives us assurance that our systems and processes are robust and helps protect your data.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How can you access and correct your personal information?

How can you correct your personal data?

You can correct the information Nest Insight and Collaborators hold about you in relation to the Real Accounts project by emailing realaccounts@nestcorporation.org.uk

How can you access your personal information or data and exercise your rights?

Subject to certain conditions, you have the right to request access to the personal information that we hold about you. This is commonly called a ‘data subject access request’.

If possible, you should specify the type of information you would like to see to ensure that our disclosure meets your expectations. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Your request shall not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other individuals.

In addition to your right to access or rectification of your personal information that we hold about you, as set out above you have the right to, or to make a request (under certain circumstances) to:

  • restrict or object to the processing of the personal information we hold about you (see Note 1)
  • erase your personal information (see Note 1)
  • receive personal information about you that you have provided to us in a structured, commonly used, machine-readable format where we use it with your consent (‘right to data portability’) (see Note 2)
  • withdraw your consent for us to process your personal information, where based on consent (see Note 3)
  • object to automated decision-making including profiling.

We must be able to verify your identity. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Note 1: It is important to note that your request to restrict or object to processing or erase your personal information doesn’t automatically lead to a requirement for the processing to stop, or for your personal information to be deleted. For instance, we may not be in a position to erase your personal information, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims.

Note 2: In addition, the right to data portability only applies in certain circumstances such as where the processing relies on consent. When Nest Insight processes your personal information in order to comply with its legal obligations, the right to data portability will not apply.

Note 3: If you do decide to withdraw your consent we will stop processing your personal information for that purpose going forward, unless there is another lawful basis we rely on – in which case, we will let you know. Please note if your personal information is anonymised, Data Protection legislation including the rights set out above will no longer apply. If you withdraw your consent, please note that data that has been processed before the date of withdrawal will still have been legally processed and will be unaffected by the withdrawal.

If you withdraw yourself from our research, your data in relation to the research will be deleted, as soon as reasonably practical, usually within one week. Please note this may affect your eligibility for any prize draws or any incentives offered to take part in the research.

To make a request under these rights you can email us at: realaccounts@nestcorporation.org.uk

Use of cookies and website analytics purposes


If you want more information about cookies we use, or if you’d like to change your cookie settings, please go to our Cookie policy page.

Third-party processors for website analytics purposes

Nest Insight uses website analytics providers in order to provide valuable information and insight into the performance and use of our website. We also share information about your use of our site with those web analytics providers. You’ll find more information in our Cookie policy. From this page, you will also be able to manage your preferences and be able to opt-in or out from cookies that are not essential to the operation of the website.

We may also share your personal information with any other third-party where you have given your consent.

Changes to this policy

We may change our privacy policy from time to time. If, or when any material changes are made, we will let you know about them on our website. We encourage you to check our website for updates on a regular basis. This version was last updated on 16 May 2023.

Queries and further information

For queries about how your personal information is used or to make a complaint:

  • The information provided in this privacy policy is in addition to any other privacy information we may give you on our website or via other channels (including paper communication, secure message, e-mail, telephone etc.).
  • If you want more information about the use of cookies on the Real Accounts website, please view the Real Accounts Cookie policy.

Contact us

If you want to contact us, you can contact us by emailing:

Raise a complaint with the Information Commissioner’s Office

If you have concerns about the way we handle your personal data and you think we haven’t dealt with them properly, you can contact the Information Commissioner’s Office (ICO) or raise a complaint:

  • by phone on +44 303 123 1113
  • by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
  • via their website at: ico.org.uk/concerns