Privacy Statement
The trustees of your scheme/plan are the data controllers under data protection laws.
The privacy notice for your scheme/plan explains:
- Who the trustees are and how to contact them
- What information is held about you and how it’s used
- Your rights in relation to your personal information
- How to contact the Information Commissioner’s Office
You can read the privacy notice for your scheme.
Cookie Notice
We use cookies and similar technologies (‘cookies’ for short) on this website. This notice explains:
- What cookies are
- The types of cookies we use
- What we use cookies for
- How you can control them
We don’t collect any of your personal information using cookies.
What are cookies?
Cookies are used to store information on your device or in its memory to improve your experience. They also provide useful insights to the website owner.
For example, they can be used to:
-
improve website features and security
-
allow the website to remember actions you’ve previously carried out
-
provide analytics information on how users engage with the website
Most cookies have an expiry date, but you can delete them at any time. Browsers have settings to allow you to block and clear cookies.
For more information, see the ’How can I control cookies?’ at the end of this notice.
Types of cookies used on our website
Cookies: Small text files stored on your device by your web browser. Most cookies have an expiry date, but you can delete them at any time. Browsers have settings to allow you to block and clear cookies.
Local storage: Small text files stored on your device by your web browser.
The information stored remains even after you close the browser or restart the device. You can erase local storage at any time by deleting your browser's history.
Session storage: Used by your web browser to store information in your device’s memory. Information held in session storage is cleared when you close your browser.
How we use cookies on this website
This section explains more about the specific cookies used on this website.
‘Strictly necessary’ cookies
These are set by default and do not require your consent, as they’re permitted by privacy laws. These cookies are required for the operation of our website.
They give us information needed for website security and to help the website function properly.
| Name | Provider | Purpose | Expiry | Type |
| ARRAffinity | Azure App Service | Maintains session affinity (sticky session) | Session (set by Azure App Service; expires when session ends) | Session |
| ARRAffinity SameSite | Azure App Service | Session affinity with SameSite attribute for security | Session | Session |
| CookieControl | OneTrust | Stores user cookie consent preferences and banner settings | CMP configurable | Consent preference cookie |
| UMB_UCONTEXT | Umbraco CMS | Backoffice authentication cookie used to maintain login session. Used only for authenticated CMS administrators; not set for public website visitors. | Session | Authentication cookie |
| UMB-XSRF-TOKEN | Umbraco CMS | Used by Angular to pass anti-forgery token for secure requests. Used only for authenticated CMS administrators; not set for public website visitors. | Session | Ant-forgery token |
| UMB-XSRF-V | Umbraco CMS | Stores server side validation for Umbraco Backoffice anti-forgery protection. Used only for authenticated CMS administrators; not set for public website visitors. | Session | Anti-forgery token |
Functionality cookies
These are only set if you give us your permission.
They enable us to personalise our content and remember your name and preferences – for example, your choice of language or region.
| Name | Provider | Purpose | Expiry | Type |
| intercom-device-id-* | Intercom | Device ID to prevent Messenger abuse | 9 months (refreshed per ping) | Persistent |
| intercom-id-* | Intercom messenger | Stores user session identifier for Intercom messenger; required for authenticated support interactions | Intercom session cookies persist between logins used for session identity | Persistent |
| intercom-session-* | Intercom | Tracks a unique browser session to restore chat history and maintain messenger continuity | 1 week, refreshed on activity | Functionality |
Analytics and performance cookies
These are only set if you give us your permission.
These cookies allow us to count and differentiate users, as well as track the movement of visitors as they use our website.
They give us information to improve the way our website works, by ensuring users find what they’re looking for easily.
| Name | Provider | Purpose | Expiry | Type |
| _dcid | Stape server side GTM ecosystem | Indicates a client identifier used in Stape server side tracking; relates to user identification for analytics and advertising use cases | Not published; can be disabled via Stape Data Client settings | Analytics / Marketing |
| _ga | Google Analytics (GA4) | Distinguishes unique users for analytics | 2 years (subject to browser settings, often >13 months) | Analytics |
| _ga_T7DPXKX01S | Google Analytics (GA4) | Persists session state for GA4 container | 2 years | Analytics |
| _pk_id | Matomo / Piwik PRO | Stores unique visitors ID for analytics, including visit count and timestamps | 13 months (default) | Analytics |
| FPAU | Google Ads / Google Marketing Platform | Stores user interaction & attribution data for as performance measurement | 90 days | Analytics / Marketing |
| Intercom-device-id* | Intercom | Session identity for Intercom | 270 days / ~9 months, refreshed on pings | Analytics / Functional |
| Prism_1000379868 | ActiveCampaign | Tracks user interactions; supports marketing and behavioural analytics for marketplace. umbraco.com | 30 days - 2 years | Analytics / marketing |
To opt out of being tracked by Google Analytics across all websites, visit: http://tools.google.com/dlpage/gaoptout
Third-party cookies
Sometimes, we link to third party websites or embed third party content on our pages.
If you access this content, the relevant third-party websites may also place cookies on your device. We don’t have any control over this, so please check the relevant website’s privacy and cookies notice.
How can I control cookies?
You can use your web browser to delete, block or allow all cookies.
You can also block third-party cookies.
Additional options to control your cookies include:
- clearing all cookies when you close your browser
- using a private browsing session
- installing add-ons or plugins to give you more options
For general information about this, go to All About Cookies https://allaboutcookies.org/.
Find out more on how popular browsers manage your data using these links:
- Microsoft Edge cookies information
- Chrome cookies information
- Firefox cookies information
- Safari cookies information – mobile devices and desktops
- Opera cookies information