PAYONE And The Pension Concealment

rules, board, circles-1752415.jpg

Worldline SA subsidiary Payone are embroiled in a dispute over pension payments of a former UK employee. The employee who does not wish to be named had pension payments deducted from his salary although Payone did not actually place those deductions into any pension pot between 2016 and 2021 when he was employed.

One year after leaving Payone the employee discovered that the firm did not place those funds in a government backed pension scheme.  So where did the money go?! Why did Payone mislead the employee into believing the money was being placed in a pension scheme?

Payone’s breach of the UK Pension regulation

a book, paper, document-3101151.jpg

Since 2012 when an employee meets certain requirements the law states that the employer must automatically enrol them as a member of a workplace pension scheme. 

This scheme means that a lot more employees can stack some savings to provide them with an income from age 55.  The Payslip is a tangible and sacrosanct document which demonstrates the trust and contractual bond between an employee and employer.  Payroll departments are often the most bustling departments on or around payday when employees and employers alike seek clarifications in case of any discrepancies on the Payslip.  The enquiries could range from tax code errors or even incorrect basic wages which are usually clarified quickly if necessary.  Speed is essential in most cases simply because those Direct Debit bills spare no one.

It was indeed Albert Einstein who said:

“The hardest thing to understand in the world is the income tax”

So, Payone had wrongly added the words “Pension contributions: £xxxx” to  employees’ payslips.  However, for over four years the company were stacking the employees’ pension contributions into their own pocket and did not register the employee into a government backed pension scheme.  There were a plethora of pension schemes that UK employees could have been placed into and it is a wonder as to why for an extraordinary period of time they failed to do so.  Even their basic duty to inform the employee about his rights under the scheme was shunned.

After leaving the company in March 2021, the employee raised unrelated complaints with the company.  It appears those complaints may have triggered alarm bells at the company about the pension issues.  Payone hurriedly in January 2022 [10 months after employee left], opened a pension scheme with the Workers Pension Trust.  In order to set up a backdated account Payone would have needed to inform the Workers Pension Trust that the employee was still employed there; which was inaccurate.  At that point a whisper in the ear of the HR staff to remind them that, “you are a financial services company, integrity is a cornerstone of what you do, time to tell the employee what’s going on guys”, may not have been a terrible idea. 

After the account was opened and a lumpsum figure was dashed [transferred] into the employees’ pension fund the account was then closed only 30 days afterwards.  The employee was never contacted, and it appears Payone were hoping to quietly [shhh] “shut the barn door” on the matter.  In a bid to keep the employee from becoming aware of the issue, Payone even provided the employees’ old address to the Workers Pension Trust.  This avoided them contacting the employee to confirm his new address, which would have been a silly thing to do as it may have alerted him to the issue.  One must ask the question at that stage, what on earth could possibly go wrong?!

A popular quote [Francois De La Rochefoucauld] is timely, which states:

“Most of our faults are more pardonable than the means we use to conceal them”

Also:

Truth fears nothing but concealment [Tertullian]

Consequently, private, and confidential letters and login processes were inevitably in turn sent to the incorrect address (surprise!).  But for the employees vigilance, he may never have discovered the issue that will now impact his tax free allowance, pension and tax even leading to questions as to if the lumpsum was even correct.  The employee has acted swiftly and despite an uncooperative Payone [yes, they refuse to help!!], the Workers Pension Trust have provided the employee with a glimmer of hope so that he is aware of the employer’s procedural failings.  The Pension Ombudsman is further attempting to support the employee and maybe even draw some detailed answers from Payone.

laptop, mockup, coffee break-2838939.jpg

Top tips for employers

Employees rank highly and are valuable assets 

Integrity and transparency in dealing with your employees are exceptional qualities for an employer to possess.  Do not underestimate the bond that can be built with your staff just by owning mistakes or communicating any underhand conduct of previous employees as a corrective bridge for the future.  To be silent is to be complicit.

Record-keeping

Ensure that employees data is kept accurately even if that employee is no longer part of the company.  People move addresses and it will cause significant distress to former employees if payroll or pension data is misplaced due to carelessness of a former employer.  Not to mention it opens you to UK GDPR complications.

Lean on the regulators 

Fortunately, there are a host of regulators who provide information on the law in bite size and easily digestible chunks. Spending 30 minutes a week of quality time over a coffee on the respective websites will do no harm whatsoever.  If in doubt just reach out!  In this case, Payone GmbH could proactively have contacted the Pension Regulator or the Information Commissioner’s Office upon discovering any issues.  Instead, they opted for a covert route, which points towards a symptom of a much larger problem at the Worldline SA owned company.  

In all fairness hindsight is a luxury, but not if the problematic processes are given free reign to a revolving door.

Pay employee salaries on time and adhere to local rules if new market entrant 

It appears that amongst the catalogue of issues with the employee’s payroll, Payone did not always pay the employee on consistent dates.  According to the Advisory, Conciliation And Arbitration Service (ACAS) it is not allowed for employers to delay or not send payslips to their staff, so ensuring that payslips arrive in a timely manner may prevent complaints and grievances.

Communication 

Given the learnings that may graciously be heeded within this article seems apt to quote the following;

“The single biggest problem in communication is the illusion that it has taken place”.  [George Bernard Shaw]

The employee shared his opinion on the issues, and told Loopline media:

“ the Workers Pension Trust have been marvellous with the limited support they can provide… there were inherent problems I faced at Payone right across the board from payroll, inconsistent pay dates to AML disagreements with the way contracts are processed relating to KYC.  It has been a huge relief for my mental health to part from the company and I only hope things have improved and communication from the top down becomes transparent and that the company embraces a diverse senior leadership and can share best practices from the Worldline payroll processes.  I feel the company is full of talented and good employees but there is a discombobulated structure which led to the toying with legislation as occurred with my pension scenario.” [Payone Employee]

The Director of Human Resources and the Director of Data Protection at Payone responded to the employee’s concerns in June 2022 to confirm the lumpsum amount, and to wholeheartedly blame the pension issue on previous HR employees.  The employee has received no apology from Payone at the date of this article.

The Information Commissioner’s Office reprimanded Payone GmbH on 1 September 2022 when they wrote to the Employee to state:

“In light of this, I am of the view that Payone could have taken further steps to verify your current address. As Payone have explained, upon realising that the address you provided within your correspondence differed to the one they held on their systems, they could have taken further steps to confirm your correct address and update this on their systems.

This would have prevented a former, inaccurate address being provided to the Workers Pension Trust.

However, I note that your address has now been updated on their systems. We have written to Payone and explained that they should take ensure all personal data held is accurate and, where necessary, up to date.”

To provide balance, Loopline media has reached out to the lawyers of Payone GmbH, who declined to comment at the date this article has been published.  The article may be edited in future only to add any response from the lawyers of Payone GmbH. 

Loopline media are a new factual and insightful media company publishing stories that matter with bold real-life true stories.

london, willis building, reflection-3529954.jpg

This Article is brought to you by

Loopline Media

Catch up with the Author

Post-Brexit: data protection
Card processor sends sensitive data to wrong address
24 August 2022

Worldline SA subsidiary Payone GmbH has been accused of breaching data protection rules after it sent sensitive employee payroll information to the wrong address by accident. The Worldline Group holdS a 60% stake in the Frankfurt based company who have a small UK market presence.

In June 2021, one of Payone GmbH’s ex UK employees (the data subject) received a “potential data breach notification” from the firm advising him that his salary, National Insurance data, nationality (Special Category Data) was amongst various bits of information sent to an incorrect home address.

This included personal information such as the former employees name, age and address.  It also included details such as the date of birth and the amount of annual work bonus he received in his bank account amongst other identifiable data.

Payone GmbH confirmed that this document was sent out in error following an employee making a mistake when re-entering data processed by their third-party payroll provider.  The error arose when the employee was fulfilling an Article 15 GDPR request. The error was spotted by the data subject when he noticed in an email version of the document that the postal address was incorrect. An attempt to notify Payone GmbH of the error went in vain as the document was already irretrievably despatched.

The data subject was alarmed with the incident which exposed him to the possibility of fraudulent activity, amidst reasonable fears his data could end up on the dark web and used by criminals.  Habitually resident in the UK he complained to the Information Commissioner’s Office (ICO) in June 2021. He similarly raised the concern in Germany via The Hessian Commissioner for Data Protection and Freedom of Information (HBDI).

The ICO reprimanded Payone GmbH for the error in their final decision letter.
Similarly, the HBDI cited a violation of Article 5(f) of the General Data Protection Regulation (GDPR) relating to integrity and confidentiality.

The ICO stated in their July 2021 findings that Payone GmbH, “should take steps to ensure that all personal data records are accurate and up to date. Holding inaccurate information, such as addresses, does increase the risk of personal data breaches and poses risks to the security of information”.

The HBDI confirmed in their October 2021 findings that Payone GmbH had taken remedial action. They concluded that a monetary fine would not be imposed on Payone GmbH as they had taken technical and organisational steps in response to the data breach. Data subjects could now request their data in an autonomous portal.

The GDPR, which came into effect in 2018, gave the Information Commissioner’s Office greater powers to tackle data breaches. The new ‘UK GDPR’ charts its own course after Brexit whilst seeking to maintain EU GDPR adequacy.  In extreme scenarios, organisations face penalties of up to £20m or 4 per cent of their global worldwide turnover, whichever is more.

In the years prior to GDPR, the ICO fines were capped at £500,000.

The data subject said: “I am just glad I spotted it; they were going to resend the document again to another wrong address. Prior to Brexit the process would have been commenced via the ICO who in turn would liaise with the HBDI on the data subjects’ behalf; but I found myself communicating with both authorities separately which was an additional step but in the end was surprisingly
effective. Unfortunately, Payone GmbH again sent my incorrect address to the
Workers Pension Trust in January 2022, and documents yet again went to the wrong address. In my opinion they have not learned from the first time and my complaint is sitting with the ICO yet again”.

The former employee is pursuing a remedy under Article 82 UK GDPR via
the Court’s of England & Wales.

Extraordinary Experiences

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Our Core Values

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

We use cookies to improve user experience and analyse website traffic. By clicking ‘Accept’, you agree to our website’s cookie use as described in our Privacy Policy.