The Dutch Association of Insurers is the interest group of non-life and life insurers on the Dutch market. On behalf of the affiliated insurers, the Dutch Association of Insurers acts as an interlocutor for politicians, the media and other relevant national and international parties. In this privacy statement, we provide you with information about how the Dutch Association of Insurers handles personal data.
Laws and regulations
The Dutch Association of Insurers complies with the applicable laws and regulations, including the General Data Protection Regulation. We do everything we can to guarantee your privacy and therefore handle personal data with care. This means that the Dutch Association of Insurers will in any case:
- processes your personal data in accordance with the purpose for which it was provided. These purposes and types of personal data are described in this privacy statement;
- does not process more personal data than is strictly necessary for the stated purposes;
- has taken appropriate technical and organisational measures to ensure the security of your personal data;
- do not pass on personal data to other parties, unless this is necessary for the execution of the purposes for which they were provided;
- is aware of your rights regarding your personal data, will point them out to you and will respect them.
General Data Protection Regulation
The Dutch Association of Insurers processes personal data and is a so-called Controller in accordance with Article 4, paragraph 7 of the General Data Protection Regulation (GDPR).
Contact
If you have any questions and/or comments after reading this privacy statement, please contact us:
The Dutch Association of Insurers
Attn: the Data Protection Officer
P.O. Box 93450
2509 AL The Hague
Email: privacy@verzekeraars.nl
Reading guideIn this privacy statement, we explain who we collect personal data from, what personal data we collect, how we do it, for what purpose we use it and with whom we share this data. This privacy statement also contains important information about your rights with regard to the processing of your personal data. We therefore advise you to read this privacy statement carefully. What is relevant to you depends largely on the relationship you have with us. We have therefore designed this privacy statement in such a way that you only need to read those parts that are of interest to you:
|
1. If you are the gender neutral preferred of one of our stakeholders, e-mail us or otherwise have contact with (employees of) the Dutch Association of Insurers
How do we collect your personal data and why?
We process your name, e-mail address and the content of your e-mail, letter or other communication. We use this information to maintain contact, handle and respond to your e-mail, letter or other communications. The processing ground is the legitimate interest.
|
Personal data to be processed |
Purpose |
|
Name (initials) |
Proper addressing of our response to your email contact |
|
E-mail address |
Maintaining contact and sending newsletters |
|
Phone number (landline or mobile) |
Maintaining contact |
|
Gender |
Correct method of addressing |
|
Company or organisation name |
Correct addressing |
|
Content of your e-mail or letter or other communication |
Processing your request and answering your question (or having it answered) |
Who do we share your personal data with?
Depending on our contact or your question, we will share your data with third parties, such as with (one of) our members if your question relates to this.
How long do we keep your personal data?
Depending on the nature of our contact, emails sent to and stored by our employees for between two and twenty years. They are kept for administrative purposes and to safeguard, exercise and defend the legal position of the Dutch Association of Insurers or its members in the event of claims or disputes.
2. If you are one of our press contacts
How do we collect your personal data and why?
We keep a record of our press contacts. To do this, we use De Perslijst and our own network. The processing ground is the legitimate interest.
Who do we share your personal data with?
We do not share your personal data outside the Dutch Association of Insurers.
How long do we keep your personal data?
Every year we create a new current file and the previous file is archived for a period of one year. After that, the personal data will be anonymised and the file will only contain information about the press inquiries we received in the previous year.
3. If you, as a surviving relative/interested party, want to find out whether there was a life insurance policy (these are also funeral insurances) on the life of a deceased person or if you have taken out a policy yourself and no longer know with which insurer
How do we collect your personal data and why?
We will ask you for a number of details via the registration form in order to be able to comply with your request. We hereby ask for your permission to record your data and pass it on to our affiliated insurers. The processing ground is 'consent'. You can also revoke this consent at any time. Please contact your original gender neutral preferred or send an e-mail to privacy@verzekeraars.nl.
|
Personal data to be processed |
Purpose |
|
Name, address, e-mail address, signature |
Identification |
|
If, as an applicant, you are a child of the deceased:
|
Heir identification |
|
If, as an applicant, you are a partner of the deceased:
|
Heir identification |
|
If, as an applicant, you are the heir of the deceased (but not a partner or child) or are in charge of the settlement of the estate (executor of the will, notary):
|
Heir identification |
|
If, as the applicant, you are the policyholder yourself, or if you have been appointed as a trustee or administrator:
|
Identification of policyholder / trustee or administrator |
Who do we share your personal data with?
We share your data with our affiliated insurers. Based on the information provided, insurers search their own records for insurance policies for you or for the life of the deceased. They report to the Dutch Association of Insurers whether they have policies on which the person is the insured. The Dutch Association of Insurers will then inform you, the applicant, of the companies with which a policy on the life of the deceased has been found. You then approach these insurer(s) yourself and receive the necessary information from the insurer(s).
How long do we keep your personal data?
We will keep your data for a period of one year.
4. If you visit our website and/or receive newsletters from us
We respect the privacy of visitors to our websites (including www.verzekeraars.nl and www.vanatotzekerheid.nl). When you visit our websites, we collect generic visitor data (not personal data) and the IP address. Our website and newsletters use cookies to collect data about your visit, which is used, among other things, to continuously improve our news service and to ensure that its content is relevant to you. If you indicate that you would like to receive our newsletters, download images or click on a link, we can identify you. This means that we can see if you open our newsletter. If you do not wish this, you can unsubscribe from our newsletters. You can read more about this in our cookie statement on our websites. The processing ground for this personal data is 'consent'.
5. If you have registered for an activity or meeting of the Dutch Association of Insurers
The Dutch Association of Insurers offers training courses, meetings and digital knowledge activities. In order to inform you about this, to invite you to events and to keep in touch about your training results, your personal data will be included in our relationship management system.
How do we collect your personal data and why?
We collect information about you:
- that you have provided directly yourself, for example data that you provide to us when you register or indicate that you wish to receive training information;
- from other sources, such as your employer registering you with us for training.
We process your personal data in order to send you relevant information and to invite you to meetings, training courses and digital knowledge activities. We strive to send only relevant newsletters and to keep our database up-to-date. We also use the information you provide to better understand the profile of the recipients of our information and to improve our services. The processing ground for this personal data is 'legitimate interest'.
Below is a schematic overview of which personal data we collect about you and for what purpose.
|
Personal data to be processed |
Purpose |
|
Name(s)*, date of birth and signature |
Addressing our invitations and, if necessary, drawing up a correct list of participants and attributing them to a diploma or certificate |
|
Address (business* and private) |
Contacting you |
|
Position or profession |
The right way of addressing, tailoring our newsletters to you, tailoring our training courses to the right target group |
|
Title(s)* |
Correct method of addressing |
|
E-mail address* |
Contacting and sending mailings |
|
Telephone number (landline and mobile), fax number* |
Contacting us |
|
Gender* |
Correct method of addressing |
|
Company or organisation name* |
Listing the name of your company or organisation on your name badge and achieving a spread of participating organisations in seminars |
|
Photograph* |
Recognizing you as a person and including the photo in our program booklet |
|
Whether or not to open the newsletter or whether or not to click on the links contained therein |
Analysis of whether and to what extent our newsletters are read and the improvement of our (future) newsletters |
|
IP address and navigation through the Webinar |
Improving our Webinars |
|
Your review and feedback, if any |
Evaluating and improving our services |
|
Your complaint and contact details |
Administering complaints in accordance with the CRKBO Quality Mark |
* If you are a (guest) speaker/trainer for the Dutch Association of Insurers, we also process this data from you.
Who do we share your personal data with?
In the context of the purposes mentioned above, we may share your personal data with third parties, including parties who help us organise events and training courses and participants in the activity in question.
We ensure that, where necessary, contractual safeguards are put in place to ensure that your personal data is protected when it is disclosed to third parties. For example, we enter into processing agreements with data subjects, which impose restrictions on the use of your personal data and include obligations with regard to the protection and security of your personal data.
How long do we keep your personal data?
We will retain the personal data mentioned above until you indicate that you are no longer interested in our services. We keep a history of participants and certificates for a period of two years, so that you can, for example, receive a new certificate from us if you wish.
6. If you are a visitor to the office building of the Dutch Association of Insurers
How do we collect your personal data, what personal data do we collect and why?
Our facility is equipped with video surveillance. This means that if you visit the office building of the Dutch Association of Insurers, you may be visible on our camera images. We use camera surveillance to prevent unauthorised access to our location, to protect our (business) interests, property and employees, and to investigate and resolve irregularities. Where necessary, we use the camera images to safeguard, defend and exercise our (legal) position in the event of (legal) proceedings. For the use of video surveillance, we rely on our legitimate interest in protecting our premises from unauthorised access, in particular in view of the fact that confidential information is stored at our premises. This means that the basis for processing this personal data is the legitimate interest.
Who do we share your personal data with?
We have outsourced part of the monitoring to an external service provider. This service provider has access to the camera images. In exceptional cases, for example when the cameras record a crime, we provide the camera images to the competent authorities if we are under a (legal) obligation to do so, and we can use them as evidence in legal proceedings.
How long do we keep your personal data?
The camera images are stored for 4 weeks. If irregularities have occurred in the office building of the Dutch Association of Insurers, the images may be used to enable us to investigate and resolve these irregularities. After 4 x 7 days, the images will be automatically deleted.
7. If you are applying or have applied for a position at the Dutch Association of Insurers
How do we collect your personal data and why?
Most of this personal data is provided to us by you, such as your contact details and your curriculum vitae. In addition, we may request personal data about you from other parties, such as employment agencies, headhunters or recruitment agencies. Furthermore, we may obtain personal data about you from other sources, such as social media. Below is a list of which personal data we may process about you or others and for what purpose:
|
Personal data to be processed |
Purpose |
|
Name (initials), address (work and private), e-mail address, telephone number (fixed and mobile) |
Identification, correct approach and handling of your application |
|
Gender |
Correct method of addressing |
|
Education, skills, professional experience |
Determining whether you are suitable for and meet all the relevant requirements of the position you are applying for and whether you fit into the corporate culture of the Dutch Association of Insurers |
|
Current Salary |
Getting an indication of the salary we could offer you |
|
Results of personality and IQ tests and other tests as part of our application and selection process |
Determining whether you are suitable for and meet all the relevant requirements of the position you are applying for and whether you fit into the corporate culture of the Dutch Association of Insurers |
We process this personal data in order to be able to take certain steps at the request of a data subject prior to entering into the employment contract. In addition, given the nature of our services, we have a legitimate interest in processing this personal data to ensure that we hire suitable and honest employees. We also process this data for the purpose of handling possible complaints or claims in connection with our application and selection procedure.
Who do we share your personal data with?
We use the services of external service providers for certain parts of the application and selection process (e.g. for administering tests or participating in training courses). We share your personal data with these external service providers to the extent necessary. We ensure that, where necessary, contractual safeguards are put in place to ensure that your personal data is protected when it is disclosed to third parties. For example, we enter into processing agreements with data subjects, which impose restrictions on the use of your personal data and include obligations with regard to the protection and security of your personal data.
How long do we keep your personal data?
We will retain your personal data for the duration of the application and selection procedure and for a maximum period of four weeks after its termination. The ground for processing this is legitimate interest. At your request, we can keep this data on file for a maximum of one year, for possible future vacancies. In that case, the processing ground is 'consent'. You can also revoke this consent. Please contact your previous gender neutral preferred or send a message to privacy@verzekeraars.nl.
8. If you are a director or employee of one of the (prospective) members of the Dutch Association of Insurers
How do we collect your personal data, what personal data do we collect and why?
(Prospective) members of the Dutch Association of Insurers can register their employees for an account on the Verbondsnet. We process this personal data in order to fulfil our objective as an association. For example, by giving you access to the Covenant Network and our information provision. The processing ground is the legitimate interest.
|
Personal data to be processed |
Purpose |
|
Name, address, e-mail and telephone number, username and password for the Covenant Network |
Providing our newsletter and providing access to information on the Covenant Network; Inform you of invitations to our meetings and training courses and for statistical purposes |
|
Additional for Association Directors: |
|
|
Copy ID** |
Including your details in our articles of association and registering with the Chamber of Commerce |
|
Additional data such as private data and secretary's address and contact details |
Maintaining contact and sending invitations |
** We ask you to shield irrelevant data, such as your BSN number and passport photo
|
Please note that as the gender neutral preferred of a (prospective) member, you may provide us with personal data of a person other than yourself, for example of a new employee. In this case, please provide them with a copy of this Privacy Notice and ensure that they have read and understood this Privacy Notice before providing us with their personal data. |
Who do we share this personal data with?
To the extent relevant, we share your business personal data within the Dutch Association of Insurers. If you are a member of one of the bodies within or on behalf of the Dutch Association of Insurers, such as a committee or working group, your contact details may be shared with the other committee/working group members. Your data will also be included in meeting documents and minutes. If you are active on one or more boards within the Dutch Association of Insurers, you will be registered with the Chamber of Commerce as part of this. Your data may also be shared with our notary for this purpose.
How long do we keep your personal data?
We store your personal data for the duration of your membership/employment with one of our members. Meeting documents are kept by us for a period of 20 years.
9. If your data has been passed on to the Dutch Association of Insurers by a security department of an insurer
How do we collect your personal data and why?
The Centre for Combating Insurance Crime (CBV), part of the Dutch Association of Insurers, is committed to combating the misuse of insurance products and services and to effectively combating fraud. In its role as a knowledge and coordination centre for the insurance sector, it is important that the CBV has access to the necessary data, including personal data, at an early stage of an incident investigation. The security department of an insurer may therefore pass on your personal data to the CBV on the basis of the Protocol for the Incident Warning System for Financial Institutions (PIFI). The basis for processing this data is the legitimate interest. The Dutch Association of Insurers has a licence from the Dutch Data Protection Authority for the processing of criminal personal data in accordance with the PIFI.
|
Personal data to be processed |
Purpose |
|
Name (initials), address (work and private), e-mail address, telephone number (landline and mobile) or fax number |
Identification and maintenance of contact |
|
Financial data, criminal data, data on health, nationality, professional or job information, video and audio recordings |
Supporting activities aimed at ensuring the safety and integrity of the financial sector, including (the whole of) activities: which (a) are aimed at recognising, preventing, investigating and combating behaviour that may lead to harm to financial institutions, their clients and employees and (b) at identifying, preventing, investigating and combating improper use of products, services and facilities and/or (attempted) criminal or reprehensible conduct and/or violation of (legal) regulations, directed against financial institutions, their customers and employees and (c) the use of and participation in warning systems. |
Who do we share your personal data with?
We share your data with Security Affairs Officers of (the organisation of) the participants in the PIFI, the police and the judiciary.
How long do we keep your personal data?
We store the incident information for a maximum of eight years, subject to PIFI. If the personal data is deleted by the insurer within eight years, they will also be deleted at the CBV.
10. If your data has been passed on to the Dutch Association of Insurers by an insurer in the context of statistical research
How do we collect your personal data and why?
The Data Analytics Centre (DAC), part of the Dutch Association of Insurers, is committed to providing good statistical support for the product and policy development of individual members and/or groups of members and for the policy-making of the Association. To this end, the DAC receives (personal) data from individual members of the Association, on the basis of which statistics are compiled. Strict confidentiality applies to the data provided, the statistical analysis and the results thereof. The data will only be processed within the DAC and employees of this department are prohibited from tracing data to individual persons, under penalty of dismissal. The ground for processing is the exception in the GDPR for the compilation of statistics (to be found in Articles 5:1(b) and 9:2(j) in combination with Article 89).
|
Personal data to be processed |
Purpose |
|
Policy number, date of birth, date of claim, amount claimed, postcode digits, gender, licence plate number |
Compilation of statistics for the insurance industry |
Who do we share your personal data with?
We share your data with Security Affairs Officers of (the organisation of) the participants in the PIFI, the police and the judiciary.
How long do we keep your personal data?
We store the incident information for a maximum of eight years, subject to PIFI. If the personal data is deleted by the insurer within eight years, they will also be deleted at the CBV.
Appropriate technical and organisational security measures
Article 5 of the GDPR obliges the Dutch Association of Insurers, as controller, to take appropriate technical and organisational measures to prevent the loss or unlawful processing of personal data. The way in which (personal) data is secured depends on the type of data, the way in which this data is stored and processed, as well as the risks identified. The Dutch Association of Insurers has laid down the security measures in internal procedures. For example, the Dutch Association of Insurers has taken the following measures:
- The Dutch Association of Insurers makes backups of personal data in order to be able to restore them in the event of physical or technical incidents.
- Our employees are informed about the importance of protecting personal data.
Secrecy
Employees of the Dutch Association of Insurers are bound by a confidentiality agreement with regard to personal data. The employees are familiar with the privacy regulations and act accordingly.
Exchange of data exclusively within the EU
When outsourcing (parts of) the processing of personal data, the Dutch Association of Insurers will only do so with third parties within the EU that at least meet the requirements applied by the Dutch Association of Insurers and the requirements set by the GDPR, such as taking appropriate technical and organisational measures. The Dutch Association of Insurers concludes processing agreements with processors, in accordance with the provisions of Article 28(3)(a) of the GDPR.
Your rights
When we process your personal data, you have a number of rights that you can exercise to gain control over the personal data we process about you. Specifically, you have the following rights:
- Right of access. This is your right to access the personal data we process about you.
- Right to rectification and completion. This is your right to have your personal data changed with us if it is incorrect or incomplete.
- The right to restriction of processing. The right to ask us to process less of your data.
- The right to automated decision-making and profiling.
- The right to object to data processing where we are processing your data on the basis of our legitimate interest.
- The right to be forgotten, the right to be forgotten when, for example, we no longer need your data.
- The right to data portability, the right to transfer your personal data.
- The right to clear information. This is your right to be clearly informed about what we do with your personal data and why.
If you wish to exercise one of the above rights, you can send a written request with your name, address, telephone number and a copy of a valid proof of identity, in which your BSN number and passport photo are protected, to:
The Dutch Association of Insurers
Attn: the Data Protection Officer
P.O. Box 93450
2509 AL The Hague
Email: privacy@verzekeraars.nl
We would appreciate it if you would inform us of the background of your request so that we can help you in the most targeted way possible. In the event that you request rectification of personal data, you must indicate which data you consider to be incorrect or incomplete and what should be the correct data. We aim to respond to your request as soon as possible or at least within four weeks. The Dutch Association of Insurers is obliged to pass on any changes made to the personal data in response to the request for rectification of the personal data to those to whom it has provided the personal data, unless this proves impossible or requires a disproportionate amount of effort.
Possible abuse
It is possible that you will find that a security breach has occurred with regard to personal data processed by the Dutch Association of Insurers or that there is a suspicion that the security of personal data has not been properly guaranteed by the Dutch Association of Insurers. To prevent possible damage, we ask anyone who suspects such damage to contact the Dutch Association of Insurers immediately. The Dutch Association of Insurers has procedures in place to handle these reports adequately and carefully in accordance with the GDPR.
Contact
If you have any questions, comments or complaints about the protection of your personal data by the Dutch Association of Insurers, please contact us:
The Dutch Association of Insurers
Attn: the Data Protection Officer
P.O. Box 93450
2509 AL The Hague
Email: privacy@verzekeraars.nl
In addition, you always have the right to file a complaint with the Dutch Data Protection Authority, which is the supervisory authority in the field of privacy protection.
Finally
This Privacy Notice may be amended by us from time to time. The most recent version (v2301) is available on our website www.verzekeraars.nl. In the event of significant changes to our privacy policy, we will inform you via our website.