Our privacy statement in full

We handle your personal data with great care

In case of life insurance and pension products, your personal data is processed by NN Insurance Belgium NV, 38 Fonsnylaan, 1060 Brussels, the Data Controller.

In case of indemnity insurance products, your personal data is processed by NN Insurance Services Belgium NV/SA as a representative of NN Non-Life, 38 Fonsnylaan, 1060 Brussels, the Data Controller.

NN takes your privacy very seriously, which is why we handle your personal data with great care. To do this, we take both visible and invisible measures. This privacy statement contains information about the way in which we deal with your personal data.

What is personal data?

If you want to purchase a product from us, for example, or make a claim, we will ask for your personal details, such as your name and address. Also, when you visit our websites, we may collect personal data relating to you, such as the IP address of your computer.

Personal data is information that tells us something about you or that we can relate to you. We call collecting, storing and using your data ‘processing’ your personal data. ‘Processing’is a term used under the law. When processing your personal data, NN abides by all the laws and regulations in the matter, including the General Data Protection Regulation (GDPR). Below are details of what we use your personal data for and which specific items of data that may be.

What do we process your personal data for?

We store and use your personal data for a number of clearly defined purposes only. In most cases, we receive your personal details from you yourself because you are purchasing – or wish to purchase – one or more products. The law then covers the data processing that is necessary for the formation and fulfilment of an agreement. What it boils down to is the fact that we cannot assist you as a customer if we do not have any details about you or are not allowed to store that data.

Your personal data is also used because we operate a centralised customer administration system. We also use it to carry out marketing activities, as well as to do everything we can to prevent and fight fraud or use it for risk management. Under the law, this is called ‘processing for legitimate interests’. This may also be in your own interests, because having that data enables us to help you better and also to fight fraud.

We also process your data so that we can meet our legal obligations.

Below you will find more information about the reasons why we process your personal data:

In the context of pre-contractual measures, the conclusion, management and/or execution of the insurance contract(s) for which you are the policyholder, person insured, beneficiary, representative or effective beneficiary

NN processes your personal data for the following purposes:

  • the conclusion, management and execution of the insurance contract(s), including assessment of the risks and evaluation of eligibility;
  • the fulfilment of pre-contractual and contractual obligations and obligations arising from the insurance relationship with you, including:
    • the management of the contractual relationship;
    • the provision of customer service (for example replying to your e-mails or calls (including their recording, where applicable);
    • the issue, collection and verification of invoices and premiums;
    • the management and settlement of claims and reimbursements (including exchange of data with Assuralia / Datassur within the framework of the RDR convention RDR for indemnity insurance products);
    • the management of complaints and disputes;
    • recovery from third parties responsible for a claim (specific for indemnity insurance products);
    • communication with NN staff regarding the conclusion, management and/or execution of the insurance contract(s);
    • the redistribution of risks by way of co-insurance, reinsurance or assistance services.
  • The exchange of data with Assuralia concerning RSR and the claims database (specific for indemnity insurance products).

Insofar as you provide us with your health data in the context of a pre-contractual or contractual relationship with us, we need to obtain your explicit consent.

The personal data that you provide use with for the conclusion and execution of your policies is necessary for the conclusion of your contract and to comply with our legal obligations. Without this data, the contract cannot be concluded.

In some cases record the data of persons other than our customers, such as injured parties, administrators and beneficiaries. We only do this to the extent that it is necessary to implement the agreement with the customer.

For the central customer administration

NN operates with a central customer administration system. Our customer service department uses this customer administration to see what products you have with us so that we can respond to you quickly and accurately. The data that our customer administration department uses includes your name, date of birth, address details, other contact information, details about the product or products that you have with us, payment details, marketing data and details about claims.

For marketing objectives

From a marketing point of view, NN may process your data to produce commercial modelling and profiling, including:

  • conducting studies, creating models and producing statistics for strategic and commercial purposes, such as the development of new products and services and our positioning on the market; and for establishing customer profiles and models using the information obtained from analytical models in order to respond effectively to the requirements of customers and potential customers.

This processing is carried out in our legitimate interest, which consists of improving and developing our products and services, as well as planning our strategy and growth.

Your data can also be processed for developing and enhancing NN products and services and improving the customer’s experience. NN may process your personal data in order to develop and enhance its products and services and to improve the customer’s experience. This processing covers:

  • the monitoring, revision, assessment, simplification, optimisation and/or automation of our internal processes and systems to make our back-office operations more efficient; digital channels to enhance your experience as a customer; distribution

and/or

    • products, services, systems and processes in order to ensure continuous improvement;
    • monitoring the quality of our services (for example by conducting customer satisfaction surveys);
  • the management of relations with third parties (such as suppliers).

This processing is carried out in our legitimate interest, which consists of acting and providing services in the interest of our customers, as required by the regulations, such as the Insurance Distribution Directive (IDD) and AssurMiFID, and, more generally, to maintain and improve the services we provide.

Direct marketing about NN products and services is another marketing purpose.

NN does not and will not use your sensitive personal data, or any personal data about your health, for direct marketing purposes.

Direct marketing may be carried out using various means of communication (such as by post, e-mail, telephone and any other form of electronic communication) by NN itself, in line with the applicable legislation.

NN may, based on its legitimate interests, process your non-sensitive personal data for the purpose of:

  • examining and optimising the NN products and services you have currently;
  • telling you about new insurance products;
  • improving our services by having a better understanding of your expectations and experiences with our products and services.

The direct marketing activities mentioned above are carried out in our legitimate interest, which is to inform our existing customers about NN products and services.

Your consent is required for some marketing activities. You are always asked to provide this consent in advance. If you have granted your consent previously and would like to withdraw it, please contact our Data Protection Officer at dpo@nn.be for life insurance and pension products, and at dponl@nn.be for indemnity insurance products.

For governance, security and the fight against fraud

NN processes your data in order to carry out corporate governance tasks and checks, to ensure security and to prevent fraud. This processing includes:

  • compliance with regulatory requirements, standards and codes of conduct that apply;
  • administration, management and follow-up by NN (carried out, for example, by the legal department for governance tasks, legal risks, the resolution of litigation and disputes, by the risk management department, the complaints management department, the compliance department, the internal audit  department, etc. );
  • the redistribution of risks through (co-)insurance and/or reinsurance;
  • the monitoring of our activities and the administrative knowledge of the various persons and legal entities with which NN maintains contact, making it possible to identify cases, intermediaries and other parties involved, if necessary;
  • protecting customers, employees, the company, assets and shareholders of NN;
  • the general purposes of physical security;
  • communication (for example of e-mails) and the recording of calls for evidentiary purposes and for preventing and detecting fraud;
  • general security operations and checks on NN’s IT networks and systems, including our application landscape (for example during the investigation or resolution of incidents, or access problems to systems or applications for customers);
  • the prevention, detection and investigation of late payments, crimes, abuses and fraud. In this regard, we are able to detect that you are late in paying your premium, that you are involved in a case of fraud, that you are cooperating with terrorism, the smuggling of arms or human trafficking, etc. Discoveries of this type may result in not granting you a policy or insurance cover.

We may also exchange data within NN, as well as with other financial institutions or external investigation agencies.

To guarantee the security and integrity of NN companies, we use a central events administration system. This may include personal data connected with events that may be of importance and for this reason require special attention. We have a single events administration system for all of the companies within the group. Data from the events administration system is available for all companies controlled by Nationale Nederlanden.

These processing activities are carried out in our legitimate interest, which consists of ensuring good corporate governance and the prudential supervision to which NN is subject.

NN also ensures, through legitimate interest assessment, that this processing is necessary to achieve the objective(s) and that our interests are in balance with yours and with respect for your privacy.

To be able to assess risks better

NN conducts surveys, creates models and produces statistics for regulatory reports, risk analysis or to monitor profitability. We do this:

  • for external reporting purposes, in line with the various general regulations in financial law and insurance law to which we are subject (such BE GAA and IFRS 17), or to share statistical data (not including personal data) about insurance with sector organisation such as Assuralia, etc.; and
  • for internal reporting purposes in order to comply with the policies and guidelines set by the Group Nationale Nederlanden, of which we are a member, to enable them to assess overall and financial risks designed to guarantee the viability and continuity of the Group.

These processing activities are carried out in our legitimate interest, in the light of the prudential monitoring to which NN is subject.

Processing data for court cases

We may be required to process your personal data for the establishment, exercise or defence of legal rights.

To comply with legal obligations

NN may also process your personal data on the grounds of compliance with the numerous statutory obligations to which NN, as an insurance company or distributor of insurance products, is subject, such as the legislation or obligations governing:

  • insurance companies, Solvency II and market stability, as provided for by the Act of 13th March 2016 relating to the status and control of insurance or reinsurance companies, circulars from the National Bank of Belgium, etc.;
  • insurance policies and their distribution, such as the Insurance Act of 4th April 2014, the insurance distribution directive (IDD), etc.;
  • social security and social protection;
  • tax matters or accountancy;
  • the prevention of money laundering and the financing of terrorism;
  • the protection of investors and consumers;
  • data protection;
  • the safety of our visitors via surveillance cameras at our offices, in accordance with the Act of 30th July 2018 amending the Act of 21st March 2007 governing the installation and use of surveillance cameras;
  • etc.

In addition, NN may also be subject to the obligation to respond to questions from control or government authorities, such as the Data Protection Authority, the Financial Services and Markets Authority (FSMA), the National Bank of Belgium (BNB), Federal Public Service Finance, sector or consumer Organisations, such as the Insurance Ombudsman, etc.; to its external auditor; and/or to judicial investigations, to court rulings and judicial proceedings in general (whether civil or criminal).

Consent

To be able to process your personal data regarding your past, present and/or future state of health, we require your consent, just as we do to carry out certain direct marketing activities.

NN will only process your personal data relating to your health for purposes for which you have given your specific consent.

More specifically:

  • before (an) insurance policy(ies) can be concluded and depending on the product, NN processes certain items of your personal data relating to your health so that it can set appropriate prices and management costs; and
  • for the purpose of managing, processing and handling your claims.

If you do not give your specific consent or wish to withdraw your consent, this may adversely affect the conclusion, management and/or proper fulfilment of your insurance policy(ies).

NN may be required to process your personal data, including personal data about your health and/or personal data about criminal convictions and offences, in order to establish, exercise or defend legal rights or for the management of our own litigation. When carrying out this type of processing, NN will comply with the applicable data protection laws.

What about minors and individuals who are legally incompetent?

Normally, NN does not process the personal data of any individual under the age of 18 or individuals who are legally incompetent.

We only process that data if we have received the written consent of the person with parental/legal responsibility for the minor in question and/or for the legally incompetent person. This person with responsibility will be the legal representative of the minor or legally incompetent person for all aspects relating to the conclusion, management and/or execution of the insurance policy(ies), as well as for all aspects associated with the person’s privacy in this regard.

What personal data do we process?

The personal data that we receive from you for the implementation of the agreement. This information relates to:

  • General details, such as your name, address, telephone number, e-mail address and date of birth.
  • Data that enables you to be identified.
  • Your account number to be able to receive payments from you or to make payments to you.
  • Financial data. We request this information in some cases, such as when applying for death insurance.
  • Data that we require for a specific product, such as a registration number in the event of a damages claim for a car insurance policy.
  • In certain cases, a legal obligation means we also need your national register number.

 

Health details

For cover such as insurance against death or disability insurance, we also need to receive your health details from you. We obtain this data from you, your employer or – with your permission – from a doctor. The processing of your medical records takes place under the responsibility of the medical adviser (doctor). Medical records are only provided by the medical adviser to other parties within the company to enable them to carry out their work. In such cases, these other parties also have the same duty of confidentiality as is imposed on the medical adviser in terms of his/her medical confidentiality.

 

Additional data

The term ‘additional data’ means extra information that we have not obtained from you or your adviser, but from other (public) sources. This might include viewing information for combating terrorism or money laundering. Or consulting information from the central credit office.

Or data connected with your personal preferences: information about your behaviour and preferences regarding the use of communication and relationship channels. In some cases we do this assess a risk or to comply with our legal obligations. You will find more information in this regard on this page under 'Who do we obtain your data from?'.

 

Contact history

We keep a record of when you are in contact with us.

 

Your visits to our websites and use of our apps

We record details about your visits to our websites or use of our apps. For example, which pages you visited, when you logged into apps or what searches you carried out. This enables us to operate the site better and to give you a more personalised experience. We also use this data for marketing activities. One of the ways we do this is by placing cookies. You will find more information about the use of cookies in our Cookies Statement. We also process your IP address. This is the number of your computer, tablet or mobile on the Internet that makes you visible for other computers, tablets and mobile phones.

Who do we obtain your data from?

We obtain the majority of your personal data from you or your financial adviser. If you are insured with NN, via your employer for example for a pension policy, we obtain your details from your employer. If necessary in implementing an agreement, we may also obtain data from other banks and insurance companies. We obtain information about your health from you, or from your employer (if you have work disability insurance cover), or via your doctor (after you have given your consent).

We also use public data and data from market research agencies to validate and enhance our data, as well as to gain better insights about our customers and services. We only process personal data obtained from third parties if that data is permitted to be provided by that party and then only for the purposes for which it was obtained.

Who can we pass your personal data on to?

We are allowed to pass on your personal data to the persons, companies and authorities stated below. We only do so when:

  • it is necessary for the implementation of the agreement;
  • we have a ‘legitimate interest’ to do so and the passing on of your data is necessary. You will find an explanation of this in the section headed ‘What do we process your personal data for?’;
  • there is a legal obligation for us to pass on your data;
  • you have given us your consent.

Only if at least one of the reasons stated above applies do we pass on your data to one or more of the parties below:

  • Our staff, on condition that they require this data for the work they are doing.
  • Entities in the NN Group N.V. and their representatives in other countries, their suppliers and service providers, on condition that it is necessary for operational purposes and to comply with legal obligations.
  • Companies to which we outsource tasks (‘processors’). These companies are then working on our behalf.
  • Your financial adviser, his/her/its suppliers or service providers.
  • Your employer and its adviser, if you are insured via your employer.
  • Medical advisers and employment specialists.
  • Companies that we bring in as part of settling a claim by providing loss assessment services or repair and consultancy works, for damage and income protection insurance.
  • Lawyers and technical advisers,
  • Public services such as regulators, the police and courts, and government departments, if we are legally obliged to do so.
  • Other banks and insurance companies. This also includes reinsurers and legal assistance insurers.
  • Bailiffs, collection agencies and/or notaries.
  • To any person who is appealing or against whom an appeal is made in connected with the agreements underwritten.
  • External registers, such as the Central Point of Contact.
  • The Belgian identity document verification website (checkdoc.be)
  • Specific for damage insurance products: Datassur (within the framework of the RDR agreement).

Automated decision-making

For a number of products, such as death insurance, we assess the application using an automated process. In this process, we gauge whether you meet our acceptance criteria without any associated legal consequences.   The automated process is followed by a manual procedure in which automatic acceptance is not possible.

 

This is how we take care of your personal data

We provide strong protection

We devote a great deal of time and attention to protecting our systems and the personal data stored in them. We are constantly monitoring the security of our data traffic. If anything goes amiss, we take immediate action to rectify the situation. We resolve data leaks and keep a record of them, which we are obliged to do under the law. We also report them to the relevant authority and to you, if there is reason to do so.

 

The way we process personal data is regulated:

  • The Data Protection Authority monitors us to ensure we comply with the GDPR and other privacy-related regulations.
  • The National Bank of Belgium (NBB) and the Financial Services and Markets Authority (FSMA) monitor the finance sector in general and hence also NN.
  • In-house, the Data Protection Officer (DPO) monitors the way we deal with your personal data. For life insurance and pension products, the DPO can be reached via dpo@nn.be. For indemnity insurance products, the DPO can be reached via dponl@nn.be.

We have signed a confidentiality statement

All of our employees have signed a confidentiality statement. We deal carefully with the data that you entrust to us. Only authorised personnel may view and process your data.

What are your rights?

As a customer you have a number of rights relating to your personal data. These rights are explained below.

 

You have the right of inspection

This means that you can request what personal data we have recorded in relation to you and what we use it for.

 

You have the right to rectification, deletion and limitation

You have the right to have your personal data rectified if it is not correct. You also have the right to have your personal data deleted if your personal data has not been processed legitimately, or is no longer required for the purpose for which it was processed, or because you have withdrawn your consent and NN no longer has a valid reason to process your data. You also have the right to limit the processing of your personal data. This rights means that you can indicate that your data may no longer be used on a temporary basis. You can use this right if your personal data is no longer accurate, has been unlawfully processed, is no longer required for the purpose for which it was collected or processed, or if you object to it being processed and object to it still being processed by us.

 

You have the right to the portability of your data

This means that in certain cases, you have the right to ask us to transfer the personal data that you have given us to yourself and/or to another service provider.

 

You have the right to object

You may object to the processing of your personal data if we use it for other purposes than those that are necessary for the implementation of an agreement or necessary to comply with a legal obligation. We will examine your objection carefully and cease processing your personal data, if necessary.

 

You have the right at all times and without stating a reason to object to your personal data being processed for business prospection purposes (direct marketing) and the profiling associated with it.

 

You have the right to withdraw your consent

This means that you may withdraw the consent that you granted previously. For health data, any such withdrawal of consent will result in the processing of health data with purposes stated earlier no longer continuing. This may have possible consequences for the policy you have taken out.

 

Set your preferences for receiving offers

It is straightforward for you to change your choices for receiving offers by e-mail at any time.

 

Exercising one of these rights

 

If you wish to exercise one of these rights, send an e-mail to dpo@nn.be for life insurance and pension products, or to dponl@nn.be for indemnity insurance policies.

 

Make sure that it is clear which right you want to exercise and in what way (e.g. by e-mail, by post) you wish to receive the information. Please note that in certain cases we will ask for more information; we want to make sure we're helping the right person.

We will reply within a month. Exceptionally, this may take longer (up to a maximum of 3 months in total), but in that case, we will let you know within 1 month why this is the case.

Whether or not you can exercise your rights depends on the purpose of the processing and the legal base for the processing.

 

How long do we keep your data?

We keep data for as long as we are required to do so by law and for as long as it is necessary for the purpose for which we use the data. This may differ from product to product.

 

We retain your data for as long as you are one of our customers. We also retain it for some time after you no longer have a certain product of ours. When that is the case, we apply the statutory retention time. After that, we only retain your data for statistical purposes and for the purpose of dealing with complaints and to handle legal claims.

 

Where do we process your data?

Your data is usually processed within the European Union (EU). In some cases, personal data is processed outside the EU. Also, some of our providers and collaborative partners are located outside the EU or provide these services outside the EU. The regulations in these countries do not always offer the same level of protection for personal data as European regulations. However, to ensure that your personal data is kept secure, in these cases we take measures by signing agreements in which we make comparable arrangements regarding the security of personal data, just as we do within the EU. We call this EU model contracts (https://ec.europa.eu/info/law/law-topic/data-protection/international-di...).

Got any questions?

If you have any general questions about your personal data, please contact us via dpo@nn.be for life insurance and pension products, or dponl@nn.be for indemnity insurance policies.

The Privacy Statement may be modified from time to time to remain compliant with new legislation or our updated processes. We therefore recommend that you visit this page regularly. The latest review was on December 16h 2021. The chapter ‘What do we process your data for’ has been rewritten for more transparency.

 

Got a complaint?

If you have a complaint about the way in which NN deals with your personal data, please contact us via dpo@nn.be for life insurance and pension products, or dponl@nn.be for indemnity insurance policies.

You may also lodge a complaint via the Data Protection Authority (contact@apd-gba.be or via the website Homepage | Autorité de protection des données<br>Gegevensbeschermingsautoriteit (dataprotectionauthority.be).

Modifications to the pricacy statement

NN may modify this Privacy Statement whenever it is necessary. You can view the latest version at any time via the following address: Privacy statement | NN Belgium – Insurance.