Consent
To be able to process your personal data regarding your past, present and/or future state of health, we require your consent, just as we do to carry out certain direct marketing activities.
NN will only process your personal data relating to your health for purposes for which you have given your specific consent.
More specifically:
- before (an) insurance policy(ies) can be concluded and depending on the product, NN processes certain items of your personal data relating to your health so that it can set appropriate prices and management costs; and
- for the purpose of managing, processing and handling your claims.
If you do not give your specific consent or wish to withdraw your consent, this may adversely affect the conclusion, management and/or proper fulfilment of your insurance policy(ies).
NN may be required to process your personal data, including personal data about your health and/or personal data about criminal convictions and offences, in order to establish, exercise or defend legal rights or for the management of our own litigation. When carrying out this type of processing, NN will comply with the applicable data protection laws.
What about minors and individuals who are legally incompetent?
Normally, NN does not process the personal data of any individual under the age of 18 or individuals who are legally incompetent.
We only process that data if we have received the written consent of the person with parental/legal responsibility for the minor in question and/or for the legally incompetent person. This person with responsibility will be the legal representative of the minor or legally incompetent person for all aspects relating to the conclusion, management and/or execution of the insurance policy(ies), as well as for all aspects associated with the person’s privacy in this regard.
What personal data do we process?
The personal data that we receive from you for the implementation of the agreement. This information relates to:
- General details, such as your name, address, telephone number, e-mail address and date of birth.
- Data that enables you to be identified.
- Your account number to be able to receive payments from you or to make payments to you.
- Financial data. We request this information in some cases, such as when applying for death insurance.
- Data that we require for a specific product, such as a registration number in the event of a damages claim for a car insurance policy.
- In certain cases, a legal obligation means we also need your national register number.
Health details
For cover such as insurance against death or disability insurance, we also need to receive your health details from you. We obtain this data from you, your employer or – with your permission – from a doctor. The processing of your medical records takes place under the responsibility of the medical adviser (doctor). Medical records are only provided by the medical adviser to other parties within the company to enable them to carry out their work. In such cases, these other parties also have the same duty of confidentiality as is imposed on the medical adviser in terms of his/her medical confidentiality.
Additional data
The term ‘additional data’ means extra information that we have not obtained from you or your adviser, but from other (public) sources. This might include viewing information for combating terrorism or money laundering. Or consulting information from the central credit office.
Or data connected with your personal preferences: information about your behaviour and preferences regarding the use of communication and relationship channels. In some cases we do this assess a risk or to comply with our legal obligations. You will find more information in this regard on this page under 'Who do we obtain your data from?'.
Contact history
We keep a record of when you are in contact with us.
Your visits to our websites and use of our apps
We record details about your visits to our websites or use of our apps. For example, which pages you visited, when you logged into apps or what searches you carried out. This enables us to operate the site better and to give you a more personalised experience. We also use this data for marketing activities. One of the ways we do this is by placing cookies. You will find more information about the use of cookies in our Cookies Statement. We also process your IP address. This is the number of your computer, tablet or mobile on the Internet that makes you visible for other computers, tablets and mobile phones.
Who do we obtain your data from?
We obtain the majority of your personal data from you or your financial adviser. If you are insured with NN, via your employer for example for a pension policy, we obtain your details from your employer. If necessary in implementing an agreement, we may also obtain data from other banks and insurance companies. We obtain information about your health from you, or from your employer (if you have work disability insurance cover), or via your doctor (after you have given your consent).
We also use public data and data from market research agencies to validate and enhance our data, as well as to gain better insights about our customers and services. We only process personal data obtained from third parties if that data is permitted to be provided by that party and then only for the purposes for which it was obtained.
Who can we pass your personal data on to?
We are allowed to pass on your personal data to the persons, companies and authorities stated below. We only do so when:
- it is necessary for the implementation of the agreement;
- we have a ‘legitimate interest’ to do so and the passing on of your data is necessary. You will find an explanation of this in the section headed ‘What do we process your personal data for?’;
- there is a legal obligation for us to pass on your data;
- you have given us your consent.
Only if at least one of the reasons stated above applies do we pass on your data to one or more of the parties below:
- Our staff, on condition that they require this data for the work they are doing.
- Entities in the NN Group N.V. and their representatives in other countries, their suppliers and service providers, on condition that it is necessary for operational purposes and to comply with legal obligations.
- Companies to which we outsource tasks (‘processors’). These companies are then working on our behalf.
- Your financial adviser, his/her/its suppliers or service providers.
- Your employer and its adviser, if you are insured via your employer.
- Medical advisers and employment specialists.
- Companies that we bring in as part of settling a claim by providing loss assessment services or repair and consultancy works, for damage and income protection insurance.
- Lawyers and technical advisers,
- Public services such as regulators, the police and courts, and government departments, if we are legally obliged to do so.
- Other banks and insurance companies. This also includes reinsurers and legal assistance insurers.
- Bailiffs, collection agencies and/or notaries.
- To any person who is appealing or against whom an appeal is made in connected with the agreements underwritten.
- External registers, such as the Central Point of Contact.
- The Belgian identity document verification website (checkdoc.be)
- Specific for damage insurance products: Datassur (within the framework of the RDR agreement).
Automated decision-making
For a number of products, such as death insurance, we assess the application using an automated process. In this process, we gauge whether you meet our acceptance criteria without any associated legal consequences. The automated process is followed by a manual procedure in which automatic acceptance is not possible.
This is how we take care of your personal data
We provide strong protection
We devote a great deal of time and attention to protecting our systems and the personal data stored in them. We are constantly monitoring the security of our data traffic. If anything goes amiss, we take immediate action to rectify the situation. We resolve data leaks and keep a record of them, which we are obliged to do under the law. We also report them to the relevant authority and to you, if there is reason to do so.
The way we process personal data is regulated:
- The Data Protection Authority monitors us to ensure we comply with the GDPR and other privacy-related regulations.
- The National Bank of Belgium (NBB) and the Financial Services and Markets Authority (FSMA) monitor the finance sector in general and hence also NN.
- In-house, the Data Protection Officer (DPO) monitors the way we deal with your personal data. For life insurance and pension products, the DPO can be reached via dpo@nn.be. For indemnity insurance products, the DPO can be reached via dponl@nn.be.
We have signed a confidentiality statement
All of our employees have signed a confidentiality statement. We deal carefully with the data that you entrust to us. Only authorised personnel may view and process your data.
What are your rights?
As a customer you have a number of rights relating to your personal data. These rights are explained below.
You have the right of inspection
This means that you can request what personal data we have recorded in relation to you and what we use it for.
You have the right to rectification, deletion and limitation
You have the right to have your personal data rectified if it is not correct. You also have the right to have your personal data deleted if your personal data has not been processed legitimately, or is no longer required for the purpose for which it was processed, or because you have withdrawn your consent and NN no longer has a valid reason to process your data. You also have the right to limit the processing of your personal data. This rights means that you can indicate that your data may no longer be used on a temporary basis. You can use this right if your personal data is no longer accurate, has been unlawfully processed, is no longer required for the purpose for which it was collected or processed, or if you object to it being processed and object to it still being processed by us.
You have the right to the portability of your data
This means that in certain cases, you have the right to ask us to transfer the personal data that you have given us to yourself and/or to another service provider.
You have the right to object
You may object to the processing of your personal data if we use it for other purposes than those that are necessary for the implementation of an agreement or necessary to comply with a legal obligation. We will examine your objection carefully and cease processing your personal data, if necessary.
You have the right at all times and without stating a reason to object to your personal data being processed for business prospection purposes (direct marketing) and the profiling associated with it.
You have the right to withdraw your consent
This means that you may withdraw the consent that you granted previously. For health data, any such withdrawal of consent will result in the processing of health data with purposes stated earlier no longer continuing. This may have possible consequences for the policy you have taken out.
Set your preferences for receiving offers
It is straightforward for you to change your choices for receiving offers by e-mail at any time.
Exercising one of these rights
If you wish to exercise one of these rights, send an e-mail to dpo@nn.be for life insurance and pension products, or to dponl@nn.be for indemnity insurance policies.
Make sure that it is clear which right you want to exercise and in what way (e.g. by e-mail, by post) you wish to receive the information. Please note that in certain cases we will ask for more information; we want to make sure we're helping the right person.
We will reply within a month. Exceptionally, this may take longer (up to a maximum of 3 months in total), but in that case, we will let you know within 1 month why this is the case.
Whether or not you can exercise your rights depends on the purpose of the processing and the legal base for the processing.
How long do we keep your data?
We keep data for as long as we are required to do so by law and for as long as it is necessary for the purpose for which we use the data. This may differ from product to product.
We retain your data for as long as you are one of our customers. We also retain it for some time after you no longer have a certain product of ours. When that is the case, we apply the statutory retention time. After that, we only retain your data for statistical purposes and for the purpose of dealing with complaints and to handle legal claims.
Where do we process your data?
Your data is usually processed within the European Union (EU). In some cases, personal data is processed outside the EU. Also, some of our providers and collaborative partners are located outside the EU or provide these services outside the EU. The regulations in these countries do not always offer the same level of protection for personal data as European regulations. However, to ensure that your personal data is kept secure, in these cases we take measures by signing agreements in which we make comparable arrangements regarding the security of personal data, just as we do within the EU. We call this EU model contracts (https://ec.europa.eu/info/law/law-topic/data-protection/international-di...).
Got any questions?
If you have any general questions about your personal data, please contact us via dpo@nn.be for life insurance and pension products, or dponl@nn.be for indemnity insurance policies.
The Privacy Statement may be modified from time to time to remain compliant with new legislation or our updated processes. We therefore recommend that you visit this page regularly. The latest review was on December 16h 2021. The chapter ‘What do we process your data for’ has been rewritten for more transparency.
Got a complaint?
If you have a complaint about the way in which NN deals with your personal data, please contact us via dpo@nn.be for life insurance and pension products, or dponl@nn.be for indemnity insurance policies.
You may also lodge a complaint via the Data Protection Authority (contact@apd-gba.be or via the website Homepage | Autorité de protection des données<br>Gegevensbeschermingsautoriteit (dataprotectionauthority.be).
|