Our privacy statement in full
We handle your personal data with great care
NN takes your privacy very seriously, which is why we handle your personal data with great care. To do this, we take both visible and invisible measures. This privacy statement contains information about the way in which we deal with your personal data.
What is personal data?
If you want to purchase a product from us, for example, or make a claim, we will ask for your personal details, such as your name and address. Also, when you visit our websites, we may collect personal data relating to you, such as the IP address of your computer.
Personal data is information that tells us something about you or that we can relate to you. We call collecting, storing and using your data ‘processing’ your personal data. ‘Processing’is a term used under the law. When processing your personal data, NN abides by all the laws and regulations in the matter, including the General Data Protection Regulation (GDPR). Below are details of what we use your personal data for and which specific items of data that may be.
What do we process your personal data for?
We store and use your personal data for a number of clearly defined purposes only. In most cases, we receive your personal details from you yourself because you are purchasing – or wish to purchase – one or more products. The law then covers the data processing that is necessary for the formation and fulfilment of an agreement. What it boils down to is the fact that we cannot assist you as a customer if we do not have any details about you or are not allowed to store that data.
Your personal data is also used because we operate a centralised customer administration system. We also use it to carry out marketing activities, as well as to do everything we can to prevent and fight fraud or use it for risk management. Under the law, this is called ‘processing for legitimate interests’. This may also be in your own interests, because having that data enables us to help you better and also to fight fraud.
We also process your data so that we can meet our legal obligations.
Below you will find more information about the reasons why we process your personal data:
a. For the execution of your insurance contract or pre-contractual measures
- So that we can assess the application for your agreement.
- To be able to assist you as a customer. That means for entering into, managing and/or implementing our agreements. And/or to give you advice about our products.
- To give and receive information to and from other parties if it is required in connection with the implementation of your agreement. For example, this might be to your insurance intermediary, whom we will notify if there are payment arrears on the agreement.
The personal data that you share with us so that your agreement can be constituted and implemented is necessary for your policy and also to meet our legal obligations. If we do not have these details, the policy cannot be underwritten.
b. Based on legitimate interests
1.Management of our customer file
NN operates with a central customer administration system. Our customer service department uses this customer administration to see what products you have with us so that we can respond to you quickly and accurately. The data that our customer administration department uses includes your name, date of birth, address details, other contact information, details about the product or products that you have with us, payment details, marketing data and details about claims.
2.For marketing objectives
We use your personal data:
- So that we can tailor our services better to your personal situation. This might include offering you other NN products that could suit your needs.
- For analysing personal data so that we can improve our range of products and services and gear them better to the wishes of our (potential) customers. We may also use these analyses to create groups or profiles of customers who have the same characteristics or behaviour.
- To keep you informed via our website, a letter or by e-mail.
- To give you a more personal experience when you visit our websites. In this regard, also take a look at our cookies statement.
Your consent is required for some marketing activities. You are always asked to provide this consent in advance. If you have granted your consent previously and would like to withdraw it, please contact our Data Protection Officer at email@example.com for life insurance and pension products, and at firstname.lastname@example.org for non-life insurance products.
3.To prevent fraud
To protect your own security and that of financial institutions, we process personal data for the purposes of risk management and to prevent and fight fraud. We may also exchange data within NN, as well as with other financial institutions or external investigation agencies.
To guarantee the security and integrity of NN companies, we use a central events administration system. This may include personal data connected with events that may be of importance and for this reason require special attention. We have a single events administration system for all of the companies within the group. Data from the events administration system is available for all companies controlled by Nationale Nederlanden.
4.To be able to assess risks better
We process personal data for statistical analysis, to enable us to assess risks better and to set the prices of our products correctly. We also keep data so that we have accurate information in the event of a complaint or dispute.
5.Processing of third-party data
In some cases record the data of persons other than our customers, such as injured parties, administrators and beneficiaries. We only do this to the extent that it is necessary to implement the agreement with the customer.
c. To comply with legal obligations
Partly for your own security, we are legally obliged to ask for your personal data in order to establish your identity.
For the implementation of certain agreements, we are obliged to share your data with the Federal Public Service Finance. In turn, FPS Finance will report the data of individuals who may be designed as a Specified US Person on account of a connection with the United States to the US tax authorities (under FATCA legislation), as well as the data of individuals who have a place of residence in one of the countries that come under Common Reporting Standards (CRS).
In uitzonderlijke gevallen zijn we verplicht je persoonsgegevens aan andere partijen zoals toezichthouders, politie, justitie, of inlichtingendiensten te verstrekken.
When it comes to processing data about your health, we require your consent – just as we do for the application of certain direct marketing activities.
What personal data do we process?
The personal data that we receive from you for the implementation of the agreement. This information relates to:
- General details, such as your name, address, telephone number, e-mail address and date of birth.
- Data that enables you to be identified.
- Your account number to be able to receive payments from you or to make payments to you.
- Financial data. We request this information in some cases, such as when applying for death insurance.
- Data that we require for a specific product, such as a registration number in the event of a damages claim for a car insurance policy.
- In certain cases, a legal obligation means we also need your national register number.
For cover such as insurance against death or disability insurance, we also need to receive your health details from you. We obtain this data from you, your employer or – with your permission – from a doctor. The processing of your medical records takes place under the responsibility of the medical adviser (doctor). Medical records are only provided by the medical adviser to other parties within the company to enable them to carry out their work. In such cases, these other parties also have the same duty of confidentiality as is imposed on the medical adviser in terms of his/her medical confidentiality.
The term ‘additional data’ means extra information that we have not obtained from you or your adviser, but from other (public) sources. This might include viewing information for combating terrorism or money laundering. Or consulting information from the central credit office.
Or data connected with your personal preferences: information about your behaviour and preferences regarding the use of communication and relationship channels. In some cases we do this assess a risk or to comply with our legal obligations. You will find more information in this regard on this page under 'Who do we obtain your data from?'.
We keep a record of when you are in contact with us.
Your visits to our websites and use of our apps
Who do we obtain your data from?
We obtain the majority of your personal data from you or your financial adviser. If you are insured with NN, via your employer for example for a pension policy, we obtain your details from your employer. If necessary in implementing an agreement, we may also obtain data from other banks and insurance companies. We obtain information about your health from you, or from your employer (if you have work disability insurance cover), or via your doctor (after you have given your consent).
We also use public data and data from market research agencies to validate and enhance our data, as well as to gain better insights about our customers and services. We only process personal data obtained from third parties if that data is permitted to be provided by that party and then only for the purposes for which it was obtained.
Who can we pass your personal data on to?
We are allowed to pass on your personal data to the persons, companies and authorities stated below. We only do so when:
- it is necessary for the implementation of the agreement;
- we have a ‘legitimate interest’ to do so and the passing on of your data is necessary. You will find an explanation of this in the section headed ‘What do we process your personal data for?’;
- there is a legal obligation for us to pass on your data;
- you have given us your consent.
Only if at least one of the reasons stated above applies do we pass on your data to one or more of the parties below:
- Our staff, on condition that they require this data for the work they are doing.
- Entities in the NN Group N.V. and their representatives in other countries, their suppliers and service providers, on condition that it is necessary for operational purposes and to comply with legal obligations.
- Companies to which we outsource tasks (‘processors’). These companies are then working on our behalf.
- Your financial adviser, his/her/its suppliers or service providers.
- Your employer and its adviser, if you are insured via your employer.
- Medical advisers and employment specialists.
- Companies that we bring in as part of settling a claim by providing loss assessment services or repair and consultancy works, for damage and income protection insurance.
- Lawyers and technical advisers,
- Public services such as regulators, the police and courts, and government departments, if we are legally obliged to do so.
- Other banks and insurance companies. This also includes reinsurers and legal assistance insurers.
- Bailiffs, collection agencies and/or notaries.
- To any person who is appealing or against whom an appeal is made in connected with the agreements underwritten.
- External registers, such as the Central Point of Contact.
For a number of products, such as death insurance, we assess the application using an automated process. In this process, we gauge whether you meet our acceptance criteria without any associated legal consequences. The automated process is followed by a manual procedure in which automatic acceptance is not possible.
This is how we take care of your personal data
We provide strong protection
We devote a great deal of time and attention to protecting our systems and the personal data stored in them. We are constantly monitoring the security of our data traffic. If anything goes amiss, we take immediate action to rectify the situation. We resolve data leaks and keep a record of them, which we are obliged to do under the law. We also report them to the relevant authority and to you, if there is reason to do so.
The way we process personal data is regulated:
- The Data Protection Authority monitors us to ensure we comply with the GDPR and other privacy-related regulations.
- The National Bank of Belgium (NBB), the European Central Bank (ECB) and the Financial Services and Markets Authority (FSMA) monitor the finance sector in general and hence also NN.
- In-house, the Data Protection Officer monitors the way we deal with your personal data. For life insurance and pension products, the DPO can be reached via email@example.com. For indemnity insurance policies, the DPO can be reached via firstname.lastname@example.org.
We have signed a confidentiality statement
All of our employees have signed a confidentiality statement. We deal carefully with the data that you entrust to us. Only authorised personnel may view and process your data.
What are your rights?
As a customer you have a number of rights relating to your personal data. These rights are explained below.
You have the right of inspection
This means that you can request what personal data we have recorded in relation to you and what we use it for.
You have the right to rectification, deletion and limitation
You have the right to have your personal data rectified if it is not correct. You also have the right to have your personal data deleted if your personal data has not been processed legitimately, or is no longer required for the purpose for which it was processed, or because you have withdrawn your consent and NN no longer has a valid reason to process your data. You also have the right to limit the processing of your personal data. This rights means that you can indicate that your data may no longer be used on a temporary basis. You can use this right if your personal data is no longer accurate, has been unlawfully processed, is no longer required for the purpose for which it was collected or processed, or if you object to it being processed and object to it still being processed by us.
You have the right to the portability of your data
This means that in certain cases, you have the right to ask us to transfer the personal data that you have given us to yourself and/or to another service provider.
You have the right to object
You may object to the processing of your personal data if we use it for other purposes than those that are necessary for the implementation of an agreement or necessary to comply with a legal obligation. We will examine your objection carefully and cease processing your personal data, if necessary.
You have the right at all times and without stating a reason to object to your personal data being processed for business prospection purposes (direct marketing) and the profiling associated with it.
You have the right to withdraw your consent
This means that you may withdraw the consent that you granted previously. For health data, any such withdrawal of consent will result in the processing of health data with purposes stated earlier no longer continuing. This may have possible consequences for the policy you have taken out.
Set your preferences for receiving offers
It is straightforward for you to change your choices for receiving offers by e-mail at any time.
Exercising one of these rights
How long do we keep your data?
We keep data for as long as we are required to do so by law and for as long as it is necessary for the purpose for which we use the data. This may differ from product to product.
We retain your data for as long as you are one of our customers. We also retain it for some time after you no longer have a certain product of ours. When that is the case, we apply the statutory retention time. After that, we only retain your data for statistical purposes and for the purpose of dealing with complaints and to handle legal claims.
Where do we process your data?
Your data is usually processed within the European Union (EU). In some cases, personal data is processed outside the EU. Also, some of our providers and collaborative partners are located outside the EU or provide these services outside the EU. The regulations in these countries do not always offer the same level of protection for personal data as European regulations. However, to ensure that your personal data is kept secure, in these cases we take measures by signing agreements in which we make comparable arrangements regarding the security of personal data, just as we do within the EU. We call this EU model contracts (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
Got any questions?
The Privacy Statement may be modified from time to time to remain compliant with new legislation or our updated processes. We therefore recommend that you visit this page regularly.
Got a complaint?
If you have a complaint about the way in which NN deals with your personal data, please contact us via email@example.com for life insurance and pension products, or firstname.lastname@example.org for indemnity insurance policies.
You may also lodge a complaint via the Data Protection Authority (https://www.gegevensbeschermingsautoriteit.be/contact).