1. Introduction
This privacy statement is for Frisia Insurance based in The Hague. Reachable by phone at number: 070-3420150 and registered with the Chamber of Commerce under number: 27094602.
There is a data protection officer that you can contact directly. In case of complaints, please contact Rik van Eeden or via info@frisiaverzekeringen.nl.
2. General Definitions
Unless otherwise expressly stated below, terms in these regulations are used in the sense that the General Data Protection Regulation (hereinafter: “GDPR”) assigns to them.
Personal data: all information concerning an identified or identifiable natural person (the data subject).
Data subject: the person to whom the personal data relates.
Processing of personal data: any operation or set of operations on personal data, whether or not carried out by automatic processes, including in any case collecting, recording, organizing, storing, updating, changing, retrieving, consulting, using, providing by transmission, dissemination or any other form of provision, bringing together, linking, as well as blocking, deleting and destroying data.
Controller: The controller is the person who determines the purpose and means of data processing.
Processor: the person who processes personal data on behalf of the controller, without being subject to his direct authority.
Providing data: disclosing or making personal data available.
User personal data: the person who, as an employee or otherwise, is authorized to process personal data by or on behalf of the person responsible.
Client: a natural or legal person who has given an order to provide services to the person responsible.
Third party: a natural or legal person, a government authority, a service or other body, other than the data subject, controller, processor, or persons authorized to process personal data under the direct authority of the controller or processor.
Consent of the data subject: Any free, specific, informed and unambiguous expression of will by which the data subject, by means of a statement or an unequivocal active action, agrees to the processing of personal data.
Health data: personal data related to the physical or mental health of a natural person, including data about health services provided that provide information about health status.
Supervisory authority: an independent public authority set up by a Member State. In the Netherlands, this is the Data Protection Authority.
3. Scope
3.1 These regulations apply to all processing of personal data within Frisia Verzekeringen for and in the context of its activities.
3.2 Frisia Insurance ensures that it complies with all applicable privacy laws and regulations, including the Personal Data Protection Act (Wbp), the General Data Protection Regulation (AVG), the Financial Supervision Act (WFT) and all other applicable codes of conduct and guidelines.
4. What do we process your personal data for?
Frisia Verzekeringen processes personal data for the following parts:
- assessing and accepting potential customers;
- managing and expanding the customer base;
- concluding and executing agreements;
- exchange of information with other parties that need information in connection with the execution of the product, such as (re) insurers, insurance intermediaries, collection agencies, expertise agencies, accountants, payroll administrators, provided that this is strictly necessary for the execution of the (insurance) agreement;
- carrying out analyses of personal data for statistical purposes and the use of an archival destination;
- to handle your claim, claim, or damage;
- To prevent and combat fraud against Frisia Insurance and other financial institutions under the Financial Supervision Act (WFT);
- Being able to comply with legal obligations, such as tax and social insurance law.
5. What data do we process?
Frisia Verzekeringen (possibly) processes the following personal data:
- Contact details such as name, address, place of residence, telephone number and email address;
- Age, gender, marital status;
- Information related to a passport, driver's license or other proof of identity;
- Information about employment, income, profession and employer;
- Information about the financial situation, assets and any debts;
- Data about current financial products, such as bank accounts and insurance, as well as information about submitted claims/claims history;
- Special personal data, such as health data;
- Information about any criminal facts/fraud aspects.
Personal data is only processed in accordance with the purposes for which it was obtained. This means that only the personal data that is strictly necessary, accurate, relevant and not excessive is processed.
6. Conditions for lawful processing
6.1 Personal data will only be processed for the purposes described in article 4 and will not be further processed in a way that is incompatible with the purposes for which it was obtained.
6.2 The personal data is only processed by persons who are obliged to maintain confidentiality by virtue of an office, profession or legal requirement, or under an (employment) agreement.
6.3 Personal data is only processed insofar as, in view of the purposes described in article 4, it is adequate, relevant and not excessive.
6.4 Personal data is only processed if one of the processing grounds in article 6 General Data Protection Regulation (GDPR) applies, namely:
a) the data subject has given his unambiguous consent to the processing;
b) the data processing is necessary for the execution of an agreement to which the data subject is a party, or for taking pre-contractual measures in response to a request from the data subject and that are necessary for the conclusion of an agreement;
c) data processing is necessary to comply with a legal obligation to which the controller is subject;
d) data processing is necessary to safeguard the vital interest of the data subject;
e) the data processing is necessary for the proper performance of a task under public law by the relevant administrative body or the administrative body to which the data is provided, or
f) the data processing is necessary to protect the legitimate interest of the controller or a third party to whom the data is provided, unless the interest or fundamental rights and freedoms of the data subject, in particular the right to privacy, prevail.
6.5 The person responsible maintains confidentiality about the personal data that the controller accesses, except to the extent that any legal requirement requires the person responsible to provide information or results from the responsible party's task.
7. Access to personal data
7.1 Frisia Insurance uses the ANVA customer tracking system. Frisia Insurance employees only have access to personal data to the extent necessary for their duties.
7.2 Every user of personal data has a strict duty of confidentiality with regard to the data that he becomes aware of as a result of that access.
7.3 The administrator and those who work as part of an assignment given by the controller or user have access to personal data only insofar as this is necessary for the use and processing of the data and they have signed a confidentiality agreement for this purpose.
8. Personal data security
8.1 To ensure the principle of integrity and confidentiality, the controller/processor takes technical and organizational security measures as much as possible to prevent unauthorized access or use of personal data.
8.2 The person responsible ensures that security regulations for personal data are drawn up and complied with. This is done by regularly testing, assessing and evaluating technical and organizational security for processing effectiveness. (Privacy Impact Analysis).
8.3 The person responsible complies with the obligation to report data leaks as described in the reporting obligation policy.
8.4 There is an internal procedure for dealing with incidents. The person responsible takes measures to inform the Data Protection Authority and those involved if this is the case as part of the reporting obligation.
9. Provision of personal data to third parties
Frisia Verzekeringen may not simply transfer personal data to other persons or organizations. Frisia Verzekeringen may do this if permission has been given, or if it is obliged to do so by law or a court order, or if such provision is compatible with the purpose for which the data was collected.
10. Access and right to delete
10.1 The person concerned has the right to view and copy the information in person
related data. The person concerned must submit a request to do so.
10.2 A request as referred to in this article will be fulfilled within 4 weeks of receipt of the request.
10.3 The right to access is only allowed to the person concerned or his authorized representative. Where appropriate, the person concerned or his authorized representative must be able to identify themselves and/or demonstrate their authority.
10.4 Exceptions to the right to delete:
- When freedom of expression applies;
- Legal duty of the person responsible;
- Required for a public task governing body;
- Necessary to protect public health;
- Necessary for archives, scientific, statistical or historical research, insofar as information law, among other things, precludes these interests;
- Necessary for exercising or defending any legal right.
10.5 No fee is charged for sending and providing copies.
10.6 In the event of data deletion, the data will include a statement that the data has been deleted at the request of the person concerned.
11. Right to data portability
11.1 The person concerned has the right to obtain his personal data that he has provided to a controller in a structured, common and readable form.
11.2 The person concerned has the right to transfer that data to another person responsible, without being hindered by the person responsible to whom the personal data was provided.
11.3 The controller will ensure various implementations so that the person concerned can receive and send the data to another person responsible.
11.4 A request as referred to in this article will be fulfilled within 4 weeks of receipt of the request.
12. Right to block, supplement and correct included personal data
12.1 Upon request, the included data will be supplemented with a statement issued by or on behalf of the person concerned with regard to the included data.
12.2 If the data included is factually incorrect, incomplete or irrelevant for the purpose of processing, or in violation of a legal processing requirement, the data subject submits a written request to the controller requesting that the data be corrected, supplemented, deleted or blocked.
12.3 As soon as possible after receipt of the request, the person responsible will inform the person concerned in writing whether or how much the request will be complied with. A refusal is always justified.
12.4 The person responsible ensures that a decision to supplement, correct or delete is executed as soon as possible.
12.5 In the event of data deletion, the data will include a statement that the data has been deleted at the request of the person concerned.
13. Right to object
13.1 If data is the subject of processing under article 4.4, the data subject can object to this with the controller in connection with their special personal circumstances, if there is a legitimate interest.
13.2 The person responsible will assess whether the objection is justified within four weeks of receiving the objection. If the objection is justified, he will terminate the processing immediately.
13.3 The person responsible can ask for a cost allowance for dealing with an objection (WBP Cost Reimbursement Decree, Official Gazette 2001 305). The compensation will be returned in case the objection is found to be well-founded.
14. Retention periods
14.1 Frisia Verzekeringen will never keep the data longer than necessary for the purpose for which the data is collected, subject to the maximum legal retention period.
14.2 If data no longer needs to be kept, all identifiable features will be removed, or complete deletion will take place.
15. Your visit to our website and cookies
Frisia Verzekeringen may use cookies on its website (s). When you visit the website, cookies are placed on your computer, tablet or smartphone with your permission. Cookies are small, simple text files. The next time you visit, cookies are used to recognize you. For example, cookies ensure that you do not receive or have to enter the same information each time you visit our website. Your settings and preferences are remembered, making your next visit to the site easier. In addition, thanks to cookies, the information and offers on the site can be tailored to your preferences. Cookies are stored for a maximum of 4 weeks.
16. Amendment to the Privacy Statement
This Privacy Statement may change in the future. You can find the most current Privacy Statement on the Frisia Insurance website.
17. Complaints
17.1 If the data subject believes that the provisions of these regulations are not being complied with and/or if the person concerned believes that he has other reasons to complain, he should contact the Data Protection Officer (FG).
17.2 There is a data protection officer who you can contact directly; if you have any complaints, please contact info@frisiaverzekeringen.nl.
17.3 The person concerned has the right to file a complaint with the Data Protection Authority (AP) at any time. The Data Protection Authority supervises compliance with the legal rules for the protection of personal data. The contact details of the Data Protection Authority are:
Personal Data Authority
Bezuidenhoutseweg 30
2594 AV The Hague
0900-2001201
https://autoriteitpersoonsgegevens.nl
