BeFrank PPI NV values your privacy. That is why we handle your personal data with great care. You can read how we do this in this privacy statement.
BeFrank PPI NV enters into administration agreements with employers in order that pension can be accrued for their employees. Pension capital is accumulated for employees by means of investments. These schemes are known as defined contribution schemes. Your employer usually pays the pension contribution, or a part of it. BeFrank PPI NV will sell your investments when you retire, and the proceeds are used to fund your pension. For example, this could be for a retirement pension and a partner’s pension.
BeFrank PPI NV is part of Nationale-Nederlanden. BeFrank PPI NV has delegated the administrative processing of the administration agreement to BeFrank NV. BeFrank PPI NV monitors that the administrative procedures are performed by BeFrank NV correctly and fully and in a timely manner. This monitoring includes supervision of the security of your personal data and supervision of the processing of your personal data in accordance with the requirements under the General Data Protection Regulation (GDPR) and other legislation and regulation.
This privacy statement is formulated by the person responsible for processing your data. This is BeFrank PPI NV, for convenience referred to hereinafter as BeFrank.
What are personal data?
When your employer purchases a product from us so that you can accrue a pension, we ask your employer for personal data such as your name and address. When you visit our websites, we also collect your personal data, such as the IP address of your computer.
Personal data are data that say something about you or that we can link to you. The collection, storage and usage of your data is known as the ‘processing’ of your personal data. This is a statutory term. BeFrank complies with legislation and regulation when processing your personal data, including the provisions of the General Data Protection Regulation (GDPR) and the Insurers’ Code of Conduct for the Processing of Personal Data (Gedragscode Verwerking Persoonsgegevens Verzekeraars). The following explains why we process your personal data and which data may be involved.
Why do we process personal data?
We store and use your personal data only for purposes that are established with care. In most cases, we receive personal data from your employer or from you yourself, because you accrue pension with us or have accrued pension with us in the past. The law covers the processing of data that is necessary for the preparation or performance of an agreement. What this means is that we cannot help you if we have no data on you or are not allowed to store these data.
Your personal data are also used because we maintain a central customer administration, we carry out marketing activities, we aim to prevent and combat fraud, or we use the data for risk management. The law speaks of ‘processing due to legitimate interests’. This can also be in your interest, because we can help you more effectively and can combat fraud. We also process your data in order to meet our statutory obligations. Further information on the basis on which we process your personal data is provided below.
A. For the performance of our agreements
- To be able to assess the application for your product.
- To be able to assist you as our customer. For instance, for the initiation, management and/or performance of our products. And/or for the provision of advice on our products. We may also process your personal data for the management and testing of our (administration) systems and applications, to ensure that they function properly and thus the continuity of our services is guaranteed.
- To provide information to and receive information from other parties, if this is necessary for the performance of your product. For instance, your employer.
B. On the basis of a legitimate interest
For our customer administration
BeFrank has a customer administration. Our customer service uses this to see which products you have with us, so that we can answer any questions you have quickly and effectively. The data held in our customer administration include your name, your date of birth, your address, other contact information, details of the product or products you have with us, payment information and marketing information.
For marketing activities
We use your data:
- To tailor our service to your personal situation. For example, sending you a warning message if your pension accrual is lower than expected.
- To keep you up to date via our website, our app ‘My Pension’, a letter or an e-mail.
- To give our websites and apps a more personal experience or to offer websites of other advertisements that meet your interests. See also our cookie statement.
- Your permission is required for some marketing activities. You are always requested to give this permission in advance, for example by sending offers by e-mail. If you have previously given permission and you wish to withdraw this, you can do so very easily by clicking on a link at the bottom of the e-mail.
To combat fraud
We process your personal information for risk management and to prevent and combat fraud, to protect both your security and the security of financial institutions. This means we can exchange data within BeFrank, Nationale-Nederlanden, with other financial institutions or with external research agencies.
To better assess risks
We process personal data for statistical analysis, in order to better assess risk and to set the prices of our products efficiently. We store data so that we have the correct information available in case of complaints or disputes.
Processing data of third parties
In some cases we record data on persons other than our customers, such as injured parties, administrators, beneficiaries and people providing collateral for a customer. We do this solely to the extent necessary for the performance of the agreement with the customer.
C. To comply with statutory requirements
s a pension administrator, we must comply with various legal obligations and therefore process your personal data as well as personal data of any family members and relatives of yours:
- Under the Anti-Money Laundering and Anti-Terrorist Financing Act (Wwft), Sanctions Act and/or other regulations. To this end, we ask business customers and suppliers, for example, who owns the organisation or who has control of it or an interest in it. In other words, who the ‘Ultimate Beneficial Owner’ is.
- For the implementation of some products, we are required to share your data with the Tax and Customs Administration. The Tax and Customs Administration, in turn, will report data of individuals who may be designated as Specified US Persons due to a connection with the United States to US tax authorities.
- We may – if we are obligated to do so – also provide your personal data to other authorised parties. This could include regulators such as the Dutch Central Bank (DNB) and the Netherlands Authority for the Financial Markets (AFM), the police, prosecutors or intelligence services.
What personal data do we process?
Personal data we obtain from you for the performance of the agreement. This involves:
- General information such as your name, address, telephone number, e-mail address and date of birth.
- Data to be able to identify you.
- Your account number, to be able to receive payments from you or make payments to you.
- Financial data. In this context in some cases we ask questions for instance to establish your investment objectives.
- Information we need for a specific product, for example if you choose your own investments with your pension product.
- We also need your citizen service number (BSN) for life insurance and pension products.
Additional data means data that we have not obtained from you or your employer but data we have obtained from public sources. For example, consulting information in order to combat terrorism and money laundering. Or consulting information held at the Credit Registration Agency (BKR). We do this in some cases to assess a risk or to meet our statutory obligations. Further information on this is provided on this page under ‘From whom do we obtain your data?’.
We keep a record of when and about what you contact us. We do this to improve the quality of our service and for training, coaching and evaluation of our employees.
Your visits to our website and app
From whom do we obtain your personal data?
If you purchase a pension and an (pensions-)insurance with BeFrank via your employer, we receive your data from your employer, or in some cases from the Municipal Personal Records Database (the BRP). If necessary for the administration of your pension scheme we can also obtain information from other banks and insurers. Information about your health we receive from your employer (reporting sick), a doctor (after your permission) or the UWV.
We use public data and data from market research agencies to validate and improve our own data, and to obtain better understanding of our customers and services. We process personal data that we receive from third parties only if that party is allowed to provided them, and we do not use this personal data for purposes other than for which we obtained them.
To whom can we provide your personal data?
We can provide your personal data to the persons, companies and institutions stated below. We will do this only if:
- it is necessary for the performance of the agreement, or
- we have a ‘legitimate interest’ in doing so and the provision of your personal data is necessary for this.
- there is a statutory obligation to provide your personal data, or
- you have given your permission.
We will provide your data to one or more of the parties listed below, only if at least one of the above statements applies.
- Our employees, to the extent that they need these data for their work.
- Companies to which we delegate tasks (‘processors’). These companies in this case work according to our instructions.
- Your advisor or interest protector, your employer and its advisor if you are insured via your employer.
- Companies we engage for evaluating an application for a product.
- Public agencies such as supervisory authorities, the police and the courts and the Tax & Customs Administration, if we have a statutory obligation to do so.
- Other banks and insurers. This also includes reinsurers and legal aid insurers.
- Enforcement agents, collection agencies and/or civil-law notaries.
- External registers such as CIS, BKR, NHG and the External Reference Register (EVR).
- The Employee Insurance Agency (UWV).
How we protect your personal data
We keep your data secure
We devote much time and attention to the security of our systems and the personal data that are stored within these systems. BeFrank monitors the security of personal data and the use thereof. Data traffic is continually monitored. If something goes wrong, action is taken immediately. We resolve data leaks and register such incidents. We are required to do this by law. We also notify incidents to the supervisor and to you, if necessary.
How we process personal data is supervised
- The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, or AP) checks that we comply with the AVG.
- De Nederlandsche Bank (DNB), the European Central Bank (ECB) and the Authority for the Financial Markets (AFM) are responsible for general supervision of the financial sector, and therefore of BeFrank and Nationale-Nederlanden.
- Internally, our Data Protection Officer supervises how we deal with your personal data. The Data Protection Officer is available at DPOfirstname.lastname@example.org.
We have signed a confidentiality statement
All our employees have signed a confidentiality statement and taken an oath or solemn affirmation. We treat the data you entrust to us with care. Only authorised personnel can access and process your data.
What are your rights?
As a customer, you have certain rights with respect to your personal data. These rights are explained below.
You have a right of inspection
This means you can inspect the personal data we have registered for you and what we use these data for. You can also find these data on your personal pension page at BeFrank (www.befrank.nl/en/login).
You have a to amend, remove or restrict the use of data
You have the right to have your personal data amended if these are not correct. You also have the right to have your personal data removed if your personal data have been wrongfully processed, are no longer necessary for the purpose for which they have been processed, or because you have withdrawn your permission and BeFrank has no other valid reason for the processing of your data. You also have the right to restrict the use of your personal data. This means that you can state that your data may not be used for a temporary period. You may use this right if your personal data are not correct, have been wrongfully processed, are no longer necessary for the purpose for which they were obtained or processed, or if you object to the processing of your data and your objection is still pending with us.
You have a right to have your data transferred
This means that in certain cases you have the right to ask us to transfer the personal data you have provided to us to yourself and to another service provider.
You have a right to object
You may object to the processing of your personal data if we use your personal data for purposes other than those necessary for the performance of an agreement or for complying with a statutory obligation. We will review your objection with care and will cease to process your personal data if necessary.
How long do we keep your data?
We keep the data for as long as we are legally obliged to do so and for as long as it is necessary for the purpose for which we use the data. At least we store your data for as long as you are a customer with us. We also do this for some time if you no longer have a particular product from us. In this case we apply the statutory retention period of seven years. After this, we use the data only for statistical purposes and for dealing with complaints and legal proceedings. In this case we keep the data in a closed archive.
Where do we process your data?
Your data are usually processed within the European Union (EU) in line with laws and regulations. We take into account the consequences of any outsourcing of services and/or hiring of storage that may take place outside the EEA in order to continue to comply with the GDPR and the confidentiality of data. To ensure that your personal data are secure, we take measures by concluding agreements that stipulate similar agreements with respect to the security of personal data. We do this in the same way as we conclude agreements within the EU. We refer to these agreements as ‘EU model contracts’.
Do you have questions?
If you have a question about you personal data, please contact our customer service via email@example.com.
Do you want to have a look at or change your personal data?
Then check your personal pension page (www.befrank.nl/en/login). Here you can view and change the most important personal data, such as your address or email address. Would you like to request more information or exercise your other rights? Please contact our customer service by post or email.
We can request you to identify yourself, for instance by submitting a copy of a valid proof of your identity. If we request you to submit a copy of proof of your identity, BeFrank advises you:
- …to make your BSN invisible
- …to mention that it is a copy for BeFrank
- …write down the date
If in your opinion the statement we provide contains inaccuracies or you believe that the processing of your data is wrongful, you may submit a written request to have your data amended or removed. You may also withdraw previous permission for the processing of your personal data. We will inform you as to whether we can comply with your request within four weeks of receiving it.
Please send your request to:
Attn. Customer services
1000 CB Amsterdam
Do you have a complaint?
Then we would like to get in touch with you to see if we can work something out together. If you subsequently wish to file a complaint, you can do so by e-mail or by post. You will receive a response within four weeks.
Send it to firstname.lastname@example.org
Attn. Customer services
1000 CB Amsterdam
Did you submit a complaint and aren’t you satisfied with this response, you may refer the matter to the Financial Services Complaints Tribunal (Klachteninstituut Financiële Dienstverlening), Postbus 93257, 2509 AG The Hague, telephone 070-3338999, website www.kifid.nl.
Furthermore you can submit a complaint to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
About this privacy statement
This privacy statement can be adapted to amended laws and regulations and/or to the way in which we process personal data. We advise you to consult this privacy statement regularly. In any case, at such time as you provide your personal data to BeFrank.