ASR Nederland N.V. is the point of contact for the processing of personal data by the following entities and brands (a.s.r.): ASR Levensverzekering N.V., ASR Basis Ziektekostenverzekeringen N.V., ASR Aanvullende Ziektekostenverzekerin- gen N.V., ASR Schadeverzekering N.V., ASR Vermogensbeheer N.V., ASR Real Estate B.V., ASR Vitaliteit en Preventieve Diensten B.V., ASR Vooruit B.V., ASR Premiepensioeninstelling N.V., ASR Re-integratie B.V., Aegon Hypotheken B.V, Aegon Levensverzekering N.V., Aegon Cappital B.V., Aegon Advies B.V., Aegon Bemiddeling B.V., Aegon Administratie B.V., Aegon Administratieve Dienstverlening B.V., Aegon Spaarkas N.V., a.s.r., Aegon and Loyalis. ¹ ²
ASR Nederland N.V. and its brands handle your personal data with due care. In doing so, we comply with applicable (privacy) legislation and codes of conduct that further specify this across the sector. All our employees have taken an oath or have made a solemn affirmation to act with integrity and reliably. This also includes: keeping confidential what has been entrusted to them.
When do we process your personal data?
This privacy statement applies to all your personal data that the brands of ASR Nederland N.V. process when you are a customer, when you visit our websites, when you use our apps or the ‘My platform’, or when you contact our customer service desk. This statement also applies to other situations, for example if you have applied for a product but have not become a customer. Or if your employer has taken out pension insurance or disability insurance for you with us. Or if you are a beneficiary or have been involved in a claim as a witness or an injured party. Or if your partner takes out a mortgage with a.s.r. and you will also be living in the house. Or when you make use of our business services.
If you are a customer with us, we will use your bank account number to make payments and collect the amounts due (contribution, fee, periodic deposit or interest). In addition, we may have access to your income details if this is necessary for one or more of our financial products.
For some products or services we will need additional information from you, for example your car registration in case of a car insurance or your profession in case of an income protection insurance policy or mortgage. We need these data in order to provide services to you or to assess the risk, determine the conditions or evaluate possible claims. In addition to the name and address details and the financial data, we may also ask for your gender and date of birth if this is necessary for our services.
In order to accept or implement our insurance policies (which also include the handling of personal injury claims) and other (financial) services, in certain cases we will need information about your health. Occasionally we may need information from your physician. If we need information from your physician, we will always ask for your prior consent. With regard to health data, these are only shared with the medical service.
We ask health questions when we receive applications for our funeral insurance and in certain cases for life insurance. These are shared with an a.s.r. medical adviser via a secure environment, so that we can assess whether we can insure the risk.
Group income protection insurance schemes
For group income protection insurance schemes, we process limited health data, such as sickness reports, notifications of recovery or to what extent you are unfit for work. We receive these data from you, your employer, the working conditions service or the UWV (Employee Insurance Agency).
The medical adviser plays a central role in assessing health in connection with the conclusion of an insurance policy or a claim for benefits due to disability or an accident. Only the medical adviser and the employees working under their responsibility may process your health data. If the medical adviser considers it necessary for the assessment of your application or for the assessment of your disability to request health data from others, such as your GP or treating specialist, he/she will always ask you for your prior consent. The authorisation with which you give this consent states which health data the medical adviser wishes to request and from whom.
On contracting of non-life or individual income protection insurance, we may ask whether you or your co-insured parties have been in contact with the police or the judiciary in the past eight years. If you or your co-insured parties have a criminal record, we will assess whether that record affects your application. We do this in order to assess the risk if we accept you as a customer.
We process data about the contact you have had with us in order to be able to see:
We use these data to:
We may also automatically convert recorded telephone conversations into text (speech to text), using Artificial Intelligence (AI) and create a summary of them and carry out analysis to improve the quality of our services.
We keep recorded calls no longer than is necessary in connection with the purpose for which the call is recorded. The retention period varies depending on the purpose for which a conversation was recorded. If a call has been recorded and is still available, in the event of a dispute about the content of the recorded call, you have the right to listen to the call or receive a transcription of it.
In the course of our business services we also process personal data like names of contact persons, shareholders or UBOs (ultimate beneficial owner) of a company. Under the Money Laundering and Terrorist Financing (Prevention) Act and sanction regulations, we must identify the UBOs of our business customers and suppliers. More information on this is available on the AFM website.
In most cases, we receive the data directly from you. In addition to the information we receive from you, we may also receive and process data from third parties, such as your employer, adviser, an authorised agent, a(nother) (re)insurer or other parties such as the Trade Register and the UBO Register of the Chamber of Commerce, Statistics Netherlands (CBS), the Central Information System Foundation (CIS), the National Vehicle and Driving Licence Registration Authority (RDW), the Credit Registration Office (BKR), the Land Registry, the Insolvency Register, the Personal Records Database (BRP), the Employee Insurance Agency (UWV), IDIN, EVR, government authorities (lists of government agencies, such as PEP and sanctions lists and occupational health and safety services, market research firms, data enrichment firms or credit reporting agencies.
We use your personal data, among other things, to contact you in order to check whether you can become or remain a customer with us, to consult with you about the products or services that you purchase from us, to implement changes in your personal data or to provide you with (financial) insight and perspective for action via the platform 'Ik denk vooruit' (I think ahead).
We are happy to keep you informed. For example through emails, newsletters, offers on our website or via social media. Or with personalised ads on apps and websites of other parties and social media. For this, too, we use your personal data.
We can do this by:
Would you rather not receive personal offers? Pleas let us know (see also 10f and 15).
We also use your personal data to improve our products and services and to tailor our range of products to your wishes and needs.
This is achieved by combining and (having) analyzing personal data and use it for innovations that use analyses. These analyses bring us new ideas in the context of innovation benefiting you, your contact with us and your products or our services and thus leading to better solutions. In this way we can:
We obtain the personal data that we process in connection with the tracing and control of fraud, abuse and improper use from various (public) sources (see also paragraph 4). We can also receive information in that regard from tipsters or witnesses. We can also gather information by conducting or arranging to conduct technical, tactical and personal investigations. We can deploy investigative agencies to conduct these investigations. If a personal investigation in connection with insurance is involved, we follow the rules of the Code of Conduct for Personal Investigations.
IVR
In order to protect the security and integrity of the different entities and brands within ASR Nederland N.V., we use our own incidents register (IVR). In this database, (personal) data are saved that require our special attention in relation to certain incidents. Data from the incidents register are only accessible to our Security and Special Affairs departments, or to other employees authorised for that purpose.
More information is available in the Insurers Personal Data Processing Code of Conduct (GVPV) and the PIFI.
When we process your personal data on the basis of your consent, you may withdraw your consent at any time.
We handle your personal data with due care. We have put in place technical and organisational measures to guarantee an adequate protection level and to protect your personal data against loss or unlawful processing. We pay great attention to the optimal security of our systems in which personal data are stored. For example, measures to use our websites and IT systems safely and avoid abuse. But also protection of physical spaces where personal data are stored. We monitor the security of our data traffic 24 hours a day. We have an information security policy in place and arrange training programmes of our staff in the area of personal data protection.
We do not store your personal data longer than necessary. In certain cases the law provides how long we may or must store data. In other cases, we have determined on the basis of legislation and regulations how long we need your data. We have drawn up an extensive retention period policy for this.
Policy/customer files for example are stored for at least 7 years after the relationship with a.s.r. has ended. For more information on the specific retention periods, please contact us.
We only provide personal data to third parties if this is permitted by law and is necessary for the business operations of ASR Nederland N.V.
Are you a customer of one of the entities or brands that come under ASR Nederland N.V.? In that case we may exchange your personal data with one of the other entities or brands of ASR Nederland N.V. This also applies for entities or brands that are not named in this privacy statement, but that are headed by ASR Nederland N.V. We do this, for example, for administrative reasons, to ensure a responsible acceptance policy or to prevent and combat fraud. In addition, we exchange personal data between the various departments of ASR Nederland N.V., for example for the processing of your application or to obtain an overview of the products and services supplied to you. This allows us to provide you with a better service; for example, you only have to pass on a change of address once.
You may receive offers for other products of the entities and brands that come under ASR Nederland N.V. If you do not want to receive any offers for other products, you can indicate this. If you have an adviser, you will usually only receive messages from us in consultation with your adviser (see also c.).
Your personal data are stored in a.s.r.’s central customer administration. This is done for internal administrative purposes, including the matching of your data. This means that we check whether the same data about you are used in the various business units. It is important to check whether we have the right information about you. By matching data, we can work more efficiently and provide you with a better service.
Sometimes we are required by law to pass on certain personal data to the authorities. These may include the Tax and Customs Administration, the UWV, the police, the judiciary, the UBO Register of the Chamber of Commerce or supervisory authorities such as the Dutch Central Bank (DNB), the Netherlands Authority for the Financial Markets (AFM) and the Dutch Data Protection Authority (AP) and the Authority for Consumers and Markets (ACM).
If statutorily permitted, we may exchange the personal data necessary for the services with your adviser/insurance agent. We do this for as long as you have an agreement with us. Sometimes we will need your consent for this. Your agent is responsible for the processing of your personal data. If your employer has engaged an agent or adviser, we will also exchange personal data with them. For the purpose of activating the 'My platform', we may obtain your email address from your adviser/agent.
As a (health) insurer, we sometimes exchange information in order to recover damage or costs that we have paid, for example from your travel insurer if it also offers cover in addition to your basic or supplementary insurance, or from the liability insurer of another person who caused the damage or costs.
We engage other companies to perform services for us relating to our services. For example a debt-collection agency, a loss adjustment firm, a civil-law notary, a repairer, a re-integration agency, an occupational health and safety service or a reinsurer. We can also share personal data with a lawyer or representative. We also share your data with the Emergency Centre as the executor of (breakdown) assistance. If you have taken out legal expenses insurance with a.s.r., we will share your data with DAS as the provider of the legal assistance.
In connection with business transactions and business operations, as explained under 5f, we may share personal data with third parties. This may include parties that are themselves involved in the business transactions and business operations, such as (potential) buyers of assets, an opposing counter-party in legal proceedings or financiers in a business transaction. But it may also include professional advisors to those parties or, for example, a bailiff, if this is necessary for the business transaction or business operations.
For a responsible acceptance and risk policy in order to detect or prevent fraud, we record your personal data in and consult the Central Information System of the CIS Foundation. We record matters including your claims in this register, complying with the rules of the CIS user protocol, the Insurers and Crime Protocol and the PIFI. Subject to strict conditions, we can exchange information with other insurers that are affiliated with the CIS Foundation. We consult this register in the acceptance process and in the event of any claims handling. More information on this and the privacy regulations of the CIS Foundation are available on the CIS Foundation website.
Financial institutions may record in an Incidents Register the conduct of persons or legal entities that has led or may lead to prejudicing financial institutions. An External Reference Index is linked to this Incidents Register. This External Reference Index only contains referral data (e.g. a name and date of birth or Chamber of Commerce number) to the Incidents Register that may be included under strict conditions in accordance with the Protocol on the Financial Institutions Incident Warning System Protocol (PIFI). Every financial institution that is affiliated to one of the participating industry associations has access to (part of) the External Reference Index.
Your data are mostly processed within the European Economic Area (EEA). If we share data with parties based in a country outside the EEA or if personal data are processed outside the EEA, we ensure that your personal data remains adequately protected. In doing so, we for example make use of the Standard Contractual Clauses (European Model Clauses). We put in place clear agreements with parties, to ensure that the processing takes place in accordance with European legislation.
You have the right to ask us what personal data we process about you and to have incorrect data adjusted.
In certain cases we may choose not to give you any data about your health, for example if we consider it wiser that your GP provides an explanation. In such cases we will inform you about the way in which the information can be shared or requested.
*Proof of identity
When you provide a copy of your ID, you need to make your passport photo and citizen service number (BSN) invisible. We also recommend that you state on the copy that this copy serves to exercise your rights relating to your personal data.
In certain cases and under certain conditions, you have the right to have the personal data that we have about you deleted. This is the case if:
The right to be forgotten is not an absolute right. We may decide not to comply with your request and not delete your data, if your request is not based on one of the above grounds, or (i) in order to exercise the right to freedom of speech and information; (ii) to satisfy a statutory obligation; or (iii) to institute, exercise or substantiate a claim.
If we do not honour your request to have your personal data deleted, we will inform you about the reasons why we will not comply with your request.
If you are of the opinion that we process your personal data unlawfully, you may request that the processing be restricted. This means that the data will not be processed by us for a certain period of time.
You are entitled to a copy of the personal data you have provided to us for the performance of an agreement you have concluded with us or if you have given us permission to use them. This only concerns personal data that we received from you yourself, not data we received from third parties. The purpose of this right is to enable you to easily transfer this data to another party.
You may at any time object against the processing of your personal data that takes place on the basis of our justified interest or the justified interest of a third party. In that case we will no longer process your data unless there are urgent, justified grounds for the processing that bear more weight, or which are related to instituting, exercising or substantiating a claim.
You have the right to unsubscribe from newsletters or personal offers via various channels (for example email, phone and mail) for our insurance and other (financial) services. In commercial offers we always point to the possibility to unsubscribe. Our staff may call you for commercial purposes. If you receive such calls from us, you can indicate during the telephone conversation that you no longer wish te be called. You can also contact us yourself and let us know that you no longer wish to be called. When we make profiles to make personal offers for products and services that match your personal preferences and interests, you can object at any time to the use of your personal data for this purpose.
If required, before we communicate with you via email (digital communication), we will ask your permission for this, unless you have already given us permission.
You can opt to chat with us on our website or contact us via our social media pages such as Facebook, LinkedIn and Twitter or via WhatsApp. If you approach us via one of these channels, we will retain the data you provide to us via these channels in a secured environment. To respond to personal questions in your social media message, we will ask you in a personal message (direct message or email) to share your contact details with us. This allows us to check whether we are communicating with the right person.
This privacy statement applies to the data we receive from you via these platforms. The use of social media is your own responsibility. This privacy statement does not apply to the way in which social media platforms deal with the personal data provided by you. Please note that many social media platforms are established outside the European Union and store data outside the European Union. The European Union’s privacy legislation usually doesn’t apply in that case. We would advise you to consult the privacy statement of these social media channels for more information about the way in which they process your personal data.
Profiling
We make profiles of our customers on the basis of the data we collect with the purpose of analysing these data and thus, among other things, managing risks, making connections, and obtaining insight into (future) actions and preferences. We can then anticipate these. We do this to improve our products and services and to better tailor them to your whishes and needs. For example, by using these data to estimate the contribution or to send customers targeted advertisements/information.
A number of bodies monitor how we process personal data:
Privacy legislation is not static. Therefore we can amend this privacy statement in order to keep it up-to-date. We will do so if there are new developments, for example if there are changes in our business activities or in the law or case law. Therefore you are advised to regularly check this privacy statement when visiting one of our websites. In case of a material change to this privacy notice, a notification will be provided (for example through our website).
If you have any questions, for instance about this privacy statement, or if you whish to make use of your richts, you can contact us at any time via one of the channels available for that purpose. If you have questions concerning one of the Aegon entities referred to in this statement, please see the contact details on the Customer Service page of the Aegon website. You can use the form on the Aegon website to exercise your rights at Aegon.
Data Protection Officer
Compliance Department
a.s.r.
PO Box 2072
3500 HB Utrecht
You can contact the Data Protection Officer for the Aegon entities referred to in this privacy state,ment by sending an email to fg@aegon.nl.
If you have any complaints about privacy, you can contact us using the complaints form on our website.
Privacy statement most recently updated 21 February 2024.