Privacy statement

ASR Nederland N.V. has been designated as the party responsible for the processing of personal data by the following brands: a.s.r., Ditzo, Ardanta and Europeesche Verzekeringen.

If you are a customer with us, we will use your bank account number to make payments and collect payments and to transfer the claim amount we owe you.

For some insurance policies we will need additional information from you, such as your car registration in case of a car insurance, your profession or health data*. We will use these data, among other things, to make a proper assessment of the insurance risk, to set the conditions of the insurance and to assess any insurance claims.

*Health data
For acceptance or execution of mortgage, life, healthcare and income insurance policies and for personal injury settlement we need information about your health situation. Occasionally we may need information from your physician. If we need data from your physician, we will always ask your permission first.

Our staff will only process healthcare data they need to carry out their tasks. They have a duty of confidentiality in respect of the data they process. The processing of your healthcare data takes place within a specially separated unit (functional unit), under the responsibility of our medical adviser. This is a BIG-registered medical specialist. We comply with the rules of the Beroepscode voor Geneeskundig Adviseurs werkzaam in Particuliere Verzekeringszaken en/of Personenschadezaken (the professional code for medical advisers involved in private insurance cases and/or personal injury cases).
Are you involved in, for example, a bodily injury claim or an occupational disability claim? You will then receive a separate brochure for individual insurance policies containing an explanation of the use of your data.

For the basic insurance, we do not need any health information from you in order to take out this insurance. We do not use risk selection for acceptance, as the basic insurance is subject to a statutory acceptance obligation. The government determines which cover is included in the basic insurance. For the supplementary insurance, we are free to decide whether or not to insure you on the basis of risk selection. You will be notified of this. However, we do process health data for the administration of both insurance policies.

For the risk assessment for non-life and income insurance, we ask you to provide information about any criminal record*.

We process data about the contact you’ve had with us:

We do not store your data longer than necessary. In certain cases the law provides how long we may or must store data. In other cases we have determined how long we need to store your data. We have drawn up an extensive retention period policy for this.

Policy/customer files for example are stored for at least 7 years after the relationship with a.s.r. has ended. A quotation that has not resulted in an agreement in general will be removed after several months. A recorded telephone call often already after 4 weeks.

If you have specific questions about this, please contact the Data Protection Officer.

We only provide your data to third parties if this is permitted by the law and necessary for a.s.r.’s business operations.

Are you a customer of one of the brands (De Amersfoortse, Ardanta, Ditzo, De Europeesche Verzekeringen) that come under ASR Nederland N.V.? In that case we may exchange your personal data - except for your health data - with one of the other brands of ASR Nederland. We do this, for example, to ensure a responsible acceptance policy and to prevent fraud.

In addition, we exchange information between the various departments of ASR Nederland, for the processing of your application or to obtain an overview of the products and services supplied to you. As a result, we can be of better service to you and you only need to pass on any change of address once, for example.

You may receive offers for other products of the brands that come under ASR Nederland N.V. If you do not want any offers for other products, you can indicate this.

If you have an adviser, you will only receive messages from us in consultation with your adviser.

Sometimes we are statutorily required to pass on certain personal data to the authorities. For example the Tax and Customs Administration, the Employee Insurance Agency, the police, the judiciary, or regulators such as the Dutch Central Bank, the Netherlands Authority for the Financial Markets (AFM) and the Dutch Data Protection Authority.

If statutorily permitted, we may exchange the data necessary for the service with your adviser. Sometimes we will need your permission for this. We also engage other companies to perform services for us relating to the insurance agreement. For example debt-collection agencies, loss adjustment firms, the working conditions service, lawyers or a reinsurer. With these parties, we lay down agreements to safeguard your privacy.

We may also outsource the processing of personal data to third parties, the so-called processors. For example, we make use of IT service providers for maintenance and support functions. These IT service providers are to be considered as processors because they do not have independent control of the personal data that are made available by a.s.r. to the IT service provider in the context of the service. In these situations, ASR Nederland N.V. remains responsible for the careful processing of your data.

To ensure a sound acceptance and risk policy and to prevent fraud, we record your data in the Central Information System of the Foundation CIS in The Hague. Foundation CIS is a foundation that can support insurers in acceptance and claims processes. With the information affiliated with the CIS we may, under strict conditions, exchange information via the Foundation CIS. More information on this can be found on the website of Foundation CIS.

Financial institutions can record behavior of (legal) persons who have led or could lead to the detriment of financial institutions in an Incident Register. An External Reference Register is linked to this Incident Register. This External Reference Register contains only referral data (for example a name and date of birth or Chamber of Commerce number) that may be included under strict conditions. Every financial institution that is affiliated with one of the participating trade associations has access to (a part of) the External Reference Register.

If we share data with a service provider outside the EEA, we make arrangements with them so that we will at all times abide by the rules agreed in the European Economic Area. In doing so, we make use of the Standard Clauses; this is a model endorsed by the European Union in which it is agreed that a sufficient protection level for the protection of personal data is put in place.

You have the right to ask us what personal data we process about you and to have incorrect data adjusted or deleted. First, you can view or correct your data in your personal environment (if available) or you can contact us via the usual channels (mail or e-mail). We will ask verification questions or ask you for a copy of your proof of identity* to identify yourself. You will receive our response within four weeks.

In certain cases we may choose not to give you any data about your health, for example if we consider it wiser that your GP provides us with an explanation. In such cases we will inform you about the way in which the information can be shared or requested.

*Proof of identity
When you provide a copy of your ID, you need to make your passport photo and citizen service number (BSN) invisible. We also recommend that you state on the copy that this copy serves to exercise your rights relating to your personal data.

In certain cases and under certain conditions, you have the right to have the personal data that we have about you removed. This is the case if:

The right to be forgotten is not an absolute right.

We may decide not to comply with your request and not remove your data if your request is not based on one of the above grounds, or (i) in order to exercise the right to freedom of speech and information; (ii) to satisfy a statutory obligation; or (iii) to institute, exercise or substantiate a claim.

If we do not honour your request to have your personal data removed, we will inform you about the reasons why we will not comply with your request.

If you are of the opinion that we process your personal data unlawfully, or that the data processed by us are incorrect, you may request that the processing be restricted. This means that the data may no longer be processed by us

You are entitled to a copy of the personal data you have provided to us for the performance of an agreement you have concluded with us or if you have given us permission to use them. This only concerns personal data that we received from you yourself, not data we received from third parties. The purpose of this right is to enable you to easily transfer this data to another party.

You may at any time object against the processing of your personal data that takes place on the basis of our justified interest or the justified interest of a third party. In that case we will no longer process your data unless there are urgent, justified grounds for the processing that bear more weight, or which are related to instituting, exercising or substantiating a claim.

You have the right to unsubscribe from newsletters or personal offers for our insurance and banking products and other financial services. In commercial offers we always point to the possibility to unsubscribe. 

Our staff may call you for commercial purposes. In doing so, we will adhere to the rules of the Do-not-call-me register (Bel-me-niet register). On the website www.bel-me-niet.nl you can unsubscribe your telephone number for commercial calls.

Before we communicate with your via email, we will ask your permission for this, unless you have already given us permission. You can withdraw your permission at any time.

You can opt to chat with us, contact us via our social media pages such as Facebook, LinkedIn and Twitter or via WhatsApp. If you approach us via one of these channels, we will store the data you provide to us via these channels in a secured environment. To respond to personal questions in your social media message, we will ask in a personal message (direct message or email) to share your contact details with us. This allows us to check whether we are communicating with the right person.

This privacy statement applies to the data we receive from you via these platforms. The use of social media is your own responsibility. This privacy statement does not apply to the way in which social media platforms deal with the personal data provided by you. Please note that many social media platforms are established outside the European Union and store data outside the European Union. The European Union’s privacy legislation usually doesn’t apply in that case. We would advise you to consult the privacy statement of these social media channels for more information about the way in which they process your personal data. 

We may share (encrypted) email addresses with Facebook in the context of (direct) marketing activities. This only takes place in an anonymised and aggregated form, such that they cannot be traced in any way whatsoever to an individual person. If this is not to your liking, you may indicate this to us at any time and we will remove your email address from the list. You can also switch off this service yourself via Facebook, as described in Facebook’s privacy statement. https://www.facebook.com/settings/?tab=ads

We make profiles of our customers on the basis of the data we collect with the purpose of analysing these data and thus obtaining insight into (future) actions and preferences. We can then anticipate these. For example sending targeted advertising/information to customers based on their surfing behaviour that has been followed via tracking cookies. When we do so, we comply with legislation and regulations. This means, among other things, that we ask your permission beforehand if this is statutorily required. For example in the event of profiling based on sensitive personal data.

The privacy legislation is not static. Therefore we can adjust this privacy statement in order to keep up-to-date. We will do so if there are new developments, for example if there are changes in our business activities or in the law or case law. Therefore you are advised to regularly check this privacy statement on visiting one of our websites. We can also inform you retroactively about changes in this privacy statement through a pop-up banner, mail, a news report on our websites or via your personal environment (if available).

Any questions or complaints?

a.s.r., 
ter attentie van de privacy officer

Afdeling Integriteit
Postbus 2072 
3500 HB Utrecht

Do you have questions about this privacy statement? Please contact the Data Protection Officer of ASR Nederland N.V. Send an email to: privacy@asr.nl or send a letter to: