Privacy Statement Stichting IFF Pensioenfonds

Stichting IFF Pensioenfonds exercises due care with your personal data. We comply with the relevant privacy legislation when we process your personal data. In this privacy statement we explain what personal data we process and how we deal with your personal data.

1. Purpose of and legal grounds for processing

Limitation of purpose

The pension fund collects and processes only that personal data which it requires for the following purposes:

1. to execute the pension agreement between the employer and our members;

2. to comply with the legal obligations which the pension fund has.

The pension fund collects and processes personal data only for the above-mentioned purposes and not for any others, such as marketing and profiling.

Lawful receipt

The pension fund receives any personal data lawfully. The pension fund receives such personal data pursuant to:

1. the pension agreement between the employer and our members;

2. the administration agreement which the employer and the pension fund have concluded with each other;

3. the pension regulations;

4. the relevant legislation and regulations.

The supply and processing of personal data is not based on the consent of a member (or former member), their relatives, any other interested party or an agreement with a member (or former member), their relatives or any other interested party.

 

2. Personal data

The pension fund processes the following personal data:

1. names;

2. addresses;

3. places of residence/country;

4. email addresses;

5. bank account numbers;

6. citizen service numbers (CSN);

7. gender;

8. dates of birth and death;

9. dates of marriage or the commencement of a registered civil partnership or joint household;

10. data pertaining to divorces or the termination of a registered civil partnership or joint household;

11. details of partners (and former partners) and any children, including their names, dates of birth and death, gender, addresses, and bank account and citizen service numbers;

12. dates of employment, including the commencement and termination of employment, salary details, pensionable allowances and part-time factors;

13. data pertaining to the voluntary retention of pension plan membership;

14. data pertaining to occupational incapacity, as well as benefits pursuant to the WIA [Work and Income (Capacity for Work) Act] and the WAO [(Invalidity) Insurance Act];

15. data pertaining to inbound and outbound asset transfers;

16. the dates on which a pension or benefit commences and terminates.

The pension fund does not process other personal data, such as nationality.

Neither does it process any special data, such as that pertaining to religion or personal beliefs, race, political persuasion, health, sex life, membership of a trade union or personal data pertaining to criminal records.

 

3. Security and non-disclosure

The pension fund protects personal data with the aid of appropriate security measures, which provides guarantees against the risk of personal data being lost or subject to unauthorised access, destruction, use, modification or disclosure.

The pension fund does not disclose any personal data to a person who is unauthorised or who has nothing to do with its processing.

The pension fund does not disclose personal data to any other party, unless the law or a court of law renders it mandatory for it to do so.

 

4. Data leaks

Personal data must be secured. A data leak is deemed to have occurred where:

·         its security is breached;

·         personal data has been unlawfully processed or lost in the process;

·         there is a significant likelihood of adverse effects on the protection of the relevant personal data. In such a case it would involve data:

o   pertaining to an individual’s financial or economic situation, such as their salary, pension details, usernames and log-in codes;

o   which could result in identity fraud, such as CSNs, passports, identity cards or driving licences.

The pension fund reports data leaks to the Dutch Data Protection Authority and to anyone whose data has been leaked.

 

5. Responsibility

The pension fund is a data processor and, as such, is responsible for personal data.

The pension fund processes personal data in accordance with the Personal Data Protection Act [Wet bescherming persoonsgegevens] and the General Data Protection Regulation.

 

6. Receipt of personal data

The pension fund receives the personal data that it requires from various parties, namely:

·         you or your legal representative;

·         your employer;

·         a personal records database or non-residents register;

·         the Employee Insurance Agency (UWV);

·         court bailiffs and other authorised bodies which manage claims against members;

·         the CAK (Central Administration Office – premiums for withholdings under the Care Insurance Act [Zorgverzekeringswet] (ZVW) in the case of pensioners who live in Europe but outside the Netherlands);

·         former pension administrators.

 

7. To which parties do we grant access to your personal data?

We may disclose your personal data in the following circumstances:

·         the pension fund has outsourced its administrative work to a processing agent, the Blue Sky Group in Amstelveen. Their staff may gain access to your personal data for the purposes of carrying out their work. They will only receive access to your personal data for the above-mentioned purposes;

 

·         other parties to process your personal data for us. Examples:

o    the company that sends our post;

o    court bailiffs for the purposes of collecting debts;

o    a certifying actuary for the purposes of an annual audit.

Such other party may only process your personal data for the above-mentioned purposes and then only in accordance with our instructions.

We will not process your personal data in any country outside the European Union.

 

8. For how long will your personal data be retained?

Your personal data will not be retained for longer than is necessary for the purposes for which it has been collected or is processed. We will retain some data for a longer period, because the law renders it mandatory for us to do so. In such a case the underlying premise would be the legally stipulated retention period.

·         In the case of accrued entitlements we will retain your personal data for seven years after the last relevant rightsholder (for example, a partner or orphan) dies.

·         In the event that your relationship with IFF terminates before you retire, for example, in the case of an asset transfer, we will retain your data for minimal seven years in order to be able to assess any dispute pertaining to entitlements.

 

9. Right to inspect, correct and object

You are entitled to inspect the personal data which the fund has recorded. If the recorded data is incorrect, you may submit a written request to have that data corrected or deleted. In this respect we would require sufficient certainty of your identity. You may address your request to:

Stichting IFF Pensioenfonds

Professor E.M. Meijerslaan 1

1183AV Amstelveen

 

10. Website

When you visit this website, cookies are placed on your computer, tablet or smartphone. Cookies are small, simple text files. When you next visit, the cookies are used to recognise you. Cookies ensure that you will not receive or have to enter the same information every time that you visit our website, for example. Your settings and preferences are remembered and that makes a subsequent visit to the website easier. In addition, thanks to cookies the information and offers on our website can be tailored to your preferences.

Furthermore, we use those cookies for statistical purposes and also to collect information about your visits. We use the information about your visits to further optimise publicity about our products and services. We exercise due care in the way we treat the information that we receive from our visitors. That information is used in accordance with the law.

 

Amendments

We may amend this privacy statement and recommend that you consult this page now and then. This privacy statement was last amended on 25 May 2018.