Privacy statement

Your data in safe hands

When you contact us, use one of our services or make a claim, we use your data. It is important to us that you know what we do with your personal data. It is also important to know your rights. So you can be confident that with us, your data is in safe hands.

What data do we use?

We usually ask for your name, address, email address and phone number. Sometimes we also ask for other information, such as date of birth or other personal details. The data we use varies depending on the product or service,
the purpose for which we process the data and your selected cookie settings.

Sometimes we need to confirm your identity

If you are an Achmea customer and/or we are handling a claim on behalf of a foreign insurer, we may ask you to provide proof of identity. We may also ask for additional information to check that the details provided are correct.
For example, we may ask you to confirm your identity with iDIN or present identity documents at a particular location.

We also use cookies

We use cookies to enhance the functionality, performance and user-friendliness of our website. Our Cookie Statement explains what cookies are and how we use them. If you visit the website of one of our brands, such as centraalbeheer.nl, you can find more information about the cookies placed by that website there.

What do we do with your data? We:

  • Fulfil an agreement.
  • Process your claim.
  • Process a claim on behalf of one of our partners.
  • Better align our products and services with your needs.
  • Prevent and deal with fraud.
  • Protect the security and integrity of our service and the financial sector. For example, by using data to tackle and prevent terrorism financing, money laundering and fraud.
  • Comply with legal requirements to combat money laundering and terrorism financing.
  • Conduct scientific, statistical and market research.
  • Comply with the law.
  • Test the integrity, stability and security of the systems we use to process your personal data.
  • Keep track of how and when we contact you.

Registers that protect the interests of Achmea, its customers and other financial institutions

Protecting the interests of Achmea, its employees and customers, and other financial institutions involves processing your personal data. This may include your criminal record if you have one. Personal data is needed to manage risk and prevent and combat fraud. For this reason, Achmea keeps an Incident Record System. Our Special Affairs Department may decide to enter personal data from this system in an Internal Referral Register (abbreviated in Dutch as IVR). If an incident meets the criteria of the Dutch Incident Alert System Protocol for Financial Institutions (Protocol Incidenten waarschuwingssysteem Financiële Instellingen (PIFI)), Achmea enters the relevant personal data in an Incident Register (IR). And, if necessary, in the External Referral Register for insurers (abbreviated in Dutch as EVR).

By entering your data in these registers, among other things we can check whether you:

  • have previously committed or attempted to commit fraud,
  • had a previous application rejected or a policy cancelled.

If your details are entered in one of these registers, you will be notified. In most cases, you will be notified before your details are entered in the register, unless disclosure would interfere with an investigation. If so, when the investigation has been completed, you will be informed that your details will be entered in the IVR, IR of EVR.

What records do we keep of our contact with you?

We record the agreements we make with you and our partners. And we use the records of our contact with you to improve our communication.
Examples of the interactions we record include:

Letters and emails we send and receive from you
Telephone calls
How you use and what you view on our websites
Our contact through social media, Twitter and WhatsApp

Social Media

Achmea may communicate with customers, users of its services and apps, and visitors to its websites via the internet and (its own) social media channels. In doing so, we aim to provide useful and relevant information about our organisation, products and/or services. We also use these channels to answer questions submitted to us via social media. We actively monitor the internet and social media channels, such as Facebook, Twitter and blogs. When communicating through social media, Achmea may gather personal data. Any data gathered in this way is processed in accordance with this Privacy Statement. Achmea is not responsible for social media content posted by others or for the processing of personal data by social media providers.

Achmea B.V. is responsible

Achmea B.V. is responsible for the lawful processing of your personal data for all Achmea brands.

 

How do we ensure your data is safe with us?

Our website, app and IT systems are properly secured. We apply strict safeguards to prevent misuse of your data. And our employees receive clear instructions on how to handle your data.
When sending confidential information by email, Achmea GlobalNeth ensures that the email is secure.
If despite these precautions, you find a vulnerability in our online security, you can report it through Achmea's Responsible Disclosure process. It would be helpful if you could alert us so we can take corrective action and work together to improve the security of our systems and data.
We are especially careful with sensitive data Sensitive data includes things such as:

Your bank details and
Your citizen service number (BSN) if you have one.

How long do we keep your data?

We keep your data for as long as it is needed for the purposes for which it was collected and may be reused, or for as long as is required by law. Data that is no longer needed for the purposes described in this Privacy Statement may be retained for legal proceedings, historical or scientific research or statistical purposes. Thereafter, we anonymise or delete your data. Anonymised data contains no personal identifiers and cannot be traced to you. Anonymous data helps us develop a clearer understanding of our risks, products and services.

From whom do we obtain your data and with whom do we share it?

The data is usually provided by you. But there are other ways we can obtain data. For example, we check your claim-free years in the Roy Data database. In investigating (personal) fraud, we may also use data from CCTV footage and/or data we find about you on the internet. We may also verify your data with other companies. We do not sell your data.

Sometimes we pass on your details. For example, we may pass on necessary personal data to third parties we engage in our business operations or in the provision of our services. These parties process personal data on our behalf.

We may exchange data with:

Other Achmea brands.
Our suppliers and business partners, such as debt collection agencies, bailiffs and car body repair shops.
Your adviser.
Other financial institutions. For example, we share ERR data with other insurers.
The Dutch tax authorities.
The Netherlands Vehicle Authority (Rijksdienst voor het Wegverkeer (RDW)).
The Roy Data database.
The Dutch Central Credit Registration Agency (Stichting Bureau Krediet Registratie (BKR)).
The judicial system or the police in a criminal investigation.
The Central Information System for insurance companies in the Netherlands (Stichting Centraal Informatiesysteem (CIS)). We may request your data or enter your data in the CIS
when processing claims for example, or if you fail to provide important information and we cancel your insurance. In doing so, we aim to manage risks, prevent fraud and protect the security and integrity of the financial sector.
External Referral Register (ERR) (via the Central Information System (CIS)) The External Referral Register can be accessed by financial institutions that are party to the Dutch Incident Alert System Protocol for Financial Institutions (Protocol Incidenten waarschuwingssysteem Financiële Instellingen (PIFI)).
Regulators such as the Dutch Authority for the Financial Markets (AFM), De Nederlandsche Bank (DNB), the Netherlands Authority for Consumers and Markets (ACM) and/or the Dutch Data Protection Authority (AP) if necessary in individual cases (investigations by regulators for example).

Your rights

You have certain rights by law. These include the right to:

Access the personal data we hold for you.
Have incorrect data rectified.
Have your data erased.
It is often the case that we cannot erase your data. This may be because we still need your data or are legally required to retain it.
Object to the use of your data in certain circumstances.
If, for example, you no longer wish to receive marketing emails from us. All of our emails contain a link that allows you to unsubscribe. You can also call us. In other cases we ask that you clearly state the reasons for your objection so we can assess the situation.
Withdraw your consent.
If you gave us your consent to use your data, you have the right to withdraw your consent. We will then cease to use your data from that point on.
Have your personal data transferred (data portability)
This applies to personal data provided by you, with your consent or for the fulfilment of an agreement. The data can be transferred to another party or to yourself.
Temporarily suspend the processing of your personal data
If, for example, you have objected to the use of your data.
We may not always be able to comply with your request. We will contact you if this is the case or if we need more information to comply with your request.

Let us know if you wish to exercise your rights

Send us a letter or email. To ensure that we have the right personal data, we will need to confirm the identity of the person wishing to exercise their rights. We can do this with account or policy numbers, date of birth, or name and address details. Please provide these details if you wish to exercise your rights. In some cases (if, for example, we cannot confirm your identity from the data we have), we may ask for a copy of your passport or ID card. We may also do this if the data is very sensitive, such as information about your health. If we ask for a copy of your passport or ID card, please obscure your Citizen Service Number (BSN) and passport photo. We will respond within one month of receiving your request.

Achmea GlobalNeth Attn: AVG-loket Postbus 9150
7300 HZ Apeldoorn
The Netherlands

info@globalneth.nl

See the full list on the Achmea website >

 

Privacy laws and regulations

We comply with all applicable privacy laws and regulations. These include:

The Dutch General Data Protection Regulation (Algemene Verordening Gegevensbescherming (AVG))
The Dutch General Data Protection Regulation Implementation Act (Uitvoeringswet Algemene Verordening Gegevensbescherming (UAVG)
The Code of Conduct for the Processing of Personal Data issued by the Dutch Association of Insurers
The Dutch Incident Alert System Protocol for Financial Institutions (Protocol Incidenten waarschuwingssysteem Financiële Instellingen (PIFI))
The Code of Conduct for the Conducting of Personal Investigations issued by the Dutch Association of Insurers
The Dutch Telecommunications Act (Telecommunicatiewet)

Do you have a question, tip or complaint?

Please email it to Achmea’s Data Protection Officer at privacymanager@achmea.nl. You can also write to us at: Achmea B.V.
Attn: Privacy Manager
Compliance & Operational Risk Management

Postbus 866
3700 AW Zeist
The Netherlands

If we cannot agree on a solution, you can submit your complaint to the Dutch Data Protection Authority. We may change this Privacy Statement
This may be because there has been a change in the law or regulations, or because we have developed new products or services. You will always find the latest version on our website.

This latest version was issued on 18 July 2023.