Privacy

 

Achmea Bank N.V., with its registered offices in The Hague, and listed in the trade register of the Chamber of Commerce under number 27154399, trades under the following brand names:

• Centraal Beheer (savings, mortgages, PSD2 and trading services)
• Woonfonds (mortgage products)
• Acier Financieringen (mortgage products)
  
  

Achmea Bank N.V. is part of Achmea B.V.

Sometimes, at your own initiative, you will be referred via Achmea Bank to one of our partners, a social media channel or to another provider. These parties bear responsibility for the processing of personal data and will inform you about this. This privacy statement expressly does not apply to them.

Achmea B.V. is responsible for the proper processing of your personal data by all Achmea brands.

We only process personal data on minors (persons under the age of 16) in our systems if they themselves are using a product or service if their parent or guardian provides us with information about them in relation to a product or service being purchased. We always ask for written permission from the parent, guardian or legal representative to process data on minors.

In principle, our products and services are not intended for minors. For this reason, the website and app do not intend to collect data from website or app visitors who are minors. We are not able to verify whether a visitor is over the age of 16 or has received permission from his or her parent or guardian. Therefore, we advise parents to be involved in their children's online activities to prevent their data from being collected without their permission.

Read our cookies statement to learn about what cookies are and how we use them. Cookies ensure that the information on our website can be found quickly and easily, and they enable us to show or send you information, offers and advertisements that may suit you. Cookies may even be necessary for the security of our website. They also help us keep track of your visit to our website and any app. We may also process personal data.

Visit the website of one of our brands, such as centraalbeheer.nl, woonfonds.nl or acierfinancieringen.nl, for more information about cookies that are placed via that website or app. 

Do you receive e-mail messages from us? Then we can register your click behavior in our e-mails. For example, to see whether an e-mail has been opened and which links and articles you have clicked on. This allows us to make our e-mail messages more relevant to you.

We only process your data when we have a legitimate basis for doing so:

• to execute an agreement;
• to comply with statutory obligations;
• if you have given your consent (this can be withdrawn at any time);
• to represent our legitimate interests This only happens when, upon consideration, we find that our interests outweigh your privacy interests.
  
  

We need to process your personal data, when we are obliged on the basis of a law or for entering into an agreement. For example for a customer survey or concluding a product agreement. Unfortunately, we cannot enter into and execute an agreement without this information.

 

We may use your data when permitted by law and regulations. For example, we may use your data to:

·        maintain contact with you and to be able to answer your questions.

·        record when and how we have contact with you.

·        offer you a product or service.

·        conclude a product or service with you.

·        enter into and execute an agreement with you.

·        identify your Achmea products or services, needs and preferences.

·        tailor our products and services to better suit your needs.

·        develop and/or improve products and services.

·        manage, develop and testing IT systems.

·        make you a personal offer at the right time.

·        track your visit to our website and any app.

·        enable you to use your personal environment (Centraal Beheer, Woonfonds or Acier Financieringen).

·        provide account information services and payment initiation services for you (PSD2).

·        carry out financial and balance sheet transactions.

·        assess our (financial) risks.

·        limit your payment arrears.

·       ensure the security of our customers, ourselves and the financial sector. To mitigate risks and to detect and preventing fraud. For this purpose, we conduct a customer due diligence before and during the customer relationship and we monitor your transactions. For this purpose we use data provided by you or that we consult form external sources. In doing so, we may use analyses, risk parameters, risk profiles or other indicators. For this we also use Achmea Bank’s event administration, the incident register and/or the External Reference Register (Externe Verwijzingsregister, EVR) in the context of the PIFI protocol.

·     comply with our gatekeeper function and counter money laundering and terrorist financing.

·     be able to handle complaints and disputes

·        to settle a bank product or service after the death of a customer.

·        enter into and perform agreements with suppliers and other parties with whom we work.

·        provide data to the government (we are sometimes obliged to do so).

·        to be able to carry out audits and investigations (or have them carried out).

·        conduct market, scientific, statistical, historical research and archiving.

·        execute business processes, perform internal management of (financial) risks for the bank and to draft management reports.

·        be able to train, coach and develop our employees.

·        determine the general strategy and policy.

·        process your applications.

·        abide by the law or regulations.

 

 

The complete list can be found in the privacy statement of Achmea.

 

We record the agreements we have made with you. We also use these contact moments to improve our communication. We record the following contact moments:

Usually you provide us with your data yourself. Sometimes we receive your data in a different way. We might pass on your data, but we also might verify your data with other companies. It depends on which product you purchase. We do not sell your data. We can exchange data with:

When you transfer money from an Achmea Bank product to a different (checking) account with another financial institution, your data will also end up at this financial institution.

We store your data in various databases, which are typically hosted on servers but may also be cloud based. This means that we store and process your data in an online location. In certain situations, we might also share your data with the aforementioned parties.

Strict security measures are in place for these databases. For example, we only contract with reliable service providers, encrypt our data as much as possible and, in principle, only store your data in databases located in the European Economic Area (EEA) or only share it with parties in the EEA. Because the same privacy rules apply throughout the EEA as in the Netherlands, we can ensure that your privacy is well protected.

In exceptional circumstances, it may be necessary to store or share your data outside the EEA. In which case, we will do so very carefully. We will review this in advance with our data processor(s) and ensure that the appropriate agreements are in place to protect your privacy. For example, agreeing standard provisions drafted by the European Commission (Standard Contractual Clauses) and carrying out a Data Transfer Impact Assessment.

Many social media providers are based outside the EEA, so data stored with them may not receive the same level of protection as it would within the EEA. We recommend that you read the privacy statement of any social media channel carefully if you are redirected to it from our website (e.g. after clicking a social media button). Achmea Bank has no control over how these messaging services secure and use your personal data. We are not responssible for the content that social media providers post or how they handle personal data.

Our website, app and IT systems are highly secure. We also make clear agreements about this.

We always take appropriate technical and organisational (security) measures to prevent the loss or unlawful processing of your data. We monitor the security of our data traffic and have an information security policy. And always take into account your privacy and the security of your data when developing new services and processes. As an example, your data is only accessible to those employees who require it, and our employees have been clearly instructed on how to handle your data.

Found a vulnerability in our services? You can submit a report via the website Responsible Disclosure of Achmea. We appreciate it if you let us know, so that we can take measures. This way, we can work together to improve the security of our data and systems.

 

By sensitive data, we mean:

• Your Citizen Service Number (BSN)

o   If you decide to become a customer with us, we are legally obliged to verify your identity. That is why we ask you to provide a copy of your proof of identity. Your BSN is stated on your proof of identity.

o   We are also legally obliged to annually provide information about your financial product to the tax authorities. We must use your BSN for this. So the authority is able to use your information in an effective and correct manner during the implementation and supervision process.

o   For products that fall under the Deposit Guarantee Scheme, we are obliged to communicate your BSN to the National Bank of The Netherlands (De Nederlandsche Bank).

o   If have a Dutch IBAN account with us, we are obliged to pass on your details in the context of the Banking Reference Portal in certain situations. We may use your BSN.

·        Your credit check information

o   We are also legally obliged to check your creditworthiness when you are applying for a loan.

·        Your health data

o   We are required to ask you for an independent medical certificate, for example, in order to execute a living will. This is health data.

·        Data gathered from criminal law

If we need to determine the risk for a financial product, we may ask whether you have a criminal history. If you were suspected and/or convicted of a crime

more than eight years ago, you do not have to report this.

We do not store your data any longer than is necessary or required by law. We have a retention policy for this. This specifies how long we keep data. In most cases this is minimum 7 years after the end of the agreement or your relationship with Achmea Bank.

We will then delete your data or pseudonymise your data. If we pseudonymise your data, we will delete all data that refers to you. The data is then used to give us a better picture of our risks, products and services.

In specific situations, we may keep data for longer than the retention period prescribed by us. For example, if you have filed a complaint that makes it necessary to keep the underlying data for longer or for legal proceedings. But also for historical or scientific research or statistical purposes.

Are you taking out a product with us? In that case we are obliged by law and regulations to screen you for the purpose of combating fraud and preventing money laundering and financing of terrorism. We do this based on data we have received from you and from external (public) sources. In addition, we check whether your data is correct. We also test your application against a number of fraud and risk indicators and we make a risk assessment. Profiling is part of this, because a risk profile must be linked to you based on law and regulation. For security reasons, we are unable to provide further details on how we do this.

If you have a mortgage with us. Then we are obliged to make an accurate and current estimate of your credit risk, in other words an estimate that a mortgage is suitable for you and that you can (re)pay a mortgage. We do this based on data we have received from you and from external (public) sources. Based on this information, we try to estimate the risks and to assess whether we can offer you a mortgage.

For the financial assessment of you as a customer we use (risk) models, which automatically make a risk estimate based on various data, including your personal data, and assign you a credit score. We can use profiling methods for this. The credit score is only an indication. The final assessment and decision is always made by an authorized employee so that there is always personal involvement in making a sensible, fair and unbiased decision.

If it appears on the basis of this assessment that you run a higher risk, we may decide not to provide you with a mortgage.

If you don't not with the decision taken, you can always inquire about the reasons and ask us to have an employee make a new decision.

We process your personal data to protect the interests of Achmea Bank, employees, custeromers and other Dutch financial institutions. These institutions may record persons in the Incidents Register that has led or may lead to prejudicing financial institutions. An External Reference Index is linked to this Incidents Register. This External Reference Index only contains referral data (e.g. a name and date of birth or Chamber of Commerce number) to the Incidents Register that may be included under strict conditions in accordance with the Protocol on the Financial Institutions Incident Warning System Protocol (PIFI). Every financial institution that is affiliated to one of the participating industry associations has access to (part of) the External Reference Index.

Achmea Bank has received a license form the Autoriteit Persoonsgegevens for processing of criminal personal data in the context of PIFI.

The General Data Protection Regulation (GDPR) has been in force since 25 May 2018. This gives you rights to keep control over your personal data. The GDPR counter is an Achmea-wide initiative. Here you can submit a question or request about privacy. The counter will then deal with your question. And will contact you about this. Below you can read what your rights are.

When we are your personal data processor, we want to be fully transparent about how we handle your personal data. To this end, you can exercise your legal rights. You may:

• request your personal data from us
  • So you are able to check your personal data.

• have your personal data changed if it is inaccurate
  • So you are able to ask us to change or supplement your personal data if it is incorrect or incomplete.
• have your personal data deleted
  • Often, we are unable to delete your personal data because we still require it or in order for us to abide by a law, for example.
• object to certain usage of your personal data 
  • If, for example, you no longer wish to receive e-mail offers from us. Our e-mails contain a link you can use to unsubscribe. You may also telephone us, should you wish. In other instances, you will need to clearly indicate why you are lodging an objection in order for us to properly assess it.
  • If you do not want us to pass on your details to SurePay for name-number verification. We do this so that you can check whether you have entered the correct account number when transferring to your savings account.
  • In other cases, you need to be clear why you object so that we can assess this.
• withdraw your permission or unsubscribe from personalized offers 
  • If you gave us permission to use your personal data, you may withdraw this at a later date. From that moment on, we will no longer use your personal data.
  • Should you no longer wish to receive our newsletter, use the link found at the bottom to unsubscribe. After this, you will no longer receive our newsletter. If you are not a customer of ours, we will delete your data.
• transfer your personal data
  • If you have provided us with personal data, either by consenting to this or on the basis of our agreement, you can transfer personal data to another party or to yourself. 
• temporarily restrict the use of your personal data
  • If, for example, you have objected to the use of your personal data. 

Please note we cannot always cooperate with your request or if we need more information to fulfill your request, then we will contact you.

To exercise your rights, please send an e-mail to: avgloket@achmea.nl

You can also post a letter to:

Achmea B.V.
T.a.v. AVG-Loket
Postbus 9150
7300 HZ Apeldoorn
The Netherlands

Please send an email or letter. To ensure we use the data of the right person and to prevent misuse, we have to verify the identity of the person who wants to make use of his or her rights. We can do this with customer or policy number, name, address, date of birth and/or place of birth. In some cases, for example when the identity cannot established from the information we have or your request comes to highly sensitive data, we may ask for a copy of your passport or identity card. Please ensure that your passport photo, citizen service number (BSN) and the number series at the bottom of your passport or ID card are not decipherable. You can use the Dutch national government’s KopieID app to obscure your sensitive information.

We will respond within one month of receiving your letter or e-mail. In some cases we may ask you to further specify your request or we may extend our response time to a maximum of three months.

You can also view or change much of your data through your personal environment.

If so, send an e-mail to Achmea’s Data Protection Officer at: privacymanager@achmea.nl

You can also post a letter to:

Achmea B.V.
Compliance & Operational Risk Management
T.a.v. Privacy Manager
Postbus 866
3700 AW Zeist
The Netherlands

If we are unable find a solution together and your complaint concerns personal data, please submit your complaint to the Dutch Data Protection Authority.

We comply with the prevailing laws and regulations on privacy. These include:

• The General Data Protection Regulation (GDPR).
• The GDPR Implementation Act (Uitvoeringswet Algemene Verordening Gegevensbescherming, UAVG).
• The Telecommunications Act.
• The Incident Alert System Protocol for Financial Institutions (Protocol Incidentenwaarschuwingssysteem Financiële Instellingen).
• The Code of Conduct for the Processing of Personal Data by Financial Institutions (Gedragscode Verwerking Persoonsgegevens Financiële Instellingen).
• The Personal Investigation Code of Conduct (Gedragscode Persoonlijk Onderzoek).

We are constantly on the lookout for better services, which we try to tailor as much as possible to meet your personal needs. This sometimes requires new or modified data processing protocols. This may also prove necessary if we develop new products or services or if there are any changes to the relevant rules or regulations. In which case, we can and will amend our privacy statement.

The latest version is from the 7th of december 2022. Our website always has the latest privacy statement. We recommend you to consult this privacy statement on a regular basis.

You can also request a written copy by e-mailing: privacymanager@achmea.nl