Privacy statement

The content of this page has been translated automatically.

-------

Stichting Pensioenfonds voor Personeelsdiensten (hereinafter: StiPP) handles your personal data with care. When processing your personal data, we comply with the privacy legislation. In this privacy statement, we explain which personal data we process and how we handle your personal data.

What personal data do we process?

We only process personal data of the following persons that are relevant to our work:

  1. (former) participants
  2. Beneficiaries
  3. employers other than legal entities, such as sole proprietorships or general partnerships
  4. policymakers, members of the accountability body, key function holders and other affiliated persons of StiPP, as stipulated by the fund's Code of Conduct

It concerns the following categories of personal data - not all of them apply to all of the persons listed above:

  • Name, address and place of residence
  • Email
  • Telephone number
  • Date of birth and death
  • Citizen service number (BSN)
  • Gender
  • Partner details (name, gender, date of birth, date of relationship, date of death)
  • Salary details
  • Overview period(s) participation in the Basic or Plus Scheme
  • Employability data
  • IBAN (bank account number)
  • Other: personal data that you provide in correspondence and/or that we receive via the contact form

Why do we process your personal data?

Most processing is necessary to properly fulfil our legal obligations (legal basis). For example, we have to implement the pension laws and regulations. In addition, we process personal data (information about your pension history) on the basis of a legitimate interest in being able to implement the pension agreement and the pension and administration regulations of StiPP. In order to be able to invoke a legitimate interest, we have carried out a so-called 'three-step test'. From this, we have concluded that the processing of information about your pension history does not disproportionately infringe on your privacy. If you wish, you can request further information about this via privacy@stippensioen.nl.
We process your personal data for the following purposes:

  • the execution of the agreements and (pension) regulations of StiPP;
  • liaising with you;
  • inform you about your personal situation, with regard to the accrual of pension capital, risk insurance or payment to you as a pensioner;
  • inform you about (changes in) the pension plans of StiPP or situations that arise at StiPP and are important to you;
  • the business operations of StiPP;
  • compliance with legal obligations to which you and/or the pension fund are subject;
  • conducting market research.

From whom do we receive the necessary personal data?

We receive the personal data we need from:

  • you or your legal representative
  • your employer
  • Personal Records Database / Non-Residents Register
  • the Employee Insurance Agency (UWV)
  • the Chamber of Commerce (KvK)
  • bailiffs and other authorised bodies that manage claims against members
  • the CAK (with regard to premiums for the deduction of the Health Insurance Act (ZVW) for pensioners living outside the Netherlands and in Europe)
  • Previous pension administrators

Which parties do we give access to your personal data?

We may share your personal data with third parties who process your personal data on our behalf. These parties are:

  • PGGM, our pension administration organisation, for the administration of pensions
  • Logius, digital government, for the use of Digi-D
  • SNCU, a compliance body, for monitoring employers' compliance with the pension scheme
  • DirectResearch, a market research agency, for conducting market research
  • AethiQs, our advising actuary, for actuarial calculations for the pension scheme and the pension fund

The latter party only receives personal data of (former) participants or pensioners from us in exceptional cases.

In addition, we share personal data of policymakers, members of the accountability body, key function holders and other designated related persons of StiPP with the following parties:

  • HVGLaw, compliance officer, for monitoring compliance with laws and regulations and the StiPP Code of Conduct

Such third parties may only process the personal data for the above purposes, and this may only be done in accordance with our instructions.

In cases where we are required to do so by law and regulations, we may provide personal data to, for example, the UWV, the Tax and Customs Administration and Statistics Netherlands (CBS).

If you have authorised a natural person, institution or organisation to request your personal data from us, we may also provide it to the authorised person.

We do not transfer your personal data to countries outside the European Economic Area (EEA). The EEA covers all EU countries as well as Liechtenstein, Norway and Iceland.

We also do not use automated decision-making, in which computer-controlled processing of personal data takes place without human intervention.

What measures do we take to ensure the security and confidentiality of your personal data?

We attach great importance to the protection of your personal data. That is why we have taken appropriate technical and organisational measures to protect your personal data against theft, loss or other unlawful use. On 'My StiPP Pension' you can find an overview of your pension with StiPP. You can log in with your DigiD.

How long will your personal data be stored?

Your personal data will not be kept longer than is necessary for the purpose for which they were collected or for which they are processed. We store some data for a longer period of time because we are required to do so by law. The starting point is the statutory retention period.

What rights do you have in relation to your personal data?

You can view and adjust some of your data in 'My StiPP Pension'. You can also submit a request to exercise the following rights in relation to your personal data using the contact details below. Before we process your request, we may ask you to provide information that we need to verify your identity. If we reject your request, we will give reasons.

Right of access
You have the right to request a copy of your personal data that we hold and information about our use of it. If you exercise this right, you will receive an e-mail from us with this information and data.

Right to rectification
We take steps to ensure that the personal data we hold about you is accurate and complete. You can request that we update or amend your personal data.

Right to erasure
You have the right to request that we delete your personal data, for example when we no longer need your personal data for the purposes mentioned above. However, such a request will have to be weighed against other factors. For example, we may be under a legal obligation to retain your personal data.

Right to restriction of processing
You have the right to request that we restrict the processing of your personal data, for example if you believe that the personal data is inaccurate. The restriction then applies for the duration that we check the accuracy. You can also request restriction if you believe that we no longer need your personal data for the above purposes and you object to the processing or if you would like us to hold your data in your interest. We will inform you before any restriction of processing is lifted.

Right to object
You have the right to object to the processing of personal data based on our legitimate interest. Unless we have a compelling legitimate ground for the processing, we will no longer process your personal data on the basis of this legal basis if you object.

Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint about the processing of your personal data with the Dutch Data Protection Authority. The address is:

Dutch Data Protection Authority (DPA)
P.O. Box 93374
2509 AJ THE HAGUE

Right to data portability and right to a human view
The GDPR also grants data subjects the right to data portability (the right 'to have data transferred') and the right to a human view when using automated individual decision-making.

The right to data portability only applies if the data processing is based on consent or on an agreement to which the data subject is a party and the processing of the personal data is automated. These conditions are almost never met in the processing of personal data by StiPP.

Automated decision-making involves using personal data to reach a decision without human intervention. The personal data is processed automatically. The right to a human gaze in automated individual decision-making does not apply, because StiPP does not make decisions about data subjects based on automated decision-making.

Cookies

Our website uses cookies. The cookie policy states that no personal data is processed when cookies are used. For more information, please refer to the following link: https://www.stippensioen.nl/cookiebeleid/.

Alterations

We may change this privacy statement and encourage you to consult this page from time to time. This privacy statement was last updated on 15 December 2023.

Contact

Contact us:

  • If you have any questions about this privacy statement,
  • If you have any questions about the way in which we process (your) personal data
  • If you wish to exercise your rights in relation to your personal data

You can reach us by email at privacy@stippensioen.nl. or by post:
StiPP
Board support
P.O. Box 434
3700 AK ZEIST