We are aware that, in advising on and contracting financial products or services, we ask customers to provide quite a lot of confidential information. Every customer of Kuiper Verzekeringen and Kuiper Assuradeuren should rest assured that we handle the information provided by them to us with due care, and that such information will not be shared with others without the customer's express consent. The information is processed in compliance with the General Data Protection Regulation (GDPR) and the Code of Conduct for the Processing of Personal Data by the Dutch Insurance Industry ("Gedragscode Verwerking Persoonsgegevens Verzekeringsbedrijf").
In this context, careful handling of the recording and exchanging of personal data is a prerequisite for providing financial services in a careful manner. Confidentiality is an important aspect for our company as well as for the mindset of the professionals working within our company.
For us to carry out our work effectively, we need to exchange personal data with service providers and, for example, bodyshops and counterparties, as this touches on the core of our tasks as a financial services provider. We may also be required by law to provide information to authorities such as the Dutch tax authorities or the Netherlands Authority for the Financial Markets (AFM).
We have mapped out the personal records kept by us and processed these into our internally maintained processing register. Upon request customers and other stakeholders can receive these records, which contain information on the data we process and the parties that we can exchange such data with.
Kuiper Verzekeringen B.V.
+31 513 614444
PO Box 116, 8440 AC Heerenveen, the Netherlands
In these Regulations,
- 'law' shall mean the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act;
- 'personal data' shall mean any information relating to an identified or identifiable natural person;
- 'processing of personal data' ('processing') shall mean any operation or set of operations which is performed on
- personal data or on sets of personal data, whether or not by automated means,
- such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval,
- consultation, use, disclosure by transmission, dissemination or otherwise
making available, alignment
- or combination, restriction, erasure or destruction;
- 'file' shall mean any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
- 'controller' shall mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- 'processor' shall mean the person who processes personal data on behalf of the controller without being under the latter's direct authority;
- 'data subject' shall mean the person to whom personal data relate;
- 'third party' shall mean any party other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the data;
- 'recipient' shall mean the party to whom personal data are disclosed;
- 'the data subject's consent' shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed;
- 'supervisory authority' shall mean the Dutch Data Protection Authority (Autoriteit Persoonsgegevens);
- 'disclosure of personal data' shall mean making personal data public or available;
- 'collection of personal data' shall mean obtaining personal data.
2. Types of data
We process or may process the following of your personal details:
- Contact details, such as name, address, place of residence, telephone number and email address;
- Age, gender and marital status;
- Data relating to a passport, driver's license or other identity document (in some cases we may ask for a copy of the ID);
- Data on employment, income, profession and employer;
- Data on financial situation, assets and debts, if any;
- Data on current financial products, such as bank accounts or insurance policies;
- Special personal data, e.g. health information (in some cases);
- Information on any criminal offences, fraud aspects, if relevant;
- Data relating to claims submitted and claims history;
a. When processing health or criminal data, we do so with the utmost care and usually only with your prior consent.
3. Purposes of data processing
We process your personal data for, among other things, the following activities within our company:
- Assessing and accepting customers or prospective customers;
- Managing our relationship with customers, prospective customers, and visitors;
- Managing and expanding our customer base;
- Concluding and performing agreements;
- Performing analyses of personal data for statistical purposes and the use of an archival destination;
- Carrying out (targeted) marketing and promotional activities to establish, maintain or expand the relationship with a customer or prospective customer;
- Complying with legal obligations;
- Sending newsletters or information of a specific nature.
4. Lawful processing of data
We will use at least one of the following grounds for processing your personal data if:
- You have granted your unequivocal consent to the processing;
- The data processing is necessary for the execution of an agreement to which you are a party (for example, an agreement for contracting a financial product or service, or an employment contract with the data subject) or for any actions requested by you and necessary for concluding – or assisting in the management of – an agreement;
- The data processing is necessary for us to fulfil some legal obligation;
- The data processing is necessary in connection with a vital interest of our organization;
- The data processing is necessary in view of an interest of our or a third party's business operations. In doing so, we will always weigh up your interests against ours. Our interests include the careful execution of agreements with you and maintaining and, where possible, expanding our customer relationship through direct marketing and/or profiling aimed at marketing.
5. Processing of personal data
a. Processing is carried out by employees of our company or by other individuals engaged in providing financial services under our responsibility.
b. In general, processing takes place in connection with the execution of an agreement, i.e., the contract for services. Where no execution of such a contract is concerned, processing will take place with the explicit consent of the data subject.
c. The processing is done to enable us to perform our activities as an advisor and/or an intermediary and/or an authorized underwriting agent in financial products and services.
6. Disclosure of personal data to third parties
We will not disclose your personal data to others without good reason.
a. Personal data will in principle not be disclosed to any third party unless and only after you give your permission, except where required by law or in a state of emergency.
b. An exception to this rule is the exchange of information with parties we need for the execution of the agreement, such as insurance companies, banks, lenders or parties involved in claims handling, such as bodyshops and loss adjustment agencies.
c. Finally, we may disclose personal data in order to comply with legal obligations, such as obligations to the Dutch tax authorities and the Netherlands Authority for the Financial Markets (AFM).
d. External parties processing personal data under our responsibility do so only for purposes and under conditions agreed with them, which we lay down in written agreements.
e. The foundation CIS (Central Information System) for the detection of possible fraud (FISH database; FISH: Fraud and Information System Holland).
f. The foundation EPS (Stichting Efficiënte Processen Schadeverzekeraars) for processing certificates of no claims bonus (Roy-data) or recovering damages (Clearinghuis Regres).
g. MarketScan to perform portfolio analyses and provide data to our principals or proxies.
7. Right of rectification, supplementation, erasure, portability
You have rights with regard to the processing of your personal data. You can contact us about these rights at any time.
a. You may submit a written request for rectification, supplementation, erasure and/or restriction of the processed personal data, if and insofar as such data are factually inaccurate, for the purpose of processing incomplete, irrelevant or include more information than necessary for the purpose of registration or are otherwise processed in violation of a statutory provision. The request shall contain the contemplated changes.
b. You may submit a written request to transfer your personal data to you or another organisation (right of portability).
c. We will inform you in writing as soon as possible, but no later than four weeks following receipt of your request, whether your request is granted. If not or not fully granted, your request will be rejected, stating reasons. You will then have the right to turn to our complaints committee.
d. We will ensure that a decision to rectify, supplement, erase and/or restrict data is implemented within 14 working days or, should this not be reasonably possible, as soon as possible thereafter.
8. Data retention
We will only retain your personal data for as long as and to the extent that we need it. We will in any case retain any data that we necessarily need for the duration of our relationship or agreement. If our relationship or agreement ends, we will retain the data for the statutory retention periods that apply to us.
Our retention periods for policy files are:
- 7 years following termination for motor insurance policies.
- 10 years following termination for commercial fire insurance policies.
- 30 years following termination for commercial liability insurance policies based on loss occurrence.
- For all other non-life insurance policies, 5 years following the termination of the insurance.
Our retention periods for claim files are:
- 10 years following closure of a personal injury claim file.
- For all other claim files, 5 years following closure of the claim file.
9. Processing register
a. Fully or partially automated personal-data processing intended to achieve a purpose or related purposes has been mapped out by us and processed into an internally maintained processing register before data processing is started.
b. In situations where, in view of the nature and context of the personal data held, an automated process used by us for processing personal data would pose a high risk to the data subject, we will carry out a data protection impact assessment prior to starting such processing, and ensure that we sufficiently control the corresponding risks in order to safeguard the rights of data subjects in an adequate manner.
c. The internally maintained processing register includes:
- The name and address of the controller;
- The purpose(s) of the processing;
- A description of the data subject categories and the related data (categories);
- The recipients or categories of recipients to whom the data may be disclosed;
- The respective retention periods.
10. Data leaks
a. If we are faced with a data leak, we will investigate whether any personal data have been lost or whether any unlawful processing is not to be ruled out.
b. Should such investigation reveal that personal data of a sensitive nature have been leaked, or there are adverse effects – or a significant risk of adverse effects – for any other reason, to the protection of the processed personal data, we will inform the Dutch Data Protection Authority about the data leak.
11. Complaints procedure
If you believe that we are not processing or handling your personal data properly, you can contact:
- Kuiper Verzekeringen B.V. – If you are not satisfied with the handling of the complaint, you can turn to the Financial Services Complaints Tribunal (Kifid) of The Hague;
- the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) – You can request this authority to mediate and advise in the dispute between you and us;
- the competent court.
12. Contact details
Kuiper Verzekeringen B.V.
+31 513 614444
PO Box 116, 8440 AC Heerenveen, the Netherlands
13. Changes to the Privacy Statement
We may make changes to this Privacy Statement in the future. On our website you can always find the latest version of the Privacy Statement.
14. Privacy Regulations
This Privacy Statement is part of our Privacy Regulations. You can access these Regulations at one of our offices. If you so wish, you can obtain a copy of these Regulations at cost.
15. Unforeseen situations
In situations not covered by these Regulations, the controller shall decide the matter, with due observance of the provisions of the law and the purpose and tenor of these Regulations.
Source information on the General Data Protection Regulation:
- Regulation text: https://
autoriteitpersoonsgegevens.nl/ sites/default/files/atoms/ files/gdpr.pdf
- Dutch Data Protection Authority website: http://www.
16. Cookie statement
What are cookies?
Summary of cookies
1. Functional cookies (necessary cookies)
These are cookies that are necessary for the site of Kuiper Verzekeringen. to function. Our website will not function optimally without these functional cookies. According to the Cookie Law, permission is not required for this category of cookies.
2. Analytical cookies
- Google Analytics
We use Google Analytics to analyse the usage of our website. Cookies are placed in order to gain a better insight into the behaviours of visitors to our website. This will enable us to improve the user experience across the website. We ensure that the data is stored anonymously and that the sharing of this data within Google Analytics is disabled.
- Google Tag Manager
Google Tag Manager is an extension of Google Analytics and provides Kuiper Verzekeringen with more detailed data on how users move through the website (events). We use Google Tag Manager to measure the outgoing clicks, the general clicks, the accessing and submitting of forms, etc.
3. Advertising cookies
In some cases, when advertisements, promotional content, etc. are used on websites, a web beacon is placed that keeps track of how often the promotional content has been viewed. We assure you that these beacons never collect privacy-sensitive information. Our website currently makes use of such services. For the use of advertising cookies we ask explicit permission through our cookie notice.
If you share our content through social media, for example by following us on LinkedIn or tweeting about us on Twitter, or giving us a '+1' via Google Plus, those social networks will record that you have done so and may set a cookie for this purpose. In some cases, where a page on our website includes content from a social network, such as a Twitter feed, or Facebook comments box, those services may set a cookie even where you do not click a button. As is the case for all cookies, we cannot access those set by social networks, just as those social networks cannot access cookies we set ourselves. We do not host 3rd party social media cookies ourselves on our website.
Our systems automatically gather some anonymous information about visitors, including IP addresses, browser type, language, and the times and dates of webpage visits. The data collected does not include personally identifiable information and is used, as described above, for statistical analysis, to understand user behavior, and to administer the site.
On our website, users have the option to submit a premium request, report damage or contact us directly. In order to make this possible, this means our website uses forms in which it is required to fill in personal data. This data is stored in a secured CMS database, hosted by our third-party web partner Van der Let & Partners. This data will, under any circumstance, never be shared outside Kuiper Verzekeringen or Van der Let & Partners. In all online forms, users are given the option to give explicit consent to sharing their data with us and our web partner or choose not to.
The internet is not a secure medium. However, we take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal information. We have put in place various security procedures as set out in this policy. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorized personnel have access to user information. We use secure server software (SSL) to encrypt visitor data and personal/financial information you input before it is sent to us, and our database is hosted in a secure data center. Whilst we cannot ensure or guarantee that loss, misuse or alteration of data will not occur, we use our best efforts to prevent this.