Philips Pensioenfonds feels very strongly about the importance of handling your personal data with care and confidentiality. Naturally, we act in compliance with the General Data Protection Regulation (‘GDPR’). We only record and process your personal data for our pension activities and for mortgage lending.
This privacy statement provides an explanation of what personal data we process as part of our pension activities and how we handle them. It also describes how you can exercise various rights in respect of your personal data. You will also find information about the security and confidentiality of your personal data.
What personal data does Philips Pensioenfonds record and process?
We only record and process personal data that are relevant to our pension activities. This includes the following data:
- home address
- postal code and place of residence
- address for correspondence
- date of birth, date of death
- Dutch citizen service number (burgerservicenummer, or ‘BSN’)
- relationship details: marital status, including (where applicable) marriage and divorce dates, start of cohabitation, partner, former partner and any children
- details of employment with the constituent employer, including salary details, part-time percentage and employment commencement date
- disability details
- bank account number
- e-mail address
- telephone number
- pension entitlements/pension rights
- other personal data that you actively share in correspondence and telephone conversations
Why does Philips Pensioenfonds process personal data?
Philips Pensioenfonds processes your personal data:
- To ensure that the pension plans of its constituent employers are properly administered, including establishing the value of the pensions and paying them out, and calculating, recording and collecting contributions from employers;
- To comply with legal obligations, for example issuing your (annual) Uniform Pension Overview;
- To provide personalised information such as letters, digital and hardcopy newsletters and communications about your pension;
- To conduct surveys among members and to optimise our pension activities.
Whose personal data does Philips Pensioenfonds process?
Philips Pensioenfonds processes personal data of the following persons, or ‘data subjects’:
- present and former members
- pension recipients (i.e. everyone receiving a retirement, survivor’s, orphan’s or disability pension)
- partner(s) and former partner(s) of current and former members and pension recipients.
From which parties does Philips Pensioenfonds obtain personal data?
Philips Pensioenfonds obtains personal data from:
- you or your legal representative,
- your employer,
- government agencies such as the Dutch Tax and Customs Administration, the Employee Insurance Agency UWV, national insurance scheme administrator Sociale Verzekeringsbank, the Personal Records Database (Basisregistratie Personen, formerly Gemeentelijke BasisAdministratie) and the Non-resident Records Database (Registratie Niet-ingezetenen),
- insurance companies, if we pay out insured rights,
- pension funds where you previously accrued pension rights,
- other natural persons, institutions and organisations that you have authorised to share data,
- bailiffs and other debt collectors/creditor representatives
To what parties does Philips Pensioenfonds provide personal data?
Philips Pensioenfonds shares your personal data with various other parties if that is necessary for us to administer the pension plans and/or to comply with legal obligations. We have a data processing agreement with each party that processes your data on our instructions. This ensures an appropriate level of security and confidentiality for your data. The responsibility for these processing operations remains with Philips Pensioenfonds.
Philips Pensioenfonds has outsourced the pension accounts and records to Blue Sky Group. This means that Blue Sky Group can access your personal and other data.
The other parties with which your personal and other data might be shared can be divided into the following categories:
- Supervisory authorities
- Government agencies, including the Dutch Tax and Customs Administration and mijnpensioenoverzicht.nl
- Benefits agencies
- Bailiffs and other debt collection/creditor representatives
- Employers and their payroll processors
- Mailing processors/printers
- Archive storage companies
- ICT database/website administration and maintenance firms
- IT security firms • Research agencies handling member surveys
- Accountancy/actuary/consultancy firms for auditing and consultancy work
Philips Pensioenfonds feels strongly about the importance of relevant and personal communication. Accordingly, some years ago we switched to sending you personalised newsletters and pension information in digital format.
What rights do you have in respect of the processing of your personal data?
To reflect how strongly Philips Pensioenfonds feels about the importance of handling your personal data with care and confidentiality, we have registered our own Data Protection Officer with the Dutch Data Protection Authority (‘Dutch DPA’, or Autoriteit Persoonsgegevens). The Data Protection Officer monitors how the GDPR is implemented and whether we are compliant with it. The Data Protection Officer also plays a role in your possibilities to exercise your rights.
Right of access
You have the right to access your personal data that are in the possession of Philips Pensioenfonds. To exercise this right, you should submit a request to our Data Protection Officer.
Right to rectification
If the data that you received from Philips Pensioenfonds in response to an access request contain inaccuracies, you may pass on a rectification to the Data Protection Officer, either in digital format or in writing. We will let you know within one month whether we can comply with your rectification request.
Right to erasure (‘right to be forgotten’)
Depending on the basis on which we process your personal data, you might have the right to have your personal data erased. At Philips Pensioenfonds, this right arises if your personal data are recorded in our pension records without a legitimate purpose.
We will erase your personal data if and when:
- they are no longer necessary for the purposes for which they were gathered or processed; or
- you object on legitimate grounds to the processing; or
- they have been unlawfully processed; or
- they are required by law to be erased.
Right to restriction of processing
You have the right to have us restrict our processing of your personal data. Our processing of your personal data may be restricted if:
- you contest the accuracy of the data and you believe that we should verify this;
- the processing of your personal data is unlawful and you oppose erasure;
- we no longer need your personal data but you do, for example for conducting legal proceedings against Philips Pensioenfonds or third parties;
- you have objected to the processing and we do not immediately decide on that objection.
Right to data portability
You have the right to receive your personal data in form that is easily readable. This right only applies to processing operations that use automated procedures.
What should you do if you want to exercise your rights?
If you want to exercise your rights, please send an email stating your request and explaining your reasons to firstname.lastname@example.org. If you prefer, you may send a letter to:
Attn. the Data Protection Officer
PO Box 80031
5600 JZ Eindhoven
Once Philips Pensioenfonds has received your request, we will first verify your identity to establish whether the request is legitimate, by contacting you by telephone or in writing. Philips Pensioenfonds will then handle your request as soon as possible, and within one month at most. If this is impossible, Philips Pensioenfonds will contact you within one month to explain why your request cannot be handled within that time, and will establish a new time frame (no more than two months after you have been contacted by Philips Pensioenfonds).
At your request, Philips Pensioenfonds will provide the data to you in an easily readable format. Once Philips Pensioenfonds has provided you with the personal data in a secure manner, the responsibility for storing and securing those data is your own.
Please be advised that you also have the right, at all times, to contact the Dutch DPA (www.autoriteitpersoonsgegevens.nl), which is the appropriate supervisory authority, if you have any complaints or concerns about any use of your personal data by Philips Pensioenfonds.
What measures has Philips Pensioenfonds implemented to ensure the security and confidentiality of personal data?
Philips Pensioenfonds has implemented appropriate technical and organisational measures to protect your personal data against loss or damage. Further safeguards are in place to ensure that each data subject’s data can be replaced or restored if they are lost or damaged. Some employees already have a duty of confidentiality with regard to personal data by reason of their office, their job or a legal requirement. Other employees are obliged to observe the confidentiality of the personal data that they process, except where they are under a legal obligation to provide the data.
Your Uniform Pension Overview is available in MijnPPF. From there, you can also visit the Pension Planner. You can log in to MijnPPF using your DigiD username and password or your MijnPPF account. Your data in MijnPPF are secured in accordance with the requirements of the GDPR.
How long are personal data kept on file?
Your personal data are kept exclusively for the purpose for which they were gathered or for which they are processed. In principle, the data for establishing your pension entitlements are kept until after your death, or until after the death of your survivors with an entitlement to a survivor’s or orphan’s pension from Philips Pensioenfonds.
We keep some data on file for specific periods because we have a legal obligation to do so (for example under pension laws and tax laws). The basic premise here is that those data are kept for the duration of the statutory retention period.
How does Philips Pensioenfonds deal with cookies?
- Remembering your preferences and input data (these cookies are kept for 3 months)
- Customer satisfaction surveys (these cookies are kept for 6 months)
- Feedback options (these cookies are kept for 1 week)
- References to our social media (these cookies are kept for 3 months)
- Measuring and analysing (in anonymous form) website activity using Google Analytics (these cookies are kept for 1 year).
No personal data
Cookies do not contain any personal data, only a unique number. Cookies cannot be used to identify you personally. Nor can they be used to identify you on other parties’ websites.
To make full use of our website, you need to accept cookies. If you prefer not to have any cookies on your computer, you can deactivate cookies in your browser settings.