Privacy statement from Stichting Pensioenfonds Staples
Stichting Pensioenfonds Staples (‘the Staples Pension Fund’, ‘the Fund’ or ‘we’) needs your data in order to provide its service. The type of personal data we process depends on the capacity in which you use our service. If, for example, you contact the Fund, in any case we process your contact details so that we can communicate with you. If you visit our website, we process your IP address. If you are a member of the Staples Pension Fund, we process your personal data to administer your pension scheme. The Staples Pension Fund believes it is important that your data is treated with care and kept confidential. The Fund has accordingly concluded agreements as to how it processes your data.
The processing or personal data consists of all actions we can take with your personal data, ranging from collection to deletion. These agreements are recorded in this privacy statement, whereby we meet the requirements of the General Data Protection Regulation (GDPR).
The Fund’s privacy statement also describes your rights and how you can exercise them, as well as further information on the protection and security of your personal data.
The Staples Pension Fund is responsible for the processing of your personal data.
Pensioenfonds Staples processes data of the following individuals:
- (former) members, pensioners and other beneficiaries of Pensioenfonds Staples.
- Board members and members of other bodies of Pensioenfonds Staples.
- Employees of suppliers and outsourcing parties.
- Anyone who visits our website.
- Anyone with whom we have contact.
If you are a member of Staples Pension Fund, we may process the following categories of personal data:
- Personal and contact data (such as name, residential and/or correspondence address, place of residence, date of birth and/or age, marital status, gender, phone number, email address)
- Financial and pension data (such as bank account number, entitlements/pension rights and policy number)
- Employment data (such as type of (former) employment, salary data, irregularity allowance and part-time factors, employee number)
- Citizen service number (BSN)
- Proof of identity (for example, a copy of your passport to establish your identity)
- Special personal data (such as personal data related to your disability and/or benefit rate and biometric data, if you submit your 'Proof of Living' to us digitally via the app 'ReadID Ready' (we use your proof of identity and facial image to establish the authenticity of your proof of living)
- Data of a criminal nature (for example, if your data appears on international and national risk and sanctions lists).
- Relationship data (data of your partner, ex-partner and any children entitled to orphan's pension)
- Other communication data (for example, personal data you provide in correspondence and telephone contact with the fund, your preference as to whether you receive pension information by mail or digitally, subscription or unsubscription to the newsletter, open and click behavior of e-mail newsletters and your IP address.
We may use the open and click behavior of e-mail newsletters and your IP address to improve our services and to detect and resolve incidents on our website. We may also use this data for statistical analysis of visits to the website. We try to pseudonymize or anonymize this data as much as possible. We do not provide this data to third parties with whom we do not have a processing agreement).
Staples Pension Fund receives the data from you yourself, as well as from the Basic Registration of Persons (BRP), from your employer, from government agencies (such as the Tax Office and the UWV), from pension funds and/or pension administration organizations where you have previously accrued pension and from other individuals and organizations that you have authorized to provide data to us.
If you are a member of Pensioenfonds Staples, we process your personal data as part of the administration of the pension plan, or the administration agreement (between the fund and your employer). We process personal data for the following purposes, among others:
- For carrying out pension and insurance administration (e.g. to calculate pension rights or entitlements and to inform you about these in a timely and correct manner or to pay out your pension).
- For fulfilling contractual and legal obligations (for example, for sending legally required pension communication (such as your (annual) Uniform Pension Statement), providing personal data to the Pension Register, as well as to comply with sanction regulations).
- For handling your questions about the implementation of the pension plan and about the services provided by Pensioenfonds Staples.
- For optimizing the website and our services (by, for example, soliciting feedback from you about our services after you have been in contact with Pensioenfonds Staples by phone or e-mail).
- For conducting research and statistical analyses.
- For archive management, handling complaints and disputes.
- For providing (personalized) information such as (digital news) letters and other pension communications.
The processing of personal data for these purposes must be based on a legal basis stated in the AVG. The legal basis for processing for these purposes includes to comply with legal obligations incumbent on the Staples Pension Fund (e.g. under pension legislation).
Your personal data may also be processed on the basis of one of the following legal grounds:
- For the performance of an agreement to which you or another data subject is a party (for example, to fulfill the obligations under the pension agreement).
- To protect the legitimate interests of Pensioenfonds Staples and as long as the interests of you or another data subject do not outweigh these interests (for example, to process relationship data, optimize the website and our services).
- You have consented to the processing of your data for one or more specific purposes (for example, to send a newsletter). You may withdraw your consent at any time. The way you can do this is indicated when giving specific consent. We will then no longer process your personal data. Unless there is (also) another basis for processing your data.
Staples Pension Fund shares your personal data with various parties as part of its services. Your data will only be shared with other parties if there is a legal basis for doing so.
Pensioenfonds Staples has outsourced the execution of the pension administration to Blue Sky Group. Blue Sky Group therefore has access to your (personal) data. Examples of other parties with whom we may share your (personal) data are: your employer, collection and debtor parties, benefit processors (they make gross/net calculations), mailing processors and printers, ICT suppliers (for the management, maintenance and hosting of administration systems), research parties, accounting and actuarial firms and pension administration organizations.
Staples Pension Fund enters into a processing agreement with parties that process your data on our behalf. In this agreement, we stipulate that these parties may only use the data to perform specific work and for no other purpose, and that they must use appropriate security measures. In this way, the fund ensures an appropriate level of security and confidentiality for your data. Pensioenfonds Staples remains responsible for this processing.
There is also the possibility that Pensioenfonds Staples may be required by government agencies and regulators or other parties to provide your data. The fund will only share data if strictly necessary to comply with a warrant or legal obligation. The fund also never sells your data to other parties.
Staples Pension Fund processes your data as much as possible in countries within the European Economic Area (EEA). If the transfer of your personal data outside the EEA is nevertheless necessary for the purposes set out in this privacy statement, we will do so in any case with appropriate safeguards in accordance with the AVG. In this case, your personal data will remain protected through contracts we have concluded with organizations outside the EEA that contain, for example, the standard data protection clauses approved by the European Commission. Do you have a specific question about transfers outside the EEA? If so, please contact our privacy officer: firstname.lastname@example.org.
Staples Pension Fund has appropriate security measures in place to protect your personal data. Examples of these measures are: measures against misuse, destruction, loss and other unlawful processing. In addition, we have taken measures to safeguard and ensure that we handle your data with care and that awareness of this is maintained within our organization. We have also taken measures to limit access to your personal data to those who need to know about it. The persons we give access to this data are obliged to keep it confidential. The security measures taken by the fund are in line with the applicable legal requirements and guidelines. These measures are evaluated periodically and adjusted if necessary.
Despite our precautions to protect personal data as well as possible, it remains possible that security incidents involving personal data may occur. These types of incidents are called data breaches. Pensioenfonds Staples has a procedure to resolve a data breach as quickly as possible and, where necessary, takes measures to prevent a recurrence as much as possible. If necessary, we report a data breach to the Personal Data Authority and to the data subject(s) themselves.
On your personal secure environment MijnStaplesPensioen you will find the most important personal data that Pensioenfonds Staples processes about you. You can only log in to MijnStaplesPensioen using a secure login method (for example, with your DigiD). Your data on MijnStaplesPensioen are secured in accordance with the requirements of the AVG.
Your personal data will not be kept longer than necessary for the purpose for which it was collected or for which it is processed. In some cases, the law stipulates how long we may or must keep data. We store certain data for determining your pension entitlements at least 7 years after your death, or until after the death of your surviving relatives or other beneficiaries who are entitled to (pension) benefits from Staples Pension Fund. Your dependents or other beneficiaries (e.g. a former partner) may still be entitled to benefits after your death.
We may record telephone conversations as part of our service provision. We will let you know in advance (at the start of the telephone conversation) if we will record the conversation. Blue Sky Group, which administers the pensions on our behalf, may use these recordings for training its employees. The recordings of telephone conversations are kept secure to prevent access by unauthorised persons. The recordings of telephone conversations are not retained for longer than is necessary for the above purposes.
It follows from the Pensions Act the obligation to tailor the communication of personal information as much as possible to the information needs and characteristics of the (former) participant, former partner and pensioner. In this context, Pensioenfonds Staples can make use of profiling in order to better tailor our communication and services to your personal situation. We use your personal information to determine which target group you belong to. These target groups then determine how we communicate with you and for what purpose.
Besides profiling, Pensioenfonds Staples does not use automated decision making.
If we process your personal data, you have certain rights. Further details of these rights are given below.
You have the right to inspect the data we process in relation to you. If you want to check that the data we process in relation to you are correct, you can do this on MijnStaplesPensioen. If you have other questions regarding the personal data we process for you, please contact us.
We aim to keep your information up-to-date. If you find that your personal data are no longer correct, you can inform us of the correct data. This also applies if you find that the data we process for you are incomplete.
You have the right to restrict the processing of your personal data by the Staples Pension Fund. Restriction means that we may not process the data, either temporarily or permanently. Restriction of the processing of your personal data is possible if:
- you dispute the correctness of the data. In this case we may not process these data until we have checked that the data are correct;
- the processing of your personal data is wrongful and you oppose erasure;
- the Staples Pension Fund no longer needs your personal data but you do, for example to conduct legal proceedings against the Staples Pension Fund or third parties; or
- you object to the processing and the Staples Pension Fund does not make an immediate decision regarding your objection.
Once the processing of personal data has been restricted, the personal data may only still be processed in one of the following situations:
- the processing concerns only the archiving of data;
- you have given your permission;
the processing is in connection with a legal action, the protection of the rights of other persons or important reasons of public interest.
You have the right to receive your personal data in a structured, customary and machine-readable form and to transfer these data to another processing institution (such as another pension fund) without restriction.
This right only applies if the processing of personal data is conducted using automated systems and the personal data is processed solely on the basis of your permission. The right to data portability will not automatically apply if you participate in the Staples Pension Fund and are obliged to purchase a pension with the Fund. If you wish to request a transfer of pension claims to another pension provider, we refer you to the pension scheme of the Staples Pension Fund.
You may object to the processing of your personal data in a situation in which the processing is on the basis of a legitimate interest. If in your opinion your situation requires a different consideration of interests, you may inform the Staples Pension Fund accordingly in digital form or in writing (by surface mail).
On receipt of your objection, the Staples Pension Fund will assess whether your objection is legitimate. The Staples Pension Fund will cease processing in case of an objection, unless the Staples Pension Fund has urgent and legitimate reasons that take priority over your interests, rights and freedoms. Or if the data relate to a legal action.
and request to exercise your rights can be submitted in writing (by post) or digitally via MijnStaplesPensioen. If you submit your request in writing, please send your request to Stichting Pensioenfonds Staples, Postbus 123, 1180 AC Amstelveen, t.a.v. Department of Pension Services. You can also send an e-mail to email@example.com.
Before Pensioenfonds Staples can process your request, we will need to verify your identity. We may therefore ask you for a copy of your proof of identity (for example, your driver's license or passport). The fund asks this to prevent us from providing data to persons who are not authorized to do so. We ask you to make the passport photo, the Citizen Service Number and the MRZ code (that is the strip of numbers at the bottom of the passport) unreadable on the copy of your identity document. You can, for example, use the KopieID app of the Rijksoverheid (central government) for this purpose. Are you sending us a request via MyStaplesPension? Then a copy of your ID is not required. Staples Pension Fund will process your request within one month, after receiving your request. If this is not possible, the fund will inform you within one month of receiving your request as to why we cannot process your request and specify a new deadline (maximum two months after informing you).
If you have a complaint or a question regarding how the Staples Pension Fund handles with your personal data, send your complaint or question to Stichting Pensioenfonds Staples, Postbus 123, 1180 AC Amstelveen, attn the Privacy Officer or by e-mail to: firstname.lastname@example.org.
You may also submit your complaint to the Dutch Personal Data Authority https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens
Changes to this privacy statement
Staples Pension Fund makes changes to this Privacy Statement from time to time. We therefore advise you to consult this Privacy Statement on a regular basis. At least at the time you provide your personal data to the fund. If we make a change, the Privacy Statement will be given a new date.
Maastricht, February 2023