Stichting Pensioenfonds Staples (‘the Staples Pension Fund’) needs your data in order to provide its service. We place a high priority on treating your data with care and keeping them confidential. We have therefore formulated agreements as to how we process your data (including how we collect, use and archive data). These agreements are laid down in this privacy statement, which meets the requirements of the General Data Protection Regulation (GDPR).
Our privacy statement describes you rights and how you can exercise them, as well as further information on the protection and security of your personal data.
Who is responsible for your personal data?
The Staples Pension Fund is responsible for the processing of your personal data.
Whose personal data do we process?
The Staples Pension Fund processes data relating to the following persons:
- members and former members, pensioners and other beneficiaries of the Staples Pension Fund.
- Trustees and members of other organs of the Staples Pension Fund.
- Anyone who visits our website.
- Anyone with whom we are in contact.
What personal data do we process relating to you?
We can process the following categories of personal data:
- General personal data (such as your name, residential or correspondence address, date of birth and/or age, gender, telephone number, e-mail address).
- Citizen service number (BSN) and (copies of) passports or other proofs of identity.
- Pension and financial data (such as your policy number, bank account number, pensionable salary, defined contribution, data on accrued pension entitlements).
- Data relating to your health (such as personal data relating to your degree of occupational disability and/or benefit percentage).
- Data relating to criminality (for example, if your data appear on international and national risk and sanctions lists).
- Relationship data (such as data relating to your partner, former partner and children if applicable).
- Other data (such as your preferences as to whether you receive pension information by surface mail or in digital form, registration or deregistration for our newsletter, clicking and opening behaviour with respect to e-mail newsletters and your IP address. We may use your opening and clicking behaviour and your IP address to improve our service and to detect and resolve incidents on our website. We can also use this data for statistical analysis of visits to the website. As far as possible, we try to pseudonymise or anonymise these data. We do not pass these data to third parties with which we have not concluded a processing agreement).
How do we come by your personal data?
The Staples Pension Fund receives data directly from you, but also from the Key Register of Persons (Basisregistratie Personen, or BRP) and your employer, as well as government institutions (such as the Tax & Customs Administration and the Employee Insurance Agency (the UWV)), from pension funds and/or pension administrators with which you have previously accrued pension and other natural persons and organisations that you have authorised to provide data to us.
What do we process your personal data for?
We process your personal data to provide our service effectively. We process personal data for the following purposes:
- the administration of the pension scheme (for example the calculation of pension entitlements or claims and the timely and correct provision of information to you, as well as the payment of your pension);
- compliance with contractual and legal obligations (such as the provision of your annual Uniform Pension Statement (Uniform Pensioenoverzicht, or UPO);
- dealing with your questions about the operation of the pension scheme and services provided by the Staples Pension Fund;
- the optimisation of our website and our service;
- research and statistical analysis;
- for personalised and general information such as letters, digital newsletters and pension communication.
Do we process your personal data legitimately?
Personal data have to be processed on a legal basis. The Staples Pension Fund processes your personal data on the following legal grounds:
- processing is necessary for the performance of the pension agreement, and therefore the pension scheme;
- to meet the statutory obligations of the Staples Pension Fund, for example under pensions legislation;
- to protect the legitimate interests of both you and the Staples Pension Fund, unless you have objected to this.
- You have given your permission to have your personal data processed for one or more specific purposes. You may withdraw this permission at any time. How you can do this is explained when specific permission is given.
With whom do we share your personal data?
The Staples Pension Fund shares your personal data with various parties as part of its service provision. Your data are shared with other parties only if this is based on a legal foundation.
The Staples Pension Fund has delegated the pensions administration to the Blue Sky Group. Blue Sky Group thus has access to your personal data. Some of the other parties with which we may share your personal data are: your employer, collection and debtor agencies, payments processors (who make the gross-net calculations for instance), mailing processors and printers, ICT providers (for management, maintenance and hosting of administration systems), researchers, accountancy and actuarial firms and pension providers.
We conclude processing agreements with parties that process your data under our instructions. We thus ensure that your data are protected with an appropriate level of security and confidentiality. The Staples Pension Fund remains responsible for this processing.
There is also the possibility that the Staples Pension Fund will be legally obliged to pass on your data by government institutions, regulators or other parties. The Staples Pension Fund will only share your data if this is strictly necessary to comply with a court order or statutory obligation.
As far as possible, we process your data in countries within the European Economic Area (EEA). However, if it is necessary to process your data outside the EEA, we will in any case not do this without appropriate safeguards in accordance with the GDPR.
The Staples Pension Fund has implemented appropriate technical and organisational measures to protect your personal data. These measures include measures to prevent abuse, destruction and loss of data as well as other wrongful processing. We have also taken measures to ensure that we handle your data with care and that awareness of the importance of this is kept up to standard within our organisation. The measures we have in place are in line with the applicable statutory requirements and guidelines. These measures are evaluated regularly and updated when necessary.
The key personal data processed by the Staples Pension Fund are to be found in your personal secure environment MijnStaplesPensioen. Access to MijnStaplesPensioen is only possible using a secure sign-in method, such as with your DigiD). Your data on MijnStaplesPensioen are kept secure in accordance with the requirements of the GDPR.
How long do we keep your personal data?
Your personal data will not be retained for longer than is necessary for the purposes for which the data have been collected or processed. We retain some data for a certain period because we are required to do so by law, for example on the basis of pensions or tax legislation. In this case this will be for the statutory retention period.
Recording of telephone conversations
We may record telephone conversations as part of our service provision. We inform you of this in advance (at the start of the telephone conversation) if we will record the conversation. Blue Sky Group, which administers the pensions on our behalf, may use these recordings for training its employees. The recordings of telephone conversations are kept secure to prevent access by unauthorised persons. The recordings of telephone conversations are not retained for longer than is necessary for the above purposes.
Under the Pensions Act, there is an obligation that communication in relation to personal information must as far as possible fit in with the information requirement and characteristics of the member or former member, partner or pensioner. In this context, we may make use of profiling to make our communication and service more in line with your personal situation. This means we will allocate you to a customer group on the basis of your data. How we communicate with you and why will be determined on the basis of your customer group.
If we process your personal data, you have certain rights. Further details of these rights are given below.
Right of inspection
You have the right to inspect the data we process in relation to you. If you want to check that the data we process in relation to you are correct, you can do this on MijnStaplesPensioen. If you have other questions regarding the personal data we process for you, please contact us.
Right of rectification and addition
We aim to keep your information up-to-date. If you find that your personal data are no longer correct, you can inform us of the correct data. This also applies if you find that the data we process for you are incomplete.
Right of erasure (right to be forgotten)
You have the right to have your personal data at the Staples Pension Fund erased. The Staples Pension Fund will erase your personal data if:
- the personal data are no longer required for the purposes for which they were collected or processed;
- you have withdrawn your permission to process or object to processing on legitimate grounds (and there is no other legal ground for processing);
- the personal data have been wrongfully processed; or
- the personal data have to be erased on the basis of European or national legislation.
Right to restriction
You have the right to restrict the processing of your personal data by the Staples Pension Fund. Restriction means that we may not process the data, either temporarily or permanently. Restriction of the processing of your personal data is possible if:
- you dispute the correctness of the data. In this case we may not process these data until we have checked that the data are correct;
- the processing of your personal data is wrongful and you oppose erasure;
- the Staples Pension Fund no longer needs your personal data but you do, for example to conduct legal proceedings against the Staples Pension Fund or third parties; or
- you object to the processing and the Staples Pension Fund does not make an immediate decision regarding your objection.
Once the processing of personal data has been restricted, the personal data may only still be processed in one of the following situations:
- the processing concerns only the archiving of data;
- you have given your permission;
- the processing is in connection with a legal action, the protection of the rights of other persons or important reasons of public interest.
Right to data portability
You have the right to receive your personal data in a structured, customary and machine-readable form and to transfer these data to another processing institution (such as another pension fund) without restriction.
This right only applies if the processing of personal data is conducted using automated systems and the personal data is processed solely on the basis of your permission. The right to data portability will not automatically apply if you participate in the Staples Pension Fund and are obliged to purchase a pension with the Staples Pension Fund. Regarding the transfer of pension claims to another pension provider, we refer you to the pension scheme of the Staples Pension Fund.
Right of objection
You may object to the processing of your personal data in a situation in which the processing is on the basis of a legitimate interest. If in your opinion your situation requires a different consideration of interests, you may inform the Staples Pension Fund accordingly in digital form or in writing (by surface mail).
On receipt of your objection, the Staples Pension Fund will assess whether your objection is legitimate. The Staples Pension Fund will cease processing in case of an objection, unless the Staples Pension Fund has urgent and legitimate reasons that take priority over your interests, rights and freedoms. Or if the data relate to a legal action.
How can you exercise your rights?
You can submit a request to exercise your rights either in writing (by surface mail) or in digital form. You can send your request to Stichting Pensioenfonds Staples, Postbus 123, 1180 AC Amstelveen, t.a.v. afdeling Pensioenservice. You can also e-mail us at email@example.com.
We will have to establish your identity before we can deal with your request. We will therefore ask you to provide a copy of your driving licence, passport or identity card. We ask for this in order to avoid providing data to unauthorised persons. We will ask you to obscure the photograph, the citizen service number and the MRZ code on the copy of your driving licence, passport or identity card. We will deal with your request within one month of receiving it. If this is not possible, the Staples Pension Fund will inform you within one month of the reason why we are not able to deal with your request and inform you of a new date by which we will deal with it (not more than two months after informing you).
Do you have a complaint, or a question?
If you have a complaint or a question regarding how the Staples Pension Fund handles with your personal data, send your complaint or question to Stichting Pensioenfonds Staples, Postbus 123, 1180 AC Amstelveen, t.a.v. de Privacy Officer or by e-mail to: firstname.lastname@example.org
You may also submit your complaint to the Dutch Personal Data Authority https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens
Changes to this privacy statement
The Staples Pension Fund reserves the right to change this privacy statement at any time of its choosing and without further notice. We advise you to review this privacy statement regularly. In any case, at such time as you provide your personal data to the Staples Pension Fund.
Maastricht, September 2020