Privacy statement from Stichting Pensioenfonds Staples
Stichting Pensioenfonds Staples (‘the Staples Pension Fund’, ‘the Fund’ or ‘we’) needs your data in order to provide its service. The type of personal data we process depends on the capacity in which you use our service. If, for example, you contact the Fund, in any case we process your contact details so that we can communicate with you. If you visit our website, we process your IP address. If you are a member of the Staples Pension Fund, we process your personal data to administer your pension scheme. The Staples Pension Fund believes it is important that your data is treated with care and kept confidential. The Fund has accordingly concluded agreements as to how it processes your data.
The processing or personal data consists of all actions we can take with your personal data, ranging from collection to deletion. These agreements are recorded in this privacy statement, whereby we meet the requirements of the General Data Protection Regulation (GDPR).
The Fund’s privacy statement also describes your rights and how you can exercise them, as well as further information on the protection and security of your personal data.
Who is responsible for your personal data?
The Staples Pension Fund is responsible for the processing of your personal data.
Whose personal data do we process?
The Staples Pension Fund processes data relating to the following persons:
- members and former members, pensioners and other beneficiaries of the Staples Pension Fund.
- Trustees and members of other organs of the Staples Pension Fund.
- Anyone who visits our website.
- Anyone with whom we are in contact.
What personal data do we process relating to you?
If you are a member of the Staples Pension Fund, the categories of personal data we can process are as follows:
- Personal details and contact data (such as your name, residential or correspondence address, date of birth and/or age, civil status, gender, telephone number, e-mail address).
- Financial and pension data (such as your bank account, claims/pension entitlements and policy number)
- Employment data (such as type of (current and former) employment, salary details, irregular hours allowance and part-time factors, employee number)
- Citizen service number (Burgerservicenummer, or BSN)
- Proof of identity (such as a copy of your passport to establish your identity)
- Special personal data (such as personal data relating to your degree of occupational disability and/or benefit percentage).
- Data relating to criminality (for example, if your data appear on international and national risk and sanctions lists).
- Partner data (data on your partner, former partner and any children entitled to orphan’s pension)
- Other communication data (such as personal data you provide in correspondence or telephone contact with the Fund, your preferences as to whether you receive pension information by surface mail or in digital form, registration or deregistration for our newsletter, clicking and opening behaviour with respect to e-mail newsletters and your IP address.
We may use your opening and clicking behaviour for e-mail newsletters and your IP address to improve our service and to detect and resolve incidents on our website. We can also use these data for statistical analysis of visits to the website. As far as possible, we try to pseudonymise or anonymise these data. We do not pass these data to third parties with which we have not concluded a processing agreement).
How do we come by your personal data?
The Staples Pension Fund receives data directly from you, but also from the Key Register of Persons (Basisregistratie Personen, or BRP) and your employer, as well as government institutions (such as the Tax & Customs Administration and the Employee Insurance Agency (the UWV)), from pension funds and/or pension administrators with which you have previously accrued pension and other natural persons and organisations that you have authorised to provide data to us.
For what purposes do we process your personal data, and are these legitimate?
If you are a member of the Staples Pension Fund, we process your data as part of our administration of your pension scheme or under the administration agreement between the Fund and your employer. We process personal data for the following purposes, among others:
- the administration of the pension scheme and insurances (for example the calculation of pension entitlements or claims and the timely and correct provision of information to you, as well as the payment of your pension);
- to comply with contractual and statutory obligations (examples of this include the sending of the legally required pension communication (such as your (annual) Uniform Benefit Statement), the provision of personal data to the Pensions Register, and compliance with sanctions regulation);
- dealing with your questions about the operation of the pension scheme and services provided by the Staples Pension Fund;
- optimising the website and our service, (for instance by requesting feedback from you on our service after you have contacted the Staples Pension Fund by telephone or e-mail);
- to carry out surveys and statistical analysis;
- to manage our records and deal with complaints and disputes;
- for personalised and general information such as letters, digital newsletters and pension communication.
Is our processing of your personal data legitimate?
The processing of personal data for these purposes has to be based on legal grounds as stated in the GDPR. The legal basis for processing in relation to these purposes is, among other things, for compliance with the statutory obligations of the Staples Pension Fund (for example, under pensions legislation).
Your personal data may also be processed on one of the following legal grounds:
- for the performance of a contract to which you or another interested party are a party (such as for compliance with the obligations under the pension contract);
- to protect the legitimate interests of the Staples Pension Fund to the extent that your interests or the interests of another interested party are not given greater importance (for instance for the processing of partner data, optimisation of the website and our services).
You have given your permission to have your personal data processed for one or more specific purposes (such as the sending of newsletters). You may withdraw this permission at any time. How you can do this is explained when specific permission is given. We will then no longer process your personal data, unless there is another legal basis on which we need to process your data.
With whom do we share your personal data?
The Staples Pension Fund shares your personal data with various parties as part of its service provision. Your data are shared with other parties only if there is a legal basis for doing so.
The Staples Pension Fund has delegated the pensions administration to the Blue Sky Group. Blue Sky Group thus has access to your personal data. Some of the other parties with which we may share your personal data are: your employer, collection and debtor agencies, payments processors (who make the gross-net calculations), mailing processors and printers, ICT providers (for management, maintenance and hosting of administration systems), researchers, accountancy and actuarial firms and pension providers.
The Staples Pension Fund concludes processing agreements with parties that process your data under our instructions. These agreements state that these parties may only use the data for specific activities and no other, and with application of appropriate security measures. The Fund thus ensures that your data are protected with an appropriate level of security and confidentiality. The Staples Pension Fund remains responsible for this processing.
There is also the possibility that the Staples Pension Fund will be obliged by government institutions, regulators or other parties to share your data. The Fund will only do this if it is strictly necessary to comply with a court order or statutory obligation. The Fund will never sell your data to other parties.
As far as possible, the Staples Pension Fund processes your data in countries within the European Economic Area (EEA). However, if it is necessary to process your data outside the EEA for the purposes stated in this privacy statement, we will in any case not do this without appropriate safeguards in accordance with the GDPR. In this case, your personal data will continue to be protected by means of contracts we have concluded with organisations outside the EEA that include standard clauses for data protection approved by the European Commission. If you have a specific question relating to processing outside the EEA, please contact our privacy officer. email@example.com.
The Staples Pension Fund has implemented appropriate security measures to protect your personal data. These measures include measures to prevent abuse, destruction and loss of data as well as other wrongful processing. We have also taken measures to ensure that we handle your data with care and that awareness of the importance of this is kept up to standard within our organisation. We have also taken measures to restrict access to your personal data to those who need such access. The persons we have permitted to access your data are obliged to keep your data confidential. The security measures the Fund has in place are in line with the applicable statutory requirements and guidelines. These measures are evaluated regularly and updated when necessary.
Despite our precautionary measures to protect personal data as effectively as possible, there is still the possibility that security incidents involving personal data may occur. Such incidents are known as data leaks. The Staples Pension Fund has a procedure to deal with data leaks as quickly as possible, and takes any measures necessary to prevent repetition as far as possible. If necessary, we report data leaks to the Dutch Data Protection Authority and the parties involved.
The key personal data processed by the Staples Pension Fund are to be found in your personal secure environment MijnStaplesPensioen. Access to MijnStaplesPensioen is only possible using a secure sign-in method, such as with your DigiD. Your data on MijnStaplesPensioen are kept secure in accordance with the requirements of the GDPR.
How long do we keep your personal data?
Your personal data will not be retained for longer than is necessary for the purposes for which the data have been collected or processed. The data for calculating your pension claims are retained until after your death, or after the death of your surviving dependants or other beneficiaries entitled to pension or other benefit from the Staples Pension Fund.
We retain some data for a certain period because we are required to do so by law, for example on the basis of pensions or tax legislation. In this case this will be for the statutory retention period.
Recording of telephone conversations
We may record telephone conversations as part of our service provision. We will let you know in advance (at the start of the telephone conversation) if we will record the conversation. Blue Sky Group, which administers the pensions on our behalf, may use these recordings for training its employees. The recordings of telephone conversations are kept secure to prevent access by unauthorised persons. The recordings of telephone conversations are not retained for longer than is necessary for the above purposes.
Under the Pensions Act, there is an obligation that communication in relation to personal information must as far as possible fit in with the information requirement and characteristics of the member or former member, partner or pensioner. In this context, the Staples Pension Fund may make use of profiling to make our communication and service more in line with your personal situation. This means we will allocate you to a customer group on the basis of your data. How we communicate with you and why will be determined on the basis of your customer group.
Besides profiling, the Staples Pension Fund does not make use of automated decision-making.
If we process your personal data, you have certain rights. Further details of these rights are given below.
Right of inspection
You have the right to inspect the data we process in relation to you. If you want to check that the data we process in relation to you are correct, you can do this on MijnStaplesPensioen. If you have other questions regarding the personal data we process for you, please contact us.
Right of rectification and addition
We aim to keep your information up-to-date. If you find that your personal data are no longer correct, you can inform us of the correct data. This also applies if you find that the data we process for you are incomplete.
Right to restriction
You have the right to restrict the processing of your personal data by the Staples Pension Fund. Restriction means that we may not process the data, either temporarily or permanently. Restriction of the processing of your personal data is possible if:
- you dispute the correctness of the data. In this case we may not process these data until we have checked that the data are correct;
- the processing of your personal data is wrongful and you oppose erasure;
- the Staples Pension Fund no longer needs your personal data but you do, for example to conduct legal proceedings against the Staples Pension Fund or third parties; or
- you object to the processing and the Staples Pension Fund does not make an immediate decision regarding your objection.
Once the processing of personal data has been restricted, the personal data may only still be processed in one of the following situations:
- the processing concerns only the archiving of data;
- you have given your permission;
the processing is in connection with a legal action, the protection of the rights of other persons or important reasons of public interest.
Right to data portability
You have the right to receive your personal data in a structured, customary and machine-readable form and to transfer these data to another processing institution (such as another pension fund) without restriction.
This right only applies if the processing of personal data is conducted using automated systems and the personal data is processed solely on the basis of your permission. The right to data portability will not automatically apply if you participate in the Staples Pension Fund and are obliged to purchase a pension with the Fund. If you wish to request a transfer of pension claims to another pension provider, we refer you to the pension scheme of the Staples Pension Fund.
Right of objection
You may object to the processing of your personal data in a situation in which the processing is on the basis of a legitimate interest. If in your opinion your situation requires a different consideration of interests, you may inform the Staples Pension Fund accordingly in digital form or in writing (by surface mail).
On receipt of your objection, the Staples Pension Fund will assess whether your objection is legitimate. The Staples Pension Fund will cease processing in case of an objection, unless the Staples Pension Fund has urgent and legitimate reasons that take priority over your interests, rights and freedoms. Or if the data relate to a legal action.
How can you exercise your rights?
You can submit a request to exercise your rights either in writing (by surface mail) or in digital form. You can send your request to Stichting Pensioenfonds Staples, Postbus 123, 1180 AC Amstelveen, attn afdeling Pensioenservice. You can also e-mail us at firstname.lastname@example.org.
We will have to establish your identity before we can deal with your request. We will therefore ask you to provide a copy of your driving licence, passport or identity card. The Fund requests this in order to avoid providing data to unauthorised persons. We will ask you to obscure the photograph, the citizen service number and the MRZ code (the series of numbers at the bottom of your passport) on the copy of your driving licence, passport or identity card. We will deal with your request within one month of receiving it. If this is not possible, the Staples Pension Fund will inform you within one month of receipt of your request as to why we are not able to deal with your request and inform you of a new date by which we will deal with it (not more than two months after informing you).
If you have a complaint, or a question
If you have a complaint or a question regarding how the Staples Pension Fund handles with your personal data, send your complaint or question to Stichting Pensioenfonds Staples, Postbus 123, 1180 AC Amstelveen, attn the Privacy Officer or by e-mail to: email@example.com.
You may also submit your complaint to the Dutch Personal Data Authority https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens
Changes to this privacy statement
The Staples Pension Fund reserves the right to change this privacy statement at any time of its choosing. We advise you to review this privacy statement regularly. In any case, at such time as you provide your personal data to the Staples Pension Fund.
Amsterdam, February 2022