We only collect your personal data when we carry out an assignment for you or our clients, or when you visit our office or our website. Our primary use of personal data is in the execution of assignments on your behalf. Examples of such data are your contact details and data necessary for claims handling, loss adjustment or damage repair. We also process images from the security cameras on our premises when you visit our offices.
- We will always tell you what we do with your data and how you can exercise your rights, for example those of inspection and objection.
- We only use the data for the purpose for which we have collected it (such as order execution, customer relationship management and marketing).
- We do not collect, use or store more data than that needed to achieve the purpose for which we obtained the data and only if there is no other way to achieve the same purpose.
- The more privacy-sensitive the data, the less use we make of it.
- We only use data insofar as such use is legally permitted.
- We take appropriate security measures against loss of or unauthorized access to personal data.
- We will only provide your personal data to third parties if we receive sufficient guarantees for the protection of your data.
What type of personal data do we process?
- Contact details (such as first name, last name, address, place of residence, telephone number, email address).
- Data relevant to the execution of an order (such as vehicle ownership and registration data, data concerning the counterparty and ownership details).
- Identification numbers (such as ID numbers and policy numbers).
Sensitive personal data:
- Financial data (such as account numbers and bank details).
- Medical data (relevant to emergency medical assistance or treatment of injury).
Selection of elements of the above personal data for processing depends on the service to be provided to you.
Purposes for which we process your personal data:
- Client service. Performed by us for companies in the insurance sector, real estate companies, housing corporations, leasing companies, healthcare providers and government bodies, among others.
- Relationship management, marketing, client administration and service purposes.
Website visitors (e.g. those subscribing to our newsletter)
- Relationship management, marketing, client administration and client service (such as informing you of the latest news about CED and relevant services; marketing and measuring response to our marketing campaigns and improving the functioning of our website).
Visitors to CED offices
- Internal verification and company security
Why we may use your data:
The use of your personal data is necessary for:
- The execution of our agreement with the person concerned;
- The fulfilment of our legal obligations, e.g. to comply with the Money Laundering and Terrorist Financing (Prevention) Act (Wwft);
- Exercising our legitimate interests in being able to (continue to) provide our services to our clients as efficiently as possible; and
- Fulfilling your legitimate expectations of correct service provision.
Website visitor (e.g. if you subscribe to our newsletter)
- Exercising our legitimate interest in providing or continuing to provide our services as efficiently as possible to visitors to our website and to optimise use of our website.
Visitors to the CED offices
The use of your personal data is necessary for protection of the legitimate interests of CED and third parties. Such legitimate interests are CED’s interests in the security of its property.
Who has access to your personal data?
- CED uses various systems for processing your personal data and the suppliers of these systems may, as a result, also process your personal data. For more information on these suppliers please contact us at firstname.lastname@example.org;
- Only employees of CED who need your personal data to perform their work have direct access to your data stored in CED’s systems.
- CED sometimes shares personal data with market research agencies and other third parties. Such data is shared, as far as possible, in anonymized form. For more information contact us at email@example.com.
Period of retention of your personal data
We delete the data after the retention period has expired in terms of the applicable rules of conduct and professional practice, or – in the absence of such rules – no later than five years after completion of the assignment, unless we are required by law to retain your data for a longer period or if longer retention is essential for the performance of our activities.
Visitors to CED offices
We will keep your contact details for a maximum of 6 months after your visit to our offices. We keep the camera images for a maximum of 4 weeks after your visit, unless we are required by law to keep your data for a longer period of time or if longer storage is essential for our operations.
Do I have to provide personal data to CED?
- The processing of personal data is necessary to enable you to use our services as, without these data, we would not be able to properly provide our products and/or services.
Visitors to CED offices
- The processing of personal data is necessary to provide you with access to the CED building. Without these data, we cannot grant you access.
Who is the data controller responsible for processing your personal data?
CED is the data controller responsible for the processing of your personal data.
Who can I contact if I have questions about the use of my personal data?
If you have any questions, please contact:
Data Protection Officer
2908 LP Capelle aan den IJssel
Tel. +31 (0)10-2843434
What about the use of my personal data by third parties?
- If we do give third parties access to your data, we will only do so once we are certain that such third party will only use the data in a way and for a purpose related to the purpose for which the data was obtained, and only in accordance with this CED Privacy Statement. Further, the confidentiality obligations and security measures required by law to prevent your personal data from being disclosed to other parties are always applicable.
- In some cases, a legal obligation may also require us to provide data to third parties, such as judicial authorities. In such cases we will always respect your right to privacy as much as possible.
- If we wish to transfer your data outside Europe because, for example, a data centre or our supplier is located there, we will only do so under the conditions required by law, for example under a contract to which the EU Model Clauses apply.
How do we secure your personal data?
- We take all reasonable and appropriate security measures to protect our visitors and clients from unauthorized access or alteration, disclosure or destruction of their personal data. In so doing we comply with the applicable security standards.
- If, despite the security measures put in place, there is a security incident that is likely to adversely affect your privacy, we will inform you of the incident as soon as possible. In such case we will also inform you of the measures we have taken to limit the consequences of and prevent future recurrence of such an incident.
What rights do you have with respect to the use of personal data (and how can you exercise them)?
- You may object to the use of your personal data if, for example, you believe that such use is not necessary for the operation of our business or to comply with a legal requirement.
- You have the right of access to your personal data. This means that you can inquire as to which personal data has been registered and for what purposes that data will be used.
- If you believe that we have incorrect personal data concerning yourself, you can have this personal data corrected. You may also ask us to limit the processing of your personal data, including during the period of time we require to review your requests or objections.
- You may ask us to remove your personal data from our systems.
- You may ask us to arrange for your personal data to be transferred to another party.
- We will comply with your request, unless we have an overriding, legitimate interest in not deleting the data and such interest outweighs your privacy interests. Once we have deleted the data, technical reasons may prevent us from immediately removing all copies of the data from our systems and backup systems. We may refuse to comply with the foregoing requests if they are unreasonably frequent, involve unreasonably excessive technical effort or have unreasonably severe technical consequences for our systems or endanger the privacy of others.
- You may submit the aforementioned requests or objections by sending a letter with your name, address, telephone number and a copy of a valid proof of identity to CED or emailing such letter to firstname.lastname@example.org. Please do not forget to render your social security number (BSN) unreadable on the copy of the proof of identity before sending it. You will receive an answer within one month.
- You may also lodge a complaint concerning the use of your personal data. Such complaints may be lodged with the Dutch Data Protection Authority.
Will you use my data in order to send newsletters?
- We use our clients’ address data to send service emails and sales information in the form, for instance, of newsletters and event invitations. You can unsubscribe from emails containing sales information at any time or set your preferences by using the unsubscribe option included in all messages.
- We use contact details of parties other than our clients in order to send commercial information such as newsletters and event invitations only if you have given your prior consent thereto. You can revoke your consent at any time by using the unsubscribe option included in each message.
Amendments to privacy statement
We reserve the right to amend our privacy statement at any time. Amendments will be published on our website (www.ced.nl).