Privacy Statement

When advising on and concluding financial products or services, A1B Advisory Group requests confidential information from you. As a (potential) customer of A1B Adviesgroep you must be able to assume that we will handle the information you provide us with due care and that this information will not be shared with others without your explicit consent.

In this sense, careful handling of the recording and exchange of personal data is a condition for careful financial services. Confidentiality is an important aspect for our company and the attitude of the professionals working in it.

For the effective performance of our work, it is necessary that we exchange personal data with providers of financial products and / or services, as this affects the core of our duties as a financial service provider. In addition, it is possible that we provide information to, for example, the Tax Authorities or the Netherlands Authority for the Financial Markets on the basis of legal obligations.

We have mapped the records of personal data we keep and processed them in our internal processing register. You can receive these on request. Here you will find information about the data that we process and about the parties with whom we can exchange this data.

1. Definitions

In this Privacy Statement the following terms have the following meanings:

the law: the General Data Protection Regulation (GDPR) and the GDPR Implementation Act;

personal data: any information about an identified or identifiable natural person;

processing of personal data: any action or set of actions relating to personal data, including in any case the collection, recording, organization, storage, update, modification, retrieval, consultation, use, provision by means of transmission, distribution or any other form of making available, bringing together, linking together, as well as shielding, erasing or destroying data;

file: any structured set of personal data, regardless of whether this set of data is centralized or distributed in a functionally or geographically determined manner, which is accessible according to certain criteria and relates to different persons;

controller: the natural person, legal person or any other person or administrative body that, alone or together with others, determines the purposes of and the means for the processing of personal data;

processor: the person who processes personal data on behalf of the controller, without being subject to his direct authority;

data subject: the person to whom personal data relates;

third party: any person, other than the data subject, the controller, the processor, or any person who is authorized to process personal data under the direct authority of the controller or processor;

recipient: the person to whom the personal data are provided;

consent of the data subject: any free, specific and informed expression of will by which the data subject accepts that personal data relating to him will be processed;

supervisor: Dutch Data Protection Authority;

provision of personal data: the disclosure or making available of personal data;

collection of personal data: obtaining personal data.

2. Range

1. This Privacy Statement applies to the fully or partially automated processing of personal data. It also applies to the non-automated processing of personal data contained in a file or intended to be included therein.

2. This Privacy Statement applies within A1B Adviesgroep and relates to the processing of personal data of (potential) customers, employees and other natural persons involved.

3. Purpose

1. The purpose of collecting and processing personal data is to have access to the data that are necessary for the realization of the purposes as described in the processing register and other plans of A1B Adviesgroep, the realization of legal purposes and the implementation of policy and management in the context of these purposes.

4. Representation of the person concerned

1. If the person concerned is a minor and has not yet reached the age of sixteen or is of legal age and has been placed under guardianship, the consent of his legal representative is required instead of the consent of the person concerned. Consent is recorded in writing. If the data subject has issued a written authorization with regard to his representative towards the processor, the consent of the written agent is also required.

2. Consent may be withdrawn at any time by the person concerned, his or her authorized representative in writing or his legal representative.

5. Responsibility for management and liability

1. The controller is responsible for the proper functioning of the processing and management of the data; Under the responsibility of the controller, an administrator is usually charged with the actual management of the personal data.

2. The responsible party will ensure that appropriate technical and organizational measures are taken to protect against any loss or any form of unlawful processing of data.

3. The responsibility referred to in paragraph 1 and the provisions of paragraph 2 apply without prejudice if the processing takes place by a processor, this is regulated in an agreement (or by means of another legal act) between the processor and the controller.

4. The responsible person is liable for damage or disadvantage caused by non-compliance with the provisions of the law or this Privacy Statement. The processor is liable for that damage or that disadvantage, insofar as this / that is caused by his actions.

Lawful Processing

1. Personal data will be processed in a proper and careful manner in accordance with the law and this Privacy Statement.

2. Personal data will only be collected for the purposes referred to in this Privacy Statement and will not be further processed in a way that is incompatible with the purposes for which they were obtained.

3. Personal data must - in view of the purposes for which they are collected or subsequently processed - be adequate and relevant; no more personal data must be collected or processed than is necessary for the purpose of the registration.

4. Personal data may only be processed if:

a.the data subject has given his unambiguous consent to the processing;

b. the data processing is necessary for the performance of an agreement to which the person concerned is a party (for example, an agreement to conclude a financial product or financial service or the employment contract with the person concerned) or for actions, at the request of the person concerned, that are necessary for the conclusion, or assisting in the management of an agreement;

c. the data processing is necessary to fulfill a legal obligation of the controller;

d. the data processing is necessary in connection with a vital interest of the data subject;

e. the data processing is necessary with a view to an interest of the controller or of a third party, unless that interest conflicts with the interest of the person whose data are processed and that interest prevails.

5. The Citizen Service Number will only be registered if there is a legal basis for this. As a rule, there will be no such basis for our services.

6. Anyone acting under the authority of the controller or processor - and also the processor himself - only processes personal data on behalf of the controller, except in the case of deviating legal obligations.

7. the data will only be processed by persons who are obliged to observe secrecy on the basis of an (employment) agreement.

7. Processing of personal data

1. The processing takes place by employees of our company who deal with financial services.

2. The processing generally takes place in connection with the performance of an agreement, namely the agreement to provide services. In those cases where there is no performance of such a contract, the processing takes place with the express consent of the data subject.

3. The processing is done in order to be able to carry out our activities as an advisor and / or broker in financial products and services.

8. Special personal data

1. The processing of personal data about a person's religion or belief, race, political affiliation, health, sexual life, trade union membership or criminal personal data is prohibited, except in cases where the law expressly provides by whom, for what purpose and the conditions under which such data may be processed (Articles 9 and 10 of the GDPR).

2. As a financial service provider, we may process information about your health in our administration, provided this is necessary for the proper performance of our work. We may also request information about a possible criminal past from you, if this is necessary for the proper execution of an agreement, provided that you give your explicit permission for this.

9. Data processing

1. Information obtained from the person concerned

If the personal data is obtained from the data subject himself / herself, the controller will inform the data subject before the moment of collection:

a. his identity;

b. the purpose of the processing for which the data are intended, unless the data subject already knows that purpose.

c. The controller shall provide the data subject with further information to the extent that - given the nature of the data, the circumstances under which they were obtained or the use to which it is made - it is necessary to guarantee proper and careful processing towards the data subject.

2. Information obtained without the involvement of the person concerned

In addition to the information received from the data subject, the controller may, for the purposes described, obtain information from external sources that the controller considers reliable. Think of the Roy data for the registration of your bonus / malus statement, the RDW for your vehicle data and the CIS foundation for the prevention and combating of fraud in the insurance sector.

The responsible party shall ensure that with any processing of personal data, only those personal data are processed that are accurate, adequate, relevant and not excessive.

10. Right of access

1. The data subject has the right to be informed of the processed data relating to his person.

2. The controller will inform everyone at his request - as soon as possible but no later than four weeks after receipt of the request - in writing whether personal data concerning him or her will be processed. Costs may be charged for providing such a notification. In addition, the data subject, who requests access to his personal records, may be asked for a copy of a valid proof of identity.

3. If that is the case, the controller will provide the applicant with a complete written statement, as soon as possible, but no later than four weeks after receipt of the request, with information about the purpose or purposes of the data processing, the data or categories. of data to which the processing relates, the recipients or categories of recipients of the data as well as the origin of the data.

4. If a weighty interest of the applicant so requires, the controller shall comply with the request in a form other than the written form that is adapted to that interest.

5. The controller can refuse to comply with a request if and insofar as this is necessary in connection with:

a.the investigation and prosecution of criminal offenses;

b. the protection of the data subject or of the rights and freedoms of others.

11. Provision of personal data

1. In principle, the provision of personal data to a third party does not take place other than with the consent of the person concerned or his representative, except in the case of a statutory regulation or an emergency to this effect.

2. An exception to this rule is information exchange with parties who need information for the performance of the agreement, such as insurance companies, credit providers or parties involved in claims handling.

3. Finally, we can provide personal data in order to be able to comply with legal obligations, such as with the Netherlands Authority for the Financial Markets.

12. Right to correction, addition, deletion, restriction

1. At the written request of a data subject, the controller will correct, supplement, delete and / or limit the personal data processed about the applicant, if and insofar as these data are factually incorrect, incomplete for the purpose of the processing, irrelevant serving or comprising more than is necessary for the purpose of the registration, or otherwise processed in violation of a legal provision. The request of the person concerned contains the changes to be made.

2. The controller shall inform the applicant in writing as soon as possible, but no later than four weeks after receipt of the request, whether he complies with it. If he does not want to comply with this or not fully, he will give reasons. In this context, the petitioner has the option of addressing the controller's complaints committee.

3. The responsible party will ensure that a decision to correct, supplement, remove and / or shield is implemented within 14 working days, and if this is not reasonably possible otherwise as soon as possible afterwards.

13. Retention of data

1. Personal data will not be kept in a form that makes it possible to identify the data subject for longer than is necessary for the realization of the purposes for which they are collected or subsequently processed.

2. The controller determines how long the recorded personal data will be kept.

3. If the retention period of the personal data has expired or the data subject makes a request for deletion before the expiry of the retention period, the relevant data will be deleted within a period of three months.

4. However, removal will not take place if it can reasonably be assumed that

a.the storage is of great importance to someone other than the person concerned;

b. the storage is required by law (including the Financial Supervision Act) is or

c. if there is agreement on this between the data subject and the controller.

14. Processing register

1. The processing of personal data intended for the realization of a goal or related purposes has been mapped out by us and processed in an internally maintained processing register before the processing starts. The internal processing register states:

the name and address of the responsible party;

b. the purpose or purposes of the processing;

c. a description of the categories of data subjects and of the (categories of) data relating to them;

d. the recipients or categories of recipients to whom the data may be disclosed;

e. the retention periods used.

15. Data breaches

1. If the controller is confronted with a data breach, it will investigate whether personal data has been lost or whether unlawful processing cannot be ruled out.

2. If the aforementioned investigation shows that personal data of a sensitive nature has been leaked or there is (a significant chance of) adverse consequences for the protection of the processed personal data for another reason, the controller will inform the Dutch Data Protection Authority about the data breach.

3. If the controller has not (properly) encrypted all leaked personal data, or if the data breach is likely to have adverse consequences for the privacy of the data subjects for other reasons, the controller will also report the data breach to the Netherlands Authority for the Financial Markets. It is possible that, in consultation with the aforementioned supervisory authorities, it will also be decided to inform those involved about the possible data breach.

16. Complaints procedure

1. If the data subject is of the opinion that the provisions of this Privacy Statement are not being complied with, he can contact:

a.the controller;

b. if the person concerned is not satisfied with the outcome of the complaint, he can turn to the Financial Services Complaints Institute in The Hague;

c. with the request to mediate and advise the Dutch Data Protection Authority in the dispute between the data subject and the controller;

d. the court.

17. Cookies

In order to make this website function better and faster and to be able to adapt it to your preferences, certain information about your use of this website is collected. This information can be collected by using so-called "cookies". These are small text files that are automatically placed on your computer by the visited web page. You can disable the use of cookies via the settings of your browser. However, this can lead to a poorer functioning of this website

18. Third Party Websites

This Privacy Statement does not apply to websites of third parties that can be visited via links via this website.

19. Questions and opt-out

For questions about this Privacy Statement and / or the way in which A1B Adviesgroep processes your personal data, please contact us via 0318-611111, Postbus 473, 6710 BL in Ede or [email protected] If you do not wish to receive information about our products or services, you can let us know

20. Access, correction and right to object

If you have a relationship with our company, you have the opportunity to view your personal data after written request. If the overview provided by us contains inaccuracies, you can request us in writing to change the data, to have it removed or not to distribute it further (restriction). Send such a request to A1B Adviesgroep, PO Box 473, 6710 BL in Ede or [email protected] To prevent abuse, we ask you to enclose a copy of a valid ID. We request that you shield your citizen service number and passport photo on this copy.

21. Changes to Privacy Statement

A1B Adviesgroep reserves the right to make changes to this Privacy Statement. It is recommended that you consult this Privacy Statement regularly so that you are aware of these changes.

en