The processing of personal data is necessary for the business operations of Base, which consist primarily of risk consulting and insurance broking, which enable the consideration of, access to, administration of, and claims handling of, insurance.
Our customers must be able to trust that we handle any received personal data carefully and securely. We therefore comply with the current regulations in the area of the protection of personal data such as the General Data Protection Regulation (GDPR).
Our general policy is that personal data are processed in a proper and careful manner in accordance with the relevant laws and regulations. To meet this policy, we apply the following accepted privacy principles:
- We handle your data carefully.
- We will comply with applicable laws and regulations in the area of privacy
- We ensure proper security of our systems
- We do not sell your information to third parties
- We only process personal data for the purposes as described in this privacy statement.
- We inform you about your rights in the area of Privacy
- We deal adequately with your requests regarding the processing of your personal data
In this privacy statement we want to inform you about how we handle your personal data. You can read here for example what we process your personal data for, with whom we share your data and what rights you have when it comes to the processing of your personal data.
Identity of controller and contact details
Our contact details
Phone number: +31(0)20 30 86 400
Olympisch Stadion 12, 1076 DE Amsterdam, The Netherlands
Mailbox 75944, 1070 AX Amsterdam, The Netherlands
When may Base process personal data?
We may only use your personal data if we have a reason mentioned in the General Data Protection Regulation. The reasons that apply to us are:
- You have given permission. We will only ask you for permission if that’s necessary to process your personal data. When we process your personal data on the basis of your permission, you may withdraw your permission at any time. You can do this by contacting us, by telephone or email. In our newsletters, we state our contact details at the bottom of our communication.
- Performance of a contract with you. Processing is necessary for the performance of a contract to which you are party or prior to entering into a contract in order to take steps at your request. In order to be able to advise you properly about your insurance policies, to mediate for you in insurance activities and to manage your portfolio, we need your personal data.
- Compliance with a legal obligation. Processing is necessary for compliance with a legal obligation to which we are subject.
- For our legitimate business interest. Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. We always weigh the balance between your interests and those of us. Our interests include the performance of contracts with you and / or maintaining, and possibly expanding, our customer relationship.
We process special categories of personal data based on the following reasons:
- Your explicit consent. You have given your explicit consent to the processing of those personal data for one or more specified purposes. You are free to withdraw your consent, by contacting our Compliance Officer. However withdrawal of this consent may impact our ability to provide our services. For more detail see the consent section above.
- For legal claims. Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Substantial public interest. Processing is necessary for reasons of substantial public interest, on the basis of EU law or Dutch law.
What types of data does Base process?
Depending on the services that we perform for you, we may (possibly) process the following data from you:
- Individual details: name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant, driving behavior.
- Identification details: identification numbers issued by government bodies or agencies (e.g. depending on the country you are in, social security or national insurance number, passport number, ID number, tax identification number, driver’s license number).
- Financial information: payment card number, bank account number and account details, income and other financial information.
- Insured risk: information about the insured risk.
- Special categories of personal data: the following data are considered as special categories of personal data:
- Health data: current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history;
- Criminal records data: criminal convictions, including driving offences; and
- Other Special Categories of Personal Data: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning an individual’s sex life or sexual orientation.
- Policy information: information about the quotes individuals receive and the policies they obtain.
- Anti-fraud data: information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.
- Previous claims: information about previous claims, which may include health data, criminal records data and other Special Categories of Personal Data (as described above).
- Current claims: information about current claims, which may include health data, criminal records data and other Special Categories of Personal Data (as described above).
- Marketing data: whether or not the individual has consented to receive marketing from us and/or from third parties.
We collect and receive Personal Data from various sources, including (depending on the service provided and country you are in):
- Individuals and their family members, online or by telephone, or in written correspondence
- Individuals’ employers or trade or professional associations of which they are a member
- In the event of a claim, third parties including the other party to the claim (claimant/ defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers and other relevant parties
- Other insurance market participants, such as insurers, reinsurers and other intermediaries
- Anti-fraud databases and other third party databases, including sanctions lists
- Claim forms
We always ensure that we only process the personal data that we need for our services and business operations.
What does Base use your personal data for?
We process your personal data only for the following purposes:
- Advising customers and potential customers on employee benefits, financial planning, risk management, pensions, absenteeism guidance and insurance in the broadest sense of the word.
- Mediating in the realization of insurances;
- Assessing and accepting (potential) customers;
- Managing our relationship with (potential) customers and visitors;
- Managing and expanding our customer base;
- Entering into and executing agreements;
- Collecting, passing on and managing the required data to insurers / pension providers / experts / expertise agencies for concluding and executing (insurance) agreements;
- The settlement of payment transactions;
- The settlement and registration of damages;
- Ensuring the safety and integrity of the financial sector/services;
- Meeting legal obligations and
- Combating, preventing and detecting attempted/confirmed (punishable/unpunishable) behavior directed against the sector that Base is part of, the group to which Base belongs, Base itself and its customers and employees.
With whom does Base share your personal data?
We do not just provide your personal information to others. We may do so if you have given us permission for this, if we are obliged to do so on the basis of the law or a court decision, or if the provision is for the purposes stated in this privacy statement. For the performance of our operations and depending on the services provided to you, we may provide your personal data to the following persons or parties (not exhaustive):
- Insurers, insurance intermediaries pension providers and other relevant financial institutions
- External parties that process data under our control and responsibility, such as our ICT service provider.
- (Damage) experts
- Damage repair businesses
- Financial Services Complaints Board
- Public safety answering points and emergency services
- Health and safety service
- Employment experts
- Payroll accountants or comparable companies
- Service providers
- Supervisory authorities and investigative authorities
- Debt collection agencies • Courts
External parties that process the personal data under our responsibility, do so only for purposes and under conditions that we have agreed with them. We record this in written agreements.
We ensure an adequate level of security and implement appropriate technical and organizational safeguards to protect personal data against loss or against any form of unlawful processing. These safeguards also serve to prevent unnecessary and / or unlawful collection and processing of personal data.
How long does Base keep your personal data?
Our retention periods for personal data are based on business needs and legal requirements. Your personal data will not be retained for longer than is necessary for the purposes for which it was collected or any other permitted related purpose(s). If our relationship or agreement ends, we will retain the data during the statutory retention periods that apply to us. How long we have to do this depends on the agreement you have entered into with us. For example, for pension insurance, the statutory retention period is longer than that of a car insurance.
Personal data will be taken out of the reach of the active administration after the retention period has expired. We will destroy the personal data after the expiry of the retention period.
The principle of data minimisation
When processing personal data, the amount and type of data is limited to the personal data that are necessary for the purposes mentioned in this privacy statement or as permitted by law. The data must be adequate, relevant and not excessive in relation to the purposes stated in this privacy statement. Where possible, the minimum required or no personal data will be processed.
If we require Personal Data for a purpose inconsistent with the purposes we identified in this privacy statement, we will notify clients of the new purpose and, where required, seek individuals’ consent (or ask other parties to do so on Base’s behalf) to process Personal Data for the new purpose(s).
What rights do you have?
You are in charge of your own personal data. That is why the General Data Protection Regulation (GDPR) gives you a number of rights. You may ask us to:
- provide further details on how we use and process their personal data;
- provide a copy of the personal data we maintain about the individual;
- update any inaccuracies in the personal data we hold;
- delete personal data that we no longer have a legal bases to process;
- restrict how we process the personal data while we consider the individual’s enquiry and
- To transmit your personal data to yourself or to another controller.
In addition, under certain conditions, you have the right to:
- where processing is based on consent, withdraw the consent;
- object to any processing of personal data that Base justifies on the “legitimate interests” legal grounds, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights
These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).
We always try to meet your request as soon as possible, but no later than four weeks after submission. We do not charge any costs for this. If the period of four weeks is not reasonably feasible, you will be informed of this within this period. In that case, we will comply with your request within two months after the expiry of the first term.
Please note that we cannot always meet your request. For example a request to delete your personal data, during the legal retention period (which has not yet expired) or if you have another ongoing contract with us, this would be a conflict between your request and our legal requirement. If we are unable to meet your request, we will of course inform you of this.
Questions, requests or complaints?
If you have questions or requests about the processing of your personal data or this statement, you can contact our Compliance Officer. You can also approach our Compliance Officer if you have complaints about the processing of your personal data or if you want to make use of one of your rights. You can reach our Compliance Officer by e-mail at firstname.lastname@example.org or by mail via:
Base Insurance B.V.
Attn. the legal and compliance department
Olympisch Stadion 12
1070 AX Amsterdam
If you have a complaint and you do not agree with our policy, you can contact the supervisory authority of Netherlands via autoriteitpersoonsgegevens.nl.
Changes to this privacy statement
This privacy statement is subject to change at any time. It was last changed on 02.03.11. If we make changes to this privacy statement, we will update the date it was last changed. Changes that we make to this privacy statement will take effect immediately. You are advised to check this privacy statement regularly, so that you are aware of any changes.