Go directly to the most important information of this page
Contact

Privacy Statement

About Pension Register Foundation

As the Pension Register (hereinafter: “the Pension Register”) we are obliged under the Pensions Act to give you, as a participant[1] or pensioner[2] the opportunity to consult data on your pension entitlements and/or pension rights, including your state pension. A regulation (“Pension Register Regulations”; hereinafter: “Regulations”) has been drawn up for this purpose.

The Pension Register processes data on behalf of pension providers and the Social Insurance Bank (SVB). The Pension Register is a processor; this is also explicitly included in the Pensions Act[3]. A processor processes data on behalf of the controller(s). The pension providers and the SVB are the controllers in the processing process; this means that they determine the purposes and means of processing.

To properly carry out our legal obligations, we use some personal data, such as the Citizen Service Number and date of birth. We further inform you in this privacy statement how we process your personal data carefully.

Purpose of the privacy statement

With this privacy statement, we inform you about which privacy-sensitive information we process and for what purpose. In doing so, the protection of privacy-sensitive information is paramount. Privacy-sensitive information, including personal data, is treated confidentially and carefully by us. We only process the data necessary to carry out statutory tasks. In doing so, we comply with current laws and regulations. We only provide your data to third parties if this is a direct consequence of legislation.

This privacy statement reads:

  1. What we process your data for;
  2. From whom we process data;
  3. What is the basis for processing your data;
  4. What data we process from you;
  5. With whom do we share your data?
  6. Where are your personal data processed?
  7. How long your data will be kept;
  8. How we protect your personal data;
  9. How we deal with data breaches;
  10. What privacy rights you have;
  11. How and where to file a complaint;
  12. Who supervises the processing of your personal data;
  13. Where to go for questions
  14. When changes are made to the privacy statement.

[1] Participant: the participant as referred to in the Pension Act, Compulsory Professional Pension Schemes Act and the political office holder as referred to in the General Pension Act for Political office holders.

[2] Pensioner: person for whom a pension commenced under a pension agreement, the Occupational Pension Scheme and/or the General Pension Act for Political office holders.

[3] See section 51(6)(7) of the Pensions Act

1. What do we process your data for?

We process your data to carry out our statutory duties, so that the beneficiary or pensioner is given the opportunity to access data on his pension entitlements or pension rights, including the state pension.

2. From whom do we process data?

We process data of the following individuals: Visitors who log on to the mijnpensioenoverzicht.nl website to obtain information about their pension entitlements or pension rights including AOW pension. Or individuals who contact our service desk.

3. On what basis do we process your data?

We process your personal data to fulfil the statutory duties set out in Section 51(6) and (7) of the Pensions Act. This processing is based on the basis that it is necessary to comply with our legal obligations. If you choose not to share certain essential information with us, this may affect (the quality of) our services.

4. What data of yours do we process?

We process the following data from you:

  1. BSN;
  2. Name;
  3. Date of birth;
  4. Pension details.
Personal data processed in the referral index

The Pension Register Foundation maintains in the so-called reference index an overview of which Citizen Service Numbers are known to which pension providers in order to retrieve your data. This reference index is not accessible to third parties and is encrypted.

Personal data processed during the time you are logged in

Stichting Pensioenregister processes your name and date of birth during the time you are logged on to the website. If your partner logs on to the website simultaneously with you, the aforementioned personal data of your partner are also processed. Logging in is the process by which a visitor identifies himself by signing in to the website via DigiD or eIDAS. On the other hand, a visitor can also visit the website without identifying him or herself and will only see general information on the homepage, and no personal data will be processed.

Personal data processed in technical logs

Stichting Pensioenregister processes the following data in technical logs, such as the log of the web server:

  1. Time you visited the website;
  2. Pages you visited on the website;
  3. Website you came from;
  4. The type of browser you are using;
  5. The type of operating system you are using.
Data processed when interacting with the mijnpensioenoverzicht.nl service desk

When you contact the service desk (via e-mail) with a question or request, a ticket is opened. The following data will be processed:

-  E-mail address and the content of the e-mail sent by you, are temporarily stored in the service desk tool.

This processing is essential for handling your query. Depending on the nature of the communication, personal data may be kept for some time after your query has been answered (see also section 7).

5. With whom do we share your data?

We provide your data to third parties only if the obligation to do so arises from legislation.

When we provide your personal data, we limit ourselves to the data needed to fulfil our obligations or the data request.

Of course, you yourself can choose to share your data with others.

Do we use other processors?

It is possible that we outsource work that involves processing your personal data. In these cases, the outsourcing party acts as a (sub)processor in accordance with GDPR, processing your personal data on behalf of the controller.

In accordance with GDPR, a processor agreement is concluded between the Pension Register and the outsourcing party, whereby this agreement complies with all legal requirements. This processor agreement also stipulates that the (sub)processor complies with GDPR.

6. Where are your personal data processed?

We are committed to protecting your privacy and wish to inform you about how we handle the transfer of personal data within or outside the European Economic Area (EEA).

Our organisation processes personal data within the EEA for the purpose of providing our services and complying with legal obligations. This means that the data you share with us is explicitly processed within the EEA.

Your privacy rights will remain protected at all times in accordance with applicable privacy laws. If you have any questions about the transfer of your personal data or wish to exercise your privacy rights, please contact us.

7. How long will your personal data be kept?

Your personal data, unless there is a statutory retention period, will not be kept longer than necessary for the original purpose of collection or processing. In some cases, we may retain certain data due to legal obligations. In that case, we will use the applicable legal retention period as a starting point.

The retention periods used by the Pension Register Foundation are as follows:

  1. Data processed in the referral index: as long as pension entitlements or rights exist, the BSN remains in the referral index;
  2. Data processed when you (and possibly your partner) log in to the website: all data collected is deleted immediately after logging out. The same applies if you download a file containing your pension data. There is no retention period in either case.
  3. Personal data processed in technical logs: data collected will be kept for a maximum of 90 days and then deleted;
  4. Data processed when interacting with the Mijnpensioenoverzicht.nl service desk: data in the service desk tool will be stored for a maximum of 100 days after the ticket is closed and then (automatically) deleted.

8. How do we protect your personal data?

Together with our outsourcing parties, we have taken appropriate technical and organisational measures to protect your data against unauthorised destruction, loss, access or modification. Both our offices and data centres are equipped with physical access security.

If you have the impression that your data is not adequately secured or if there are indications of misuse, we kindly ask you to contact our service desk at bestuursbureau@pensioenregister.nl.

9. How do we deal with data breaches?

A data breach occurs when there is unauthorised access to, disclosure, destruction, alteration or loss of personal data in our possession.

If a data breach occurs and poses a risk to your rights and freedoms, we will promptly inform the pension providers and SVB as soon as possible so that they can make a notification to the Personal Data Authority within 72 hours. Moreover, if required by law, and in agreement with the data controllers, we will also inform you of the data breach and the measures taken to address the situation.

10. What privacy rights do you have?

You have the following privacy rights:

  1. Right to access, supplement and correct;
  2. Right to object to processing personal data;
  3. Right to be forgotten;
  4. Right to data portability;
  5. Right to clear information;
  6. Right regarding automated decision-making and profiling.

Right of access, addition and correction

It is your right to verify whether we process personal data about you and to access it. You also have the right to have your personal data amended with us if we are found to be processing incorrect data about you, or to supplement data if your data is found to be incomplete. You can submit a request to inspect, supplement and correct your (personal) data to the relevant pension administrator or the Social Insurance Bank.

Would you like to know what data we process about you? Then you can apply to your pension administrator or SVB for a review. If your overview contains inaccuracies, you can submit a request for correction to your pension administrator or SVB. The contact details are listed on our website.

Right to object to processing of personal data

In certain cases, you can object to the processing of your personal data on the basis of special personal circumstances. You have the right to ask us to process less of your data or to (temporarily) stop processing if it is unlawful, if you have objected to the processing, if the processing is no longer necessary, or if the data processed is incorrect. You can submit a written reasoned request to this effect to our management office. The contact details can be found in this privacy notice. You will receive a decision within four weeks of receiving your request at the latest.

Right to be forgotten

You have the right to be forgotten. This right means that you can have your personal data deleted if you consider that it is no longer necessary for the purpose for which it was collected. You can make such a deletion request for data we have processed in relation to requests to our service desk. The request must be motivated in writing. You can send your substantiated request to Pension Register Foundation. The contact details are listed in this privacy statement. You will receive a confirmation no later than four weeks after receipt of your request. This confirmation will state whether, and if so, which personal data have been removed at your request.

For other personal data such as your pension details, you can submit a deletion request to your pension provider or SVB. Contact details are listed on our website under the heading “pension providers“.

Right to data portability

Would you like to share your (personal) data with another organisation? You have the option of downloading your pension statement (with your name and date of birth) as an XML, JSON or PDF file. You can also do this together with your partner. We bear no responsibility for the data processing by the organisation to whom you provided this data and/or for the storage of the data in your private domain.

Right to clear information

This is the right you have to be properly and fully informed about, for example, how we process your personal data and why we do so. This privacy notice is an example of that.

The right regarding automated decision-making and profiling

You have the right to human review of any automated decisions that affect you. At present, we do not use automated decision-making processes or profiling.

Where can you exercise your privacy rights?

You can exercise your privacy rights free of charge by sending a request in writing or by e-mail to:

Pension Register Foundation
Koninginnegracht 19
2414 AB Den Haag

Or bestuursbureau@pensioenregister.nl

After we receive your request, we aim to respond within one month. In cases where we do not have sufficient information to identify you, the request is complex, or there is a large number of requests, we reserve the right to extend the response time by one month. We will inform you if this is the case.

The Pension Register Foundation would also like to remind you that you have the option to file a complaint with the national regulator, the Personal Data Authority, if you disagree with our response to your request.

This can be done via the following link:
https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/gebruik-uw-privacyrechten/klacht-melden-bij-de-ap

Or, you can petition the subdistrict court if you are not satisfied with the outcome of the application procedure regarding your rights.

11. How and where can you make a complaint?

Do you have a complaint about our use of your personal data, for example because you believe we are not handling your personal data with care, or because you are not satisfied with our response to your request regarding your privacy rights? If so, you can file a complaint with us according to the Pension Register Foundation's complaints procedure.

12. Who supervises the processing of your personal data?

Monitoring is arranged in two ways:

  1. The Pension Registry has appointed a Privacy Officer;
  2. The Personal Data Authority is the statutory regulator of the processing of personal data.

Your can get in touch with our Privacy Officer at bestuursbureau@pensioenregister.nl for your queries.

Your can get in touch with the Personal Data Authority at:

Personal Data Authority
PO Box 93374
2509 AJ The Hague
0900 -2001 201
www.autoriteitpersoonsgegevens.nl

13. Do you have any questions about our privacy statement?

Then contact us:

Stichting Pensioenregister
Koninginnegracht 19
2414 AB The Hague
www.pensioenregister.nl
bestuursbureau@pensioenregister.nl

Other questions?

The website www.mijnpensioenoverzicht.nl shows data and amounts as supplied to us by the pension administrator(s). The accuracy and timeliness of these data are the responsibility of the pension providers. In the overviews you can see the date behind 'status as at' when the data were prepared. If you have any questions about your data and amounts, please contact your pension administrator.

An overview of frequently asked questions can be found at www.mijnpensioenoverzicht.nl/faq

Do you have another question about the Pension Register's processing of your personal data? If so, please send an e-mail or letter to the Privacy Officer of the Pension Register.

14. Changes

We reserve the right to make changes to the privacy statement, for example in connection with amendments to laws and regulations or case law. You are therefore advised to consult this statement regularly if you visit our site.

Version 3.0

Date of last update: January 2024