Privacy Statement

This privacy statement explains how OOM Verzekeringen treats your personal data when executing our services. This privacy statement applies to all data collected and processed by OOM Verzekeringen regarding customers, existing and potential, contacts from suppliers and other organisations, and users of its website.

OOM Verzekeringen regards carefully treating the personal data of clients and others important. That is why we process personal data in accordance with privacy laws, such as the General Data Protection Regulation (GDPR). Furthermore, insurers have made mutual agreements regarding the use of personal data. These rules of conduct can be found in: Insurance Sector Code of Conduct for Processing Personal Data (in Dutch).

The GDPR states that companies must be transparent regarding how they deal with the personal data of clients. We do this by answering the following questions in this privacy statement:

1. Privacy statement
2. What is personal data and which personal data do we use?
3. What do we use your personal data for?
4. Will your data be shared with third parties?
5. How do we treat your medical data?
6. How long do we keep your personal?
7. How do we protect your personal data?
8. What are your rights?
9. How can you get in touch?

Personal data is for example, your name and date of birth, contact details and bank account number. When you apply for an insurance, we ask you for your name, address, email address and telephone number. We sometimes also ask you for other data. Like requesting your medical history when applying for health insurance. Or your bank account number for the automatic direct debit of the premium or paying a claim.

If you’re a customer with us and you send us an electronic message, e.g. an email, this message will be included in your policy file. We also process agreement details such as: duration, extension date, expiry date, clauses, claims, claim numbers and results. We also record the reason why we won’t enter into an agreement or the reason for terminating an agreement. We sometimes require a country of residence to take out an insurance. The data we need and use differs per product.

Your personal data is necessary for processing your application and drawing up and executing your insurance. In short, we use your personal data for the following purposes and only when it is necessary:

1. Assessing and accepting insurance applications
2. Executing the insurance
3. Processing your claim or damage
4. To recover reimbursed costs from another insurer
5. To be able to send invoices and administering payments
6. To keep you up-to-date with new products and offers 
7. To make our website and My OOM accessible
8. For marketing and statistical purposes
9. To prevent and counter fraud

You can read more about the purposes below.

1. Assessing and accepting insurance applications
You can take out our insurance via the online application form. When we receive your application, we’ll process your data to take out and administrate the insurance. We’ll asses your application, after receiving it.

What data do we process for this?
We process different types of data. This includes name and address, date of birth, gender, email address and telephone number. We also process your payment details, such as your IBAN number and your choice of monthly, quarterly, six-monthly or annual payment. Information on relevant knowledge and experience, your vehicle registration and any criminal records may also be processed.

If you apply for a health insurance, we’ll ask you for your medical data. The Medical Adviser will assess your medical data. Based on the advice received from the Medical Adviser, we'll determine if you:

• Can take out the insurance.
• Can not take out the insurance.
• You can take out the insurance, but with an exclusion clause.

For a number of products, e.g. the OOM Schengen Visitor, OOM Provisional Residence in the Netherlands, OOM Temporary Residence Abroad and the Living Abroad insurance, your application will be assessed using a fully or partially automated process. The data you enter is automatically checked against our acceptance criteria. We also check to see if the data is correct. We also check your application against a number of general and fraud indicators, and make a risk assessment based on the data you enter and data from closed and public sources. This check may affect the offer you receive, for example, you may receive a clause proposal. If there’s a deviation in the standard application process, this deviation is always assessed by an OOM Insurance employee. If you have any questions or complaints in regard to the processing of your application, please feel free to contact us.

2. Executing the insurance
Your personal data is necessary for the execution of your insurance. Executing the insurance includes, for example: determining if you have a right to reimbursement of your costs, payment to the care provider or other third parties proprietors, payment of reimbursement to you, collecting premium, determining own risk excess, executing checks, countering fraud (including the reporting of incidents in an internal registry), damage incidents from third parties, research among insured people into the quality of care, limiting arrears of payment of the policyholder at OOM Verzekeringen, treating complaints and disputes, and analysing data, including personal data, for risk control (including the control of healthcare costs).

3. Processing your claim or damage
When you want to report damages or make a claim, we'll process your data for the administration of the claim or damages, and to determine if the claim or damages are eligible for payment.

What data do we process for this?
For this purpose, we process the data in the completed online/offline claims form. This contains your name, policy number, bank details, a description of what happened and an overview of your invoices. We also process your insurance data.

4. To recover reimbursed costs from another insurer
When we’ve made a payment under your insurance policy, we can in some cases recover this claim from another insurer. We only do this for claims under a healthcare insurance that may also be covered by your Dutch national health insurance.

What data do we process for this?
For this purpose, we process your name, policy number, a description of what happened and an overview of your invoices. We also process your insurance data.

5. To be able to send invoices and administering payments
When you’ve taken out an insurance, we'll send you invoices for the premium by email or by post. When your premium has been paid into our account, we'll register that your premium has been paid.

What data do we process for this?
For this purpose, we process your name and address, payment details, invoicing data, and other data in our customer administration. We'll also process your standard premium, any premiums for extra cover, and premium discounts.

6. To keep you up-to-date with new products and offers
It is possible that we send you newsletters to be of service to you and to inform you about developments or a new product. For this purpose, we use your email address.

If you’re a customer of ours, we can approach you with a newsletter or special offer via post or email. You can sign out for this by means of phone or by sending an email stating that you don’t wish to receive this information.

7. To be able to offer our website and My OOM
If you visit the OOM Verzekeringen website, OOM Verzekeringen can store information on your computer in the form of a cookie. Information regarding the use of cookies can be found on our website in the Cookie policy. These cookies collect and analyse details of your visit to our website, such as your type of browser, IP address, the pages you visited and how long and how often you visit our website. This enables our website managers to maintain and improve the website. For example, it enables them to solve technical issues or improve availability. Due to security measures, IP addresses of visitors are stored for 60 days in a separate file. This can only be accessed by technical administrators in case of security incidents or emergencies.

If you’re a customer, it means that you can use My OOM. You can request access to this via the OOM website and create a username and password. If you log in to your My OOM account, you’ll have a complete overview of all the products you’ve taken out with OOM in one spot. You can also manage your data such as changing your insurances or submitting claims.

What data do we process for this?
This requires your My OOM log in credentials, the specifics of the product you’ve taken out, any changes you make regarding your data, and other data that you pass on to us in this respect.

8. For marketing and statistical purposes
OOM Verzekeringen conducts research based on premiums and damages into trends in the use of its products. Your data is processed for conducting statistical analysis during the research. This data is used for management information, strategy and policy. We do NOT use these research results for marketing and sales activities specifically aimed at you. The results are also anonymous and can therefore not be traced to you personally.

OOM Verzekeringen sometimes uses personal data for marketing and sales activities to make selections of its customer base, for example when suggesting a product to a certain target group.

What data do we process for this?
For this purpose, we mainly process premium, burden of claims, country of residence and age.

9. To prevent and counter fraud
While an insurance is being taken out and during the insurance period, we check various sources, such as fraud registers and sanction lists, to ensure compliance with sanction laws. Are you involved in an event that could result in the interests, integrity or safety of insured people, OOM Verzekeringen or its employees, or the financial sector as a whole are at stake?  Then we will register your personal data in an Events Administration and an Incidents Register. Examples of incidents that could lead to registration: forging invoices, identity fraud, skimming, misuse of employment, phishing and intentional deception.

OOM Verzekeringen only makes your personal data available to a third party if it’s necessary for drawing up an insurance contract, for a legal obligation or if it’s necessary to ensure your or our rights are protected. Your personal data is never sold to third parties. Here are a few examples when it comes to sharing with third parties.

• Only if OOM Verzekeringen is legally obliged to, will personal data be provided to fiscal governmental agencies, investigation authorities such as police or judiciary, or overseers such as De Nederlandsche Bank, Financial Markets Authority and Data Protection Authority.
• In accordance with our responsible acceptance, risk and fraud policies, we register details with or request details from the Central Information System (CIS). The CIS Foundation administers details for insurance companies working in the Netherlands. These details are used to reduce risks and fight fraud.
• Of the people where it has been sufficiently determined that their behaviour is or could be a threat to the financial interests of OOM Verzekeringen or that of our insured people, their personal data will be registered in the External Referral Register. Participants of the Protocol Incidents warning system Financial Institutions (pdf, only in Dutch) can look into this register.
• We can outsource operations. OOM Verzekeringen will always remain responsible for the use of your personal data. Examples of outsourcing are the operations conducted by SOS International and our IT providers. 
• The claims for private individual liability, travel-, cancellation-, accidents and household contents insurance are handled by Unigarant. Claims and damage reports on legal expenses insurance policies are handled by ARAG.
• Other examples include postal costs, printing companies, performers of quality and customer satisfaction surveys and other professional service providers such as translators, debt collection service providers, accountancy and legal assistance.

When it comes to processing your data for the services and company activities in question by third parties, OOM Verzekeringen has taken the required contractual, technical and organisational measures to assure that your data is only processed when necessary. Third parties will only further process your data inline with the suitable laws and regulations.

Your data can also be passed on to receivers in countries outside the European Economic Area. For example, if you use our Assistance Centre abroad. In such instances, OOM Verzekeringen will take suitable measures that are reasonably necessary to assure that your data is adequately protected.

We take extra care when it comes to your medical data. This data is used when, for example, assessing your application for health insurance and to determine if you have a right to healthcare cost reimbursement. As far as necessary, we also use data regarding your health for monitoring, conducting fraud investigation, appeal against a third party and risk management.

The OOM Verzekeringen Medical Adviser is a physician, dentist, physiotherapist, midwife, nurse, healthcare psychologist, psychotherapist or pharmacist registered in the register concerning the Dutch Individual Health Care Professions Act (BIG).

The Medical Adviser is legally sworn to secrecy. The use of health data falls under the responsibility of the Medical Adviser. Every employee that uses health data, falls under the responsibility of the medical adviser, except when it comes to purely administrative actions. Examples are processing claims from healthcare providers, and passing on and digitising post. The group of employees that fall under the responsibility of the Medical Adviser, are called ‘Medical Office’. The employees the Medical Office are, just like the Medical Adviser, sworn to secrecy.

OOM Verzekeringen keeps your data as long as it’s necessary to execute the goal that we initially received your data for. This means that most data is kept for seven years after the expiry date of the insurance. There are a few exceptions:

Insurance not taken out 
It’s possible that you’ve applied for an insurance with OOM Verzekeringen, but that it hasn’t been taken out. For example, because you decided you didn’t want to take out the insurance, or because OOM Verzekeringen rejected your application. In this case, OOM Verzekeringen will keep your data for up to one year after the application. This allows us to check your data if you possibly apply again within that year.

Research into medical data 
Sometimes we will conduct research and use your medical data. In this case, we'll keep your data as long as necessary for the execution and completion of the research and to secure our rights. For example, to recover claims for declared care that you haven’t received.

Fraud 
Sometimes we’ll conduct research into fraud and use your data. In this case, we'll keep your data for a period of eight years after the closure of the research.

Complaints and disputes 
In the case of complaints or disputes, We'll keep your data after closure of the procedure for a period of two years.

OOM Verzekeringen takes care when handling your data. OOM Verzekeringen has taken adequate technical and organisational precautions to protect your personal data from loss or unlawful processing. Examples are an information security policy, secured servers and physical security of areas where data is stored. Developments in information security are quick. We regularly check if our precautions are still adequate. This is done by means of risk analysis and by conducting independent audits. If OOM Verzekeringen uses third parties for the processing of personal data, then we make agreements with these parties regarding the security of personal data.

We also advise you to carefully and confidentially treat your data and your log in credentials, and to not share your personal data and policy number publicly.

• You have the right to ask to view the personal data we have stored about you at any time.
• If you suspect that we have incorrectly processed data regarding you in our administration, then you can request a correction. We appreciate this because we can obviously only do our work when the data we work with is correct.
• You can request for your data to be removed from our files. But it often occurs that we aren’t allowed to remove your data, because we need your data for the execution of the insurance contract or because we must abide by the law.
• We have now specified how we receive and use your data. If at any time you wish to restrict the use, for example that we aren’t allowed to give certain data to a certain organisation, you can always pass this on to us.
• You can ask us to pass on your data to third parties.

If you wish to exercise your rights, or if you have any questions, tips or complaints about the use of your personal data, please contact our Data Protection Officer by sending an email or letter. Please include your contact and policy information.

To verify your identity, we may need to ask for additional information. This sometimes includes a copy of ID or passport. In this case, we request that your social security number and passport photo be rendered illegible. You can use the Dutch app KopieID from the Dutch government for this purpose. We do not keep this copy. We’ll delete the copy once your identity has been established. We’ll respond within one month after receiving your email or letter.

To contact our Data Protection Officer directly, please use the following email address fg@oominsurance.com. 

If you prefer to send a letter, please use the following:

OOM Insurance 
Attn. ‘Data Protection Officer’  
PO Box 3036  
2280 GA Rijswijk, The Netherlands  

If you are not satisfied with the processing of your personal data by OOM Verzekeringen, you can file a complaint with the Data Protection Authority.

Data Protection Authority
PO Box 93374 
2509 AJ The Hague, The Netherlands 

This privacy statement is subject to change. You can always find the latest version here. The date of the latest change can be found at the bottom of this statement.

Rijswijk, Jan. 8, 2025