Privacy statement

This privacy statement explains how OOM Verzekeringen treats your personal data when carrying out our services. This privacy statement applies to all data collected and processed by OOM Verzekeringen regarding customers, existing and potential, and users of its website.

OOM Verzekeringen regards carefully treating clients’ personal data as important. That is why we process personal data in accordance with the General Data Protection Regulation (GDPR). Furthermore, Dutch insurers have made mutual agreements regarding the use of personal data. These rules of conduct (in Dutch) can be found on:

• Gedragscode verwerking persoonsgegevens verzekeraars
  (The Code of Conduct for processing the personal data of Financial Institutions)
• Gedragscode verwerking persoonsgegevens zorgverzekeraars
  (The Code of Conduct for processing the personal data of health insurers)

The GDPR states that companies must be transparent regarding how they deal with the personal data of clients. We do this by answering the following questions in this privacy statement:

1. What is personal data and which personal data do we use?
2. What do we use your personal data for?
3. Will your data be shared with third parties?
4. How do we treat your medical data?
5. How long do we keep your personal data?
6. How do we protect your personal data?
7. What are your rights?
8. How can you contact us?

Personal data are, for example, your name and date of birth, contact details and bank account number. When you apply for insurance, we ask you for your name, address, e-mail address and telephone number. We sometimes also ask for other data. For example, we may request details of your medical history when you apply for health insurance. Or your bank account number for the direct debit for the premiums or for reimbursing a claim. We also record other financial data, for example the payment method, payment frequency and arrears.

If you are a customer with us and you send us an electronic message (for example an e-mail), this message will be included in your policy file. We also store the details of the agreement such as: duration, renewal date, end date, clauses, claims, claim numbers and results. The reason why we do not enter into an agreement or why we terminate an agreement. For helping to identify you we make use of internal numbers such as the relationship number and/or the polic number. We also record geographic data such as location data. It differs per product which data we need and use.

Your personal data is necessary for processing your application and drawing up and providing your insurance. In short, we use your personal data for the following purposes, and only where such use is necessary for that purpose:

1. Assessing and accepting insurance applications
2. Providing the insurance
3. Processing your claim or damages
4. Invoicing and payment administration
5. Keeping you up-to-date with new products and offers
6. Providing our website and My OOM
7. Marketing and statistics
8. Preventing and combatting fraud                                                       

You can read more about these purposes below.

1. Assessing and accepting insurance applications
You can take out our insurance via the online application form. When we receive your application, we will process your data to take out and administer the insurance. After receiving your application, we will assess it.

Which data do we process for this?
We process data such as name and address, date of birth, gender, email address, telephone number, your payment details (such as your IBAN number and, whether you have chosen a monthly, quarterly, biannual or annual payment). Depending on the product, we might also request your social security number, information about relevant knowledge and experience, your car registration number or criminal data.

If you apply for health insurance, we will ask you for your medical data. The medical advisor will assess your medical data. Based on the advice received from the medical advisor, we will determine whether:

• You can take out the insurance
• You cannot take out the insurance
• You can take out the insurance, but with an exclusion clause
  
  

We assess the applications for the OOM Schengen Visitor, OOM Provisional Residence in the Netherlands, OOM Temporary Residence Abroad and Living Abroad insurance through an automated process. The data you have entered will be automatically checked against our acceptance criteria. We check whether this information is correct. In addition, we test your application against a number of (fraud) indicators and we make a risk assessment based on the data you have entered and data from (public) sources. This assessment may have consequences for the offer you receive, for example you may receive a clause proposal. If there is a deviation in the regular application process, this deviation will always be assessed by an OOM employee. If you have any questions or complaints regarding the automatic processing of your application, you can always contact us.

2. Providing the insurance
Your personal data is necessary for the provision of your insurance. Providing the insurance includes, for example: determining if you have a right to reimbursement of your costs; payment to the care provider or other third parties proprietors; payment of reimbursement to you; collecting premiums; determining excess; carrying out checks; combatting fraud (including the reporting of incidents in an internal registration system); claiming damages from third parties; carrying out research among insured persons into the quality of care; improving our services; targeting groups of insured persons with information relevant to them; limiting payment arrears of the policyholder with OOM Verzekeringen; handling complaints and disputes; and analysing data, including personal data, for risk control (including the management of healthcare costs).

3. Processing your claim or damages
Whenever you want to report damages or make a claim, we will process your data for the administration of the claim or damages, and to determine if the claim or damages are eligible for reimbursement.

Which data do we process for this?
This requires the data in the completed online/offline claims form. This contains your name, policy number, bank details, a description of what happened and an overview of your invoices. We also process your insurance data.

4. Invoicing and payment administration
When you have taken out insurance, we will send you invoices for the premium by email or by post. When your premium has been paid into our account, we will register that your premium has been paid.

Which data do we process for this?
This requires your name and address, payment details, invoicing data, and other data in our customer administration system. We will also process your standard premium, any premiums for extra cover, and premium discounts.

5. Keeping you up-to-date with new products and offers
We may send you newsletters, to be of service to you and to inform you about a new product.

Which data do we process for this?
This requires your email address or your postal address.

If you are a customer of OOM Verzekeringen, we can contact you with a newsletter or special offer via post or email. You can deregister for this service by phone or by sending an email stating that you do not wish to receive this information.

6. Providing our website and My OOM
If you visit the OOM Verzekeringen website, OOM Verzekeringen can store information on your computer in the form of a cookie. Information regarding the use of cookies can be found on our website in the Cookie policy. These cookies collect and analyse details of your visit to our website, such as your type of browser, IP address, the pages you visited, and how long and how often you visit our website. This enables our website managers to maintain and improve the website. For example, it enables them to solve technical issues or improve availability. In connection with security measures, IP addresses of visitors are stored for 60 days in a separate file, which is only accessible to technical administrators in case of serurity incidents or calamities.

If you are a customer of OOM Verzekeringen, you can use My OOM. You can request access to this via the OOM website and create a username and password. If you log in to your My OOM account, you will have a complete overview of all the products you have taken out with OOM in one place. You can also manage your data, such as changing your insurance or submitting claims for damages.

Which data do we process for this?
This requires your My OOM login credentials, the specifics of the product you have taken out, any changes you make regarding your data, and other data that you pass on to us in this respect.

7. Marketing and statistics
OOM Verzekeringen carries out research into trends in the use of its products, based on premiums and damages. Your data is processed for carrying out statistical analysis during the research. We do NOT use these research results for marketing and sales activities specifically aimed at you. The results are also anonymous and can therefore not be traced to you personally. OOM Verzekeringen sometimes uses personal data to make selections from its customer base, for example when suggesting a product to a certain target group.

Which data do we process for this?
This requires the processing of premium, damages, country of residence and age.

8. Prevent and combatting fraud
If you are involved in an event that could result in the interests, integrity or safety of insured persons, OOM Verzekeringen or its employees, or the financial sector as a whole being at stake, then we will register your personal data in an Events Administration and Incidents Register. Examples of incidents that could lead to such registration: forging invoices; identity fraud; skimming; embezzlement; phishing and intentional deception.

OOM Verzekeringen only makes your personal data available to a third party if this is necessary for drawing up an insurance contract, to meet a legal obligation, or if it is necessary to ensure your or our rights are protected. Your personal data is never sold to third parties. Here are a few examples of sharing data with third parties.

• Only where OOM Verzekeringen is legally obliged to do so, will personal data be provided to fiscal governmental agencies, investigation authorities such as police or judiciary, or supervisory bodies such as De Nederlandsche Bank, Financial Markets Authority and the Data Protection Authority.
• In accordance with our responsible acceptance, risk and fraud policies, we register details with, or request details from the Central Information System (CIS). The CIS Foundation administers details for insurance companies working in the Netherlands. These details are used to reduce risks and fight fraud.
• Where it has been sufficiently determined that a person’s behaviour is, or could be a threat to the financial interests of OOM Verzekeringen, or those of our customers, the personal data of that individual will be registered in the External Referral Register. Participants in the Protocol Incidenten waarschuwingssysteem Financiële Instellingen (Protocol Incidents warning system for Financial Institutions) can access this register.
• We can outsource operations. OOM Verzekeringen will always remain responsible for the use of your personal data. Examples of outsourcing are the operations carried out by Vecozo and Vektis on behalf of health and healthcare insurers. Vecozo enables health care providers to digitally deliver claims to the correct health insurer, for example. Vektis provides statistical information.
• Claims for private individual liability, travel, cancellation, accidents and household contents insurance are handled by Unigarant. Claims and reports of damages under the legal assistance insurance are handled by ARAG.
• Other examples are postal companies, printing companies, hosting and automated service providers and other professional services providers such as translation, accountancy and legal services.

Insofar as third parties processing your data for the services and company activities in question, OOM Verzekeringen will take the necessary contractual, technical and organisational steps to ensure that your data is only processed when necessary. Third parties will only process your data in line with the applicable laws and regulations.

Your data can also be passed on to recipients in countries outside the European Economic Area. For example, if you use our emergency centre in the United States. In such instances, OOM Verzekeringen will take suitable steps that are reasonably necessary to ensure that your data is adequately protected.

We take extra care when it comes to your medical data. This data is used, for example, when assessing your application for health insurance and to determine if you are entitled to reimbursement of healthcare costs. Insofar as necessary, we also use data regarding your health for monitoring, carrying out fraud investigation, appealing against a third party and for risk management.

The OOM Verzekeringen medical advisor is a physician, dentist, physiotherapist, midwife, nurse, healthcare psychologist, psychotherapist or pharmacist registered in the register for Dutch Individual Health Care Professions (BIG).

The medical advisor has a legal obligation of confidentiality. The use of health data falls under the responsibility of the medical advisor. Every employee who uses health data, falls under the responsibility of the medical advisor, except when it comes to purely administrative actions. Examples are processing claims from healthcare providers and passing on and digitising post. The group of employees who fall under the responsibility of the medical advisor, are called ‘the Medical Office’. Like the medical advisor, the employees in the Medical Office have an obligation of confidentiality.

OOM Verzekeringen keeps your data as long as it is necessary to for the purpose for which we initially received your data. This means that most data will be kept for seven years (starting from the year after the year in which the data apply). There are a few exceptions to this:

Insurance not taken out
It is possible that you may have applied for insurance with OOM Verzekeringen, but not taken it out. For example, because you decided you didn’t want to take out the insurance, or because OOM Verzekeringen rejected your application. In this case, OOM Verzekeringen will keep your data for up to one year after the application. This allows us to check your data, should you reapply this year.

After termination of your insurance
After termination of your insurance, we will keep your data for a maximum of seven years. This period starts from the day your insurance stops, or the day we last received the last invoice from you.

Research into medical data
Sometimes we will carry out research and use your medical data. In this case, we will keep your data as long as necessary for carrying out and completing the research, and to secure our rights. For example, to recover claims for care you have claimed but did not receive.

Fraud
Sometimes we will carry out research into fraud and use your data as part of this investigation. In this case, we will keep your data for a period of one year after the closure of the investigation.

Complaints and disputes
In the case of complaints or disputes, we will keep your data after closure of the procedure for a period of two years.

OOM Verzekeringen takes care when handling your data. OOM Verzekeringen has taken adequate technical and organisational precautions to protect your personal data from loss or unlawful processing. Examples are an information security policy, secured servers and physical security of areas where data is stored. Developments in information security are rapid. We regularly check if our precautions are still adequate. This is done by means of risk analysis and by conducting independent audits. If OOM Verzekeringen uses third parties for the processing of personal data, then we draw up agreements with these parties regarding the security of personal data.

We also advise you to treat your data and your login credentials carefully and confidentially, and to not share your personal data and policy number publicly.

• You may ask to view your personal data that we use.
• If you suspect that we have incorrectly processed data regarding you in our administration, then you can request a correction. We appreciate this, because we can obviously only carry out our work if the data we work with is correct.
• You can have your data removed. However, it is often the case that we are not allowed to remove your data, because we need your data for the provision of the insurance contract, or because we must abide by the law.
• You have the right to object against the use of your personal data, for example for direct marketing. If your data is used, but not for direct marketing or for the provision of your insurance, you can object based on special personal grounds. In your objection, state the data in question and the reason for your objection.
• We have now specified how we receive and use your data. If at any time you wish to restrict the use, for example that we are not allowed to give certain data to a certain organisation, you can always inform us accordingly.
• You can ask us to pass on your data to third parties.

If you wish to make use of your rights, or if you have any questions, feedback or complaints regarding the use of your personal data send us or our Data Protection Officer an email or a letter together with a copy of your passport or ID. Please make sure the social security number and the passport photo are unreadable and unrecognisable. We will react within a month after receiving your email or letter.

You can use the email address fg@oomverzekeringen.nl to contact our Data Protection Officer directly.

Or, if you prefer letters, send a letter to the address below.

OOM Verzekeringen
F.a.o. Data Protection Officer
PO Box 3036
2280 GA Rijswijk, The Netherlands

If you are not satisfied with the processing of your personal data you can also send a complaint to the Dutch Data Protection Authority.

Autoriteit Persoonsgegevens
Postbus 93374
2509AJ Den Haag

This privacy statement is subject to change. The most recent version can always be found here. The date of the last change can be found below this statement.

Rijswijk, 6 mei 2021