The processing of personal data is necessary for the business operations of Light, which consist primarily of risk consulting and insurance broking, which enable the consideration of, access to, administration of, and claims handling of, insurance.
Our customers must be able to trust that we handle any received personal data carefully and securely. We therefore comply with the current regulations in the area of the protection of personal data such as the General Data Protection Regulation (GDPR).
Our general policy is that personal data are processed in a proper and careful manner in accordance with the relevant laws and regulations. To meet this policy, we apply the following accepted privacy principles:
In this privacy statement we want to inform you about how we handle your personal data. You can read here for example what we process your personal data for, with whom we share your data and what rights you have when it comes to the processing of your personal data.
AHC B.V. (we or our/us) is the controller in respect of the Personal Data it processes in connection with the services provided under the relevant engagement with its client(s).
In certain cases, and for the purposes of performing some services, Light and its client may have agreed that Light is a processor. When Light acts as a processor, it complies with the obligations set out in the agreement concluded with its client.
We may only use your personal data if we have a reason mentioned in the General Data Protection Regulation. The reasons that apply to us are:
We process special categories of personal data based on the following reasons:
Depending on the services that we perform for you, we may (possibly) process the following data from you:
We collect and receive Personal Data from various sources, including (depending on the service provided and country you are in):
We always ensure that we only process the personal data that we need for our services and business operations.
We process your personal data only for the following purposes:
We do not just provide your personal information to others. We may do so if you have given us permission for this, if we are obliged to do so on the basis of the law or a court decision, or if the provision is for the purposes stated in this privacy statement. For the performance of our operations and depending on the services provided to you, we may provide your personal data to the following persons or parties (not exhaustive):
External parties that process the personal data under our responsibility, do so only for purposes and under conditions that we have agreed with them. We record this in written agreements.
We ensure an adequate level of security and implement appropriate technical and organizational safeguards to protect personal data against loss or against any form of unlawful processing. These safeguards also serve to prevent unnecessary and / or unlawful collection and processing of personal data.
Our retention periods for personal data are based on business needs and legal requirements. Your personal data will not be retained for longer than is necessary for the purposes for which it was collected or any other permitted related purpose(s). If our relationship or agreement ends, we will retain the data during the statutory retention periods that apply to us. How long we have to do this depends on the agreement you have entered into with us. For example, for pension insurance, the statutory retention period is longer than that of a car insurance.
Personal data will be taken out of the reach of the active administration after the retention period has expired. We will destroy the personal data after the expiry of the retention period.
When processing personal data, the amount and type of data is limited to the personal data that are necessary for the purposes mentioned in this privacy statement or as permitted by law. The data must be adequate, relevant and not excessive in relation to the purposes stated in this privacy statement. Where possible, the minimum required or no personal data will be processed.
If we require Personal Data for a purpose inconsistent with the purposes we identified in this privacy statement, we will notify clients of the new purpose and, where required, seek individuals’ consent (or ask other parties to do so on Light’s behalf) to process Personal Data for the new purpose(s).
You are in charge of your own personal data. That is why the General Data Protection Regulation (GDPR) gives you a number of rights. You may ask us to:
In addition, under certain conditions, you have the right to:
These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).
We always try to meet your request as soon as possible, but no later than four weeks after submission. We do not charge any costs for this. If the period of four weeks is not reasonably feasible, you will be informed of this within this period. In that case, we will comply with your request within two months after the expiry of the first term.
Please note that we cannot always meet your request. For example a request to delete your personal data, during the legal retention period (which has not yet expired) or if you have another ongoing contract with us, this would be a conflict between your request and our legal requirement. If we are unable to meet your request, we will of course inform you of this.
If you have questions or requests about the processing of your personal data or this statement, you can contact our Compliance Officer. You can also approach our Compliance Officer if you have complaints about the processing of your personal data or if you want to make use of one of your rights.
You can reach our Compliance Officer by e-mail at [email protected] or by mail via:
AHC B.V.
Attn. the legal and compliance department
Olympisch Stadion 12
Mailbox 75944
1070 AX Amsterdam
The Netherlands
If you have a complaint and you do not agree with our policy, you can contact the supervisory authority of Netherlands via autoriteitpersoonsgegevens.nl.
This privacy statement is subject to change at any time. It was last changed on 10.05.18. If we make changes to this privacy statement, we will update the date it was last changed. Changes that we make to this privacy statement will take effect immediately. You are advised to check this privacy statement regularly, so that you are aware of any changes.