© a.s.r. 2023
ASR Nederland N.V. is the point of contact for the processing of personal data by all its brands, including ASR Real Estate B.V.
Visitor address
Archimedeslaan 10
3584 BA Utrecht
The Netherlands
Postal address:
Postbus 2008
3500 GA Utrecht
The Netherlands
Facebook Twitter (a.s.r) WhatsApp: +31(0)623889539 Telephone: +31(0) 30 257 9111
ASR Real Estate B.V. (hereinafter referred to by its trading name a.s.r. real estate) is a division of ASR Nederland N.V. We handle your personal data with due care as much as possible. We abide by the applicable (privacy) laws and regulations.
This personal data protection policy applies to all your personal data that a.s.r. real estate processes if you are a client of ours, when you visit our website, use our apps or when you contact our customer service. This policy also applies to situations in which, for example, you have had contact with a.s.r. real estate, but did not become a client of ours.
If you apply for a tenancy agreement, partnership agreement, investment or a financial or other service from a.s.r. real estate or if you provide us with a service, we will ask for your personal data. You provide us with this data through your adviser/intermediary (hereinafter referred to as adviser) or directly via our website, by email or by telephone.
The personal data we process depends on the type of contact we have with you:
If you visit our websites, we will collect data on your visit to our website via cookies and our cookie settings.
If you request information from us, we will ask you to provide us with your contact details so that we can send you the information.
If you become a client, we will require at least your contact details (name, address, telephone number and email address and in some cases also your date of birth and gender). We use this data to ensure performance of the agreement we have with you.
If you submit a complaint via our websites, we will request the personal data necessary to handle your complaint.
If you are a client of ours, we will use your bank account number to make and collect payments.
We also have access to your income details if we require these to determine whether you qualify for a rental property or to determine a rent increase of the property you rent. We also have your income details if we require these to determine whether you can enter into a long-term leasing contract with us or, in some cases, can rent commercial property.
In some cases, we also hold your citizen service number (Dutch acronym: BSN). This will be the case, for instance, for land tenancy agreements as we are obliged to pass your citizen service number to the agricultural tenancies authority. We will process your BSN only when we have legal grounds to do so.
We process data about the contacts you have had with us in order for us to see:
We use this data to see what contact we have previously had with you. If it concerned a question, a complaint or advisory opinion, we will be able to see this in your client file and will be able to help you better when you next contact us.
We can take video footage with cameras that recognise license plates in our parking facilities. Besides that, we can use surveillance cameras in and around our housing estate, commercial real estate and parking facilities.
In our business services we also process personal data. These are the names of contact persons, shareholders or UBOs (ultimate beneficial owner or ultimate stakeholder) of a company or PEPs (politically exposed persons). Pursuant to the Money Laundering and Terrorist Financing (Prevention) Act, we must determine who our business clients' UBOs are.
In most cases, we obtain the data directly from you. Besides the information that we obtain from you, we may also receive and process data from third parties, such as the manager, the Dutch Tax & Customs Administration, the Chamber of Commerce or other third parties, such as market research agencies. We can also process your personal data if you visit our commercial real estate or parking facilities. We record the sources of data we have received in our processing register if these sources are known.
We process personal data for the following reasons:
We use your details to get in touch with you, to assess whether you can become a client or business partner of ours or to amend our agreement. We may use your data to manage your agreement and to handle questions, complaints and financial affairs. Besides this we use your personal data to manage incidental transactions, such as license plate data to charge parking costs.
We also use your data to mitigate risks, for instance by:
We like to keep you up-to-date, for instance by sending emails, newsletters, special offers on our website or via social media, or by targeted advertising in apps and on third-party sites and social media. We also use your personal data for these.We do so by:
If you prefer not to receive personalised offers, you can opt out via the contact details section at “Who we are” shown on the website of a.s.r. real estate.
We also use your personal data to improve our products and services. We do so by combining and analysing the data. These analyses inspire new ideas and improved solutions. These analyses enable us to:
We also store data for the purposes of identifying fraud, abuse and improper use. For this purpose, we can exchange data within a.s.r. real estate with other financial institutions or external investigative agencies. In doing so, we comply with the Insurance and Criminality Protocol and the Financial Institutions Incident Warning System Protocol, if applicable. The latter protocol involves at least the following parties: the Dutch Association of Insurers (Verbond van Verzekeraars), the Dutch Banking Association (Nederlandse Vereniging van Banken), the Mortgage Fraud Foundation (Stichting Fraudebestrijding Hypotheken), the Association of Financing Companies in the Netherlands (Vereniging van Financieringsondernemingen in Nederland) and Zorgverzekeraars Nederland (the umbrella organisation of ten health insurers in The Netherlands). In the event of a personal investigation in connection with an insurance, we adhere to the rules of the Code of Conduct for Personal Investigations. To monitor the security and integrity of the various labels within a.s.r. real estate, we use a Central Events Administration. This database stores (personal) data that require our special attention with regard to certain events. Data from the Central Events Administration can only be accessed through our Security Department or other authorised employees.
We process your personal data based on one of the following legal bases:
We handle your data with due care and take the necessary technical and organisational measures to ensure an appropriate level of protection. We pay considerable attention to the optimal security of our systems processing personal data. We monitor the security or our data traffic 24 hours a day. In addition, our processes are set up in such a way that only those employees who need to have access to certain systems are allowed such access.
We have taken technical and organisational measures to protect your data from loss or unlawful processing. These include measures to ensure the secure use of our website and IT systems, and to prevent abuse. They also include the security of physical spaces where data is stored. We have in place an information security policy and train our employees in the field of personal data protection. Only authorised personnel can see and process your data.
All our employees have sworn an oath or affirmation. Employees swear or affirm that they will abide by legislation, regulations, codes of conduct, and that they will act with integrity.
We do not retain your data any longer than necessary. In some cases, the law determines how long we may or must keep data. In other cases, we have made our own determination of how long we need to retain your data. In this context, we have established a comprehensive retention periods policy. For example, we keep client files for seven years following the end of the relationship with a.s.r. real estate. However, we hold onto real estate files for at least ten years following the end of the relationship with a.s.r. real estate. If you have any specific questions about this, please contact us
We only provide personal data to third parties if this is permitted by law and is required for the business operations of a.s.r. real estate.
If you are a customer of one of the labels (De Amersfoortse, Ardanta, Ditzo, De Europeesche Verzekeringen), which are divisions of ASR Nederland N.V. in addition to a.s.r. real estate, we may share your personal data with one of the other labels of ASR Nederland, for instance as part of a responsible underwriting policy and to prevent and combat fraud.
We can also share data between the various departments of ASR Nederland to process your application or to gain an understanding of the products and services you have with us. This allows us to provide you with a better service.
It is possible that you will receive offers for other products of the labels that come under ASR Nederland N.V. If you do not wish to receive offers for other products, you can let us know.
If you have an adviser, you will only receive messages from us in coordination with your adviser.
Sometimes we are under a statutory obligation to pass on certain personal data to the government. This includes the Dutch Tax & Customs Administration, the Employee Insurance Administration Agency, the police, the judicial authorities or regulators, such as the Dutch Central Bank (DNB), the Netherlands Authority for the Financial Markets (AFM) and the Dutch Data Protection Authority.
If permitted by law, we can share data with your adviser where this is required to provide the service. We sometimes need your consent for this.
We also engage other businesses to provide services on our behalf relating to the contract that you have concluded with us. For real estate matters, for instance, these will include a real estate manager, a surveyor, a civil-law notary or a maintenance or repair company. We will make arrangements with these parties to ensure that your personal data remains protected.
We may also outsource the processing of personal data to third-party data processors. For instance, we engage IT service providers to arrange for maintenance and support functions. In most cases, these IT service providers are considered processors because they do not have independent control of the personal data that is provided by a.s.r. real estate to the IT service provider for the service to be provided. In these situations, a.s.r. real estate remains responsible for the due processing of your data.
To ensure a responsible underwriting and risk policy, and to prevent fraud, we record your data in the Central Information System (CIS) of Stichting CIS and also consult this system. We adhere to the rules of the CIS user protocol. Subject to strict conditions, we can share data with insurers affiliated with CIS via Stichting CIS. For more information, see the website of Stichting CIS.
If we share data with a service provider in a country outside the EEA, we will make arrangements with them so that we always comply with the rules that have been agreed within the European Economic Area. We will then use the standard clauses, i.e. model contracts approved by the European Union to ensure that a sufficient level of protection of personal data is achieved.
You have the right to ask us what personal data of yours we process and to ensure that incorrect data is rectified.
We will ask security questions or ask for a copy of your ID* in order to verify your identity.
You will receive our reply within four weeks.
*ID
When providing a copy of an identity document, your passport photo and citizen service number (BSN) must be obscured. We also recommend to mark on the copy that it is intended only for the purpose of exercising your personal data protection rights.
In a number of cases and subject to conditions, you have the right to have your personal data that we hold erased. This is the case when:
The right to be forgotten is not an absolute right. We can decide to reject your request and not to erase your data if your request is not based on one of the aforementioned reasons, or (i) in order to exercise the right to freedom of expression and information; (ii) in order to comply with a statutory obligation; or (iii) to establish, exercise or defend a legal claim.
If we reject your request to erase your personal data, we will inform you of the reasons why we are unable to honour your request.
If you believe that we are processing your information unlawfully, you can request that the processing be restricted. This means that we may no longer process the data.
You have the right to obtain a copy of the personal data that you have provided to us for the performance of the agreement that you have concluded with us or based on your consent. This only concerns personal data that we have received from you and not data that we have received from third parties. The aim of this right is to enable you to easily transfer this data to another party.
You always have the right to object to the processing of your personal data that takes place based on our legitimate interest or the legitimate interest of a third party. In that case, we will no longer process your data unless there are compelling legitimate grounds for processing that take precedence, or that relate to the establishment, exercise or defence of legal claims.
You have the right to opt out of newsletters or personalised offers in relation to our financial services. In commercial offers, we will always offer you the option to opt out. We may phone you for commercial purposes. We follow the rules of the Dutch Do Not Call Registry. Visit the website www.bel-me-niet.nl to opt out of commercial cold callingand to find out more about the Dutch Do not Call Registry. Such opt outs in the Dutch Do Not Call Registry only apply to companies and organisations with which you have no relation. Even if you are listed in the Dutch Do Not Call Registry, please note that companies or organisations of which you are or have been a customer may still call you for a similar product or service. (Source: Dutch Do Not Call Registry)
Before we communicate with you by email, we will ask for your consent, unless you have previously given your consent. You may withdraw your previously given consent at any time.
You can choose to contact us by online chat or via our social media pages on Facebook, LinkedIn or via Twitter or WhatsApp. If you contact us through one of these channels, we will store the data you send us through these channels in a secure environment. In order to respond to personal questions in your social media message, we will ask you to share your contact details with us in a personal message (direct message or email). This allows us to verify that we are talking to the right person.
The information we receive from you via these platforms is governed by this personal data protection policy. Use of social media is your own responsibility. This personal data protection policy is not applicable to how social media platforms handle the personal data that you provide. We advise you that many social media platforms are established outside the European Union and store their data outside the European Union. In most cases, the personal data protection legislation of the European Union will not then apply. We encourage you to consult the privacy statements of these social media channels for further information on how they process your personal data.
We compile profiles of our clients based on the data that we collect for the purposes of analysing this data and thus obtaining insight into (future) actions and preferences. We will then be able to respond appropriately, for instance by sending targeted advertising/information to customers based on their browsing behaviour that has been tracked using tracking cookies. When we do this, we comply with the relevant rules and regulations. This means, for instance, that we ask consent in advance if legally required. This is the case, for instance, for profiling involving special categories of personal data.
Personal data protection legislation does not stand still. We may therefore make amendments to this personal data protection policy in order to keep pace with new developments, for instance if our business activities change or if there are changes in statute or case law. For this reason, we advise you to regularly check this privacy statement when you visit one of our websites. We will also actively inform you of any changes to this personal data protection policy by means of a pop-up banner, email or news message on our websites.
f you have any questions about this personal data protection policy, please contact the Data Protection Officer of ASR Nederland N.V. Send an email to: privacy@asr.nl or address a letter to:
a.s.r.
Attn.: The Data Protection Officer
Integrity Department
Postbus 2072
3500 HB Utrecht
The Netherlands
If you have any complaints questions about privacy, please fill in the complaints form on our website.
You can also always submit a complaint to the Dutch Data Protection Authority
(https://autoriteitpersoonsgegevens.nl or call them on 0900-2001201 – in the Netherlands only).
Personal data protection policy published on the website of www.asrrealestate.nl and last updated 5 June 2020.