Pensioenfonds Horeca & Catering provides pensions for participants and employers in the hospitality and catering sector. In this work we collect various types of data.
We collect this information so that we can comply with our legal obligations and improve our services. We handle your data with care. We ensure that we do not collect more data than necessary and that unauthorised people have no access to data. We are open and clear about what we do and make it easy for you to view and change your data.
In this privacy statement we explain:
Personal data is information that says something about you or that can be related to you, such as your name and initials, date or place of birth, telephone number but also your Citizen Service Number (BSN). It is data relating to you.
We collect and process data of (former) participants, (former) partners, orphans, pensioners and employers, other entitled parties and visitors to the pension fund.
Administration of pension schemes
In order to comply with our legal obligations as a pension fund, we process your personal data. We obtain this personal data mainly from public sources such as the Tax and Customs Administration and the Employee Insurance Agency (Uitvoeringsinstituut Werknemersverzekeringen, hereinafter referred to as 'UWV').
We need this information, for example, to determine how much pension you can accrue and to be able to pay the pension benefit, but also to ensure that you receive the correct information in good time. In a few cases we process personal data because we have a legitimate interest. Think, for example, of carrying out a customer satisfaction survey or camera surveillance. We always consider whether this conflicts with your privacy interests.
Data when you visit us
We record your details when you come to our office, so we know who is at our office and to be able to inform you in good time if an emergency occurs. We record the data on our visitor registration form. In order to guarantee your safety, we have a legitimate interest in recording this data.
We often receive this personal data directly from you, your employer or from the person who has registered you as a visitor with us. This data is destroyed after four weeks.
Data as part of our services
We strive to communicate as efficiently and effectively as possible. That is why we adapt our communication to your personal situation and strive as much as possible for digital communication via the digital portals. Through the participant portal mijnphenc.nl and the employer portal GRIP, we provide information to our (former) participants, (former) partners, orphans, pensioners and affiliated employers. We do this to comply with our duty of care and disclosure , but also to make services to (former) participants, (former) partners, orphans, pensioners and affiliated employers cost-efficient and personal. To make this possible, we collect data on the number of website visitors and the length of a visit.
To be able to administer the pension schemes
In order to carry out our work, we process various types of personal data, including:
For the administration of the pension schemes
For the administration of pension schemes, we also receive personal data from other organisations. If applicable, we receive personal data from:
We only use personal data that we need for the agreed purposes. This may mean that in some cases you are required to provide us with your data. In all other cases where this obligation does not exist, you are free to give or not give us your data.
If you are obliged to provide us with your personal data but do not wish to do so, this may have consequences for you. The consequences depend on the reason for which we need the data, the nature of the obligation and the effect that failure to provide the data will have on our services and other work.
A consequence may be that we:
If you are not obliged to provide us with your personal data, failure to do so will have no consequences for you.
We purchase services from suppliers for, among other things, the development and management of ICT systems. Since the data of (former) participants, (former) partners, orphans, pensioners and affiliated employers is in these systems, these service providers may have access to your personal data under our supervision and responsibility.
For the dispatch of postal items, the services of suppliers are used. When creating, printing and sending postal items, a supplier may therefore have access to your personal data.
Moreover, we have outsourced to a collection partner a part of the collection process of pension contributions that are difficult to collect from employers. In order to carry out the work, this collection partner needs insight into the specification of the premium claim against the employer and, as a consequence, possibly also access to personal data.In addition to the above service providers, we may occasionally provide data to other service providers. All these services are dedicated to the performance and improvement of our task as a pension administrator. We have no commercial objective in this respect. In this way, we ensure that your personal data is secure and that it is not lost, for example. We remain responsible for these processing operations.
We have made firm agreements with all service providers who have access to your personal data on how this data should be handled. These service providers are only permitted to process your personal data for the agreed purposes and only in accordance with the law and our explicit instructions.
Government & regulators
As a pension administrator, we pass on the legally required information to the correct government agency. Furthermore, in the context of monitoring the quality of our performance, regulators may request access to personal data.
No additional arrangements are made with these authorities with regard to access to your personal data because we are legally obliged to provide it. In addition, these authorities may only use the data for a reason stated in the law.
In this context, we also share your data with the following recipients:
Your data remains within the European economic area
The protection of personal data is not regulated in the same way in all countries. A transfer of personal data from the Netherlands to other countries is therefore only allowed if the law permits it and a country offers sufficient protection. Data transfers to a country within the European Economic Area (EU countries, Liechtenstein, Norway and Iceland) are subject to different rules than those applicable to transfers to a country outside the European Economic Area because data protection rules are the same within the European Economic Area. For this reason, it is our policy to transfer data solely within the European Economic Area.
We attach great importance to the protection of your data and take measures to secure and protect your data. We comply with ISO standards to ensure, for example, that this data is not lost. We take technical and organisational measures to protect your personal data that we process against theft, loss, disclosure or other unlawful use. The personal data is stored in a secure environment that is not accessible to others. At mijnphenc.nl you will find an overview of your pension with us and in the employer portal you will find information about your pension. Only you can log in as a participant at mijnphenc.nl with your DigiD user name and password and any extra text code or via the DigiD app. And as an employer into the employer portal with a personal employer account.
Only our authorised employees are allowed to view your data. And these employees only have access to your data to the extent necessary to perform their duties. Moreover, your personal data is not passed on to third parties, unless you have given us demonstrable permission to do so and/or a law obliges us to do so.
If we process your personal data on the basis of consent, you can withdraw your consent at any time. From that moment on, we will no longer process your personal data, unless there is (also) another basis for processing your data.
We set great store by the integrity of our employees. We have taken measures to safeguard the integrity of our employees and to ensure that all our employees are aware of the information they are working with and the way in which they should handle this information. In addition, we continuously work to maintain the awareness of our employees.
The government monitors the proper implementation of privacy legislation. To this end, it has instructed the Dutch Data Protection Authority (AP) to monitor compliance actively. Among other things, the Nederlandsche Bank monitors and checks our compliance with the information security regulations.
Because it is your personal data, you can always ask us what data we collect and process about you. You have the right to view this personal data and, if necessary, to correct or restore it or to have it corrected or restored. For personal data that we do not need for our statutory task as a pension fund, you can ask us to delete it.
Do you need insight into what data we process about you? This can be viewed in your personal environment in the participant portal. If you do not have access to the portal, you can request it through www.mijnphenc.nl. You can also file a request for inspection or an objection directly with us – by email via email@example.com or by post to Postbus 7308, 2701 AH Zoetermeer FAO Security & Privacy management.
Before we process your request, we may ask you to provide information that we need to establish your identity. If we reject your request, we will explain our reasons. Moreover, you can object to our processing of your data.
We will process your request for inspection in accordance with our inspection procedure and respond to your request within four weeks. You may lodge an objection by email or by post. You will receive a response from us within four weeks of receipt of the objection. If we need more time, we will also let you know within four weeks.
If you work in the hospitality or catering industry, your participation in our pension scheme via your employer is mandatory. The transfer of your data is then not possible.
If you were formerly employed in the hospitality or catering industry but are now working elsewhere, you can transfer part of your data, your accrued pension, to another pension administrator. This is called transfer of accrued benefits. You can submit a request via your personal environment in the participant portal.
If you have any questions about this privacy statement or would like to know more about how we handle personal data, please contact us at firstname.lastname@example.org or on (079) 363 14 00 or by post to Postbus 7308, 2701 AH Zoetermeer, FAO Security & Privacy management.
If you have a complaint, please visit www.phenc.nl for our complaints procedure. There you will find more information on how to lodge a complaint, with whom and the procedure.
Do you need insight into what data we process about you? You can file a request for inspection or an objection with us.
If we reject your request, we will explain our reasons. Moreover, you can object to our processing of your data.
We will process your request for inspection in accordance with our inspection procedure and respond within four weeks of receipt of your request. You may lodge an objection by email or by post. If we need more time, we will also let you know within four weeks.
You also always have the right to file a complaint with the Dutch Data Protection Authority about our processing of your personal data. You can find more information about this on the website of the Dutch Data Protection Authority.
We may change this privacy statement. This privacy statement was last updated in November 2020. The Dutch version of this text takes precedence.