Privacy Statement for participants and employers

Who are we?

Pensioenfonds Horeca & Catering provides pensions for participants and employers in the hospitality and catering sector. In this work we collect various types of data.

We collect this information so that we can comply with our legal obligations and improve our services. We handle your data with care. We ensure that we do not collect more data than necessary and that unauthorised people have no access to data. We are open and clear about what we do and make it easy for you to view and change your data.

In this privacy statement we explain:

  • what personal data is;
  • who we collect personal data from;
  • why we collect personal data;
  • what personal data we collect and use;
  • how we handle that data.
     

What is personal data?

Personal data is information that says something about you or that can be related to you, such as your name and initials, date or place of birth, telephone number but also your Citizen Service Number (BSN). It is data relating to you.
 

Who do we collect personal data from?

We collect and process data of (former) participants, (former) partners, orphans, pensioners and employers, other entitled parties and visitors to the pension fund.
 

Why we collect personal data

Administration of pension schemes
In order to comply with our legal obligations as a pension fund, we process your personal data. We obtain this personal data mainly from public sources such as the Tax and Customs Administration and the Employee Insurance Agency (Uitvoeringsinstituut Werknemersverzekeringen, hereinafter referred to as 'UWV').

We need this information, for example, to determine how much pension you can accrue and to be able to pay the pension benefit, but also to ensure that you receive the correct information in good time. In a few cases we process personal data because we have a legitimate interest. Think, for example, of carrying out a customer satisfaction survey or camera surveillance. We always consider whether this conflicts with your privacy interests.
 

Data when you visit us
We record your details when you come to our office, so we know who is at our office and to be able to inform you in good time if an emergency occurs. We record the data on our visitor registration form. In order to guarantee your safety, we have a legitimate interest in recording this data.

We often receive this personal data directly from you, your employer or from the person who has registered you as a visitor with us. This data is destroyed after four weeks.
 

Data as part of our services
We strive to communicate as efficiently and effectively as possible. That is why we adapt our communication to your personal situation and strive as much as possible for digital communication via the digital portals. Through the participant portal mijnphenc.nl and the employer portal GRIP, we provide information to our (former) participants, (former) partners, orphans, pensioners and affiliated employers. We do this to comply with our duty of care and disclosure , but also to make services to (former) participants, (former) partners, orphans, pensioners and affiliated employers cost-efficient and personal. To make this possible, we collect data on the number of website visitors and the length of a visit.

 

What personal data do we collect and use?

To be able to administer the pension schemes
In order to carry out our work, we process various types of personal data, including:

  • Name and initials
  • Date of birth
  • Citizen Service Number (BSN)
  • Bank account number
  • home address, town and country
  • Postal address
  • Gender
  • IBAN
  • Any (ex) partner
  • Date of marriage/end of marriage or date of commencement/end of cohabitation
  • Employment data, salary data, FTE
  • Telephone number and email address
  • Fitness for work data (if applicable)
  • Copies of identity documents
  • Access or identification data
  • Recording of telephone calls from customer contact moments (if applicable)
  • Camera images of the public areas (if applicable)
  • Signature and initials
     


From which organisations do we receive personal data?

For the administration of the pension schemes
For the administration of pension schemes, we also receive personal data from other organisations. If applicable, we receive personal data from:

  • UWV
  • Tax and Customs Administration
  • Personal Records Database/Non-Residents Register
  • (former) Employer of the (former) participant
  • Participant themselves
  • Other pension administrators
  • Chamber of Commerce

 

Are you obliged to provide your data?

We only use personal data that we need for the agreed purposes. This may mean that in some cases you are required to provide us with your data. In all other cases where this obligation does not exist, you are free to give or not give us your data.

If you are obliged to provide us with your personal data but do not wish to do so, this may have consequences for you. The consequences depend on the reason for which we need the data, the nature of the obligation and the effect that failure to provide the data will have on our services and other work.

A consequence may be that we:

  • are unable to (fully) comply with our legal obligations. This may mean that no benefit or payment can be paid to you;
  • are unable to comply with your request to process your personal data or to pass it on to others;
  • cannot give you access to our office;
  • are unable to meet our (legal) obligations, as a result of which we or you may face (damage) claims.

If you are not obliged to provide us with your personal data, failure to do so will have no consequences for you.
 

Who do we share our data with?

Service providers
We purchase services from suppliers for, among other things, the development and management of ICT systems. Since the data of (former) participants, (former) partners, orphans, pensioners and affiliated employers is in these systems, these service providers may have access to your personal data under our supervision and responsibility.

For the dispatch of postal items, the services of suppliers are used. When creating, printing and sending postal items, a supplier may therefore have access to your personal data.

Moreover, we have outsourced to a collection partner a part of the collection process of pension contributions that are difficult to collect from employers. In order to carry out the work, this collection partner needs insight into the specification of the premium claim against the employer and, as a consequence, possibly also access to personal data.In addition to the above service providers, we may occasionally provide data to other service providers. All these services are dedicated to the performance and improvement of our task as a pension administrator. We have no commercial objective in this respect. In this way, we ensure that your personal data is secure and that it is not lost, for example. We remain responsible for these processing operations.

We have made firm agreements with all service providers who have access to your personal data on how this data should be handled. These service providers are only permitted to process your personal data for the agreed purposes and only in accordance with the law and our explicit instructions. 
 

Government & regulators
As a pension administrator, we pass on the legally required information to the correct government agency. Furthermore, in the context of monitoring the quality of our performance, regulators may request access to personal data.

No additional arrangements are made with these authorities with regard to access to your personal data because we are legally obliged to provide it. In addition, these authorities may only use the data for a reason stated in the law.

In this context, we also share your data with the following recipients:

  • UWV;
  • National Pensions Register (NPR);
  • Education Executive Agency (DUO);
  • Tax and Customs Administration;
  • Social Insurance Bank (SVB);
  • Statistics Netherlands (CBS);
  • Fund regulators;
  • Certifying accountant and certifying actuary;
  • Police and Justice (in exceptional situations and only if permitted by law).
     


How do we handle your data?

Your data remains within the European economic area
The protection of personal data is not regulated in the same way in all countries. A transfer of personal data from the Netherlands to other countries is therefore only allowed if the law permits it and a country offers sufficient protection. Data transfers to a country within the European Economic Area (EU countries, Liechtenstein, Norway and Iceland) are subject to different rules than those applicable to transfers to a country outside the European Economic Area because data protection rules are the same within the European Economic Area. For this reason, it is our policy to transfer data solely within the European Economic Area.
 

How long do we keep your data?

Your personal data is not kept any longer than necessary for the purpose for which we process it, subject to the statutory retention period. How long we keep your information is laid down in our privacy policy. Sometimes we need to keep data longer. For example, because the law obliges us to do so. One example is that sometimes people who are entitled to benefits do not report to us for benefit until after decades. For this reason, we retain some information for a longer period of time to determine the benefit. If we no longer need your data for that purpose, it will be deleted.
 

How do we secure your data?

We attach great importance to the protection of your data and take measures to secure and protect your data. We comply with ISO standards to ensure, for example, that this data is not lost. We take technical and organisational measures to protect your personal data that we process against theft, loss, disclosure or other unlawful use. The personal data is stored in a secure environment that is not accessible to others. At mijnphenc.nl you will find an overview of your pension with us and in the employer portal you will find information about your pension. Only you can log in as a participant at mijnphenc.nl with your DigiD user name and password and any extra text code or via the DigiD app. And as an employer into the employer portal with a personal employer account.

Only our authorised employees are allowed to view your data. And these employees only have access to your data to the extent necessary to perform their duties. Moreover, your personal data is not passed on to third parties, unless you have given us demonstrable permission to do so and/or a law obliges us to do so.

If we process your personal data on the basis of consent, you can withdraw your consent at any time. From that moment on, we will no longer process your personal data, unless there is (also) another basis for processing your data.
 

Integrity comes first

We set great store by the integrity of our employees. We have taken measures to safeguard the integrity of our employees and to ensure that all our employees are aware of the information they are working with and the way in which they should handle this information. In addition, we continuously work to maintain the awareness of our employees.
 

Monitoring by the government

The government monitors the proper implementation of privacy legislation. To this end, it has instructed the Dutch Data Protection Authority (AP) to monitor compliance actively. Among other things, the Nederlandsche Bank monitors and checks our compliance with the information security regulations.
 

What are your rights?

Because it is your personal data, you can always ask us what data we collect and process about you. You have the right to view this personal data and, if necessary, to correct or restore it or to have it corrected or restored. For personal data that we do not need for our statutory task as a pension fund, you can ask us to delete it.

Do you need insight into what data we process about you? This can be viewed in your personal environment in the participant portal. If you do not have access to the portal, you can request it through www.mijnphenc.nl. You can also file a request for inspection or an objection directly with us – by email via privacyvragen@phenc.nl or by post to Postbus 7308, 2701 AH Zoetermeer FAO Security & Privacy management.

Before we process your request, we may ask you to provide information that we need to establish your identity. If we reject your request, we will explain our reasons. Moreover, you can object to our processing of your data.

We will process your request for inspection in accordance with our inspection procedure and respond to your request within four weeks. You may lodge an objection by email or by post. You will receive a response from us within four weeks of receipt of the objection. If we need more time, we will also let you know within four weeks.
 

Transferring data to you or another

Pension administrator
If you work in the hospitality or catering industry, your participation in our pension scheme via your employer is mandatory. The transfer of your data is then not possible.

If you were formerly employed in the hospitality or catering industry but are now working elsewhere, you can transfer part of your data, your accrued pension, to another pension administrator. This is called transfer of accrued benefits. You can submit a request via your personal environment in the participant portal.
 

Cookies

Pensioenfonds Horeca & Catering uses cookies on the website www.phenc.nl and the participant portal mijnphenc.nl and employer portal grip.phenc.nl. Cookies are small text files that are sent to your browser and stored on your computer, mobile phone or tablet. Cookies facilitate and speed up the use of the site by the visitor. We only use functional and analytical cookies. Functional cookies are technically necessary for the website to function optimally. You do not have to give permission for these cookies. Analytical cookies enable us to keep track of information about visits to the website. This allows us to improve the ease of use of the website. You do not have to give permission for these cookies. If you visit our website, we do not collect any personal data from you with cookies.

Our cookie policy tells you how we use cookies when you visit this website and how you can disable cookies yourself.
 

Do you have a question, tip or complaint about privacy?

If you have any questions about this privacy statement or would like to know more about how we handle personal data, please contact us at privacyvragen@phenc.nl or on (079) 363 14 00 or by post to Postbus 7308, 2701 AH Zoetermeer, FAO Security & Privacy management.

If you have a complaint, please visit www.phenc.nl for our complaints procedure. There you will find more information on how to lodge a complaint, with whom and the procedure.

Do you need insight into what data we process about you? You can file a request for inspection or an objection with us.

If we reject your request, we will explain our reasons. Moreover, you can object to our processing of your data.

We will process your request for inspection in accordance with our inspection procedure and respond within four weeks of receipt of your request. You may lodge an objection by email or by post. If we need more time, we will also let you know within four weeks.

You also always have the right to file a complaint with the Dutch Data Protection Authority about our processing of your personal data. You can find more information about this on the website of the Dutch Data Protection Authority.

We may change this privacy statement. This privacy statement was last updated in November 2020. The Dutch version of this text takes precedence.