When mediating and concluding financial products or services, we ask Snaploan Online a lot of confidential information from customers. Customers of Snaploan Online must be able to assume that we will handle the information that a customer provides us with due care and that this information will not be shared with others without the explicit consent of the customer.
In this sense, careful handling of the recording and exchange of personal data is a condition for careful financial services. Confidentiality is an important aspect for our company and the attitude of the professionals working in it.
For the effective performance of our activities, it is necessary that we exchange personal data with providers and, for example, banks and insurance companies, because this affects the core of our tasks as a financial service provider. In addition, it is possible that we provide information on the basis of legal obligations to, for example, the Dutch Tax Authorities or the Netherlands Authority for the Financial Markets.
We have mapped the personal records kept by us and processed them in our internal processing register, which you can find on our website. Potential and existing customers and other stakeholders can receive these on request. Here they will find information about the data that we process and about the parties with whom we can exchange this data.
In these regulations the following terms have the following meanings:
- the law: the General Data Protection Regulation (GDPR) and the GDPR Implementation Act;
- personal data: any information about an identified or identifiable natural person;
- processing of personal data: any action or set of actions relating to personal data, including in any case the collection, recording, organization, storage, update, modification, retrieval, consultation, use, provision by means of transmission, distribution or any other form of making available, bringing together, linking together, as well as shielding, erasing or destroying data;
- file: any structured set of personal data, regardless of whether this set of data is centralized or distributed in a functionally or geographically determined manner, which is accessible according to certain criteria and relates to different persons;
- controller: the natural person, legal person or any other person or administrative body that, alone or together with others, determines the purposes and means of processing personal data;
- processor: the person who processes personal data on behalf of the controller, without being subject to his direct authority;
- data subject: the person to whom personal data relates;
- third party: any person, other than the data subject, the controller, the processor, or any person who is authorized to process personal data under the direct authority of the controller or processor;
- recipient: the person to whom the personal data are provided;
- consent of the data subject: any free, specific and informed expression of will by which the data subject accepts that personal data relating to him will be processed;
- supervisor: Dutch Data Protection Authority;
- provision of personal data: the disclosure or making available of personal data;
- collection of personal data: obtaining personal data.
9. Data processing
If the personal data are obtained from the data subject himself, the controller shall inform the data subject before the moment of collection:
- his identity;
- the purpose of the processing for which the data are intended, unless the data subject already knows that purpose.
Data obtained without the involvement of the person concerned
- The controller shall provide the data subject with further information to the extent that - given the nature of the data, the circumstances under which they were obtained or the use to which it is made - it is necessary to guarantee proper and careful processing towards the data subject.
- In addition to the information received from the data subject, the controller may, for the purposes described, obtain information from external sources that the controller considers reliable. Think of the Roy data for the registration of your bonus / malus statement, the RDW for your vehicle data and the CIS foundation for the prevention and combating of fraud in the insurance sector.
- The responsible party shall ensure that with any processing of personal data, only those personal data are processed that are accurate, adequate, relevant and not excessive.
16. Complaints procedure
If the person concerned is of the opinion that the provisions of these regulations are not being complied with, he can contact:
- the responsible;
- if the person concerned is not satisfied with the outcome of the complaint, he can turn to the Financial Services Complaints Institute in The Hague;
- with the request to mediate and advise the Dutch Data Protection Authority in the dispute between the data subject and the controller;
- the court.
In cases not provided for in these regulations, the responsible party decides, with due observance of the provisions of the law and the purpose and purport of these regulations.