Privacy statement
This is the Privacy Statement of De Hypothekers Associatie B.V. In it we explain, among other things, why we collect and use personal data, what data these are and what rights you have when we process your personal data. We find it important that you are well informed about this and recommend that you read this statement carefully.
Who we are
De Hypotheker is a franchise organisation consisting of De Hypothekers Associatie (DHA), the franchisor, and franchisees affiliated to De Hypotheker Formula. De Hypotheker is engaged in (arranging to) assist customers in the process of buying a home, advising customers on (mortgage) credit and insurance and mediating in the conclusion of (mortgage) credit and insurance agreements. For these activities, we process personal data. We would like to inform you clearly and transparently about this. In this privacy statement, we answer the most important questions on the processing of personal data.
De Hypothekers Associatie B.V. has its registered office in Rotterdam and is listed in the trade register under number 24187850. DHA operates as franchisor of De Hypotheker Formula. DHA/De Hypotheker processes personal data of persons with whom it has a (potential) customer relationship.
DHA/De Hypotheker aims with this 'Privacy Statement De Hypotheker' to clarify how it handles personal data. DHA is the controller of the processing of personal data of (potential) customers of De Hypotheker. You are considered a (potential) customer of DHA.
Our privacy policy
Both DHA and each franchise branch affiliated to De Hypotheker, attach great importance to protecting the privacy of (potential) customers. We will handle your personal data in a proper and careful manner. Personal data are processed in accordance with the General Data Protection Regulation (AVG). Furthermore, our privacy policy is partly based on the Code of Conduct on Processing Personal Data by Financial Institutions.
The main basic concepts about processing personal data:
What are personal data?
Personal data are data that directly or indirectly say something about you. Think for example of your name, address details and phone number. But it also includes your citizen service number (BSN), your IBAN number and the IP address of your computer.
What is processing of personal data?
This is anything that can be done with personal data. For example, collecting, but also storing, changing, using, passing on and deleting your data from our records.
Who is responsible for your personal data?
DHA is responsible for processing your personal data.
The main questions regarding the processing of personal data:
1. How do we collect personal data?
We collect your personal data in the following ways:
i. You share your personal data with us when you become a customer, register for our online services, fill in a form online, sign a service agreement (OTD), use our products and services, contact us through one of our communication channels or visit our website.
ii. We may also have obtained personal data from other available sources such as accounts receivable registers, other financial institutions, external marketing agencies or trade information agencies.
2. What personal data do we process?
We may process the following types of personal data:
i. Ordinary personal data:
a. Your contact details (such as: name, address, place of residence, e-mail address, telephone number)
b. Other data of interest (such as: profession or company, marital status and family composition, contract details)
c. Contact moments (such as: letters and emails we send and receive from you and what you do and view on our websites, our contact via social media, such as Facebook and Twitter)
ii. Sensitive personal data
a. Identification data (such as: Citizen Service Number (BSN), passport number, ID number, date of birth, gender, copy of identity documents)
b. Financial data (such as data on loans, property, income, financial obligations and your IBAN number)
iii. Special personal data. These include data on health or criminal records, for example. To properly fulfil our role as insurance intermediary, we sometimes process special personal data. For example, if you want to take out life insurance. We only process special personal data if this is strictly necessary for our services and only if you have given your explicit consent, or if laws and regulations stipulate that we must or may do so.
3. What valid reason (basis) for processing do we have?
We may only use personal data for a reason specified in privacy legislation. Such a reason is called a basis. DHA relies on the following legal bases for processing:
i. We need data from you for the conclusion and execution of the loan agreement.
ii. For the promotion of a legitimate interest of DHA or a third party, except when your interests outweigh ours. For example, for: the protection of your and our property and data and that of others, the
protection of our own financial position and protecting the interest of other customers, marketing, carrying out efficient administration such as centralising or replacing systems, using service providers, security of systems and networks, conducting statistical and scientific research. Someone else may also have a legitimate interest for which we need to use your data.
iii. To comply with a legal duty. Laws that require us to keep your data such as the Civil Code, Financial Supervision Act (WFT) or specific provisions of the Money Laundering and Terrorist Financing Act (Wwft).
iv. With your consent, where you have given it and can withdraw it at any time
4. For what purposes do we use personal data?
We only collect personal data that are necessary for the following purposes:
i. to enter into and perform an agreement, i.e. to provide you with products and services. For example, without your details we cannot advise you on taking out a mortgage.
ii. for promotional marketing purposes, e.g. to inform you about a new product that may be of interest to you.
iii. to assess your and our risks.
iv. for customer satisfaction surveys to develop and improve our products and services, but also to investigate possible trends, problems, causes of errors and risks. For example, to check whether new rules are properly complied with. In this way, we can prevent complaints and damage.
v. to meet our legal obligations and to be able to cooperate with regulators.
vi. to ensure that the financial sector remains safe and reliable and to protect your and our interests, for example when combating and investigating fraud, for which we consult incident registers and warning systems of the financial sector, newspapers and the internet, among others. For example, by reporting unusual transactions or by recognising, stopping and, if necessary, verifying possible fraudulent transactions with you. We always check first whether this is permitted.
5. What if we do not receive any data from you?
Do we need your data to advise you on a mortgage? And you do not want to provide them, even though the law says you must or because we simply need them to be able to execute the agreement? Then, unfortunately, we cannot enter into a service agreement with you or we will have to terminate a current agreement. In the (online) forms you sometimes have to fill in, you will see which data are required. Do you want us to remove your data from our systems? Unfortunately, this is not possible for the compulsory data. We need those. For example, for the execution of the agreement you have with us, or because we are obliged to keep them by law, or because of a legitimate interest of DHA.
6. With whom do we share your data?
We may share your data within the group of companies to which DHA belongs for internal administrative purposes or to improve services, or because the law says we must. This allows us to get a more complete picture of your financial situation. For example, it may be important to know that you already have a loan with a company within the group when you apply for a loan with us. Companies within the group may also approach you with offers.
Your personal data may also be shared with other parties outside DHA if we are legally obliged to do so, for example to the tax authorities, or because we have to execute an agreement with you, for example with lenders, with insurance companies or with notaries.
We also engage third parties to perform our services, such as marketing communication agencies, IT companies and data centres. If these third parties have access to your data when performing the relevant services, we have taken the necessary contractual and organisational measures to ensure that your data is processed solely for the above purposes.
In principle, DHA/De Hypotheker does not share personal data with organisations outside the European Economic Area (EEA). When this is nevertheless necessary, we ensure that appropriate safeguards are in place that meet the requirements of the AVG, giving the data the same protection as within the EEA.
We do not share your data with third parties for marketing or sales activities.
7. How do we protect personal data?
Our website, portal and IT systems are well secured and we also do our utmost to protect your personal data as best we can by taking so-called appropriate technical and organisational measures. Our employees and those of our suppliers have also been instructed to handle your data carefully and to keep them confidential. In this way, we try to prevent unauthorised persons gaining access to your personal data.
To achieve this protection, we have an appropriate security policy, which is periodically reviewed and adjusted as necessary.
8. How long do we keep personal data?
We keep your data as long as we need it for the purposes for which we process it, as long as we are required to keep it by law and as long as we are allowed to keep it for claims (until any claim is time-barred) against which we need to be able to defend ourselves. The retention period may vary depending on the purpose. In the case of a job application, we keep your data for up to 4 weeks after the completion of your application. If you give us permission to add your data to our talent pool, the retention period is 6 months. To include you in the talent pool, we will ask your permission separately.
9. What do we do with your data after the retention period?
At the end of the retention period, your personal data are deleted or anonymised. Anonymisation means that personal data are stripped of all possible identifying characteristics, so that no one can see that they are about you.
10. What rights do you have?
DHA/De Hypotheker uses your personal data to provide you with a service. We handle this very carefully. Naturally, you remain the owner of this information. We therefore draw your attention to your rights:
i. Inspection: you have the right to inspect your personal data and can, in general, inspect the personal data we process within one month after your request to us.
ii. Correction: you can ask us to correct inaccuracies in your personal data.
iii. Removal: you can ask us to remove personal data under certain circumstances. In this case, we will take reasonable steps to inform other processors who process personal data on our behalf that you have requested deletion of links to and copies of your personal data.
iv. Object to processing: if you object to certain processing of your personal data, for example emails containing offers.
v. Restrict processing: you can request us to restrict the processing of personal data under certain circumstances, for example if the accuracy of personal data is disputed by you.
vi. Portability: you can ask us to obtain the personal data you have provided to us, which we store automatically, in a structured, common and machine-readable form from us, e.g. in order to subsequently send it to a third party. This is called 'data portability'
vii. Withdrawal of consent: where you have given consent to use your personal data, you can withdraw this consent, which means that we will no longer process the personal data for which the consent applied.
viii. Submit a complaint: you can submit a complaint about our processing of your personal data to the Personal Data Authority.
When exercising these rights, exceptions may apply, which means that you cannot exercise certain rights in all cases.
11. How can you exercise your rights? Question or complaint?
To exercise these rights, you can submit a request via this form. Once you have completed the form, you can save it as a PDF and send it as an attachment to [email protected]. You can also exercise the right of inspection and the right of transferability via your account on the customer portal. We will respond within four weeks of receiving your request.
If you also have questions or complaints about the way we handle your personal data, you can contact our Privacy office at [email protected] or by post:
De Hypothekers Associatie BV attn. Privacy Office
Postal number 5335
3000 VB Rotterdam
If we receive a complaint notification, we register it. In addition to your personal data, we also register and process those of parties involved in the cause and in resolving the complaint.
Should we fail to resolve the matter together, you can submit a complaint to the Data Protection Officer of the Blauwtrust Group at [email protected]. In addition, you always have the right to file a complaint with the Dutch Personal Data Authority.
12. Use of Hypotheker.nl and mijn.hypotheker.nl
If you visit our website hypotheker.nl, general visitor data (such as click behaviour, time of visit, frequency of visit, etc.) are collected and stored by us to improve the user-friendliness of our website. This data may also be used to place more targeted information and offers on the website for you.
If you create an account on my.hypotheker.nl, you can, among other things, manage personal data yourself and register for specific services. This allows us to provide more targeted information and offers based on your profile and the interests you have shown on our website.
Do you not want this targeted information and offers for a while? Then turn them off via 'My Details' within My Hypotheker. You can turn them back on just as easily. This way, you can decide when information relevant to you is shown.
13. Cookie policy
When you visit our website we may automatically store some information on your computer in the form of a cookie to automatically recognise you on your next visit. A cookie is a small file stored on your computer. This file cannot be used to identify you personally. You can refuse the storage of cookies by adjusting your browser settings. Some features of this website cannot be used if cookies are refused. To adjust the settings, please consult your browser manual.
To collect visitor data, we use, among other things, Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses cookies to help De Hypotheker analyse how users use the site. The information generated by the cookie about your use of the website (including IP address) is transferred to and stored by Google on servers in the United States. Google uses this information to track how you use the website, compiling reports on website activity for De Hypotheker and providing other services relating to website activity and internet usage. Google may provide this information to third parties if Google is legally required to do so, or to the extent that these third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more detailed information see our page on cookies.
14. Amendment of this Privacy Statement
We may amend this Privacy Statement. A new version will always be published on our website.
Version 20210301 DHA
Still have questions? Please contact our Privacy Department at [email protected].