We protect your details

We protect the personal data we have on file for you, not only because we believe this is important, but also because we are obliged to do so under the General Data Protection Regulation (GDPR). 

Here, you can read what kind of personal data we process. We also explain what we use your details for, who has access to your details, and who we share your details with.

Watch the video

Watch the video entitled ‘How the SVB uses your personal data’. (This video is only in Dutch.)

Wat doet de SVB met uw persoonsgegevens? 
Sinds 1901 is uitvoerder van wetten en regelingen in de sociale zekerheid. Zoals de AOW, kinderbijslag en PGB. 
Om dit goed te doen gebruiken we gegevens van u. Wij begrijpen dat u wilt weten welke gegevens wij van u gebruiken. 
We vinden het belangrijk om deze gegevens goed te beschermen. 
Dat is ook verplicht volgens de Algemene Verordening Gegevensbescherming: de AVG.
 
Wij gebruiken uw naam, adres, mailadres en telefoonnummer, maar ook andere gegevens zoals uw Burgerservicenummer en uw rekeningnummer.
Dit is nodig om te kunnen bepalen waar u rechtop heeft en om te zorgen dat we geld naar het juiste rekeningnummer overmaken.
 
In sommige gevallen hebben we nog meer gegevens nodig.
Bijvoorbeeld gegevens over uw werkgever wanneer u gedetacheerd wordt naar het buitenland en in Nederland verzekerd wilt blijven voor de AOW.
 
Welke gegevens wij precies nodig hebben hangt af van de regeling of uitkering waar u recht op heeft.
 
Ook gebruiken wij uw gegevens als u een klacht heeft over de SVB of wanneer u bezwaar of beroep aantekent tegen een beslissing die wij hebben genomen.
 
We kunnen dan snel zien waar uw klacht over gaat.
 
Daarnaast worden uw persoonsgegevens 
soms gebruikt voor onze interne rapportages en verantwoording.
 
Zoals financiële- en interne controles.
 
Maar ook voor historische, statistische en wetenschappelijke doeleinden of het uitvoeren van data-analyses om onze dienstverlening te verbeteren.
 
Soms brengen we gegevens met elkaar in verband of geven we ze door aan andere instanties.
 
Dat doen we alleen als dat nodig is.
 
Bijvoorbeeld als het wettelijk verplicht is.
 
Zo geven wij gegevens over uw AOW of uitkering door aan de Belastingdienst.
 
Maar ook als het nodig is voor het uitvoeren van onze taak of de taak van een andere instantie.
 
Bijvoorbeeld om te zorgen dat u uw AOW ontvangt als u in het buitenland woont.
 
U kunt erop vertrouwen dat wij bij de SVB altijd
op een veilige manier met uw gegevens omgaan!

Select a subject and read the information

We process data. This means that we collect, store, consult and use data in order to do our work properly. We also establish connections between data and pass data on to other organisations.

  • If we are legally obliged to do so. For example, we pass on data about your AOW pension or your benefit to the Tax and Customs Administration (Belastingdienst)
  • If it is necessary for the performance of our duties or the duties of another organisation. For example, if that other organisation needs to know whether you are receiving an AOW pension
  • In all other cases, we have to obtain your permission first

The data we use depends on the scheme or benefit concerned. Outside the European Union (EU), we only exchange personal data with a few partner organisations and embassies. For example, if we need to obtain information about your pension insurance record outside the Netherlands or ask for assistance in income and assets investigations in another country. 

For more detailed information, go to our ‘Register’, which shows what type of personal data is stored, why it is stored, and for how long.

Personal data is information that directly relates to or can be traced back to an individual. For example, a name, identification number or location.

We implement various schemes, including those for old-age pension (AOW), child benefit and personal care budgets (PGB). In order to do our work as best as we can, we use data such as:

  • name and address
  • email address, telephone number, etc.
  • personal data, such as burgerservicenummer (BSN), marital status, date of birth, place and country of birth, nationality and bank account number
  • employers’ data, such as payroll tax number and registration number with the Chamber of Commerce 
  • criminal justice data, such as data on imprisonment, detention or placement in a closed treatment facility 
  • medical data, for example, to process claims under the Asbestos Victims Compensation Scheme or the schemes and regulations for former members of the resistance and victims of war

The data we use depends on the scheme or benefit concerned. For more detailed information, go to our ‘Personal Data Register’, which shows what type of personal data is stored, why it is stored, and for how long.

We use your personal data for: 

  • implementing the schemes we are responsible for
  • processing complaints or requests for review or appeal relating to the schemes we implement

We also use your personal data for: 

  • financial and internal checks, accountability and audits
  • data analysis aimed at improving our services

The data can be used for: 

  • management reports and surveys 
  • historical, statistical and scientific purposes

The data we use depends on the scheme or benefit concerned. For more detailed information, go to our ‘Personal Data Register’, which shows what type of personal data is stored, why it is stored, and for how long.

Automated decisions 

Personal data is sometimes used to take automated decisions. For example, if a family has a second child, child benefit will be paid automatically for that child.

All SVB decisions are open to review, whether they have been issued automatically or by a case officer. How to request a review is explained in the notification of the decision. If a decision was taken by a case officer, the officer's name and telephone number will be shown on the letter. If no name is shown, the decision will have been issued automatically.

Profiling

Our automated decision-making process does not use profiling. Decisions are always based on the personal data of the individual client, not on similarities between groups of clients. Client profiling in the broadest sense of the word does occur. For example, if we impose a fine on a client, we always check to see whether the client has received a fine from us before. We are required to do this by law in order to determine the amount of the fine. Decisions in such cases will not be taken automatically, but by a case officer. This type of profiling is only used if it is required by law.

We take all necessary measures to protect your data while observing the law and complying with the Government Departments Data Protection Baseline (BIR). All our staff members have a duty of confidentiality. They may only view your details if this is necessary for the performance of their duties. Our computers and office buildings have also been secured. We do not keep any data for longer than strictly necessary.

There are several ways you can protect your own data.

Keep your DigiD secret

It seems obvious, but never share your login data with anyone else. We will also never ask you for your user name or password. Not by internet, email, telephone or in any other way. 

Check websites 

Be wary of websites or emails asking for your personal data. Always ask yourself whether the data is really relevant for the services they provide. 

A secure ID

In the Government publication ‘Factsheet Een veilig ID’ (only in Dutch), you can read about the dangers of identity fraud and what you can do to prevent this.

In My SVB, you can view part of your personal data. For example, you can check how much AOW pension you have built up, or view itemised details of payments made to you. 

If you receive a personal care budget (PGB), you can view part of your PGB data in Mijn PGB.

If you would like to know what data we have on file for you, you can send us a request for access to your data.

For example, you can ask us to send you: 

  • a list of the personal data we hold on you
  • an explanation of what we do with this data
  • an explanation of how we acquired the data
  • a list of organisations we exchange your data with

Call us first

Call us first so we can see whether we can help you straight away. Contact your SVB office about this. If you are not satisfied after speaking to us, you can still send us a request for access to your data using the appropriate form below. Download the form, fill it in and upload it to My SVB or send it to us by post.

Requesting access to your data by uploading the form in My SVB

  1. Below, download the form 'Request for access to my personal data via My SVB'
  2. Fill in the form
  3. Upload the form in My SVB under 'Vraag of mededeling'

Requesting access to your data by sending the form by post

  1. Below, download the form 'Request for access to my personal data by post'
  2. Fill in the form
  3. Print the form
  4. Sign the form
  5. Make a copy of your valid identity document so that we can check your identity
  6. Send the form and the copy of your identity document to your SVB office

If you are the parent or guardian of a child aged 16 or older, you cannot request access to the child's data. The child must ask for this him or herself.

Authorisation

If you wish to authorise someone to have access to your data, fill in the authorisation form and send it to us together with the form 'Request for access to personal data' and a copy of your representative's identity document. You can send the documents by post or via My SVB.

If you have already appointed a representative, you need to send a separate authorisation if you want to supplement or adjust your data. For this, use the authorisation form. 

When will you receive a response?

You will receive a response within one month. If we cannot meet your request within this time limit, for example because of the amount of data involved, the time limit will be extended by one month. We will let you know before the end of the first month and and explain why we need more time.

If the personal data we have on file for you is incorrect or incomplete, you can ask us to correct or update it using the appropriate form below. Download the form, fill it in and upload it to My SVB or send it to us by post. 

Changing or updating your data by uploading a form to My SVB 

  1. Below, download the form ‘Request to correct or update personal data in My SVB’.
  2. Fill in the form
  3. Upload the form in My SVB under 'Vraag of mededeling'

By post

  1. Below, download the form ‘Request to correct or update personal data in My SVB’.
  2. Fill in the form
  3. Print the form
  4. Sign the form
  5. Make a copy of your valid identity document so that we can check your identity
  6. Send the form and the copy of your identity document to your SVB office

Authorisation

If you wish to authorise someone to have your data corrected or updated, download the authorisation form below, fill it in and send it to us together with the form 'Request to correct or update personal data' and a copy of your representative's identity document. You can send the documents by post or via My SVB.

If you have already appointed a representative, you need to send a separate authorisation if you want to correct or update your data. For this, use the authorisation form that you can download below.

When will you receive a response?

You will receive a letter from us within one month to confirm whether or not we have adjusted your data. If we have not adjusted your data, we will explain why. We may also ask you for additional information, for example, if you need to show why the change to your data is necessary.

You can object to your details being processed, for example if, due to exceptional circumstances, your personal interests outweigh the performance of our duties.

You can also ask us to stop using certain data or remove data if it is incorrect or unlawful or no longer necessary for its original purpose.

In such cases, please contact our Data Protection Officer. You can find out how to do this under ‘Questions or comments about privacy and data protection’.

If you have a question or comment about the use of your personal data or about your privacy rights, our privacy statement or the way in which we deal with privacy in general, please contact our Data Protection Officer (‘Functionaris Gegevensbescherming’). This person is a confidential adviser who ensures that we comply with privacy rules and regulations.

You can contact our Data Protection Officer in the following ways:

Letter

Send a letter to:

Sociale Verzekeringsbank
t.a.v. Functionaris Gegevensbescherming
Postbus 1100
1180 BH Amstelveen The Netherlands

Email form

Use the email form to contact our Data Protection Officer

You will receive a response within one month. If we cannot meet your request within this time limit, for example because of the amount of data involved, the time limit will be extended by one month. We will contact you before the end of the first month and and explain why we need more time.

If you are dissatisfied with the way your personal data is used, you can lodge a complaint. We will do everything we can to deal with your complaint as quickly as possible.

Call us first

If you have a complaint, call us. We will then discuss your complaint with you and see whether we can settle the matter straight away. If we cannot help you immediately, or if you are not satisfied with our explanation, we will continue to look for a solution. Contact us.

Send us a letter or fill in the complaints form

You can submit your complaint online using the digital complaints form. 

If you would rather write us a letter, you are welcome to do so. As soon as we have received your letter, we will contact you personally. Send your letter to: 

Sociale Verzekeringsbank
t.a.v. Functionaris Gegevensbescherming
Postbus 1100
1180 BH Amstelveen The Netherlands

The Dutch Data Protection Authority (‘Autoriteit Persoonsgegevens’)

If you feel we have not dealt with your complaint properly, you can submit a complaint to the Dutch Data Protection Authority at the following address:

Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ Den Haag The Netherlands

If personal data has been lost or may have been processed unlawfully, this is called a 'data breach'. For example, if a USB stick or laptop containing personal data is lost or stolen, or hackers have broken into our system and gained access to personal data. Serious data breaches are reported to the Dutch Data Protection Authority within 72 hours after discovery.

If you detect a data breach, please contact us without delay.

Our website is secure. We use cookies to collect data for statistical information on our website. A cookie is a small file that is saved on your computer. We can then recognize your computer the next time it is used to visit our site. 

Cookies contain a unique number. They do not contain personal details so they cannot be used to identify you personally. Neither can they be used to identify you when you visit other websites. 

If you object to the use of cookies, you can switch them off by using your browser settings. This will not affect your use of our website.

Below, you can find our privacy statement. It is a PDF file containing all the information you may have read above. For example, about the personal data we process about you as a client, or about how we use the data, who has access to your data and who we share your data with.