About the SVB

Protection of your personal data

We protect the personal data we have on file for you, not only because we believe this is important, but also because we are obliged to do so under the General Data Protection Regulation (GDPR). Here, you can read what kind of personal data we process. We also explain what we use your details for, who has access to your details, and who we share your details with.

  • What we do with data
    We process data. This means that we collect, store, consult and use data in order to do our work properly. We also establish connections between data and pass data on to other organisations.
  • When do we process data or pass on your personal data to third parties?
    • If we are legally obliged to do so. For example, we pass on data about your AOW pension or your benefit to the Tax and Customs Administration
    • If it is necessary for the performance of our duties or the duties of another organisation. For example, to see whether you are receiving an AOW pension
    • For other cases, we have to obtain your permission first
    The data we use depends on the scheme or benefit concerned. Outside the European Union (EU), we only exchange personal data with a few partner organisations and embassies. For example, if we need to obtain information about your pension insurance record outside the Netherlands or ask for assistance in income and assets investigations in another country. For more detailed information, go to our 'Register', which shows what type of personal data is stored, why it is stored, and for how long.

  • What is personal data?
    Personal data is information that directly relates to or can be traced back to an individual. For example, a name, identification number or location.
  • What personal data do we use?

    We implement various schemes, including those for old age pension (AOW), child benefit and personal care budgets (PGB). In order to do our work as best as we can, we use data such as:

    • name and address
    • email address, telephone number, etc. so that we can reach you
    • personal data, such as burgerservicenummer (BSN), marital status, date of birth, place and country of birth, nationality, account number
    • employers' data, such as payroll tax number and registration number with the Chamber of Commerce
    • criminal justice data, such as data on imprisonment, detention or placement in a closed treatment facility
    • medical data. For example, to process claims under the Asbestos Victims Compensation Scheme or the schemes and regulations for former members of the resistance and victims of war
    The data we use depends on the scheme or benefit concerned. For more detailed information, go to our 'Register', which shows what type of personal data is stored, why it is stored, and for how long.

  • What we do with your personal data

    We use your personal data for:

    • implementing the schemes we are responsible for
    • processing complaints or requests for review or appeal relating to the schemes we implement
    We also use your personal data for:
    • financial and internal checks, accountability and audits
    • data analysis aimed at improving our services
    The data can be used for:
    • management reports and surveys
    • historical, statistical and scientific purposes
    The data we use depends on the scheme or benefit concerned. For more detailed information, go to our 'Register', which shows what type of personal data is stored, why it is stored, and for how long.


    Automated decisions

    Personal data is sometimes used to take automated decisions. For example, if a family has a second child, child benefit will be paid automatically for that child. 

    All SVB decisions are open to review, whether they have been issued automatically by a case officer. How to request a review is explained in the notification of the decision. If a decision was taken by a case officer, the officer's name and telephone number will be shown on the letter. If no name is shown, the decision will have been issued automatically. 

    Profiling

    Our automated decision-making process does not use profiling. Decisions are always based on the personal data of the individual client, not on similarities between groups of clients. Client profiling in the broadest sense of the word does occur. For example, if we impose a fine on a client, we always check the client's file to see whether the client was ever fined before. We are required to do this by law in order to determine the amount of the fine. Decisions in such cases will not be taken automatically, but by a case officer. This type of profiling is only used if it is required by law. 

  • How we protect your data
    We take all necessary measures to protect your data while observing the law and complying with the Government Departments Data Protection Baseline (BIR). All our staff members have a duty of confidentiality. They may only view your details if this is necessary for the performance of their duties. Our computers and office buildings have also been secured. We do not keep any data for longer than strictly necessary.
  • How to protect your data yourself

    There are several ways you can protect your own data.

    Keep your DigiD secret

    It seems obvious, but never share your login data with anyone. We will also never ask you for your user name or password. Not by internet, email, telephone or in any other way.

    Check websites

    Be wary of websites or emails asking for your personal data. Always ask yourself whether the data is really relevant for the services they provide.

    A secure ID

    In the Government publication 'Factsheet Een veilig ID' (only in Dutch) you can read about the dangers of identity fraud and what you can do to prevent this.

  • Viewing your data
  • Inspecting your personal data

    If you would like to know what data we have on file for you, you can request this from us.

    For example, you can ask us to send you:

    • a list of the personal data we hold on you
    • an explanation of what we do with this data
    • an explanation of how we acquired the data
    • a list of organizations we exchange your data with
    Call us first

    We will then see whether we can help you immediately. Contact your SVB office about this.
    If you are not satisfied after speaking to us, you can send us a request for access to your data using the appropriate form below. Download the form, fill it in and upload it to My SVB or send it to us by post.
     
    Requesting access to your data by uploading the form to My SVB

    1. Below, download the form 'Request for access to my personal data via My SVB'
    2. Fill in the form
    3. Upload the form via My SVB under 'Vraag of mededeling'

    Requesting access to your data by sending the form by post

    1. Below, download the form 'Request for access to my personal data by post'
    2. Fill in the form
    3. Print the form
    4. Sign the form
    5. Make a copy of your valid identity document so that we can check your identity
    6. Send the form and the copy of your identity document to your SVB office

    If you are the parent or guardian of a child aged 16 or older, you cannot request access to the child's data. The child must ask for this him or herself.

    an authorization

    If you wish to authorize someone to have access to your data, fill in the authorization form and send it to us together with the form 'Request for access to personal data' and a copy of your representative's identity document. You can send the documents by post or via My SVB.
    If you have already appointed a representative, you need to send a separate authorization if you want to supplement or adjust your data. For this, use the authorization form.

    When will you receive a response?

    You will receive a response within one month. If we cannot meet your request within this time limit, for example because of the amount of data involved, the time limit will be extended by one month. We will let you know before the end of the first month and and explain why we need more time.


  • Updating your file

    If the personal data we have on file for you is incorrect or incomplete, you can ask us to correct or update it using the appropriate form below. Download the form, fill it in and upload it to My SVB or send it to us by post. 

    Changing or updating your data by uploading a form to My SVB

    1. Below, download the form 'Request to correct or update personal data via My SVB'.
    2. Fill in the form
    3. Upload the form to My SVB under 'Vraag of mededeling'

    By post
    1. Below, download the form 'Request to correct or update personal data by post'.
    2. Fill in the form
    3. Print the form
    4. Sign the form
    5. Make a copy of your valid identity document so that we can check your identity
    6. Send the form and the copy of your identity document to your SVB office

    Authorization

    If you wish to authorize someone to have your data corrected or updated, download the authorization form below, fill it in and send it to us together with the form 'Request to correct or update personal data' and a copy of your representative's identity document. You can send the documents by post or via My SVB.

    If you have already appointed a representative, you need to send a separate authorization if you want to correct or update your data. For this, use the authorization form that you can download below.

    When will you receive a response?

    You will receive a letter from us within one month to confirm whether or not we have adjusted your data. If we have not adjusted your data, we will explain why. We may also ask you for additional information, for example, if you need to show why the change to your data is necessary.

    Forms

  • Other rights

    You can object to your details being processed, for example if, due to exceptional circumstances, your personal interests outweigh the performance of our duties.

    You can also ask us to stop using certain data or remove data if it is incorrect or unlawful or no longer necessary for its original purpose.

    In such cases, please contact our Data Protection Officer. How to contact this person is explained under 'Questions or comments'.

  • Questions or comments about privacy and data protection

    If you have a question or comment about the use of your personal data or about your privacy rights, our privacy statement or the way in which we deal with privacy in general, please contact our Data Protection Officer ('Functionaris Gegevensbescherming'). This person is a confidential adviser who ensures that we comply with privacy rules and regulations.

    You can contact our Data Protection Officer in the following ways:

    Email form

    Contact us using the email form

    Letter

    Send a letter to:

    Sociale Verzekeringsbank
    t.a.v. Functionaris Gegevensbescherming
    Postbus 1100
    1180 BH Amstelveen, the Netherlands

    You will receive a response within one month. If we cannot meet your request within this time limit, for example because of the amount of data involved, the time limit will be extended by one month. We will let you know before the end of the first month and explain why we need more time.

  • If you have a complaint

    If you are dissatisfied with the way your personal data is used, you can lodge a complaint. We will do everything we can to deal with your complaint as quickly as possible.

    Call us first

    If you have a complaint, call us. We will then discuss your complaint with you and see whether we can settle the matter straight away. If we cannot help you immediately, or if you are not satisfied with our explanation, we will continue to look for a solution. Contact us.

    Send us a letter or fill in the complaints form

    You can submit your complaint online using the digital complaints form.

    If you would rather write us a letter, you are welcome to do so. As soon as we have received your letter, we will contact you personally. Send your letter to:

    Sociale Verzekeringsbank
    t.a.v. Functionaris Gegevensbescherming
    Postbus 1100
    1180 BH Amstelveen, the Netherlands

    The Dutch Data Protection Authority

    If you feel we have not dealt with your complaint properly, you can submit a complaint to:

    The Dutch Data Protection Authority
    Postbus 93374
    2509 AJ Den Haag, the Netherlands

  • Data breach

    What is a data breach?

    If personal data has been lost or may have been processed unlawfully, this is called a 'data breach'. For example, if a USB stick or laptop containing personal data is lost or stolen, or hackers have broken into our system and gained access to personal data. Serious data breaches are reported to the Dutch Data Protection Authority within 72 hours after discovery.

    If you detect a data breach

    If you detect a data breach, please contact us without delay.

  • Privacy and our website
    Our website is secured. We use cookies for website statistics. A cookie is a small file that is saved on your computer. This helps us to recognize your computer the next time you visit our site. Cookies only contain a unique number. They never contain personal data. We cannot use cookies to identify you personally. Cookies cannot be used to identify you on other websites either.
    If you object to the use of cookies, you can disable cookies via your browser settings (e.g. Internet Explorer, Chrome or Firefox). Our site will work normally even if you do not accept cookies. You can find more information about cookies and disabling cookies on the website veiliginternetten.nl.

Privacy statement

Below, you can find our privacy statement. It is a PDF file containing all the information you may have read above. For example, about the personal data we process about you as a client, or about why we use the data, who has access to your data and who we share your data with.