Privacy statement

Hienfeld Privacy Policy

When you request an insurance and when we process claims, we will ask you for your personal data. When dealing with this data, W.A. Hienfeld Holding B.V., including W.A. Hienfeld B.V., comply with the Personal Data Protection Act and, as of 25 May 2018, with its successor; the General Data Protection Regulation (GDPR) and the regulations derived from them such as the Code of Conduct for Personal Data Processing by Financial Institutions. Hienfeld will be the Data Controller processing your data.

We hold your privacy in high esteem. We will therefore put every effort into treating your personal data carefully, securely and confidentially.  This Privacy Policy will provide clarity about how we treat your personal data.

1.    Why we process personal data


If you or your employer wish to take out an insurance with us, either through your agent or directly, we will ask you for your personal data. We may use your personal data for the following objectives:

  • To enter into and/or execute insurances.
  • Identify the client, policy holder or the insured.
  • Improve our services and personalise them to your personal situation.
  • For marketing activities, such as expanding client relationships, tendering and informing about our products.
  • For analyses of personal data in order to improve product and service offers and to better cater to the wishes of our (prospect) clients.
  • To prevent and combat fraud regarding financial institutions (such as insurers) to ensure that the financial sector remains secure and ethical.
  • To give information to and receive information from other parties if such is required in the execution of your insurance, such as insurance brokers, insurers, collection and expert agencies. For example, we will inform them in case of any payment delays for the insurance.
  • For statistical analyses.
  • To be able to comply with our legal obligations. This includes Hienfeld’s obligation to provide data to the Dutch Tax Authorities. In turn, the Dutch Tax Authorities will transfer any data of people maintaining a relationship with the United States (possibly) identified as Specified US Person, to the US Tax Authorities.

In addition to the data we receive from you, we may also - regarding these objectives - request information from third parties that we deem trustworthy. In any personal data processing only the personal data will be used that is accurate, adequate and pertinent and not excessive.

Legal bases

At least one of the following grounds for processing your personal data applies:

  • Processing that is necessary for the performance of a (financial) contract to which you are party or in order to take steps at your request to entering into a contract.
  • Processing that is necessary for compliance with a legal obligation to which the we are subject.
  • You have consented to the processing of your personal data for one or more specific purposes. You will be able to withdraw this consent at any time.
  • Processing that is necessary for the purposes of the legitimate interests pursued by us or by a third party. We will constantly weigh the balance between your interests and ours. Our interests include the careful execution of contracts with you, maintaining and possibly expanding our client relationship via direct marketing and/or profiling aimed at preventing and combating fraud regarding financial institutions (such as insurers) to ensure that the financial sector remains secure and ethical.

2.    The personal data categories we process

The data we process

You may request our products and services through an agent and for some products and services you may use an online order form that is available on our website. To process your order, we process data, such as your name, address, city, email address, telephone number and your bank account number. In case of insurances such as an accident insurance, we may also ask you to provide your payroll data. We may also ask you to provide data that may be required to assess the insurance risk, such as your car registration or your profession, and if necessary also your health and criminal justice data. The above is a general enumeration, on the order forms you will see the type of data we request per insurance.

Special categories of personal data: medical data and any criminal records

In order to accept or execute insurances, such as accident, travel and liability insurances and processing of personal injury claims, we need information about your health. If we need data from your GP (general practitioner/physician), we will ask you for a medical authorisation to do so. Our medical advisor (physician) will be responsible for the treatment of your health data.

Hienfeld’s employees will only process health data if they are required in order to perform their work. These employees have an obligation of confidentiality regarding the data they process.

When assessing the risks in damage insurances, we may furthermore ask questions about any criminal records. Criminal offences that took place more than 8 years ago, do not need to be reported.

Data from external sources

In addition to data we receive from you, we may also request information from third parties that we deem trustworthy. We do this to assess risks, improve our services and to provide personalised offers. For example, these parties are the Dutch Vehicle and Driver Licensing Authority (RDW), the Dutch Central Statistical Office (CBS), cadastral offices, marketing research agencies and service providers for credit registration and data enrichment.
In addition to claims processing we might verify data if needed on social media (Facebook, LinkedIn, Instagram and Twitter) or other public sources, such as newspapers, to prevent fraud.

3.    The personal data exchanges that take place

Personal data exchange

Hienfeld will not provide any personal data to third parties, unless this is allowed and required according to the law or in case of fraud.

Within Hienfeld

If you are a customer of any of the business divisions of Hienfeld, we may exchange your personal data - pursuant to certain conditions and with the exception of your health records - with other business divisions of Hienfeld. We do this to maintain a responsible acceptance policy and to prevent fraud. In addition, we exchange data internally to process your orders or to obtain a summary of the products and services that you purchased from us. You may receive offers for other Hienfeld products. If you have an agent, you will receive these notifications after consultation with your agent. If you do not wish to receive offers for other products, you may let us know.

External to Hienfeld

Service providers (processors)

If allowed by law, we may exchange the data that are necessary for service provision with other companies to perform services for us that are related to the insurance agreement. For example, with collection or expert agencies.

We may also use service providers that may, by virtue of their services to us, be privy to data or (incidentally) obtain data access possibilities. These are generally data information / ICT service providers. A service provider hosting an ICT system also manages the data that are processed on that system. Other service providers have developed an ICT system for and/or delivered to Hienfeld, and need to maintain this system periodically. During this maintenance, the service providers will need to have access to that system, which means that the data in it will be accessible to them too

Agreements are made with these parties in order to safeguard your privacy. Hienfeld will remain responsible for processing your data..
These service providers are data processors, which means that they may only process personal data within their service framework with Hienfeld and on Hienfeld’s instructions. They are not allowed to do anything with those data outside of this framework and they have an obligation of confidentiality.

Consulting CIS Data Bank

With regard to a responsible acceptance, risk and fraud policy, we may consult your data and register them in the Central Information System of the Central Information System Foundation (CIS) in The Hague. In this regard, participants in the CIS Foundation may also mutually exchange data. The objective is to manage risks and combat fraud. This is governed by the Privacy Regulation of the CIS Foundation. For more information on the Privacy Regulation of the CIS Foundation, please visit

Collaborating with third parties and the Public Sector

Finally, there are third parties that may process your personal data under their own responsibility (as data controllers). You may ask these third parties to provide information on how they process personal data. An example may be your employer taking out an accident insurance for its employees or your insurance broker who takes out an insurance on your behalf. In cases in which we are required to provide data to qualified authorities, such as the Tax Authorities, they will process the corresponding data as data controllers. Providing data to legal service providers and accountants may be required; they also have their own responsibility as well.

Finally, we might send your personal data to the underlying insurer/risk carrier. The name(s) of the insurer(s)/risk carrier(s) can be found on your policy cover. For further information with regards to how these parties process data, we would like to refer you to the privacy statement of the parties in question.

4.    How we protect and retain your data

This is how we protect your data

We handle your data with care. We have technical and organisational measures in place to safeguard your data against loss or unlawful processing. These include measures to ensure safe usage of our website and IT systems and to prevent abuse. But these also include securing areas where data are stored, information security policy and providing training to our employees.

Storage periods

We will only keep your personal data for as long as we need them. Data we need to access are minimally kept for the term of the insurance agreement. If the insurance agreement ends, we will retain the data during the storage period stipulated by law.

5.    Your rights

Right to access, rectification and objection

You have the right to ask us which of your personal data we will process and to have your data rectified or erased.

When you wish to access your personal data, we will only grant access once we have adequately verified that you are the person you claim to be. We will ask audit questions to this end. In some cases we may choose not to provide any of your health data. For example if we deem it wiser for the physician to provide a clarification. In such case we will inform you how the information may be shared and requested.

You may submit such requests with us using the contact data below, indicating “Access/rectification request”. Please also enclose a copy of your identification. We ask you to render your photo and Social Security number (SSN) invisible. We recommend mentioning the purpose of the copy on it. Within four weeks after your request we will inform you whether we can approve the request.

You furthermore have the right to inform us that you do not wish to receive any information about our products and services. You may submit such request with us using the contact data below, indicating “Request for marketing opt-out”.

Moreover, you have the right to submit any complaints with the Personal Data Authority at their website: If you do not wish to receive any information from your agent about our products and services, please notify your agent directly.

6.    Other information

Your visits to our website and cookies

When you visit our website, cookies will be placed on your computer, tablet or smartphone. Cookies are small, simple text files. At your next visit, these cookies will be used to recognize you. For example, Cookies will ensure that you do not have to enter or receive the same information each time you visit the website. Your settings and preferences will be remembered, which will make your next visit to the website easier. Cookies also allow us to personalise the information and offers on the website to your preferences.

Message boards

On our website, you may use public message boards. The information you share on these boards are publicly accessible. Hienfeld does not store this online communication and does not supervise it. Hienfeld is not liable for any wrongful use of the message board or damage resulting from its use.

Hienfeld application

This Privacy Policy also governs our HienfeldGO! App. Use of the app requires the installation of Adobe AIR. Hienfeld recommends you to read the (privacy) terms and conditions of Adobe AIR before you agree with its installation. In order to use the app, one-time registration is required in order to give you the best service. We may use your data to contact you for our own marketing purposes. Please let us know if you do not wish to receive this information using the contact data below. Obviously, Hienfeld will not sell personal data to any third parties.

Modification of the Privacy Policy

We may modify this Privacy Policy. We may do this in case new developments arise, for example if anything should change in our business activities or in the law or jurisprudence. We therefore recommend you to check back frequently to see any changes to our Privacy Policy when you visit one of our websites.This text was last modified on June 21, 2018.

In case of any questions or complaints

In case of any questions about this Privacy Policy or complaints about the way we process your personal data, please contact the Privacy Officer of Hienfeld. Please send an email to or write a letter to:
W.A. Hienfeld Holding B.V.
Attn the Privacy Officer
P.O.Box 75133, 1070 AC Amsterdam, The Netherlands
Telephone: +31 (0)20-5 469 469

 A printversion can be download here.