Privacy Statement

NBM Group is responsible for the processing of personal data as set out in this privacy statement.

Contact details

The quality controller is the supervisory authority and the first point of contact within our office with regard to the processing of personal data. The quality controller can be contacted using the details below:

NBM Group

Diemerhof 42

1112 XN DIEMEN

Email: info@nbm-finance.nl

Personal data we process

NBM Group processes personal data of clients when they use our services and/or when clients provide this data to us themselves.

Below is an overview of the personal data we process with regard to the following categories:

Clients;
Job applicants.

For each category, we also record the purposes for which the processing takes place and who has access to the personal data.

1. Clients

The processing is only carried out for the following purposes:
1. identification;
2. drawing up a risk profile within the framework of the Wwft (Money Laundering and Terrorist Financing (Prevention) Act);
3. maintaining contact with clients;
4. carrying out work as agreed with clients;
5. the implementation or application of another law.
No data other than the following will be processed:
1. surname, first names, initials, title, gender, date of birth, address, postcode, place of residence, telephone number and similar data required for communication, as well as the bank account number and national insurance number of the data subject;
2. copy of identification document;
3. data other than those referred to in a to b, the processing of which is required or necessary for the application of the law.
The personal data will only be provided to:
1. those, including third parties, who are responsible for or manage the activities referred to in the first paragraph or who are necessarily involved in them;
2. others, in cases where there is a legitimate basis under the GDPR.

2. Job applicants

The processing shall only be carried out for the following purposes:
1. assessing the suitability of the data subject for a position that is or may become vacant;
2. processing the expenses incurred by the applicant;
3. internal control and company security;
4. the implementation or application of another law.
No data other than the following will be processed:
1. surname, first names, initials, title, gender, date of birth, address, postcode, place of residence, telephone number and similar data necessary for communication, as well as the data subject's bank account number and national insurance number;
2. an administration number that contains no information other than that referred to under a;
3. nationality and place of birth;
4. data as referred to under a, of the parents, guardians or carers of underage applicants;
5. data concerning education, courses and internships followed and to be followed;
6. data concerning the position applied for;
7. data concerning the nature and content of the current employment relationship, as well as its termination;
8. data concerning the nature and content of previous employment relationships, as well as their termination;
9. data relating to the motivation for the position and the organisation;
10. other data relating to the performance of the position, which has been provided by the data subject or which is known to him;
11. data other than that referred to in a to i, the processing of which is required or necessary for the application of another law.
Personal data will only be provided to:
1. those, including third parties, who are responsible for or manage the activities referred to in the first paragraph or who are necessarily involved in them;
2. others, in cases where there is a legitimate basis under the GDPR.

Special and/or sensitive personal data that we process

NBM Group processes the following special and/or sensitive personal data about you:

Citizen Service Number (BSN).

This personal data is used exclusively for the purposes/services agreed with the client.

If the purposes or services change, this will be agreed with the data subject again.

Wwft

Under the Money Laundering and Terrorist Financing (Prevention) Act (Wwft), NBM Group is obliged in some cases to collect and process your first name(s) and surname, date of birth, address, place of residence, nature, number and date of issue of the document with which you have identified yourself (and in some cases a copy of the document). NBM Group is obliged to report unusual transactions to the Financial Intelligence Unit Netherlands (FIU-Netherlands) and is also obliged to provide this collected information in such cases.

On what basis and for what purpose we process personal data

NBM Group processes personal data for the following purposes:

Your consent, such as when sending our newsletter for the purpose of sending you the newsletter;
Execution of the agreement, so that we can call you or send you an email if this is necessary to perform our services;
Legal obligation, because we are required by law and regulations, including those of our professional organisation (NBA), to ensure that sufficient documentation is kept when performing our work. In addition, we also process personal data when, for example, preparing tax returns for our clients.

How long we retain personal data

NBM Group does not retain personal data for longer than is strictly necessary to achieve the purposes for which the data is collected or for the statutory retention periods that we are required to comply with. We apply the following retention periods for the following (categories) of personal data:

Cookies on our website are retained for a period of 30 days;
Data from a potential client (sent to our office via the website, for example) is deleted after 30 days if the potential client does not ultimately become a client of our office. If a potential client does become a client of our office, the data is retained for as long as necessary to provide services to the client;
For the recording of personal data in applications and files for the purpose of providing services to the client, our office follows the statutory retention period, which in many cases is seven years;
NBM Group retains the information collected under the Wwft for a period of at least five years after the end of the business relationship in the context of which the data was collected and, in the event that it has made a report, five years after making a report.

Sharing personal data with third parties

NBM Group does not sell clients' personal data to third parties and only provides it if this is necessary for the performance of the agreement we have with the client or to comply with a legal obligation. This also includes the right of access of authorities such as the Tax and Customs Administration. We enter into a (sub)processing agreement with organisations that process data for our clients on our behalf to ensure the same level of security and confidentiality of clients' personal data. NBM Group remains responsible for these processing operations.

In special cases, we may provide personal data to external experts such as a solicitor, lawyer or pension specialist in the context of an assignment agreed with the client for these external experts. In that case, we will not provide this data to these external experts without the client's consent.

This data will not be used for commercial purposes.

Transfer

NBM Group processes the personal data of clients within the EU and does not share personal data with third parties who process data outside the EU.

Website

The following applies to personal data with regard to your visit to our website.

Cookies, or similar techniques, that we use

NBM Group uses functional cookies. A cookie is a small text file that is stored in the browser of the device used when you first visit this website. NBM Group uses cookies with a purely technical functionality. These ensure that the website works properly and can be optimised.

Visitors can opt out of cookies by setting their internet browser so that it no longer stores cookies. In addition, users can also delete all information previously stored via the browser settings. See here for an explanation.

Viewing, modifying or deleting data

Data subjects (the persons whose personal data we process) have the right to view personal data and to request correction or deletion. In addition, data subjects have the right to withdraw any consent to the data processing or to object to the processing of personal data by NBM Group, and data subjects have the right to data portability. This means that data subjects can submit a request to us to send the personal data we process in a computer file to the data subject or another organisation specified by the data subject.

Data subjects can send a request for access, correction, deletion, data transfer of their own personal data or a request to withdraw consent or object to the processing of personal data to info@nbm-finance.nl.

To ensure that the request for access has been made by the data subject, we ask that a copy of an identity document be sent with the request. In this copy, black out the passport photo, if applicable the MRZ (machine readable zone, the strip with numbers at the bottom of the passport), the document number and the Citizen Service Number (BSN). This is to protect privacy. We will respond to the request as soon as possible, but within one month at the latest.

NBM Group would also like to point out to those concerned that they have the option of submitting a complaint to the national supervisory authority, the Information Commissioner's Office. This can be done via the following link: https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons

How we protect personal data

NBM Group takes the protection of personal data seriously and takes appropriate (technical) (security) measures to prevent misuse, loss, unauthorised access, unwanted disclosure and unauthorised modification. If data subjects feel that data is not properly secured or there are indications of misuse, please contact the quality controller. The contact details are listed at the top of this privacy statement.