The processing of personal data is necessary for the business operations of Light, which consist primarily of risk consulting and insurance broking, which enable the consideration of, access to, administration of, and claims handling of, insurance.

Our customers must be able to trust that we handle any received personal data carefully and securely. We therefore comply with the current regulations in the area of the protection of personal data such as the General Data Protection Regulation (GDPR).

Our general policy is that personal data are processed in a proper and careful manner in accordance with the relevant laws and regulations. To meet this policy, we apply the following accepted privacy principles:

In this privacy statement we want to inform you about how we handle your personal data. You can read here for example what we process your personal data for, with whom we share your data and what rights you have when it comes to the processing of your personal data.

Identity of controller and contact details

Light B.V. (we or our/us) is the controller in respect of the Personal Data it processes in connection with the services provided under the relevant engagement with its client(s).

In certain cases, and for the purposes of performing some services, Light and its client may have agreed that Light is a processor. When Light acts as a processor, it complies with the obligations set out in the agreement concluded with its client.

Our contact details

Business establishments

Mailing address

When may Light process personal data?

We may only use your personal data if we have a reason mentioned in the General Data Protection Regulation. The reasons that apply to us are:

  1. You have given permission. We will only ask you for permission if that’s necessary to process your personal data. When we process your personal data on the basis of your permission, you may withdraw your permission at any time. You can do this by contacting us, by telephone or email. In our newsletters, we state our contact details at the bottom of our communication.
  2. Performance of a contract with you. Processing is necessary for the performance of a contract to which you are party or prior to entering into a contract in order to take steps at your request. In order to be able to advise you properly about your insurance policies, to mediate for you in insurance activities and to manage your portfolio, we need your personal data.
  3. Compliance with a legal obligation. Processing is necessary for compliance with a legal obligation to which we are subject.
  4. For our legitimate business interest. Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. We always weigh the balance between your interests and those of us. Our interests include the performance of contracts with you and / or maintaining, and possibly expanding, our customer relationship.

We process special categories of personal data based on the following reasons:

  1. Your explicit consent. You have given your explicit consent to the processing of those personal data for one or more specified purposes. You are free to withdraw your consent, by contacting our Compliance Officer. However withdrawal of this consent may impact our ability to provide our services. For more detail see the consent section above.
  2. For legal claims. Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
  3. Substantial public interest. Processing is necessary for reasons of substantial public interest, on the basis of EU law or Dutch law.

What types of data does Light process?

Depending on the services that we perform for you, we may (possibly) process the following data from you:

We collect and receive Personal Data from various sources, including (depending on the service provided and country you are in):

We always ensure that we only process the personal data that we need for our services and business operations.

What does Light use your personal data for?

We process your personal data only for the following purposes:

With whom does Light share your personal data?

We do not just provide your personal information to others. We may do so if you have given us permission for this, if we are obliged to do so on the basis of the law or a court decision, or if the provision is for the purposes stated in this privacy statement. For the performance of our operations and depending on the services provided to you, we may provide your personal data to the following persons or parties (not exhaustive):

External parties that process the personal data under our responsibility, do so only for purposes and under conditions that we have agreed with them. We record this in written agreements.

Safeguards

We ensure an adequate level of security and implement appropriate technical and organizational safeguards to protect personal data against loss or against any form of unlawful processing. These safeguards also serve to prevent unnecessary and / or unlawful collection and processing of personal data.

How long does Light keep your personal data?

Our retention periods for personal data are based on business needs and legal requirements. Your personal data will not be retained for longer than is necessary for the purposes for which it was collected or any other permitted related purpose(s). If our relationship or agreement ends, we will retain the data during the statutory retention periods that apply to us. How long we have to do this depends on the agreement you have entered into with us. For example, for pension insurance, the statutory retention period is longer than that of a car insurance.

Personal data will be taken out of the reach of the active administration after the retention period has expired. We will destroy the personal data after the expiry of the retention period.

The principle of data minimisation

When processing personal data, the amount and type of data is limited to the personal data that are necessary for the purposes mentioned in this privacy statement or as permitted by law. The data must be adequate, relevant and not excessive in relation to the purposes stated in this privacy statement. Where possible, the minimum required or no personal data will be processed.

If we require Personal Data for a purpose inconsistent with the purposes we identified in this privacy statement, we will notify clients of the new purpose and, where required, seek individuals’ consent (or ask other parties to do so on Light’s behalf) to process Personal Data for the new purpose(s).

What rights do you have?

You are in charge of your own personal data. That is why the General Data Protection Regulation (GDPR) gives you a number of rights. You may ask us to:

In addition, under certain conditions, you have the right to:

These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

We always try to meet your request as soon as possible, but no later than four weeks after submission. We do not charge any costs for this. If the period of four weeks is not reasonably feasible, you will be informed of this within this period. In that case, we will comply with your request within two months after the expiry of the first term.

Please note that we cannot always meet your request. For example a request to delete your personal data, during the legal retention period (which has not yet expired) or if you have another ongoing contract with us, this would be a conflict between your request and our legal requirement. If we are unable to meet your request, we will of course inform you of this.

Questions, requests or complaints?

If you have questions or requests about the processing of your personal data or this statement, you can contact our Compliance Officer. You can also approach our Compliance Officer if you have complaints about the processing of your personal data or if you want to make use of one of your rights.

You can reach our Compliance Officer by e-mail at [email protected] or by mail via:

Light B.V
Attn. the legal and compliance department
Olympisch Stadion 12
Mailbox 75944
1070 AX Amsterdam
The Netherlands

If you have a complaint and you do not agree with our policy, you can contact the supervisory authority of Netherlands via autoriteitpersoonsgegevens.nl.

Changes to this privacy statement

This privacy statement is subject to change at any time. It was last changed on 10.05.18. If we make changes to this privacy statement, we will update the date it was last changed. Changes that we make to this privacy statement will take effect immediately. You are advised to check this privacy statement regularly, so that you are aware of any changes.