Last Updated: August 2021
Willis Towers Watson operates worldwide through subsidiary and affiliate companies (collectively, “Willis Towers Watson,” “we,” “us,” or “our”). Willis B.V. and Towers Watson Netherlands B.V., located at Prof. E.M. Meijerslaan 5 in Amstelveen are the controllers responsible for the Personal Data we collect and process as described in this Privacy Notice.
This Privacy Notice describes the way we collect Personal Data in the course of offering or administering our Services.
Scope of this Privacy notice
This Privacy Notice applies when we collect your Personal Data in the course of offering or administering our Services, as described in this Privacy Notice and it applies to all Personal Data we collect or process about you.
The information provided in this Privacy Notice that is of interest to you depends on the Service that you, or the company that you represent, use (for example, Transactional and advisory services or actuarial services).
Transactional- and advisory services
We offer transactional- and advisory services to our clients. Examples of these are:
- Insurance brokerage;
- claims management;
- reinsurance;
- brokerage services; and
- other forms of insurance services.
The insurance business involves the use and disclosure of Personal Data by multiple market parties in the insurance market, such as intermediaries, insurers and reinsurers.
When providing the Transaction and Advisory Services, we may be required to process Personal Data of named persons in an insurance policy, or of persons who are beneficiaries of, or have made claims under, an insurance policy, or persons involved in an incident that gives rise to an insurance claim. We also process Personal Data of persons who are employees, contractors and representatives of our clients.
Actuarial services
We provide actuarial services to clients who are Dutch pension funds. The Services involve us providing advice to pension funds on matters such as:
- the value of an individual member's pension;
- the value of options available to members;
- the value of the scheme as a whole;
- the levels of funding that the pension scheme needs; and
- the investment plan for the scheme.
In providing the Services, we may be required to process the Personal Data of scheme members and their family members, beneficiaries or other individuals that are connected to scheme members.
When we process your Personal Data, we act as controllers together with the pension funds and we cooperate with the pension funds in meeting our compliance obligations under the law. For example, it is the pension funds' responsibility to notify data subjects about the use of their Personal Data (as described in this Privacy Notice); to ensure the accuracy of the Personal Data they provide to us for processing; and to handle requests received from data subjects.
This Privacy Notice does not apply to any services where we act as a processor on behalf of the pension funds, for example when we provide pensions administration services.
Personal Data we collect
“Personal Data” is information that identifies you as an individual or relates to an identifiable individual. Depending on the service we provide, we may collect your Personal Data in the following ways:
Transactional and Advisory services
- Our client may provide your Personal Data to us. When a client provides us with Personal Data about you, we ask that the client provides a copy of this Privacy Notice to you before doing so.
- You may provide your Personal Data directly to us if you are our client or if you are involved in a claim that we are handling for a client.
- We may collect your Personal Data from public sources.
The Personal Data we may collect about you from our clients (or directly from you) will depend on the type of Service we are providing and the relationship between us, or between you and our client, but may include:
- name and contact information;
- demographic information (such as gender, age, date of birth, marital status, nationality, education/work histories, academic/professional qualifications, employment details, hobbies, family composition, and dependents);
- personal identification documentation and related information such as passport numbers and employee identification numbers;
- financial and payment data such as bank account numbers and transaction information;
- information related to the provision of the Services, such as policy information, claims information, and information relating to incidents giving rise to claims and related losses;
- information about your property and assets;
- statements made by or about you;
- records of communications and CCTV footage; and
- human resources data, such as job title and role; benefits and compensation information; dependent/beneficiary information; educational, academic and professional qualifications information; emergency contact information; and performance management information.
Some of the categories of information that we collect are special categories of Personal Data ("Sensitive Personal Data"). These include your health records (such as your medical history and reports on medical diagnoses, injuries and treatment); information about your personal characteristics and circumstances of a sensitive nature such as your racial or ethnic origin, sex life, mental and physical health and genetic information; and criminal records, fines and other like judicial records.
We may collect publicly available information such as information available on social media platforms, information about your registered property or assets and information about claims and convictions on public records.
Actuarial services
The Personal Information we process is provided or made available to us by or on behalf of the pension funds. The pension funds are also controllers in respect of this Personal Information, and you should consult the pension funds in the first instance if you have any questions about the processing of members' Personal Information.
The Personal Information we process may include:
- names and/or personal identifiers such as BSN numbers, personal numbers or pension scheme numbers;
- dates of birth;
- sex;
- service dates in the scheme;
- salary and pension amounts;
- contribution/investment amounts and choices;
- marital or partnership status;
- whether a pension in payment resulted from ill health or retirement; and
- address and postcode.
Depending on the Service we are providing, all or only some of the above categories of Personal Data may be provided to us (or made available to us) by the pension funds.
Some of the categories of information that we collect are special categories of Personal Data ("Sensitive Personal Data"). In particular, we may process Personal Data that relates to your health (for example, when a payment is claimed as a result of ill health).
Legal bases for processing personal data
We must have a legal basis to process your Personal Data. In most cases the legal basis will be one of the following:
- for our legitimate interests, for example to provide Services to our clients, to ensure that the Services we provide are appropriate our clients' requirements, to improve our Services, manage our risks, maintain accurate transaction records, and manage our business in an efficient way;
- for the legitimate interests of our clients and other third parties (for example, to investigate and assess claims made against policies held or underwritten by them and to prevent and detect suspicions of fraud); or
- to comply with our legal obligations such as due diligence and reporting obligations.
We process Sensitive Personal Data on the following legal bases:
- your consent, where your consent is required by law (in which case the pension funds will obtain this). You may withdraw your consent at any time by contacting the pension funds or us;
- to establish, exercise or defend legal claims; or
- where legislation otherwise permits us to process Sensitive Personal Data (for example, where the processing is necessary for the purpose of making a determination in connection with eligibility for, or benefits payable under, an occupational pension scheme).
How we may use your personal data
Depending on the Service we provide to you, we may use your Personal Data in the following ways.
Transactional and Advisory services
We use your Personal Data:
- to provide the Services and fulfill our contractual obligations to clients;
- to conduct data analysis;
- for fraud monitoring and prevention;
- to help develop new services and to enhance, improve or modify our Services;
- to operate and expand our business activities;
- to carry out background checks and conduct due diligence;
- to perform administrative activities in connection with our Services;
- to exercise, defend or protect our legal rights or the rights of our clients or third parties; and
- to comply with legal and professional obligations and to cooperate with regulatory bodies.
The way we analyse Personal Data for the purposes of risk assessment, fraud prevention and detection, and to report to our clients as part of the Services may involve profiling, which means that we may process your Personal Data using software that is able to evaluate your personal aspects and predict risks or outcomes.
We may also aggregate or anonymise information about you. Aggregated or anonymised data is not capable of being used to identify individuals and is not treated as Personal Data under this Privacy Notice.
Actuarial Services
We use your Personal Data:
- to provide the Services and fulfil our contractual obligations to the pension funds;
- to conduct data analysis, such as demographics studies and mortality studies;
- for workflow monitoring;
- to exercise, defend or protect our legal rights or the rights of the Pension funds or third parties; and
- to comply with legal and professional obligations and to cooperate with regulatory bodies.
The way we analyse Personal Data for the purposes of risk assessment, scheme valuation and client reporting may involve profiling, which means that we may process your Personal Data using software that is able to evaluate your personal aspects and predict risks or outcomes. For example, we may conduct analyses on Personal Data to predict mortality rates which we use for the purposes of scheme valuation.
We may also aggregate or anonymise information about you. Aggregated or anonymised data is not capable of being used to identify individuals and is not treated as Personal Data under this Privacy Notice.
Disclosure of your personal data
Transactional and Advisory services
We may share your Personal Data with third parties under the following circumstances:
- to any Willis Towers Watson group company for the use and purposes set out above. To the extent that the disclosure involves a transfer of Personal Data to a country outside the EEA that does not provide what is known as an appropriate level of data protection, we will provide sufficient safeguards (for example, by concluding the European Commission's standard contractual clauses) to allow international transfer of Personal Data.;
- to our clients, intermediaries, advisers and business partners for the purposes of fulfilling our contractual obligations to clients, for example to deliver our Services and to arrange insurance products for clients;
- to third party service providers such as entities providing customer service, email delivery, auditing and other services;
- if we are obliged to disclose your Personal Data under applicable law or regulation, which may include laws outside your country of residence; and
- in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
Actuarial Services
We can share your Personal Data with third parties under the following circumstances:
- to any Willis Towers Watson group company for the use and purposes set out above; To the extent that the disclosure involves a transfer of Personal Data to a country outside the EEA that does not provide what is known as an appropriate level of data protection, we will provide sufficient safeguards (for example, by concluding the European Commission's standard contractual clauses) to allow international transfer of Personal Data.;
- to the pension funds and to intermediaries, insurers, advisers and business partners for the purposes of fulfilling our contractual obligations to the pension funds, for example to deliver our Services;
- to third party service providers such as entities providing customer service, email delivery, auditing and other services;
- to professional and research bodies, when we are required or requested to do so.
- if we are obliged to disclose your Personal Data under applicable law or regulation, which may include laws outside your country of residence; and
- in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
When we share Personal Data with third parties, we take all reasonable steps to ensure that appropriate security measures and confidentiality undertakings are in place to protect the information shared.
Security and retention
Willis Towers Watson maintains appropriate technical and organizational security measures to protect the security of your data against loss, misuse, unauthorized access, disclosure or alteration. These measures are aimed at ensuring the ongoing integrity and confidentiality of Personal Data. We evaluate these measures on a regular basis to ensure the security of the processing.
We will retain your Personal Data for as long as is necessary for the provision of Services to our clients. When we no longer need your Personal Data in connection with the Services, we will then retain your Personal Data for a period of time that reasonably allows us to comply with our regulatory obligations and to commence or defend legal claims. We may retain aggregated or anonymised data (which is not treated as Personal Data under this Privacy Notice) for longer.
Cross-border transfer
Your Personal Data may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for Personal Data under European Union law. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details provided under the "Contact and Comments" section below.
Choices and access
Transactional and Advisory services
If you would like to review, correct, update, suppress, object to or restrict the processing of your Personal Data or request a copy of Personal Data about you, you may contact us by sending us an email to dataaccessrequest@wtwco.com or sending your request by postal mail to the address provided in the “Contact & Comments” section below.
In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Data. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the Autoriteit Persoonsgegevens at https://autoriteitpersoonsgegevens.nl.
Actuarial Services
Willis Towers Watson, the Scheme Actuary, and the pension funds are each controllers responsible for the Personal Data that we process.
If you would like to review, correct, update, suppress, object to or restrict the processing of your Personal Data or request a copy of Personal Data about you, you should contact the pension funds in the first instance. The pension funds may share with us any request that you make, so that we can assist the pension funds in complying with it.
In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data suppressed from the pension funds' or our database or otherwise let the pension funds know what limitations you would like to put on the use of your Personal Data.
You have the right to make a complaint to the Autoriteit Persoonsgegevens via https://autoriteitpersoonsgegevens.nl.
Changes to our privacy notice
You may request a copy of this Privacy Notice from us using the contact details set out below.
We may modify or update this Privacy Notice from time to time by notifying or providing a revised version to our clients. Where changes to this Privacy Notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will ask that our clients give you sufficient advance notice of these changes so that you have the opportunity to exercise your rights (e.g. to object to the processing).
Contact & comments
Transactional and Advisory Services
ServicesIf you have any questions or comments regarding this Privacy Notice, please contact our Global Privacy Office, at The Willis Building, 51 Lime St, London EC3M 7DQ or at privacy@wtwco.com.
Actuarial Services
You should contact the pension funds in the first instance if you have any questions regarding the processing of your Personal Data under the scheme. Please refer to your annual benefit statement, the summary funding statement or the pension funds' Privacy Notice for the pension funds' contact details.
If your request or concern has not been resolved by the pension funds, or if you would like to contact us directly, please write to our Global Privacy Office, at 51 Lime Street, London, EC3M 7DQ or email us at privacy@wtwco.com.