Privacy Statement Collaborating with Achmea

Are you using the Microsoft Office 365 environment of Achmea B.V. as an employee, external worker or external user? Then we need some of your personal details. We think it is important that you know what we do with your personal data and what your rights are. This way you can rest assured that your data are in good hands with us.

The Privacy Policy and procedures as described on Achmeanet apply to employees and external workers of Achmea. The Privacy statement below applies specifically to external users of Achmea's Microsoft 365 environment.

Usually we ask for your name (first and last name) and e-mail address. Sometimes we also ask for other information such as your telephone number or you may choose to add a photo. We use this personal data so that you – as an external user – can collaborate with people within Achmea B.V. on the Microsoft Office 365 environment. If you add a photo yourself in the Microsoft Office 365 environment, it will be visible to other participants. We will not use your photo in any other way.

Achmea and Microsoft also process data about the use of Microsoft Office 365, such as log data and metrics.

We use your data to:

• Create your guest account;
• Be able to identify you, for authentication and authorization purposes;
• Register access information;
• Manage facility and IT processes;
• Analyze external use of Microsoft Office 365 for improvement purposes;
• Comply with the law;
• Carry out internal auditing and business security checks;
• Handle (legal) complaints and support tickets.

Achmea B.V. is responsible for the proper processing of your personal data for all Achmea brands.

Sometimes we pass on your data. We may exchange diagnostic data (meta data) with Microsoft. We store the contents of your files associated with your Microsoft products in the Microsoft Azure environment within the EEA.

If it is necessary to transfer data to recipients outside the European Economic Area (EEA), we do so very carefully. Within the EEA, the same privacy rules apply.

Our IT systems are well secured. And we continually take measures to prevent misuse of your data. In addition, our employees have also received clear instructions on how to handle personal data.

By sensitive data we mean, for example, personal data showing your racial or ethnic origin.

We keep your data as long as you use Achmea's Microsoft Office 365 environment or as long as it is required by law. After that, we will delete or anonymize your data.

We comply with the applicable privacy laws and regulations. These are, inter alia:

• The General Data Protection Regulation (GDPR);
• De Uitvoeringswet Algemene Verordening Gegevensbescherming. Dutch General Data Protection Regulation Implementing Act;
• De Telecommunicatiewet. Dutch Telecommunications Act.

Your rights are also regulated by law. You may:

• Withdraw your consent to the use of your personal data;
• Request your personal data from us;
• Have errors corrected and have your personal data supplemented if they are incorrect or incomplete;
• Have your personal data deleted;
• Object to certain uses of your data;
• Transfer your data.

Let us know when you wish to exercise your rights. You can find our contact details on the Achmea B.V. website. Please send us a letter or an e-mail if you wish to exercise your rights. In the interests of preventing misuse and fraud, we may ask that you provide proper identification. We will reply within one month of receipt of your message.

Send an email to Achmea's Data Protection Officer at privacymanager@achmea.nl. You can also send a letter to:
Achmea B.V.

Attn. Privacy Manager
Compliance & Operational Risk Management
Postbus 866
3700 AW Zeist

Did we not find a solution together? Under the GDPR, you are also entitled to lodge a complaint with the Dutch Data Protection Authority. To do so, please contact them.

For example, we can do this if something changes in the laws or regulations. You can always find the most recent version on our website. This most recent version is of 16 August 2021.