Privacy statement

Introduction
The CFC Foundation (hereinafter CFC) is committed to protecting your privacy and the security of your personal data. We process your personal data in accordance with the requirements of the General Data Regulation on the use of information that can be traced back to you as a person. This privacy statement tells you what CFC does with your personal data and how we protect your privacy. For all questions and comments on the privacy policy, please contact the CFC:

Harderwijkweg 5
2803 PW Gouda
www.cfk.nl
info@cfk.nl

Why does the CFC collect information from me?
The CFC collects information to administer the bridging scheme and thus properly record your entitlement to bridging benefits. You participate in the bridging scheme because:
- Employer representatives and unions in the paid football collective agreement have agreed that all professional footballers participate in this. This is also stated in your employment contract as a professional footballer;
- The KNWU in its regulations has stipulated that all professional cyclists participate in this. This is also stated in your employment contract as a professional cyclist.

From whom does the CFC receive my personal data?
The CFC receives data from your employer, as long as you are employed, and from yourself. In exceptional cases, we receive personal data from organisations designated by law, such as the tax authorities or bailiffs.

What data does the CFC process from me?
The CFC only records the data needed to administer the bridging scheme. The most important are listed below:

  • Your employer provides the following data once:
    Name, date of birth, bsn, start of contract, phone number, e-mail address and language.
  • Your employer provides the following data on a monthly basis:
    Details of your premium (basis) and any data to determine hand and drawing money deposits.
  • You can provide the following data yourself:
    Name and address details, name and date of birth of your partner, whether you have children, bank account number, phone number, e-mail address, benefit choice & review thereof, tax choices and appointing agent.
  • The CFC further stores the following data:
    Written communication between you and the CFC, data relating to complaints/disputes, change history of personal data and your participant fund, application form and determination statement for a benefit, copy of ID (without photo and BSN) and information on your old-age and survivors' pension, if any, accrued before 1-7-2005.

We use the said data to implement the bridging scheme and inform you of your rights to a bridging and/or pension benefit. We collect certain information to prevent fraud and to fulfil our legal obligations. In the latter case, you can think, for example, of the obligation to provide information to the tax authorities.

Does CFC collect data from my internet behaviour?
No. When you visit the website or the app, no data is stored of your individual browsing or user behaviour. However, on a collective level, the behaviour of visitors on the website is recorded. This allows the provision of information to be better tailored to the needs of participants. However, this information can never be traced back to you as a person.

How long does the CFC keep my personal data?
Details of bridging scheme
- The CFC generally does not keep your data beyond the fiscal retention period. This means that most data is deleted from the records 7 years after the last distribution.
- After that period, we keep only the data that allows us to prove that you received the bridging benefits. We do this for an additional period of 13 years. This also gives us the opportunity to answer your questions about benefit history.
- After 20 years, we also remove benefit data from the records.

Pension scheme details accrued before 1-7-2005
If you have accrued pension during the aforementioned period, we keep this data to keep you informed about your pension rights. We will delete this data after the death of you or your next of kin.

To whom will my data be provided?
The CFC does all administration itself. The CFK does not provide data to third parties unless you request and explicitly authorise us to do so or this is required and necessary by law, such as in the case of fraud.

If you ask us yourself for access to your personal data, which you cannot find in the app, it will be provided to you by phone, e-mail or letter as soon as we have sufficient certainty about your identity. We do this to best protect your privacy. See also below: ‘right of inspection’.

Who has access to the CFC?
CFC is a small organisation with 5 employees who have access to your information. This is important because it allows all staff to help you quickly and allows staff to replace each other in case of absence. All employees are bound by the code of conduct, which can be found on the website. In addition, they have signed a confidentiality clause in their employment contract. More importantly, we have a team of people who understand better than anyone that your data must be kept secret. Moreover, alertness to confidentiality is regularly trained.

The CFC outsources IT-related work to various parties. There is a long-standing relationship with these and the parties are selected partly for their reliability and continuity. As there is the occasional possibility that the IT suppliers have access to individual participant data, the CFK has concluded ‘processing agreements’ with the parties involved. In doing so, the parties contractually undertake to keep the data confidential.

Participant data is never shared in the various committees at the CFC (participants' council, investment committee, audit committee). Nor are participant data discussed in the supervisory board, unless there really is no other way. In that context, it is good to know that the members of the supervisory board are also bound by the CFK's code of conduct.

Are IT systems secure at the CFC?
We are committed to protecting your privacy and operate in a fully digitised environment. Therefore, our systems and programmes are secured in the manner required by laws and regulations and we have management procedures to keep the information accurate and complete. Thus, unauthorised parties are not granted access to your personal data. Your data is appropriately secured by us against theft, loss or other unlawful use that could be made of it. To this end, the communication and transaction process on the app made available to your employer and to you is via a secure environment.

Rights regarding my personal data
Right of inspection
You have the opportunity to view your personal data at the CFC. You can see most of these data yourself online in the personal and secure app. You can ask us in writing to send you an overview of all personal data. We will then send you the overview as soon as possible - but in any case within a month - in digital form.

Right of transfer
You have the option of transferring the personal data the CFC has registered about you to another party. Please note, however, that this is (potentially) of little use as it is not possible for another organisation to administer your right to a bridging benefit. If you wish, the CFC will provide your personal data in digital form to an organisation to be designated by you. You can request us in writing to send this data. We will then send you or the other organisation the overview as soon as possible - but in any case within one month.

Right of rectification
You have the option to correct the personal data recorded by CFC if it is incorrect. This can be done through the app made available to you. If any of the other personal data we hold about you is incorrect, you can ask us in writing to correct it - after having requested it. We will then make your corrections as soon as possible but in any case within one month.

Right to delete
You may request in writing that we delete all your personal data. We can only comply with this request if your bridging fund has been fully disbursed and the tax retention period of 7 years after the last disbursement has expired. Following a written request received by us, if the above conditions are met, all your personal data will be deleted as soon as possible but at the latest within one month. You will receive a confirmation from us in that case.

Written requests
When making a written request to request, transfer, correct or delete your personal data, we must have sufficient certainty about your identity. You can send your written and signed request together with a copy of identification (driving licence or passport) with your request to the CFC. See the top of this document for contact details.

Complaints
If you have complaints about how the CFC handles your personal data, you can contact the Personal Data Authority (autoriteitpersoonsgegevens.nl).

You can also file a complaint with the CFC. The complaints procedure is on the CFC's website: www.cfk.nl