Company Profile
Business portfolio
Underlying value chains
Financial targets
Non-financial targets
Political, financial and legislative
Technological
Environmental & social
Becoming the best insurer
Being a responsible investor
Business conduct
HR policy and strategy
Skills and competencies
Increasing the organisation's agility
Strengthening employee engagement
Developments in 2024
a.s.r. shares
Bonds
Ratings
Political engagement
Socially responsible taxpayer
Doenkracht
Financial performance
Financial performance
P&C
Disability
Health
Financial performance
Pensions
Individual life and Funeral
Financial performance
Asset Management
Real Estate
Mortgages
Financial performance
Market
Financial performance
Corporate Governance
General Meeting of Shareholders
Executive Board and Management Board
Supervisory Board
Diversity, equity and inclusion
Sustainability governance
Corporate governance codes and regulations
Meetings of the Supervisory Board
Supervisory Board Committees
Introduction
Remuneration Policy
Executive Board
Supervisory Board
Risk governance
Risk appetite
Identified risks
Compliance risks
Privacy
Integrity and ethical conduct
Awareness
Composition of the Work Councils
Main themes during 2024
Introduction
General basis for preparation
Governance
Strategy and impacts, risks and opportunities
Climate change
Pollution
Biodiversity and ecosystems
Resource use and circular economy
Taxonomy regulation
Own workforce
Workers in the value chain
Consumers and end-users
Business conduct
Introduction
CSRD general reporting policies
CSRD environmental reporting policies
CSRD social reporting policies
CSRD governance reporting policies
CSRD reference table
General information
Statement of compliance
Consolidated balance sheet
Consolidated income statement
Consolidated statement of comprehensive income
Consolidated statement of changes in equity
Consolidated statement of cash flows
Changes in EU endorsed published IFRS Standards and Interpretations effective in 2024
Changes in presentations
Upcoming changes in published IFRS standards and interpretations, not yet effective in 2024
Key accounting policies
Other accounting policies
Group structure
Segmented balance sheet
Segmented income statement and operating result
Non-life ratios
Acquisitions
Discontinued operations
Intangible assets
Property, plant and equipment
Investment property
Associates and joint ventures
Investments
Investments related to direct participating insurance contracts
Derivatives
Deferred taxes
Other assets
Cash and cash equivalents
Equity
Subordinated liabilities
Insurance contract liabilities and reinsurance contract assets
Liabilities arising from direct participating insurance contracts
Employee benefits
Provisions
Borrowings
Savings deposits
Due to banks
Other liabilities
Insurance contract revenue
Insurance service expenses
Net result from reinsurance contracts
Direct investment income
Net fair value gains (and losses)
Impairments
Net finance income and expenses from (re)insurance contracts
Other finance expenses
Fee income
Other income
Operating and other expenses
Income tax expense
Fair value of assets and liabilities
Cash flows from operating activities
Offsetting of financial assets and liabilities
Related party transactions
Key management personnel remuneration
Employee Share Purchase Plan
Contingent liabilities and assets
Events after the balance sheet date
List of principal group companies
Profit appropriation
Risk management system
Insurance risk
Market risk
Counterparty default risk
Liquidity risk
Operational risk
Strategic and operational risk management
Capital management objectives
Solvency ratio and a.s.r. ratings
Additional information
Company balance sheet
Company income statement
Notes to the company financial statements
About this report
Statement of the Executive Board
Independent auditor's report
Limited assurance report on the Sustainability Statements
Stichting Continuïteit ASR Nederland
Provisions of the Articles of Association regarding profit appropriation
Datapoints that derive from other EU legislation
Minimum disclosure requirements
TNFD recommendations
Finance for Biodiversity
Financial indicators
Investor community indicators
ESG ratings
EU Taxonomy templates
Outcomes of stakeholder engagement
Contact
Publication

DOCUMENT

The story of a.s.r.
How a.s.r. creates value
Double materiality and value chain
Business portfolio and value chains
Strategic targets
Trends & developments
Sustainable Development Goals
Becoming the best financial service provider
Creating a vital and future-proof workforce
Informing the investor community
Operating as a trusted company
ASR Nederland N.V.
Non-life
Life
Asset Management
Distribution and Services
Holding and Other
Corporate governance
Supervisory Board report
Remuneration report
Managing risks
Ensuring compliance
Employee participation
General
Environmental
Social
Governance
CSRD reporting policies
Annex Sustainability statements
Introduction
Consolidated financial statements
Accounting policies
Group structure and segment information
Notes to the consolidated balance sheet
Notes to the consolidated income statement
Other notes
Risk management
Capital management
Operating result
Company financial statements
About this report
Management and auditor reports
Reference tables
Supplementary data points
Stakeholder engagement
Glossary
Abbreviations
Contact details
ChaptersBusiness and strategyHow a.s.r. operatesBusiness reviewGovernanceSustainability statementsFinancial statementsAppendix
Go to
Downloads
Governance Ensuring compliance Privacy
5.5.2Privacy1

a.s.r. is committed to using the collected personal data responsibly and diligently to create value for both customers and the organisation. Sustainable growth can only be achieved by effectively safeguarding the privacy of customers, employees, and other individuals. This involves a conscious approach to handling personal data, along with a thorough understanding and adherence to relevant regulations.

Governance and organisation

A robust governance structure is essential for effective personal data protection. The privacy governance model is outlined in the a.s.r. Privacy Policy. The Executive Board (EB), in particular the CTO, is responsible for compliance with data protection regulations. In 2024, a central Privacy Office was established to manage privacy policies and strengthen the privacy compliance in the first line. A privacy risk and control framework was developed (as part of the compliance risk and monitoring framework) to help monitor privacy-related risks.

The Data Protection Officer (DPO) independently monitors and promotes privacy compliance within a.s.r. by advising and raising awareness. The DPO operates alongside the Compliance department. The DPO has the authority to escalate critical privacy compliance matters to the highest levels of the organisation, including the CEO, the Chair of the A&RC and/or the SB.

a.s.r. standards for the processing of personal data

a.s.r. always informs data subjects clearly and in advance about how and why a.s.r. processes their personal data. This is done through several types of privacy notices. a.s.r.’s general Privacy Statement is published on the website at www.asrnl.com and includes information about a.s.r.’s contact details, the purposes of the processing, the legal basis for the processing, the recipients of the data, the retention period and the rights of the data subjects.

a.s.r. has established a clear set of standards for the processing of personal data of customers, employees, intermediaries and other parties (‘data subjects’). These standards are detailed in the a.s.r. privacy policies and their translations. Furthermore, a.s.r. adheres to the Insurers and Crime Protocol (Protocol Verzekeraars en Criminaliteit) as well as the Financial Institutions Incident Warning System Protocol (Protocol Incidentenwaarschuwingssysteem) when processing data to detect fraud and abuse. These protocols were established by the Dutch Association of Insurers and Health Insurers Netherlands.

See section 3.1.3.2 for more information about IT and the digital strategy, and 5.4.3.1.3 for risks related to cyber and information security.

Data breaches and complaints in 2024

Measuring and reporting of data breaches is a crucial way to enhance technical and organisational measures to protect personal data. It also helps mitigate the consequences of any breach for the affected individuals.

a.s.r. has a procedure in place to register personal data breaches to a Data Breach Team. This team assesses whether a data breach needs to be reported to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) and whether data subjects need to be informed.

Raising awareness of these procedures and of the importance of taking due care when processing personal data to avoid breaches falls under the awareness programme. Compliance and the DPO report quarterly on the number and type of data breaches to the highest organisational level in a business line – the MB, NFRC, Risk Committee and the A&RC of the SB. Most breaches have been attributed to human errors, outdated postal addresses and lost mail items. a.s.r. implements measures to mitigate the causes of these breaches whenever possible, such as reviewing and improving processes.

In 2024, 134 data breaches related to Personal Identifiable Information (PII) were reported to the AP (2023: 87), this increase is partially due to inclusion of Aegon NL in the 2024 figures . According to the privacy regulations, the AP must be notified of data breaches that present a probable risk to the affected individuals. These figures exclude Corins and D&S entities, who have their own data breaches processes. a.s.r. took measures to mitigate any risks for the individuals concerned and has no reason to expect any of the reported breaches to have a serious impact for those involved.

Complaints about privacy issues enable a.s.r. in refining processes to boost privacy compliance. a.s.r. has noted a growing awareness of privacy among customers, resulting in an increase in questions and complaints. In 2024, a.s.r. received 190 complaints from customers and third parties, including three complaints from a regulatory body (2023: 149, of which one from a regulatory body). Most complaints relate to data breaches, but many relate to individuals exercising their privacy rights, such as the right of access and the right to be forgotten.

Complaints relating to customer privacy received from customers and third parties 123

(in numbers)

  • 1 Complaints received from regulatory bodies are also included in the figure reported for complaints received from third parties.
  • 2 As of reporting year 2023, a more complete classification approach is applied to the figure complaints related to customer privacy received from third parties.
  • 3 These figures are not in scope of CSRD and limited assurance.
  • 1Section 5.5.2 is in scope of CSRD and limited assurance (ESRS S1, S4).
careers (in dutch)Privacy statementCookiesDisclaimerFraud prevention policyPhishingdigital vulnerability reporting centre © a.s.r.