PRIVACY POLICY – GDPR
Introduction
As accounting firm we process a lot of data. Part of these data are related to personal information and in this respect we inform you as follows.
The personal data that we process can relate to you as client of our firm, but also to you as business relation of our clients (in case you are a supplier or client of our client). In any case, as concerned party whose personal data are processed by our firm, we need to draw your attention to the following.
- Responsibility for the data processing
The responsibility for processing of the personal data lies with Accountantskantoor DRT & Partners BV.
The registered office of Accountantskantoor DRT & Partners BV is located at Grote Markt 28, 3200 Aarschot with enterprise number 0446.415.081.
The responsible is registered with ITAA under affiliation number 221024.
For all questions related to the protection of personal data, you can contact Accountantskantoor DRT & Partners BV by mail on the address above or by e-mail on gdpr@drtpartners.com.
- Purpose of personal data processing
The firm processes personal data for the following purposes:
- Implementation of the Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash (hereinafter: law of 18 September 2017).
1° In accordance with article 26 of the law of 18 September 2017 our office needs to collect the following personal data related to its clients and their representatives: name, first name, date and place of birth, and to the extent possible, the address.
2 ° In accordance with article 26 of the law of 18 September 2017 our office needs to collect with regards to the ultimate beneficial owners of our clients, the following personal data: name, first name and, the extent possible, date and place of birth and address.
Processing of the personal data is a legal requirement. Without these data we cannot conclude a business relationship (art. 33 Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash).
- The obligations laid down on our firm by the Belgian government, by the foreign governments or foreign institutions in execution of a legal or regulatory obligation, legal decision or in the framework of current or future fiscal (VAT listings, fiscal certificates) and social laws compel us to process personal data in the framework of the assignment we were entrusted with.
Personal data processing is a legal obligation and without these data we cannot conclude a business relationship.
- Execution of an agreement concluded for accounting and fiscal services. The processing of personal data relates to data of the clients themselves, their employees, board members and others, but also other persons involved, such as clients and suppliers.
Without these personal data to process, we cannot perform our assignment as accountant properly.
- Which personal data and from whom?
In the framework of the purposes mentioned under 2 above, our office can process the following data:
- name and first name
- e-mail address
- telephone number
- biometric data (copy of e-id or passport)
- address
- enterprise number
- national number
For the filing of the personal tax returns via Tax-on-web also the following data are processed: children, union membership, political organisations, medical data, …
The firm processes data provided by the persons themselves or by their relatives.
The firm also processes data that have not been provided by the persons themselves such as personal data provided by the client with regards to their employees, board members, clients, suppliers or shareholders.
The personal data can also come from public sources such as the Crossroads Bank for Enterprises, the Belgian Official Gazette and its annexes, the National Bank of Belgium (Central Balance Sheet Office) and others.
The data are only processed as far as required for the purposes mentioned under point 2.
The personal data are not transferred to third countries or international organisations.
Recipients of the personal data
Pursuant to the above and except to the extent that the reporting of personal data to organisations or entities whose intervention as third service providers on behalf of and under supervision of the responsible firm is required to comply with the aforementioned purposes, the firm will not disclose, sell or exchange the personal data with any other organisation or entity, unless you were previously informed and have given your explicit consent.
The firm calls upon the following third service providers:
- The firm uses an online accounting software programme and its portal;
- The firm calls upon external parties for specific questions and assignments (auditors, notaries …);
- The firm provides information to the enterprise counter for registration in or changes to the Crossroads Bank for Enterprises;
- The firm communicates personal data to an officially recognised social insurance fund for the registration as independent;
- The firm communicates personal data to an officially recognised social secretariat for payroll administration;
- The firm provides the necessary information to the respective fiscal authorities (VAT, personal income tax, corporate income tax);
- The firm drafts and delivers the necessary forms to the appropriate Business Court for publication in the Belgian Official Gazette;
- The firm files the annual accounts of its clients at the National Bank of Belgium.
The firm can take every measure needed to ensure a good management of the website and its information systems.
The firm can transfer the personal data upon request by every legally authorised authority, or even by its own initiative if in good faith, they are of the opinion that transferring the data is necessary to comply with the law or regulations, or to defend and/or protect the rights and assets of the firm, its clients, its website or yourself as our client.
- Security measures
To the extent possible, in order to prevent the unauthorised access to the collected personal data, the firm has put in place specific procedures with regards to security and organisation, which apply both to the collecting of information as to the retention of the data.
These procedures also apply to all data processors the firm calls upon.
- Retention period
6.1. Personal data we need to keep pursuant to the Law of 18 September 2017 (see 2.A.)
This relates to identification data and evidencing documents with regards to our clients, internal and external representatives, as well as the ultimate beneficial owners of our clients.
In accordance with article 60 of the Law of 18 September 2017 these personal data are retained no longer than 10 years after the termination of the business relationship or counting from the start date of an occasional assignment.
6.2. Other personal data
The personal data of other persons than mentioned above are only kept for the duration stipulated in the applicable legislation such as accounting legislation, fiscal law and social law.
6.3 Upon expiry of the aforementioned retention periods, the personal data are deleted, unless a different legislation in place foresees a longer retention period.
- Right of access, right to rectification, right to erasure, right to data portability, right to object, right to no profiling and notification of security failures
7.1. Related to personal data we need to keep pursuant to the Law of 18 September 2017.
This relates to personal data of our clients, their representatives or the ultimate beneficial owners of our clients.
In this respect we need to draw your attention to article 65 of the law of 18 September 2017:
“Art. 65. The person whose personal data are processed in accordance with this Law does not have the right to access and correct his or her data, nor the right to be forgotten, nor the right to portability of these data, nor the right to object, nor to the right not to be profiled, nor to the notification of security failures.
The right of the individual involved to access personal data relating to him is exercised indirectly, pursuant to Article 13 of the aforementioned Law of 8 December 1992, through the Commission for the Protection of Privacy established by Article 23 of the same Law.
The Commission for the Protection of Privacy only informs the applicant that the necessary verifications have been carried out and of the result of these verifications in terms of the legality of the processing in question.
These data may be provided to the applicant when the Commission for the Protection of Privacy, by agreement with CTIF-CFI and after consulting the person responsible for the processing, finds on the one hand that the notification is not likely to reveal the existence of a disclosure referred to in Article 47 and 54, the action taken, or the use of CTIF-CFI’s right to request additional information in accordance with Article 81, nor likely to compromise the goal of combating ML/TF, and on the other hand finds that this data relates to the applicant and is held by obliged entities, CTIF-CFI or supervisory authorities in accordance with this Law.”
For your rights related to your personal data you will therefore need to turn to the Data Protection Authority (see point 8).
7.2. All other personal data
For your rights related to all other personal data you can always contact Accountantskantoor DRT & Partners BV.
- Complaints
With regards to the processing of personal data by our firm your can lodge a complaint with the Data Protection Authority:
Data Protection Authority
Drukpersstraat 35, 1000 Brussel
Tel: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
E-mail : contact@apd-gba.be
URL: https://www.gegevensbeschermingsautoriteit.be