PRIVACY STATEMENT
​
0. – Introduction
​
As an accountancy firm, we are responsible for processing a great deal of data. Some of this data involves personal data and in this context we would like to inform you of the following.
​
The firm collects and processes the identity and contact details that it receives from the client about the client himself, his family members, his employees, his appointees and his business relations (suppliers or clients of the client) and about any other useful contact. These personal data are processed by the firm in accordance with Belgian data protection legislation and the provisions of Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, applicable since 25 May 2018 (hereinafter 'General Data Protection Regulation').
The client is responsible for the accuracy and updating of the personal data he provides to the firm and undertakes to strictly comply with the provisions of the General Data Protection Regulation in respect of the persons to whom he has provided the personal data. He is also responsible for any personal data he may receive from his clients, his staff, his associates and his appointees.
The client acknowledges that he has taken note of the information below and authorises the firm to process the personal data that he provides in the context of the services provided by the firm, and this in accordance with the provisions contained in this privacy statement.
​
I. – Responsible for the processing of personal data
​
The party responsible for processing personal data is the BV FISC-PROTECT. The head office of the controller is located at 1080 Sint-Jans-Molenbeek, rue Alfred Dubois no. 25 with the company number 0442.617.928123.456.789.
​
The manager is registered with the ITAA under accreditation number 50.455.861.
​
For all questions concerning the protection of personal data, you can always contact the BV FISC-PROTECT by letter at the above address or by e-mail (privacy@fiscprotect.be).
II. – Purposes of the processing of personal data
​
2.1. For each processing operation, only the data relevant to the pursuit of the relevant purpose shall be processed. Processing consists of any operation (manual or automated) on personal data.
​
These data will only be passed on to subcontractors, recipients and/or third parties insofar as this is necessary for the aforementioned processing purposes.
2.2. In general, the firm processes personal data for the following purposes:
​
A. Application of the Act of 18 September 2017 on the Prevention of Money Laundering and Terrorist Financing and Restricting the Use of Cash (hereinafter: Act of 18 September 2017).
​
1° In application of Article 26 of the Law of 18 September 2017, our firm is required to collect the following personal data regarding our clients and their representatives: surname, first name, date and place of birth and, to the extent possible, address.
​
2 ° In application of article 26 of the Law of 18 September 2017, our firm must collect the following personal data regarding the final beneficiaries of the clients: surname, first name and, to the extent possible, date and place of birth and address.
​
The processing of these personal data is a legal obligation. Without these data, we cannot enter into a business relationship (art. 33 Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash).
​
B. The obligations incumbent on the firm vis-à-vis the Belgian government, foreign governments or international institutions in execution of a legal or regulatory obligation, in execution of a judicial decision, or in the context of the protection of a legitimate interest, including but not limited to current and future tax (e.g. VAT listings, tax sheets) and social laws, require us to process personal data in the context of the assignment with which we have been entrusted.
​
The processing of these personal data is a legal obligation and without these data we cannot enter into a business relationship.
​
C. Execution of a contract regarding accounting and tax services. The processing of personal data concerns the data of the clients themselves, their staff members, their directors and suchlike, as well as other persons who are involved in the activity as clients or suppliers, among other things.
​
Without the provision and processing of these data, we cannot properly fulfil our mission as accountant.
​
D. Activities of direct prospection, such as sending promotional or commercial information such as newsletters. The client may at any time unsubscribe from information or newsletters and other communications from the firm. The client can stop the subscription by sending an e-mail to the following address: protect@skynet.be.
​
2.3. Specifically, the firm collects, records and uses client data for the following purposes:
​
-
Entering into and managing the contractual relationship with the client;
-
analysing, adapting and improving the content of the firm's website;
-
Carrying out its mission;
-
enabling the client to receive messages and information
-
responding to requests for information;
-
any communication activity by the firm to clients who have given their consent;
-
to inform the clients of any changes to the firm's website, functionalities and general conditions;
-
for any other reason for which the client has given his express consent.
​
2.4. The legal basis of the processing of personal data by the firm is:
(i) the consent of the client;
​
Or
​
If the legal basis of the processing is the consent of the customer, the latter has the right to withdraw it at any time without adversely affecting the processing carried out before the withdrawal of consent by the customer.
​
(ii) The execution of any request from the client or the need to execute a contract concluded with the client. The firm must be able to collect certain data from the client in order to fulfil his requests. If the client chooses not to share this data with the firm, it may prevent the agreement from being performed.
​
(iii) A legal obligation imposed on the professional to collect and retain certain client data in order to comply with various legal requirements, including those related to taxation, accounting and anti-money laundering.
​
(iv) The legitimate interest of the firm to process the client's personal data, provided that this is done in accordance with the interests and fundamental rights and freedoms of the client.
The firm has a legitimate interest in maintaining communications with clients, including to:
​
-
meet their requests or better carry out the assignment;
-
prevent abuse and fraud, verify the legality of transactions, exercise, defend and protect the rights of the firm, for example in the event of a dispute;
-
provide evidence of a possible infringement of the firm's rights;
-
manage and improve his relations with the client;
-
continuously improve the services of the firm.
In any event, the firm shall ensure a proportionate balance between its legitimate interest and the respect for the private life of its clients.
​
III. – Which personal data and from whom?
​
3.1. The office shall only process the personal data which the person concerned or his/her relatives have provided themselves.
​
-
identification data such as surname and first name, marital status, date of birth, address, employer, capacity, telephone number and e-mail address, national number and company number
-
biometric data (copy of the electronic identity card or passport)
-
Bank details required for the execution of the order by the firm, such as the IBAN and BIC/SWIFT bank account numbers.
-
billing data;
-
communication between the client and the office;
-
in the context of the personal tax return via Tax-on-web, the following data are also processed: children, membership of a trade union or a political organisation, medical data;
-
any other personal data required for the execution of the assignment.
3.2. The Office processes personal data which were not provided by the data subject:
​
-
personal data submitted by the client and relating to his employees, directors, clients, suppliers.
3.3. The firm processes personal data that have not been supplied by the client:​
​
-
the personal data may originate from public sources such as the Crossroads Bank for Enterprises, the Belgian Official Gazette and its annexes and the National Bank of Belgium (Central Balance Sheet Office);
-
within the framework of the assignment, the firm may also collect certain data via other companies, in particular when these data originate from the following sources: other companies that wish to use our services in connection with a matter concerning you (e.g. as a third party, co-contracting party, shareholder, family member for tax return purposes, etc.); judicial authorities; bailiffs or notaries; the tax administration or social administration; clients/suppliers, etc.
IV. – Recipient of data
​
4.1. Communication to third parties other than service providers
The firm may transfer personal data at the request of any legally competent authority or on its own initiative, if it considers in good faith that the transfer of such information is necessary in order to comply with the law and regulations or to defend and/or protect the rights or property of the firm, its clients, its website and/or yourself.​
​
4.2. Communication to third-party service providers
The firm uses third-party service providers:
-
The firm uses e-bookkeeping software and an associated portal;
-
The firm uses external employees to perform certain tasks or specific assignments (auditor, notary...).
The firm can communicate personal information of its clients to third parties insofar as this information is necessary for the execution of an agreement with its clients. In this case these third parties do not communicate this information to other third parties, except in one of the following situations:
-
the communication of that information by those third parties to their suppliers or subcontractors is necessary for the execution of the agreement;
-
when those third parties are obliged by the applicable legislation to communicate certain information or documents to the competent authorities in the field of combating money laundering and, in general, to any competent public authority.
The communication of such information to the aforementioned persons must in all circumstances be limited to that which is strictly necessary or required by the legislation in force.
​
4.3. Transfer to a country outside the European Economic Area (if applicable)
The firm only transfers data to a country outside the European Economic Area if this country guarantees an adequate level of protection within the meaning of the applicable legislation and, in particular, within the meaning of the General Data Protection Regulation, or within the limits permitted by the applicable legislation, e.g. by guaranteeing data protection through appropriate contractual provisions.
​
V. – Safety Precautions
​
The firm has taken appropriate organisational and technical measures relating to both the collection and the storage of data in order to ensure a level of protection appropriate to the risk and, as far as possible, to prevent the following:
​
-
unauthorised access to or alteration of such data;
-
inappropriate use or dissemination of such data;
-
the unlawful destruction or accidental loss of such data.
These procedures shall also apply to any subcontractors engaged by the firm.
​
In this respect, the employees, shareholders or associates of the firm who have access to such data are bound by a strict obligation of confidentiality.
However, the firm cannot be held responsible in the event of theft or misappropriation of such data by a third party despite the security measures in place.
​
VI. – Surveillance cameras
​
6.1. What data does the firm collect about you?
​
The cameras record images of certain places where it is possible that you may be in the view.
​
6.2. What data does the firm collect about you?
​
The cameras were installed for the purpose of protecting the safety of its employees, clients, residents and all other visitors. The office collects this data based on our legitimate interest to provide for the safety of everyone within our building.
​
6.3. Will this data be shared with others?
​
In principle, this data is not shared with others. Only if it is necessary in the event of a risk or danger will the images be transferred to the courts and the police. This, of course, only when the images are actually kept.
​
6.4. How long do we keep this data?
​
The recordings are kept for a maximum of 30 days.
​
6.5. How long do we keep this data?
​
Right to view and a copy. You have the right to view the images that we have taken of you. As the footage also processes data of other persons, we will assess per request to what extent we can act on it without violating the privacy of those other persons. The request must be justified, i.e. you must explain why you are requesting this viewing. These rights apply unless a legal restriction applies.
To exercise your rights, you may submit a request to the Data Protection Officer (DPO) of FISC-PROTECT BV via an e-mail addressed to privacy@fiscprotect.be.
​
VII. – Retention period
​
7.1. Personal data the firm is required to retain pursuant to the Act of 18 September 2017 (see 2.2A.)
​
This concerns the identification data and the copy of the supporting documents concerning our clients, the internal and external agents as well as the final beneficiaries of our clients.
​
In accordance with Article 60 of the Law of 18 September 2017, these personal data are kept for a maximum of ten years after the end of the business relationship with the client or from the date of an occasional transaction.
​
7.2. Other personal data
The personal data of persons other than those mentioned above shall only be kept for the periods provided for in the applicable legislation such as accounting legislation, tax legislation, social legislation, except for the personal data that the firm must keep for a longer period on the basis of a specific legislation or in the event of a pending dispute for which the personal data are necessary.
​
7.3. After expiry of the aforementioned periods, the personal data shall be deleted, unless other applicable legislation provides for a longer retention period.
VIII. – Rights of access, rectification, forgetfulness, data portability, objection, nonprofiling and security breach notification
​
8.1. In accordance with the regulations on the processing of personal data, the client has the following rights, subject to the special case set out in Article 8.2:
​​
-
the right to be informed of the purposes of the processing and of the identity of the data controller.
-
Right of access: the client has the right to ask at any time whether his data has been collected, for how long and for what purpose.
-
Right to object: the client can object at any time to the use of his data by the firm.
-
Right of rectification: the client has the right to request at any time that incorrect or incomplete data be rectified or completed.
-
Right to restriction of processing: the client can request a restriction of the processing of his data. This means that the data in question must be "marked" in the firm's IT system and that it cannot be used for a certain period of time.
-
right to the deletion of data ("right to oblivion"): subject to the exceptions provided for by law, the client has the right to request that his data be deleted, with the exception of those data that the firm is obliged to retain due to a legal obligation.
-
Right to data portability: the client may request that his data be transferred in a "structured, commonly used and machine-readable format" and may also ask the firm to transfer these data to another data controller.
-
Right of complaint: the client may lodge a complaint with the Data Protection Authority.
To exercise your rights, you can always send a written request, together with a copy of your identity card or passport to the data controller (or to the DPO) by e-mail: protect@skynet.be or by ordinary letter.
​
8.2. Concerning the personal data that the office must keep in application of the Law of 18 September 2017.
​
This concerns the personal data of our clients, their agents and beneficial owners.
​
In this regard, we must draw your attention to the article 65 of the law of 18 September 2017:
​
"Art. 65. The person to whom the processing of personal data applies by virtue of this law does not enjoy the right to access and rectify his data, the right to be forgotten, the right to data portability, the right to object, the right not to be profiled or the notification of security breaches.
​
The right of the person concerned to access personal data concerning him or her is exercised indirectly, by virtue of Article 13 of the aforementioned Act of 8 December 1992, at the Commission for the Protection of Privacy established by Article 23 of the same Act.
​
The Commission for the Protection of Privacy shall only inform the applicant that the necessary verifications have been carried out and of the result thereof as regards the lawfulness of the processing in question.
​
This information may be disclosed to the applicant when the Commission for the Protection of Privacy, in agreement with CTIF-CFI and following an opinion from the controller, determines on the one hand that it is not susceptible to disclosure of the existence of a suspicion as referred to in Articles 47 and 54, the consequences thereof or of CTIF-CFI "s exercise of its right to request additional information pursuant to Article 81, nor liable to jeopardise the objective of combating WG/FT, and on the other hand determines that the data in question relate to the applicant and are kept by reporting entities, CTIF-CFI or the supervisory authorities for the application of this Law. "
​
For the application of your rights regarding your personal data, you should therefore apply to the Data Protection Authority (see point 8).
​
IX. - Complaints
​With regard to the processing of personal data by our office, you can file a complaint with the Data Protection Authority:
​
Data Protection Authority
Drukpersstraat 35, 1000 Brussels
Phone +32 (0)2 274 48 00
Fax : +32 (0)2 274 48 35
Email: contact@apd-gba.be
URL: https://www.dataprotectionauthority.be
X. – Updates and changes to the privacy statement
​
The Firm may amend or adapt the Privacy Statement provided it notifies clients of this via the Firm's website or by e-mail. This may be done in order to comply with new legislation and/or regulations applicable to the protection of personal data, recommendations of the Belgian Data Protection Authority, guidelines, recommendations and best practices of the European Data Protection Committee and decisions of courts and tribunals on this matter.
​
​