Skip to main content

Privacy statement

As a firm, we are responsible for processing a great deal of data. Part of this data relates to personal data and in this context we inform you of the following.

Introduction

The firm collects and processes the identity and contact details it receives from the client about the client itself, its family members, its staff, its employees, its appointees and its business relations (suppliers or clients of the client) and about any other useful contact person. These personal data are processed by the firm in accordance with Belgian data protection legislation and the provisions of Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, applicable since 25 May 2018 (hereinafter the “General Data Protection Regulation”).

The client is responsible for the accuracy and updating of the personal data it provides to the firm and undertakes to strictly comply with the provisions of the General Data Protection Regulation with regard to the persons whose personal data it has provided. It is also responsible for all possible personal data it may receive from its clients, its staff, its employees and its appointees.

The client acknowledges that it has taken note of the information below and authorises the firm to process the personal data it provides in the context of the services delivered by the firm, and this in accordance with the provisions set out in this privacy statement.

1. Controller of the processing of personal data

The controller of the processing of personal data is BOOKKEEPERS BV
The registered office of the controller is located at Capucienenlaan 61, 9300 Aalst, with company number 0537.917.953.
For any questions relating to the protection of personal data, you can always contact BOOKKEEPERS BV by letter at the above address or by e-mail info@bookkeepers.be
Where applicable: mention the details of the DPO (data protection officer) or the individual employee responsible for data protection.

2. Purposes of the processing of personal data

2.1 For each processing operation, only the data relevant to pursuing the purpose concerned are processed. Processing consists of any operation (manual or automated) on a personal data item.
These data are only transferred to subcontractors, recipients and/or third parties insofar as this is necessary in the context of the aforementioned purposes of said processing.

2.2 In general, the firm processes personal data for the following purposes:

  • A. Application of the Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash (hereinafter: the law of 18 September 2017).

    1° Pursuant to Article 26 of the law of 18 September 2017, our firm must obtain the following personal data with regard to our clients and their representatives: the surname, first name, date and place of birth and, as far as possible, the address.
    2° Pursuant to Article 26 of the law of 18 September 2017, our firm must obtain the following personal data concerning the ultimate beneficial owners of clients: the surname, first name and, as far as possible, the date and place of birth and address.

    The processing of these personal data is a legal obligation. Without these data, we cannot enter into a business relationship (art. 33 of the Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash).
  • B. The obligations incumbent on the firm towards the Belgian authorities, foreign authorities or international institutions in execution of a legal or regulatory obligation, in execution of a judicial decision, or in the context of safeguarding a legitimate interest under, among others but not exclusively, the current and future tax laws (e.g. VAT listings, tax forms) and social laws require us to process personal data in the context of the assignment entrusted to us.

    The processing of these personal data is a legal obligation and, without these data, we cannot enter into a business relationship.
  • C. Performance of an agreement relating to accounting and tax services. The processing of personal data concerns the data of the clients themselves, their staff members, their directors and the like, as well as of the other persons involved in the activity, among others as client or supplier.

    Without the provision and processing of these data, we cannot properly perform our assignment as [accountant, tax adviser].
  • D. Direct prospecting activities, such as sending promotional or commercial information such as newsletters. The client can stop the subscription to information letters or newsletters and other messages from the firm at any time. The client can cancel the subscription by sending an e-mail to the following address: info@bookkeepers.be

2.3 Concretely, the firm collects, records and uses clients' data for the following purposes:

  • entering into and managing the contractual relationship with the client;
  • analysing, adapting and improving the content of the firm's website;
  • performing its assignment;
  • enabling the client to receive messages and information;
  • responding to requests for information;
  • any communication activity of the firm to the clients who have given their consent for this;
  • informing clients of any change to the firm's website, the functionalities and the terms and conditions;
  • for any other reason for which the client has expressly given consent.

2.4 The legal basis for the processing of personal data by the firm is:
(i) the consent of the client;
Or
If the legal basis for the processing is the consent of the client, the latter has the right to withdraw it at any time without this adversely affecting the processing carried out before the withdrawal of consent by the client.
(ii) the performance of any request of the client or the necessity to perform an agreement concluded with the client.
The firm must be able to collect certain data of the client in order to comply with its requests. If the client chooses not to share these data with the firm, this may mean that the agreement cannot be performed.
(iii) a legal obligation imposed on the professional to collect and retain certain data of the client and thereby comply with various legal requirements, including those related to taxes, accounting and the anti-money-laundering law.
(iv) the legitimate interest of the firm to process the client's personal data, provided that this is done in accordance with the interests and fundamental rights and freedoms of the client.
The firm has a legitimate interest in maintaining communication with clients, in particular in order to:

  • comply with their requests or better perform the assignment;
  • prevent abuse and fraud, verify the legality of operations, exercise, defend and protect the rights of the firm, for example in the event of a dispute;
  • provide proof of a possible infringement of the firm's rights;
  • manage and improve its relations with the client;
  • continuously improve the firm's service provision.

The firm in any event ensures a proportionate balance between its legitimate interest and respect for the private life of its clients.

3. Which personal data and from whom?

3.1 The firm only processes the personal data that the data subject or its relatives have provided themselves.
List of data relating to achieving our objectives:

  • identification data such as the surname and first name, civil status, date of birth, address, employer, capacity, telephone number and e-mail address, national number and company number;
  • biometric data (copy of the electronic identity card or of the passport).
  • bank details necessary for the performance of the assignment by the firm, such as the IBAN and BIC/SWIFT bank account numbers.
  • invoicing data;
  • communication between the client and the firm;
  • in the context of the personal income tax return via Tax-on-web, the following data are also processed: children, membership of a trade union or a political organisation, medical data;
  • any other personal data necessary to perform the assignment.

3.2 The firm processes personal data that were not provided by the data subject:

  • personal data that were transferred by the client and that relate to its workers, directors, clients, suppliers.

3.3 The firm processes personal data that were not provided by the client:

  • the personal data may originate from public sources such as the Crossroads Bank for Enterprises, the Belgian Official Gazette and its annexes and the National Bank of Belgium (Central Balance Sheet Office);
  • in the context of the assignment, the firm may also collect certain data via other companies, in particular when they originate from the following sources:
  1. other companies that wish to call on our services in the context of a matter concerning you (for example as a third party, co-contractor, shareholder, related family member for a tax return, etc.);
  2. jurisdictions;
  3. bailiffs or notaries;
  4. the tax administration or social administration;
  5. the clients/suppliers...

4. Recipient of data

4.1 Communication to third parties other than service providers
The firm may disclose personal data at the request of any legally competent authority or on its own initiative, if it believes in good faith that disclosing this information is necessary to comply with the legislation and regulations, or to defend and/or protect the rights or property of the firm, its clients, its website and/or yourself.

4.2 Communication to third-party service providers
The firm calls on third-party service providers:

  • the firm uses e-accounting software and an associated portal;
  • the firm calls on external collaborators for the performance of certain tasks or specific assignments (company auditor, notary…).

The firm may disclose personal information of its clients to third parties insofar as that information is necessary for the performance of an agreement with its clients. In this case, those third parties do not disclose that information to other third parties, except in one of the following situations:

  • the disclosure of that information by those third parties to their suppliers or subcontractors is necessary for the performance of the agreement;
  • when those third parties are required by the applicable legislation to disclose certain information or certain documents to the competent authorities in the field of combating money laundering and, in general, to any competent public authority.

The disclosure of that information to the aforementioned persons must, in all circumstances, be limited to that information which is strictly necessary or required by the applicable legislation.

4.3 Transfer to a country outside the European Economic Area (if applicable)
The firm only transfers data to a country outside the European Economic Area when that country guarantees an adequate level of protection within the meaning of the applicable legislation and, in particular, within the meaning of the General Data Protection Regulation, or within the limits permitted by the applicable legislation, for example by guaranteeing the protection of data through appropriate contractual provisions.

5. Security measures

The firm has taken appropriate organisational and technical measures, relating both to the collection and the storage of data, in order to guarantee a level of protection appropriate to the risk and, as far as possible, to prevent the following:

  • unauthorised access to or alteration of those data;
  • inappropriate use or dissemination of those data;
  • unlawful destruction or accidental loss of those data.

These procedures also apply to all subcontractors that the firm calls on.
In this respect, the workers, shareholders or collaborators of the firm who have access to those data are subject to a strict duty of confidentiality.
The firm cannot, however, be held responsible in the event of theft or misappropriation of those data by a third party despite the security measures put in place.

6. Retention period

6.1 Personal data that the firm must retain under the Law of 18 September 2017 (see 2.2A.)
This concerns the identification data and the copy of the supporting documents regarding our clients, the internal and external representatives as well as the ultimate beneficial owners of our clients.
These personal data are retained, in accordance with Article 60 of the Law of 18 September 2017, until at most ten years after the end of the business relationship with the client or as from the date of an occasional transaction.

6.2 Other personal data
The personal data of persons other than those mentioned above are only retained for the periods provided for in the applicable legislation such as accounting legislation, tax legislation, social legislation, except for the personal data that the firm must retain for longer on the basis of specific legislation or in the event of a pending dispute for which the personal data are necessary.

6.3 After the expiry of the aforementioned periods, the personal data are erased, unless other applicable legislation provides for a longer retention period.

7. Rights of access, rectification, erasure, data portability, objection, non-profiling and concerning notification of security breaches


7.1 In accordance with the regulations in the field of processing of personal data, the client has the following rights, subject to the special case set out in Article 7.2:

  • the right to be informed of the purposes of the processing and of the identity of the controller.
  • right of access: the client has the right to ask at any time whether its data have been collected, for how long and for what purpose.
  • right to object: the client can object at any time to the use of its data by the firm.
  • right to rectification: the client has the right to request at any time, on simple request, that its erroneous or incomplete data be corrected or completed.
  • right to restriction of processing: the client can request a restriction of the processing of its data. This means that the data in question must be “marked” in the firm's IT system and that they cannot be used for a certain period.
  • right to erasure of data (“right to be forgotten”): subject to the exceptions provided for by law, the client has the right to request that its data be erased, with the exception of those which the firm must retain on the basis of a legal obligation.
  • right to data portability: the client can request that its data be transferred to it in a “structured, commonly used and machine-readable format” and can also ask the firm to transfer those data to another controller.
  • right to complain: the client can lodge a complaint with the Data Protection Authority.

To exercise your rights, you can always send a written request, together with a copy of your identity card or your passport, to the controller (or to the DPO) by e-mail: info@bookkeepers.be or by ordinary letter.

7.2 Concerning the personal data that the firm must retain pursuant to the Law of 18 September 2017.
This concerns the personal data of our clients, the representatives and the ultimate beneficial owners of clients.
In this regard, we must draw your attention to Article 65 of the law of 18 September 2017:
“Art. 65. The person to whom the processing of personal data applies under this law does not enjoy the right of access to and rectification of their data, nor the right to be forgotten, to data portability or to raise objections, nor the right not to be profiled, nor notification of security breaches.
The right of access of the data subject to the personal data concerning them is exercised indirectly, pursuant to Article 13 of the aforementioned law of 8 December 1992, with the Commission for the Protection of Privacy as established by Article 23 of the same law.
The Commission for the Protection of Privacy communicates to the applicant only that the necessary verifications have been carried out and the result thereof as regards the lawfulness of the processing in question.
These data may be communicated to the applicant when the Commission for the Protection of Privacy, in consultation with the CTIF-CFI and after the opinion of the controller, establishes, on the one hand, that their communication is not liable to reveal the existence of a report of suspicion referred to in Articles 47 and 54, of the follow-up given thereto or of the exercise by the CTIF-CFI of its right to request additional information on the basis of Article 81, nor liable to jeopardise the objective of combating ML/TF, and, on the other hand, establishes that the data concerned relate to the applicant and are kept by obliged entities, the CTIF-CFI or the supervisory authorities for the application of this law.”
For the application of your rights regarding your personal data, you must therefore turn to the Data Protection Authority (see point 8).

8. Complaints

Regarding the processing of personal data by our firm, you can lodge a complaint with the Data Protection Authority:

Rue de la Presse 35, 1000 Brussels
Tel +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
E-mail: contact@apd-gba.be
URL: https://www.gegevensbeschermingsautoriteit.be

9. Updates and changes to the privacy statement

The firm may change or adapt the privacy statement provided that it informs the clients thereof via the firm's website or by e-mail. This may be done, among other things, to comply with new legislation and/or regulations applicable in the field of protection of personal data, recommendations of the Belgian Data Protection Authority, guidelines, recommendations and best practices of the European Data Protection Board and decisions of courts and tribunals on this matter.