Privacy statement
Privacy statement 'de kleine prins’ BV - version 8/10/2020
As an accountancy firm, we are responsible for processing a large amount of data. Some of this data is personal data and in this context we would like to inform you about the following.
Introduction
The firm collects and processes the identity and contact details that it receives from the client about the client, his family members, his staff, his employees, his agents and his business relations (suppliers or customers of the client) and about any other relevant contact person. Such personal data shall be processed by the Firm in accordance with Belgian data protection legislation and the provisions of Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, in force since 25 May 2018 (hereinafter the "General Data Protection Regulation").
The Client is responsible for the accuracy and updating of the personal data he/she provides to the firm, and undertakes to strictly comply with the provisions of the General Data Protection Regulation in relation to the persons to whom he/she has provided the personal data. He is also responsible for any personal data that he may receive from his clients, his employees, his partners and his agents.
The Client acknowledges that he/she has taken note of the following information and authorises the firm to process the personal data provided by him/her in the context of the services provided by the firm, in accordance with the provisions contained in this Privacy Policy.
1. Owner of the processing of personal data
The person responsible for the processing of personal data is Bruno Deprins.
The controller has its registered office at Zwartzustersstraat 14, 3000 Leuven, under company number 0466.721.042, and is a legal entity recognised by the ITAA under number 50.296.924.
The controller is registered with the ITAA under recognition number 10.413.150.
If you have any questions about the protection of your personal data, you can contact 'de kleine prins' BV at any time by writing to the above address or by sending an e-mail to Jurgen@dkpa.be.
2. Purposes of the processing of personal data
2.1 For any processing, only the data that is relevant for the pursuit of the purpose in question will be processed. Processing is any operation (manual or automated) on personal data.
Such data will be disclosed to subcontractors, recipients and/or third parties only to the extent necessary in the context of the aforementioned purposes of said processing.
2.2 In general, the Company processes personal data for the following purposes
A. Application of the law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash (hereinafter referred to as the "law of 18 September 2017").
1° In application of article 26 of the law of 18 September 2017, our company must collect the following personal data concerning our clients and their representatives: name, first name, date and place of birth and, if possible, address.
2 ° In application of article 26 of the law of 18 September 2017, our firm must collect the following personal data relating to the beneficial owners of our clients: surname, first name and, where possible, date and place of birth and address.
The processing of this personal data is a legal obligation. Without this data, we cannot enter into a business relationship (art. 33 of the law of 18 September 2017 on the prevention of money laundering and the financing of terrorism and on the restriction of the use of cash).
B. The company's obligations to the Belgian government, foreign governments or international institutions in order to comply with a legal or regulatory obligation, a court order or in order to defend a legitimate interest, including but not limited to current and future fiscal (e.g. VAT lists, tax forms) and social legislation, require us to process personal data in the context of the task entrusted to us.
The processing of such personal data is a legal obligation and without it we cannot enter into a business relationship.
C. Execution of a contract for accounting and tax services. The processing of personal data concerns the data of the clients themselves, their employees, their directors and the like, as well as other persons involved in the activity as customers or suppliers, among others.
Without the provision and processing of this data, we cannot properly fulfil our mission as an accounting firm.
D. Direct marketing activities such as the sending of advertising or commercial information such as newsletters. The client may unsubscribe at any time from receiving information or newsletters and other communications from the firm. The client can unsubscribe by sending an e-mail to the following address: info@dkpa.be.
2.3 In particular, the firm collects, stores and uses client data for the following purposes
- Establishing and managing the contractual relationship with the client;
- analysing, adapting and improving the content of the firm's website; fulfilling its mission;
- enabling the client to receive news and information; responding to requests for information;
- any communication activity of the firm with clients who have given their consent;
- to inform clients of any changes to the firm's website, its functionalities and its general terms and conditions;
- for any other reason for which the clients have expressly given their consent.
2.4 The legal basis for the processing of personal data by the firm is
(i) the client's consent;
(ii) or
Where the legal basis for the processing is the client's consent, the client has the right to withdraw that consent at any time without prejudice to the processing carried out prior to the withdrawal of the client's consent.
(iii) the fulfilment of a request made by the client or the need to perform a contract entered into with the client.
The firm must be able to collect certain data from the client in order to fulfil its requests. If the client chooses not to provide this information to the firm, it may prevent the performance of the contract.
(iv) A legal obligation imposed on the professional to collect and retain certain client data in order to comply with various legal requirements, including those relating to tax, accounting and anti-money laundering laws.
(v) the firm's legitimate interest in processing the client's personal data, provided that this is done in accordance with the client's interests and fundamental rights and freedoms.
The firm has a legitimate interest in communicating with clients, including in order to
- respond to their requests or better execute the order;
- preventing abuse and fraud, checking the legality of transactions, exercising, defending and protecting the firm's rights, for example in the event of a dispute;
- provide evidence of any possible breach of the firm's rights; manage and improve its relationship with the client;
- continuously improve the services provided by the firm.
In all cases, the firm shall ensure a reasonable balance between its legitimate interest and respect for the privacy of its clients.
3. What personal data and from whom?
3.1 The firm will only process personal data provided by the data subject or his/her relatives.
- Identifying data such as name and first name, marital status, date of birth, address, employer, capacity, telephone number and e-mail address, national number and company number;
- Biometric data (copy of electronic ID card or passport). Bank details necessary for the execution of the order by the company, such as IBAN and BIC/SWIFT bank account numbers.
- Billing details;
- Communication between the client and the firm;
- any other personal data necessary for the performance of the task.
3.2 The firm will not process personal data that has not been provided by the client:
- personal data provided by the client and relating to its employees, directors, customers, suppliers.
3.3 The firm processes personal data that has not been provided by the client:
- Personal data may come from public sources such as the Crossroads Bank for Enterprises, the Belgian Official Gazette and its annexes and the National Bank of Belgium (Balance Sheet Centre);
- in the context of the assignment, the company may also collect certain data through other companies, including when they come from the following sources
- other companies wishing to use our services in connection with a matter concerning you (e.g. as a third party, co-contractor, director, etc.)
- Legal authorities; bailiffs or notaries;
- tax or social security authorities; customers/suppliers....
4. Recipients of the data
4.1 Communication to third parties other than service providers
The Company may disclose personal data at the request of a competent authority or on its own initiative if it believes in good faith that such disclosure is necessary to comply with laws and regulations or to defend and/or protect the rights or property of the Company, its customers, its website and/or you.
4.2 Disclosure to third party service providers
- The Firm uses third party service providers:
- The Firm uses electronic accounting software and a related portal;
the Firm uses external collaborators to carry out certain tasks or specific assignments (auditors, notaries, etc.).
The Firm may disclose personal data of its clients to third parties to the extent that such information is necessary for the performance of an agreement with its clients. In this case, these third parties will not communicate this information to other third parties, except in one of the following situations
- the disclosure of that information by those third parties to their suppliers or subcontractors is necessary for the performance of the contract;
- when these third parties are obliged by the applicable legislation to communicate certain information or documents to the competent authorities in the field of the fight against money laundering and, in general, to any competent public authority.
The communication of such information to the aforementioned persons must in any case be limited to what is strictly necessary or required by the applicable legislation.
4.3 Transfer to a country outside the European Economic Area
The Company will only transfer data to a country outside the European Economic Area if that country ensures an adequate level of protection within the meaning of the applicable legislation, and in particular within the meaning of the General Data Protection Regulation, or within the limits permitted by the applicable legislation, e.g. by ensuring data protection through appropriate contractual provisions.
5. Security measures
The firm has implemented appropriate organisational and technical measures, covering both the collection and storage of data, to ensure a level of protection appropriate to the risk and to prevent, as far as possible, the following
- Unauthorised access to or alteration of such data;
- inappropriate use or disclosure of such data;
- unlawful destruction or accidental loss of such data.
These procedures also apply to any sub-contractors on which the firm relies.
In this regard, the Firm's employees, shareholders or associates who have access to such data are under a strict duty of confidentiality.
However, the firm cannot be held responsible for the theft or misappropriation of such data by a third party despite the security measures in place.
6. Retention period
6.1 Personal data that the firm must keep in accordance with the law of 18 September 2017 (see 2.2A.).
This concerns the identification data and the copy of the supporting documents concerning our clients, internal and external agents and the beneficial owners of our clients.
In accordance with article 60 of the law of 18 September 2017, these personal data are kept for a maximum of 10 years from the end of the business relationship with the client or from the date of an occasional transaction.
6.2 Other personal data
The personal data of persons other than those mentioned above will be kept only for the periods provided for by applicable laws, such as accounting laws, tax laws, social laws, except for those personal data that the Firm is required to keep for a longer period by virtue of a specific law or in the case of a pending dispute for which the personal data is needed.
6.3 At the end of the above-mentioned periods, the personal data will be deleted, unless another applicable law provides for a longer retention period.
7. Rights of access, rectification, erasure, portability, objection, non-profiling and notification of security breaches
7.1 In accordance with the regulations on the processing of personal data, the Customer has the following rights, subject to the special case provided for in article 7.2:
- Right to be informed of the purposes of the processing and of the identity of the data controller.
- Right of access: the Customer has the right to know at any time whether his/her data are being collected, for how long and for what purpose.
- Right to object: the client may at any time object to the use of his/her data by the firm.
- Right of rectification: the client has the right, at any time and by simple request, to obtain the rectification or completion of data that is inaccurate or incomplete.
- Right to restrict processing: the client may request that the processing of his/her data be restricted. This means that the data in question must be 'flagged' in the company's IT system and cannot be used for a certain period of time.
- Right to data erasure ('right to oblivion'): subject to the exceptions provided for by law, the client has the right to request the erasure of his/her data, with the exception of data that the firm is obliged to keep by law.
- Right to data portability: the client may request that his/her data be made available to him/her in a "structured, common and machine-readable format" and may also ask the firm to transfer the data to another data controller.
- Right to complain: the customer can lodge a complaint with the data protection authority.
To exercise your rights, you may at any time send a written request, together with a copy of your identity card or passport, to the Data Controller by e-mail: jurgen@dkpa.be, or by ordinary mail.
7.2 Regarding the personal data that the company is obliged to keep in application of the law of 18 September 2017.
This concerns the personal data of our clients, their representatives and ultimate beneficiaries.
In this regard, we draw your attention to article 65 of the Law of 18 September 2017:
"Art. 65. The data subject shall have the right to access and rectify his/her data, the right to be forgotten, the right to data portability, the right to object, the right not to be profiled and the right to be informed of security breaches.
The data subject's right of access to personal data concerning him or her is exercised indirectly, in accordance with article 13 of the aforementioned law of 8 December 1992, by the Commission for the Protection of Privacy, established by article 23 of the same law.
The Commission for the Protection of Privacy shall only inform the applicant that the necessary checks have been carried out and of the result thereof as regards the lawfulness of the processing in question.
This information may be communicated to the applicant if the Data Protection Commission, in agreement with the CTIF-CFI and after consulting the data controller, determines on the one hand that its communication is not likely to reveal the existence of a report of suspicion as referred to in Articles 47 and 54, or the exercise by CTIF-CFI of its right to request additional information under Article 81, nor is it likely to jeopardise the objective of combating WG/FT and, on the other hand, establishes that the information in question relates to the applicant and is held by the subject entities, CTIF-CFI or the supervisory authorities for the purposes of this law. "
To exercise your rights regarding your personal data, you should therefore contact the Data Protection Authority (see point 8).
8. Complaints
With regard to the processing of personal data by our office, you may lodge a complaint with the Data Protection Authority:
Pressstraat 35, 1000 Brussels
Telephone: +32 (0)2 274 48 00
Fax number: +32 (0)2 274 48 35
E-mail: contact@apd-gba.be
URL: https://www.gegevensbeschermingsautoriteit.be
9. Updates and changes to the privacy policy
The Company may amend or modify the Privacy Statement by notifying Clients via the Company's website or by e-mail. This may be done, inter alia, in order to comply with new laws and/or regulations applicable to the protection of personal data, recommendations of the Belgian Data Protection Authority, guidelines, recommendations and best practices of the European Data Protection Committee and decisions of the courts in this matter.
Cookies
Explanation of the cookies used on this site.
COOKIE | TYPE | OMSCHRIJVING | DUUR |
---|---|---|---|
cookie-agreed | Strictly necessary | Keeps track of cookie setting choices. | 100 days |
cookie-agreed-categories | Strictly necessary | Keeps track of what types of cookies are allowed. | 100 days |
_ga | Statistical | Google Analytics - records a unique ID to collect static data from website visitors. | 2 year |
_gat | Statistical | Used by Google Analytics to reduce search speed. | 1 day |
gid | Statistical | Google Analytics - Registration of a unique ID to collect static data from website visitors. | 1 day |
collect | Statistical | Used to send data to Google Analytics about visitor device and behaviour. Tracks visitor across devices and marketing channels. | session |
CONSENT | External | Google's cookie consent tracker. Used when displaying Google and YouTube services. For example, when viewing a map from Google Maps. | 20 years |
PREF | External | Used when viewing Youtube videos. Tracks your preferences, for example, in the Youtube video player. | 8 months |