As accounting firm, we are responsible for processing a great deal of data. Part of this data relates to personal data and in this context we communicate the following.
The personal data that we process may relate to you in your capacity as client of the office, but also to you as a business relationship of our clients (in the case that you are a supplier or customer of our client). In any case, we must point out the following to you as the data subject whose personal data we process.
I. – CONTROLLER OF PERSONAL DATA.
The controller is the private limited liability company BV ATA International, organised and existing under the laws of Belgium, with registered office at J. Ratinckxstrat 5-7 bus 52, 2600 Berchem, with enterprise number 0715.445.868, registered with the Institute for Tax Advisors and Accountants (ITAA) under approval number 50.105.550.
For all questions regarding the protection of personal data, you can contact our office at any time by letter at the above address or by e-mail (firstname.lastname@example.org).
Within the organisation, Mrs. Tine Vervoort and Mr. Frédéric Lievens supervise the application of and compliance with the General Data Protection Regulation in our role as controller.
II. – PURPOSES OF THE PROCESSING OF PERSONAL DATA.
The office processes the personal data for the following purposes:
A. Application of the Belgian Act of 18 September 2017 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and limitations to the use of cash (hereinafter: Act of 18 September 2017).
1° In application of Article 26 of the Act of 18 September 2017, our office must collect the following personal data with regard to our clients and their attorneys-in-fact: the name, first name, date and place of birth and, to the extent possible, the address.
2° In application of Article 26 of the Act of 18 September 2017, our office must collect the following personal data with regard to the ultimate beneficial owners of our clients: the name, first name and, to the extent possible, date and place of birth, and address.
The processing of this personal data is a legal obligation. Without this data, we are unable to enter into a business relationship (Art. 33 §2 Act of 18 September 2017 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and limitations to the use of cash).
B. Obligations of the office to the Belgian government, foreign governments or international institutions in implementation of a legal or regulatory obligation, in implementation of a judicial decision, or in the context of promoting a legitimate interest by among others, but not limited to, present and future tax (e.g. VAT listings, tax forms) and social security laws, require us to process personal data in the context of the assignment with which we were charged.
The processing of these personal data is a legal obligation and we cannot enter into a business relationship without these data.
C. Implementation of an agreement concerning accounting and tax services. The processing of the personal data concerns the data of the clients themselves, their employees, their directors and the like, as well as the other persons who are involved in the activity as a customer or supplier.
Without the provision and processing of this data, we are unable to properly perform our assignment as an accountant and tax consultant.
III. – WHICH PERSONAL DATA AND FROM WHOM?
For the purposes stated under 2, our office may process the following categories of personal data: identification data, biometric data (copy of e-ID or passport), national register number, contact details (e.g. address, e-mail, telephone number).
The following data is also processed in the context of personal income tax returns via Tax-on-web: identification data, identification data issued by the government, financial data, data concerning family members, membership in trade unions or political organisations, biometric data and medical data.
The office processes the personal data that the data subjects themselves or their relatives have supplied.
The office also processes personal data that was not provided by the data subject, such as personal data provided by the client concerning its employees, directors, customers, suppliers, or shareholders.
The personal data may also come from public sources such as the Crossroads Bank of Enterprises, the Belgian State Gazette and its supplements, the National Bank of Belgium (Central Balance Sheet Office) and the like.
The data will only be processed to the extent necessary for the purposes stated under Section 2.
The personal data is not passed on to third countries or international organisations.
IV. – RECEIVER OF DATA
In accordance with the foregoing and except to the extent that the communication of personal data to organisations or entities whose intervention as third-party service providers is required for the account and under the control of the controller to achieve the aforementioned purposes, the office will not communicate, sell, rent or exchange the personal data collected in this context with any other organisation or entity, unless you have been informed in advance and expressly consent thereto.
The office makes use of third-party service providers:
The office uses e-accounting software and a corresponding portal;
The office uses external staff to perform certain tasks or specific assignments (certified auditor, notary public, etc …);
The office uses management software, as well as billing software;
The office uses online portals for payroll administration and personnel management.
The office can take all necessary measures to ensure proper management of the website and its IT system.
The office may transfer the personal data at the request of any legally competent authority, or even on its own initiative if it believes in good faith that the transfer of this information is necessary to comply with legislation and regulations, or to guarantee the rights or to defend and/or protect the property of the office, its clients, its website and/or of you.
V. – SECURITY MEASURES.
In order to prevent, as far as possible, unauthorised access to the personal data collected in this context, the office has established security and organisational procedures that relate to the collection of these data and their storage.
These procedures also apply to all data processors that the office uses.
VI. – STORAGE PERIOD
The personal data are stored for the longest of the following periods:
As long as necessary for the performance of the relevant activity or services;
a legally required storage period (e.g. personal data that we must retain pursuant to the Act of 18 September 2017 (see 2.A.)) This concerns the identification data and a copy of the supporting documents regarding our clients, the internal and external attorneys-in-fact and the ultimate beneficial owners of our clients; Accounting legislation; Tax legislation; Social security legislation; etc.)
The end of the period in which civil proceedings can be initiated or investigations can be initiated with regard to the services provided.
As long as the professional practitioner is of the opinion that the purpose of the processing is present.
VII. – RIGHTS OF ACCESS, RECTIFICATION, OMISSION, DATA TRANSFERABILITY, OBJECTION, NON-PROFILING AND CONCERNING NOTIFICATION OF SECURITY BREACHES
7.1. Concerning the personal data that we must keep in application of the Act of 18 September 2017.
This concerns the personal data of our clients, attorneys-in-fact and the ultimate beneficial owners of the clients.
In this regard we must point out Article 65 of the Act of 18 September 2017:
“Art. 65. The person to whom the processing of personal data applies pursuant to this law does not enjoy the right to access and rectification of his or her data, nor the right to be forgotten, to data transferability or to raise objections, nor to the right not to be profiled, nor to notify the security breaches.
The right of the data subject to access the personal data concerning him or her is exercised indirectly, pursuant to Article 13 of the aforementioned Belgian Act of 8 December 1992, with the Data Protection Authority as instituted by Article 23 of the same Act.
The Data Protection Authority informs the applicant only that the necessary verifications have been carried out and the result thereof as regards the legality of the processing in question.
These data can be communicated to the applicant when the Data Protection Authority in consultation with the Financial Intelligence Processing Unit (CTIF-CFI), after having received the opinion of the controller, finds on the one hand that its communication is not eligible for disclosing the existence of a notification of a presumption referred to in Articles 47 and 54, of the consequences of this or of the exercise by the CTIF-CFI of its right to request additional information under Article 81, nor is it eligible for the objective of combating money laundering and terrorism financing, and on the other hand, ascertains that the data in question relates to the applicant and is kept by subject entities, the CTIF-CFI or the supervisory authorities for the application of this law.”
For the application of your rights with regard to your personal data you must therefore contact the Data Protection Authority (see Section 8).
7.2. All other personal data
For the application of your rights concerning all other personal data you can contact the data controller, Mr. Ludo Demeulenaere, at any time.
With regard to your personal data, you have the right:
to receive confirmation that we are processing your personal data and to request a copy of the personal data about you that we hold;
to request us to adapt, complete or rectify the personal data that we hold;
to ask us to erase your personal data or to limit the way in which we use these data;
to withdraw your consent to the processing of your personal data by us, unless the processing thereof is necessary for establishing, exercising or in the exercise of a legal obligation
to receive a copy of the personal data concerning you that you have provided to us in a structured, common and machine-readable form and transfer that data to another party.
VIII. – COMPLAINTS
Regarding the processing of personal data by our office, you can submit a complaint to the Data Protection Authority:
Data Protection Authority
Rue de la Presse 35, 1000 Brussels
Tel: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
VIII. – CHANGES TO THIS PRIVACY STATEMENT
The office can change this privacy statement at any time. This privacy statement is always available on our website https://www.ata.be/en/disclaimer-and-privacy-statement. The possible revision date will be indicated at the top of the webpage. The amended or adapted privacy statement applies from this revision date. We therefore invite you to review this statement regularly to keep abreast of how we protect your data.