Privacy Statement

Introduction

Introduction In our capacity as certified accountants and tax consultants, we are responsible for processing a large amount of data, some of which is personal data.

The firm collects and processes the identity and contact details it receives from the client concerning the client himself, members of his family, his staff, employees, agents, business relations (suppliers or clients of the client) and any other useful contact person. This personal data is processed by the firm in accordance with Belgian data protection legislation and the provisions of Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, applicable from 25 May 2018 (hereinafter the ‘General Data Protection Regulation’).

The client is responsible for the accuracy and up-to-dateness of the personal data he or she provides to the firm and undertakes to comply strictly with the provisions of the General Data Protection Regulation with regard to the persons whose personal data he or she has provided, as well as with regard to any personal data he or she may receive from his or her clients, staff, collaborators and agents.

The client acknowledges that he/she has read the information below and authorises the firm to process the personal data that he/she provides in the context of the services that will be provided by the firm, in accordance with the provisions set out in this privacy statement.

1. Purposes of processing personal data

1.1 For each processing operation, only data relevant to the purpose in question is processed. Processing consists of any operation (manual or automated) on personal data.

This data will only be transmitted to subcontractors, recipients and/or third parties insofar as this is necessary for the aforementioned purposes of said processing.

1.2 In general, the Firm processes personal data for the following purposes :

A. Application of the Act of 18 September 2017 on the prevention of money laundering and terrorist financing and the restriction of the use of cash (hereinafter, the Act of 18 September 2017).

1° Pursuant to Article 26 of the Act of 18 September 2017, our firm is required to collect the following personal data about our clients and their representatives: surname, first name, date of birth, place of birth and, where possible, address.

2° Pursuant to Article 26 of the Act of 18 September 2017, our firm is required to collect the following personal data concerning the beneficial owners of clients: surname, first name and, where possible, date of birth, place of birth and address.

The processing of this personal data is a legal obligation. Without this data, we cannot enter into a business relationship (Article 33 of the Law of 18 September 2017).

B. The firm's obligations towards the Belgian authorities, foreign authorities or international institutions, in application of a legal or regulatory obligation, in application of a judicial decision or in defence of a legitimate interest, in particular, but not exclusively, if current and future tax laws (VAT listings, tax forms, etc.) and social legislation require us to process personal data in the context of the assignment we have been entrusted with.

The processing of this personal data is a legal obligation. Without this data, the firm cannot enter into a business relationship.

C. Performance of the engagement letter relating to accounting and tax services. The processing of personal data concerns the data of the clients themselves, their staff members, their directors, among others, as well as other persons, such as clients and suppliers, involved in their activities.

If this data is not communicated and processed, we will not be able to carry out our duties as chartered accountants and tax consultants.

1.3 Specifically, the firm collects, records and uses client data for the following purposes :

to establish and conduct the contractual relationship with the client ;
to carry out the assignment ;
to enable the client to receive communications and information ;
to respond to requests for information ;
for any other purpose to which the client has expressly consented.

1.4 The legal basis for the Firm's processing of personal data is :

a) the fulfilment of any request from the client or the need to perform a contract entered into with the client.

The firm needs to collect certain data from the client in order to respond to their requests. If the client chooses not to share this data with the firm, this may make the performance of the contract impossible.

b) a legal obligation imposed on the professional who needs to collect and store certain customer data to meet various legal requirements, including those relating to tax and accounting and anti-money laundering legislation.

2. What personal data and from whom ?

2.1 The firm processes personal data provided by the person concerned or their relatives.

Identification data, such as first and last name, marital status, date of birth, address, employer, title, telephone number and e-mail address, national number and company number ;
Biometric data (copy of electronic identity card or passport) ;
Billing information ;
Communications between the client and the firm ;
The following data is also processed as part of personal tax returns via Tax-on-web: children, membership of a trade union or political organisation, medical data.
Any other personal data required to carry out the assignment.

2.2 The firm processes personal data which has not been provided by the person concerned :

personal data transmitted by the client concerning its employees, directors, clients and suppliers.

2.3 The firm processes personal data not supplied by the client :

Personal data may come from public sources such as the Crossroads Bank for Enterprises, the Moniteur belge and its annexes and the National Bank of Belgium (Central Balance Sheet Office) ;

As part of the assignment, the firm may also collect certain data through other companies, in particular from the following sources :

other companies that have requested our services in connection with a matter that concerns you (e.g. as a third party, co-contractor, partner, related family tax return, etc.) ;
the courts ;
bailiffs or notaries ;
tax or social security authorities ;
customers/suppliers...

3. Recipient of data

3.1 Disclosure to third parties other than service providers

The firm may transmit personal data at the request of any legally competent authority or on its own initiative, if it believes in good faith that the transmission of this information is necessary in order to comply with the law or regulations or to defend and/or protect the rights or property of the firm, its clients and/or yourself.

3.2 Communication to third party service providers

The firm uses the services of third party service providers :

the firm uses electronic accounting software ;
the firm uses external collaborators to carry out certain tasks or specific assignments (auditors, notaries, etc.).

The firm may communicate its clients' personal information to third parties insofar as this information is necessary for the performance of a contract with its clients. In this case, these third parties will not communicate this information to other third parties, except in one of the following two situations :

the communication of this information by these third parties to their suppliers or sub contractors is necessary for the performance of the contract ;
when these third parties are required by the regulations in force to communicate certain information or documents to the competent authorities in the field of the fight against money laundering, as well as, in general, to any competent public authority.

Disclosure of this information to the aforementioned persons must, in all circumstances, be limited to what is strictly necessary or required by the applicable regulations.

4. Safety measures

The firm has taken the appropriate organisational and technical measures concerning both the collection and storage of data in order to guarantee a level of security appropriate to the risk and to prevent as far as possible :

unauthorised access to or modification of such data ;
inappropriate use or disclosure of the data; and ;
the unlawful destruction or accidental loss of such data.

However, the firm shall not be held liable in the event of theft or misappropriation of such data by a third party despite the security measures adopted.

5. Storage life

5.1 Personal data that must be retained by the firm under the law of 18 September 2017 (see point 1.2 A)

This concerns identification data and copies of evidence relating to clients, internal and external agents and the beneficial owners of clients.

In accordance with Articles 60 and 62 of the Law of 18 September 2017, this personal data is kept for a maximum of ten years after the end of the professional relationship or an occasional transaction with the customer.

5.2 Other personal data

Personal data not referred to above is only kept for the periods stipulated by the relevant legislation, such as accounting legislation, tax legislation and social legislation, except in the case of personal data that the firm is required to keep for a longer period on the basis of specific legislation or in the event of ongoing litigation for which the personal data is necessary.

5.3 Once the retention periods have expired, the personal data will be deleted, unless other applicable legislation provides for a longer retention period.

6. Rights of access, rectification, right to be forgotten, data portability, opposition, non profiling and notification of security breaches

6.1 In accordance with the regulations governing the processing of personal data, the customer has the following rights, subject to the specific case set out in article 6.2 :

Right to be informed about the purposes of processing and the identity of the data controller ;
Right of access : the client has the right to request at any time whether their data has been collected, for how long, and for what purpose ;
Right to object : the client may object at any time to the use of their data by the firm ;
Right to rectification : the client has the right to request that incorrect or incomplete data be corrected or completed at any time upon simple request ;
Right to restriction of processing : the client may request a limitation on the processing of their data. This means that the data in question must be "marked" in the firm's IT system and can no longer be used for a certain period of time ;
Right to erasure (right to be forgotten) : subject to legal exceptions, the client has the right to demand that their data be deleted, except for data that the firm is legally required to retain ;
Right to data portability : the client can request that their data be provided in a "structured, commonly used, and machine-readable format" and can also request that the firm transfer this data to another data controller ;
Right to lodge a complaint : the client can file a complaint with the Data Protection Authority.

To exercise your rights, you can always send a written request, together with a copy of your identity card or passport, by e-mail: celine@simellicompta.be or by ordinary post.

6.2 Personal data that the firm must retain in accordance with the law of September 18, 2017

This concerns the personal data of clients, agents, and ultimate beneficial owners of the clients.

In this regard, we must draw your attention to Article 65 of the law of September 18, 2017 :

« Art. 65. The person concerned by the processing of personal data under this law does not benefit from the right of access and rectification of their data, nor the right to erasure (right to be forgotten), data portability, objection, the right not to be subject to profiling, or the right to be notified of security breaches.

The right of access of the person concerned to their personal data is exercised indirectly, pursuant to Article 13 of the Law of December 8, 1992, through the Privacy Protection Commission established by Article 23 of the aforementioned law.

The Privacy Protection Commission only informs the requester that the necessary verifications have been carried out and communicates the results concerning the lawfulness of the processing in question.

This data may be disclosed to the requester when the Privacy Protection Commission determines, in agreement with the Financial Intelligence Processing Unit (CTIF) and after consultation with the data controller, that such disclosure does not risk revealing the existence of a suspicion report referred to in Articles 47 and 54, the follow-up actions taken, or the exercise by the CTIF of its right to request additional information under Article 81, nor compromising the objective of combating money laundering and terrorism financing (AML/FT). Additionally, the data concerned must pertain to the requester and be held by obligated entities, the CTIF, or supervisory authorities for the purposes of applying this law.»

To exercise your rights regarding your personal data, you must contact the Data Protection Authority (see point 7).

7. Complaints

You can lodge a complaint about our firm's processing of personal data with the Data Protection Authority :

Autorité de protection des données

Rue de la Presse 35, 1000 Bruxelles

+32 (0)2 274 48 00

Fax : +32 (0)2 274 48 35

contact@apd-gba.be

URL : https://www.privacycommission.be/

8. Updates and amendments to the privacy statement

By informing clients by e-mail, the firm may amend and adapt the privacy statement, in particular to comply with any new legislation and/or regulations applicable to the protection of personal data, the recommendations of the Belgian Data Protection Authority, the guidelines, recommendations and best practices of the European Data Protection Committee and the decisions of courts and tribunals on this issue.