As a subcontractor, we are responsible for the processing of many data, some of which is personal data.
The personal data we process may concern you as a customer, but also as a business relationship of our customers (if you are a supplier or customer of our customer, for example).
We are obliged to inform you, as the data subject whose personal data we process, of the following.
1. Person responsible for the processing of personal data
The person responsible for the processing of personal data is Philippe Roose.
The head office is located at Roosendael street 125 in 1190 Brussels and its business number is BE0808303473.
If you have any questions regarding the protection of personal data, please contact Abacus Consulting SPRL – DPO by post at the above address or by e-mail (firstname.lastname@example.org).
Where applicable: Give details of the DPO (data protection officer) or the data protection officer.
2. Purposes of the processing of personal data
Abacus Consulting SPRL processes personal data for the following purposes:
A. Application of the Law of 18 September 2017 on the prevention of money laundering and terrorist financing and the limitation of the use of cash (hereinafter Law of 18 September 2017).
1 ° In application of article 26 of the law of 18 September 2017, Abacus Consulting is required to collect the following personal data concerning our customers and their authorized representatives: surname, first name, date of birth, place of birth and, in wherever possible, address.
2 ° Pursuant to article 26 of the law of 18 September 2017, Abacus Consulting is required to collect the following personal data concerning the actual or actual beneficiaries of the clients: name, first name and, as far as possible, date birth, place of birth and address.
The processing of such personal data is a legal obligation. Without these data, we can not conclude a business relationship (article 33 of the law of 18 September 2017).
B. Obligations of Abacus Consulting SPRL vis-à-vis the Belgian authorities, foreign authorities or international institutions, pursuant to a legal or regulatory obligation, pursuant to a judicial decision or as part of the defense of a legitimate interest, in particular, but not exclusively, if current and future tax laws (VAT lists, fiscal sheets, etc.) and social codes force us to process personal data within the framework of the mission for which we have been entrusted.
The processing of such personal data is a legal obligation. Without this data, we can not conclude a business relationship.
C. Execution of this contract relating to accounting, tax and audit services. The processing of personal data concerns the data of the customers themselves, their staff members, their administrators, among others, as well as other people, such as customers and suppliers, involved in their activities.
In the absence of communication and processing of these data, we are not able to carry out our mission of [auditor, accountant, tax consultant, accountant].
3. Which personal data and from whom?
For the purposes mentioned in point 2, Abacus Consulting SPRL is authorized to process the following personal data: first name, last name, e-mail address, biometric data (copy of the electronic identity card or passport), address , business number, national number …
As part of the personal tax returns via Tax-on-Web, the following data are also processed: first names and age of children.
Abacus Consulting SPRL processes the personal data that the data subject or his / her relatives have themselves / themselves.
Abacus Consulting SPRL also processes personal data that has not been provided by the data subject, such as personal data transmitted by the customer and concerning its employees, directors, customers, suppliers, or shareholders.
Personal data may also come from public sources such as the Crossroads Bank for Enterprises, the Belgian Moniteur and its annexes and the National Bank of Belgium (Central Balance Sheet Office).
Data are only processed if this processing is necessary for the purposes mentioned in point 2.
Personal data are never transmitted to third countries or to international organizations.
Recipient of the data
In accordance with the above, and except where it is necessary to communicate personal data to organizations or entities whose intervention as third-party service providers on behalf of and under the control of the controller is required for the purposes aforementioned, Abacus Consulting SPRL will not transmit the personal data collected in this context, nor will they sell, rent or exchange them with any organization or entity, unless you have been informed beforehand and that you have explicitly given your consent.
Abacus Consulting SPRL uses third party service providers:
– uses electronic accounting software, tax calculation, document transfer and its portal;
– uses external collaborators to carry out certain tasks or specific tasks (auditor, notary, accountant and subcontractor, etc.);
Abacus Consulting SPRL can take all necessary measures to ensure the proper management of the website and its computer system.
Abacus Consulting SPRL may transmit personal data at the request of any legally competent authority or on its own initiative if it considers in good faith that the transmission of such information is necessary in order to comply with the law or regulations or to defend and / or protect the rights or property of Abacus Consulting SPRL, its customers, its website and / or yourself.
5. Security measures
In order to prevent, as far as possible, any unauthorized access to personal data collected in this context, Abacus Consulting SPRL has developed procedures in terms of security and organization. These procedures concern both the collection and the preservation of these data.
These procedures also apply to all subcontractors contacted by Abacus Consulting SPRL.
6. Shelf life
6.1. Personal data that we must keep under the law of 18 September 2017 (see point 2A)
We are concerned here with the identification data and the copy of the evidence concerning our customers, the internal and external representatives as well as the beneficial owners of our customers.
In accordance with articles 60 and 62 of the law of 18 September 2017, these personal data are kept for a maximum of ten years after the end of the professional relationship with the client or from the date of an occasional transaction.
6.2. Other personal data.
The personal data of persons not mentioned above are only kept for the periods provided for in the implementing legislation, such as accounting legislation, tax legislation and social legislation.
6.3. Once the above periods have expired, the personal data will be erased, except if other legislation in force provides for a longer period of storage.
7. Access rights, rectification, right to be forgotten, data portability, opposition, non-profiling and notification of security breaches
7.1. Personal data that we must keep under the law of 18 September 2017
This concerns the personal data of our clients, the agents and the beneficial owners of the customers.
In this regard, we must draw your attention to article 65 of the law of 18 September 2017:
“Art. 65. The person concerned by the processing of personal data pursuant to this Law shall not enjoy the right to access and rectify his data, or the right to be forgotten, to the portability of such data, or to to object, nor the right not to be profiled or to be notified of security breaches.
The data subject’s right of access to his personal data is indirectly exercised, pursuant to Article 13 of the aforementioned Act of 8 December 1992, with the Commission for the Protection of Privacy instituted by Article 23 of the said law.
The Privacy Commission only communicates to the applicant that the necessary verifications and the result have been made with regard to the lawfulness of the processing in question.
These data may be communicated to the applicant when the Privacy Commission, in agreement with the CTIF and after consulting the data controller, finds that their communication is not likely to reveal the existence of the data. of a declaration of suspicion referred to in Articles 47 and 54, of the follow-up given to it or of the exercise by CTIF of its right to request additional information pursuant to Article 81, or to call in question the purpose of the fight against ML / FT, and, secondly, that the data concerned are related to the applicant and held by the obliged entities, the CTIF or the supervisory authorities for the purposes of the application of this law. . “
For the purposes of the application of your rights relating to your personal data, you must therefore contact the CVP or the Data Protection Authority ((see point 8).
7.2. All other personal data
For the enforcement of your rights relating to all other personal data, you can always contact: Philippe Roose
You can lodge a complaint about the processing of personal data by Abacus Consulting SPRL with the Data Protection Authority:
Commission for the Protection of Privacy
Rue de la Presse 35, 1000 Brussels
Such. : +32 (0) 2 274 48 00
Fax: +32 (0) 2 274 48 35