Chaussée de Louvain 710, 1030 Brussels | +32 (0) 494 367 398 | kevin@kdfconsulting.be

+32 (0) 494 367 398 | kevin@kdfconsulting.be

Privacy policy

3

Privacy policy

As a certified public accountant and tax advisor, I am responsible for processing a large amount of data, some of which is personal data. The personal data I process may concern you as a client, but also as a business associate of my clients (if you are a supplier or a customer of my client, for example). I am required to inform you, as a data subject whose personal data I process, of the following.

1. Person in charge of processing personal data

I am directly responsible for the processing of your personal data. I am registered with the Institute of Tax Advisors and Accountants under registration number 10290383. For any questions regarding the protection of your personal data, please contact me directly by postal mail or email at kevin@kdfconsulting.be.

2. Purposes of the processing of personal data

I process personal data for the following purposes:

A. Compliance with the Anti-Money Laundering and Terrorist Financing Act of 18 September 2017

  1. Pursuant to Article 26 of the Act of 18 September 2017, I am required to collect the following personal data of my clients and their representatives: name, first name, date of birth, place of birth, and, if possible, address.
  2. Pursuant to Article 26 of the Act of 18 September 2017, I am required to collect the following personal data of my clients’ beneficial owners: name, first name, and, if possible, date of birth, place of birth, and address. The processing of this personal data is a legal obligation. Without this 1 data, I cannot enter into a business relationship (Article 33 of the Act of 18 September 2017).

B. Compliance with obligations imposed on accountants by Belgian, foreign, or international authorities pursuant to a legal or regulatory obligation, a judicial decision, or in the defense of a legitimate interest, including but not limited to cases where current and future tax laws (VAT listings, tax returns, etc.) require me to process personal data as part of the mission entrusted to me. The processing of this personal data is a legal obligation. Without this data, I cannot enter into a business relationship.

C. Performance of this contract relating to accounting, tax, and auditing services. The processing of personal data concerns data of clients themselves, their staff members, directors, and other persons involved in their activities, such as customers and suppliers. Without the communication and processing of this data, I am unable to carry out my mission as an accountant and tax advisor.

3. Which personal data and from whom?

What personal data do we process and where does it come from?

We process the following personal data for the purposes outlined in point 2: name, email, biometric data (e.g., eID), address, company number, national registry number, and, in the context of personal income tax returns, data such as family composition, union affiliations, medical information, and bank account details.

We collect data directly from individuals or their representatives, and may also obtain data from public sources like the Crossroads Bank for Enterprises and the National Bank of Belgium.

We process this data only to the extent necessary to fulfill the purposes outlined in point 2 and do not transfer it to third countries or international organizations.

4. Entities to which data is disclosed

In accordance with the above, I will not disclose your personal data to third parties, except as necessary for the purposes outlined above or as required by law.

I may use third-party service providers (e.g., IT service providers, accountants, lawyers) to process your data. I will ensure that these third parties are bound by appropriate confidentiality agreements.

I may also disclose your data to comply with legal obligations or to protect my legitimate interests.

5. Security safeguards

In order to prevent, as far as possible, any unauthorized access to the personal data collected in this context, I have developed security and organizational procedures. These procedures concern both the collection and storage of this data. These procedures also apply to all subcontractors that I may call upon.

6. Storage period

6.1 Personal data retention Pursuant to the Act of 18 September 2017 (see point 2A), we retain identification data and supporting documentation for our clients, their representatives, and beneficial owners for a maximum of ten years following the end of the business relationship or the date of a one-off transaction.

6.2 Retention periods for other data For other individuals, we retain personal data in accordance with applicable laws, including accounting, tax, and social security regulations.

6.3 Data deletion Upon expiry of the applicable retention periods, personal data is deleted, unless otherwise required by law.

7. Right to access personal data, Right to rectification, Right to erasure, Data subject’s right to data portability, Right to object to processing, Prohibition of profiling, Obligation to notify data breaches

7.1 Personal data that we are required to retain pursuant to the Act of 18 September 2017

This includes personal data of our clients, their representatives and beneficial owners. In this regard, we draw your attention to Article 65 of the Act of 18 September 2017:

“Art. 65. The data subject of personal data processed pursuant to this Act does not have the right of access, rectification, the right to be forgotten, the right to data portability, the right to object, the right not to be profiled or the right to be notified of security breaches. The 1 data subject’s right of access to their personal data is exercised indirectly, pursuant to Article 13 of the Act of 8 December 1992, with the Commission for the Protection of Privacy established by Article 23 of the aforementioned Act. The Commission for the Protection of Privacy only informs the applicant that the necessary verifications have been carried out and of the result regarding the lawfulness of the processing in question.

This data may be communicated to the applicant when the Commission for the Protection of Privacy finds, in agreement with the CTIF and after consulting the data controller, on the one hand, that its communication is not likely to reveal the existence of a suspicion declaration referred to in Articles 47 and 54, the follow-up given to it or the exercise by the CTIF of its right to request additional information pursuant to Article 81, nor to jeopardize the purpose of the fight against AML/CFT, and, on the other hand, that the data concerned relates to the applicant and is held by the entities subject to this law, the CTIF or the supervisory authorities for the purposes of the application of this law.

To exercise your rights regarding your personal data, you must therefore contact the Commission for the Protection of Privacy or the Data Protection Authority (see point 8).

7.2 All other personal data

To exercise your rights regarding all other personal data, you may contact me directly, either by post or by email.

8. Complaints

You may file a complaint regarding the processing of your personal data by me with the Data Protection Authority: Commission for the Protection of Privacy, Rue de la Presse 35, 1000 Brussels