As a service provider (hereinafter: bas.), we are responsible for processing a great deal of data. Some of this data involves personal data and in this context we inform you of the following.
BPO Accounting Support SL.
Business Processes, and Consultancy registered in Spain.
Addresses:
Carrer Tanger 89
08018 Barcelona
Spain
VAT: B02881704
Turnhoutsebaan 152 B4
2970 Schilde
Belgium
VAT: BE0758684312
ITAA: 52.317.251
RPR Rechtbank van Antwerpen
Email: info@bas-services.eu
As a service provider (hereinafter: bas.), we are responsible for processing a great deal of data. Some of this data involves personal data and in this context we inform you of the following. This privacy statement applies to visiting our website and reading and downloading our content. If you are a client, we also use your data for other purposes (such as invoicing). This is covered by the agreement we make with our clients. Bas. will not sell, rent, distribute or otherwise make your personal data commercially available to third parties. Should you share personal data with us, it is necessary that you agree to this privacy statement. For this we ask for your explicit consent when you fill out forms on our website and share your personal data with us.
The person responsible for processing personal data is Mr. Hans Gobien. The responsible party's registered office is located at Turnhoutsebaan 152 B4 with company number 52.317.251. The responsible party is registered with the Institute for Tax Advisors and Accountants (ITAA) under membership number 10.578.454. For all questions regarding the protection of personal data, please contact
BPO ACCOUNTING SUPPORT SERVICES BV via e-mail(hans@bas-services.eu).
Personal data you communicate to us:
bas. collects and processes the identity and contact data it receives from the client about its client, its family members, its staff, its employees, its appointees and its business relations (suppliers or clients of the client) and about any other useful contact person. These personal data are processed by bas. in accordance with Belgian data protection legislation and the provisions of Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, applicable since 25 May 2018 (hereinafter "General Data Protection Regulation"). The client is responsible for the accuracy and updating of the personal data relating to his clients, which he provides to bas. and undertakes to strictly comply with the provisions of the General Data Protection Regulation with respect to the persons to whom he has provided the personal data. He is also responsible for all possible personal data that he might receive from his clients, his staff, his employees and his appointees. The client acknowledges that he has taken note of the information below and authorizes bas. to process the personal data he provides in the context of the services provided by bas. in accordance with the provisions included in this privacy statement.
General purposes: bas. will use personal data collected from you only for the following purposes:
3.1 For any processing, only the data relevant to the pursuit of the purpose in question shall be processed. Processing consists of any operation (manual or automated) on a personal data. Such data shall be transferred to subcontractors, recipients and/or third parties only to the extent necessary in the context of the aforementioned purposes for said processing.
3.2 In general, bas. processes personal data for the following purposes:
A. Application of the Act of September 18, 2017 on the Prevention of Money Laundering and Terrorist Financing and on the Restriction of the Use of Cash (hereinafter, Act of September 18, 2017).
1° In application of the article 26 of the law of September 18, 2017, bas. shall obtain, with respect to principals and their agents, the following personal data: surname, first name, date and place of birth and, to the extent possible, address.
2 ° In application of the article 26 of the law of September 18, 2017, bas. concerning the final beneficiaries of the principals must collect the following personal data: the name, first name and, to the extent possible, the date and place of birth and address. The processing of these personal data is a legal obligation. Without these data, we cannot enter into a business relationship (art. 33 Law of September 18, 2017 on the prevention of money laundering and the financing of terrorism and on the restriction of the use of cash).
B. The obligations resting on the principal vis-à-vis the Belgian government, foreign governments or international institutions in execution of a legal or regulatory obligation, in execution of a judicial decision, or in the context of the representation of a legitimate interest by, among others, but not exclusively, current and future tax (e.g., VAT listings, tax sheets) and social laws, necessitate bas. to process personal data in the context of the assignment with which we have been charged. The processing of these personal data is a legal obligation and without them we cannot enter into a business relationship.
C. Execution of a contract concerning accounting and tax services. The processing of personal data concerns the data of the clients of the clients, their staff members, their directors and the like, as well as the other persons involved in the activity as clients or suppliers, among others. Without the provision and processing of this data, we cannot properly perform our mission as a service provider for certified public accounting firms.
3.3 Specifically, bas. collects, records and uses client client data for the following purposes:
3.4 The legal basis for the processing of personal data by bas. is:
(i) the consent of the principal;
Or
If the legal basis of the processing is the consent of the client, the client has the right to withdraw it at any time without adversely affecting the processing carried out before the withdrawal of consent by the client.
(ii) fulfilling any request from the client or the need to perform a contract entered into with the client. bas. must be able to collect certain information from the client in order to fulfill its requests. If the client chooses not to share this data with bas. it may prevent the performance of the agreement.
(iii) a legal obligation imposed on bas. to collect and retain certain information from the client's clients and thereby comply with various legal requirements, including those related to tax, accounting and anti-money laundering laws.
(iv) the legitimate interest of bas. to process the client's personal data, provided that this is done in accordance with the interests and fundamental rights and freedoms of the client and their clients. bas. has a legitimate interest in maintaining communications with the clients and their clients, including to:
bas. shall in each case guard a proportionate balance between his legitimate interest and respect for the private lives of his clients and his clients.
4.1 bas. processes only the personal data that clients themselves have provided about their clients or their relatives:
4.2 bas. processes personal data not provided by the client:
5.1 Disclosure to third parties other than service providers bas. may disclose personal information at the request of any legally authorized authority or on its own accord, if it believes in good faith that the disclosure of such information is necessary to comply with laws and regulations, or to defend and/or protect the rights or property of bas., its clients, its Internet site and/or you as a client.
5.2 Communication to third-party service providers bas. calls on third-party service providers:
bas. may communicate personal information of the principals to third parties to the extent that such information is necessary for the execution of the cooperation agreement. In this case, those third parties do not communicate that information to other third parties except in one of the following situations:
The communication of such information to the aforementioned persons must in all circumstances be limited to that which is strictly necessary or required by applicable law.
5.3 Transfer to a country outside the European Economic Area bas. does not transfer data to countries outside the EEA.
bas. has put in place appropriate organizational and technical measures covering both the collection and storage of data to ensure a level of protection appropriate to the risk and, to the extent possible, to prevent the following:
These procedures also apply to all subcontractors that bas. would use. In this regard, the employees, shareholders or associates of bas. who have access to those data have a strict duty of confidentiality. bas. cannot, however, be held responsible in the event of theft or misappropriation of those data by a third party despite the security measures in place.
7.1. Personal data that bas. must keep under the Law of September 18, 2017 (see 2.2A.) This concerns the identification data and the copy of the supporting documents regarding the principals, the internal and external agents as well as the final beneficiaries of the principals. In accordance with Article 60 of the Law of September 18, 2017, these personal data will be kept for no more than ten years after the end of the business relationship with the principals or from the date of any occasional transaction.
7.2. Other personal data The personal data of the persons other than those mentioned above will be kept only for the periods provided for in the applicable laws such as accounting laws, tax laws, social laws, except for those personal data that bas. must keep longer on the basis of a specific law or in case of a pending dispute for which the personal data are needed.
7.3. After the expiration of the aforementioned periods, personal data shall be deleted, unless other applicable legislation provides for a longer retention period.
8.1 In accordance with the regulations on the processing of personal data, the client has the following rights subject to the special case included in Article 7.2:
8.2. Concerning the personal data that bas. must keep in application of the Law of September 18, 2017. This concerns the personal data of our principals, their agents and their beneficial owners. In this regard, we should draw your attention to the article 65 of the Act of September 18, 2017:
"Art. 65. The person to whom the processing of personal data under this Law applies shall not benefit from the right to access and rectify his data, nor from the right to be forgotten, to data portability or to raise objections, nor from the right not to be profiled, nor from notification of security breaches. The right of access by the person concerned to personal data concerning him is exercised indirectly, pursuant to the article 13 of the aforementioned law of December 8, 1992, with the Commission for the Protection of Privacy as established by article 23 of the same law. The Commission for the Protection of Privacy shall only communicate to the applicant that the necessary verifications have been carried out and on the result thereof as to the lawfulness of the processing in question. This information may be communicated to the requestor when the Privacy Commission, in consultation with CTIF-CFI and after consulting the controller, determines, on the one hand, that its communication is not susceptible to disclosure of the existence of a suspicion as referred to in Articles 47 and 54, of the consequences given to it or of the exercise by CTIF-CFI of its right to request additional information under Article 81, nor is it susceptible of jeopardizing the objective of combating WG/FT, and on the other hand establishes that the data in question relate to the applicant and are held by subject entities, CTIF-CFI or the supervisory authorities for the purposes of this law."
Therefore, to exercise your rights regarding your personal data, you should contact the Data Protection Authority (see point 8).
Regarding the processing of personal data by bas. You can file a complaint with the Data Protection Authority:
Printing Press Street 35, 1000 Brussels
Tel +32 (0)2 274 48 00
Fax : +32 (0)2 274 48 35
E-mail: contact@apd-gba.be
URL: https://www.gegevensbeschermingsautoriteit.be
bas. may amend or modify the privacy statement provided that it notifies its clients via the bas. website or by e-mail. This may be done, inter alia, to comply with new legislation and/or regulations applicable in the field of personal data protection, recommendations of the Belgian Data Protection Authority, guidelines, recommendations and best practices of the European Data Protection Committee and decisions of courts on the matter.