Privacy Policy

As a service provider (hereinafter: bas.), we are responsible for processing a great deal of data. Some of this data involves personal data and in this context we inform you of the following.

Information about us

BPO Accounting Support SL.
Business Processes, and Consultancy registered in Spain.

Addresses:
Avinguda Diagonal 131, (3rd floor)
08018 BARCELONA
Spain
VAT: B02881704

Stokerijstraat 29d / bus 6
2110 Wijnegem
Belgium
VAT: BE0758684312
RPR Rechtbank van Antwerpen

Email: info@bas-services.eu

Introduction

As a service provider (hereinafter: bas.), we are responsible for processing a great deal of data. Some of this data involves personal data and in this context we inform you of the following. This privacy statement applies to visiting our website and reading and downloading our content. If you are a client, we also use your data for other purposes (such as invoicing). This is covered by the agreement we make with our clients. Bas. will not sell, rent, distribute or otherwise make your personal data commercially available to third parties. Should you share personal data with us, it is necessary that you agree to this privacy statement. For this we ask for your explicit consent when you fill out forms on our website and share your personal data with us.

1. Controller of personal data processing

The person responsible for the processing of personal data is Mr. Hans Gobien. The responsible party's registered office is located at Stokerijstraat 29D box 6 with company number 52.317.251. The controller is registered with the Institute for Tax Advisors and Accountants (ITAA) under membership number 10.578.454. For all questions relating to the protection of personal data, please contact at any time

BPO ACCOUNTING SUPPORT SERVICES BV via e-mail(hans@bas-services.eu).

2. Personal data

Personal data you communicate to us:

  • Category 1: without registration: your IP address;
  • Category 2: upon registration: all fields in the form, as well as your IP address;
  • Category 3: via cookies.
  • Category 4: data you communicate for the performance of the requested task (see below)

bas. collects and processes the identity and contact data it receives from the client about its client, its family members, its staff, its employees, its appointees and its business relations (suppliers or clients of the client) and about any other useful contact person. These personal data are processed by bas. in accordance with Belgian data protection legislation and the provisions of Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, applicable since 25 May 2018 (hereinafter "General Data Protection Regulation"). The client is responsible for the accuracy and updating of the personal data relating to his clients, which he provides to bas. and undertakes to strictly comply with the provisions of the General Data Protection Regulation with respect to the persons to whom he has provided the personal data. He is also responsible for all possible personal data that he might receive from his clients, his staff, his employees and his appointees. The client acknowledges that he has taken note of the information below and authorizes bas. to process the personal data he provides in the context of the services provided by bas. in accordance with the provisions included in this privacy statement.

3. Purposes of processing personal data

General purposes: bas. will use personal data collected from you only for the following purposes:

  • Category 1: providing and improving the website and including personal data in anonymous statistics, from which the identity of specific individuals or companies cannot be traced, with the legal basis being the legitimate interests of bas. to continuously improve its website and services;  
  • Category 2: sending you content (e.g. the white paper), with the legal basis being your explicit, prior consent;
  • Category 3: improving user experience and statistical purposes (see cookie statement) with the legal basis being your explicit, prior consent;
  • Category 4: carrying out the agreed assignment with the client.

3.1 For any processing, only the data relevant to the pursuit of the purpose in question shall be processed. Processing consists of any operation (manual or automated) on a personal data. Such data shall be transferred to subcontractors, recipients and/or third parties only to the extent necessary in the context of the aforementioned purposes for said processing.

3.2 In general, bas. processes personal data for the following purposes:

A. Application of the Act of September 18, 2017 on the Prevention of Money Laundering and Terrorist Financing and on the Restriction of the Use of Cash (hereinafter, Act of September 18, 2017).

1° In application of the article 26 of the law of September 18, 2017, bas. shall obtain, with respect to principals and their agents, the following personal data: surname, first name, date and place of birth and, to the extent possible, address.

2 ° In application of the article 26 of the law of September 18, 2017, bas. concerning the final beneficiaries of the principals must collect the following personal data: the name, first name and, to the extent possible, the date and place of birth and address. The processing of these personal data is a legal obligation. Without these data, we cannot enter into a business relationship (art. 33 Law of September 18, 2017 on the prevention of money laundering and the financing of terrorism and on the restriction of the use of cash).

B. The obligations resting on the principal vis-à-vis the Belgian government, foreign governments or international institutions in execution of a legal or regulatory obligation, in execution of a judicial decision, or in the context of the representation of a legitimate interest by, among others, but not exclusively, current and future tax (e.g., VAT listings, tax sheets) and social laws, necessitate bas. to process personal data in the context of the assignment with which we have been charged. The processing of these personal data is a legal obligation and without them we cannot enter into a business relationship.

C. Execution of a contract concerning accounting and tax services. The processing of personal data concerns the data of the clients of the clients, their staff members, their directors and the like, as well as the other persons involved in the activity as clients or suppliers, among others. Without the provision and processing of this data, we cannot properly perform our mission as a service provider for certified public accounting firms.

3.3 Specifically, bas. collects, records and uses client client data for the following purposes:

  • Establish and manage the contractual relationship with the client;
  • carrying out his mission;
  • Enable the client to receive messages and information;
  • responses to requests for information;
  • any communicative activity by bas. the clients and/or their clients who have given their consent;
  • Notify clients of any changes to the terms and conditions;
  • for any other reason expressly authorized by the principals.

3.4 The legal basis for the processing of personal data by bas. is:

(i) the consent of the principal;

Or

If the legal basis of the processing is the consent of the client, the client has the right to withdraw it at any time without adversely affecting the processing carried out before the withdrawal of consent by the client.

(ii) fulfilling any request from the client or the need to perform a contract entered into with the client. bas. must be able to collect certain information from the client in order to fulfill its requests. If the client chooses not to share this data with bas. it may prevent the performance of the agreement.

(iii) a legal obligation imposed on bas. to collect and retain certain information from the client's clients and thereby comply with various legal requirements, including those related to tax, accounting and anti-money laundering laws.

(iv) the legitimate interest of bas. to process the client's personal data, provided that this is done in accordance with the interests and fundamental rights and freedoms of the client and their clients. bas. has a legitimate interest in maintaining communications with the clients and their clients, including to:

  • comply with their requests or perform the task better;
  • prevent abuse and fraud, verify the legality of transactions, exercise, defend and protect the rights of bas. such as in the event of litigation;
  • provide evidence of a possible violation of the rights of bas;
  • manage and improve his relationships with the client;
  • continuously improve the services provided by bas.

bas. shall in each case guard a proportionate balance between his legitimate interest and respect for the private lives of his clients and his clients.

4. What personal data does bas. process in the case of cooperation with clients?

4.1 bas. processes only the personal data that clients themselves have provided about their clients or their relatives:

  • identifying information such as surname and first name, marital status, date of birth, address, employer, capacity, telephone number and e-mail address, national number and company number;
  • biometric data (copy of electronic identity card or passport).
  • bank information necessary for bas's execution of the order, such as IBAN and BIC/SWIFT bank account numbers.
  • billing data;
  • communication between the client and/or its clients and bas..;
  • in the context of the personal tax return through Tax-on-web by the client, the following data are also processed: all data necessary to file the return such as: children's data, union or political organization membership, medical data;
  • Any other personal data necessary to perform the assignment.
  • personal data transmitted by the client of the client to the client and which refer to its employees, directors, customers, suppliers.

4.2 bas. processes personal data not provided by the client:

  • the personal data may come from public sources such as the Crossroads Bank for Enterprises, the Belgian Official Gazette and its annexes, and the National Bank of Belgium (Central Balance Sheet Office);
  • in connection with the assignment, bas. may also collect certain data through other companies, including when derived from the following sources:
  • Other companies who wish to use our services in connection with a matter involving the client's clients (e.g., as a third party, co-contractor, shareholder, related family member for tax returns, etc.);
  • legal powers;
  • bailiffs or notaries;
  • tax administration or social administration;
  • the customers/suppliers...

5. Recipient of data

5.1 Disclosure to third parties other than service providers bas. may disclose personal information at the request of any legally authorized authority or on its own accord, if it believes in good faith that the disclosure of such information is necessary to comply with laws and regulations, or to defend and/or protect the rights or property of bas., its clients, its Internet site and/or you as a client.

5.2 Communication to third-party service providers bas. calls on third-party service providers:

  • bas. generally uses e-accounting software and an associated portal provided by the client to perform the assignment.
  • bas. uses a management software, as well as a billing software;
  • bas. uses a reporting tool;

bas. may communicate personal information of the principals to third parties to the extent that such information is necessary for the execution of the cooperation agreement. In this case, those third parties do not communicate that information to other third parties except in one of the following situations:

  • the communication of that information by those third parties to their suppliers or subcontractors is necessary for the performance of the contract;
  • when these third parties are obliged by the legislation in force to communicate some information or some documents to the competent authorities in the field of the fight against money laundering, and, in general, to any competent public authority.

The communication of such information to the aforementioned persons must in all circumstances be limited to that which is strictly necessary or required by applicable law.

5.3 Transfer to a country outside the European Economic Area bas. does not transfer data to countries outside the EEA.

6. Safety measures

bas. has put in place appropriate organizational and technical measures covering both the collection and storage of data to ensure a level of protection appropriate to the risk and, to the extent possible, to prevent the following:

  • unauthorized access to or alteration of that data;
  • inappropriate use or dissemination of that data;
  • unlawful destruction or accidental loss of that data.

These procedures also apply to all subcontractors that bas. would use. In this regard, the employees, shareholders or associates of bas. who have access to those data have a strict duty of confidentiality. bas. cannot, however, be held responsible in the event of theft or misappropriation of those data by a third party despite the security measures in place.

7. Retention period

7.1. Personal data that bas. must keep under the Law of September 18, 2017 (see 2.2A.) This concerns the identification data and the copy of the supporting documents regarding the principals, the internal and external agents as well as the final beneficiaries of the principals. In accordance with Article 60 of the Law of September 18, 2017, these personal data will be kept for no more than ten years after the end of the business relationship with the principals or from the date of any occasional transaction.

7.2. Other personal data The personal data of the persons other than those mentioned above will be kept only for the periods provided for in the applicable laws such as accounting laws, tax laws, social laws, except for those personal data that bas. must keep longer on the basis of a specific law or in case of a pending dispute for which the personal data are needed.

7.3. After the expiration of the aforementioned periods, personal data shall be deleted, unless other applicable legislation provides for a longer retention period.

8. Rights of access, rectification, oblivion, data portability, objection, non-profiling and regarding security breach notification

8.1 In accordance with the regulations on the processing of personal data, the client has the following rights subject to the special case included in Article 7.2:

  • right to be informed of the purposes of processing and the identity of the processing controller.
  • right of access: the client has the right to ask at any time whether his data has been collected, for how long and for what purpose.
  • right to object: the client may object to the use of his data by bas at any time.
  • right to rectification: the client has the right to request at any time on simple request that his erroneous or incomplete data be corrected or completed.
  • right to restriction of processing: the client can request a restriction of the processing of its data. This means that the data in question must be "flagged" in bas.' s IT system and cannot be used for a certain period of time.
  • right to erasure of data ("right to oblivion"): subject to the exceptions stipulated by law, the client has the right to request that his data be erased with the exception of those that bas. is required to keep by virtue of a legal obligation.
  • right to data portability: the client can request that it be transferred its data in a "structured, commonly used and digital format" and can also ask bas. to transfer that data to another data controller.
  • right of complaint: the client may file a complaint with the Data Protection Authority. To apply your rights, you can always send a written request together with a copy of your identity card or passport to the data controller by e-mail: hans@bas-services.eu.

8.2. Concerning the personal data that bas. must keep in application of the Law of September 18, 2017. This concerns the personal data of our principals, their agents and their beneficial owners. In this regard, we should draw your attention to the article 65 of the Act of September 18, 2017:

"Art. 65. The person to whom the processing of personal data under this Law applies shall not benefit from the right to access and rectify his data, nor from the right to be forgotten, to data portability or to raise objections, nor from the right not to be profiled, nor from notification of security breaches. The right of access by the person concerned to personal data concerning him is exercised indirectly, pursuant to the article 13 of the aforementioned law of December 8, 1992, with the Commission for the Protection of Privacy as established by article 23 of the same law. The Commission for the Protection of Privacy shall only communicate to the applicant that the necessary verifications have been carried out and on the result thereof as to the lawfulness of the processing in question. This information may be communicated to the requestor when the Privacy Commission, in consultation with CTIF-CFI and after consulting the controller, determines, on the one hand, that its communication is not susceptible to disclosure of the existence of a suspicion as referred to in Articles 47 and 54, of the consequences given to it or of the exercise by CTIF-CFI of its right to request additional information under Article 81, nor is it susceptible of jeopardizing the objective of combating WG/FT, and on the other hand establishes that the data in question relate to the applicant and are held by subject entities, CTIF-CFI or the supervisory authorities for the purposes of this law."

Therefore, to exercise your rights regarding your personal data, you should contact the Data Protection Authority (see point 8).

9. Complaints

Regarding the processing of personal data by bas. You can file a complaint with the Data Protection Authority:

Printing Press Street 35, 1000 Brussels
Tel +32 (0)2 274 48 00
Fax : +32 (0)2 274 48 35
E-mail: contact@apd-gba.be
URL: https://www.gegevensbeschermingsautoriteit.be

10. Privacy statement updates and changes.

bas. may amend or modify the privacy statement provided that it notifies its clients via the bas. website or by e-mail. This may be done, inter alia, to comply with new legislation and/or regulations applicable in the field of personal data protection, recommendations of the Belgian Data Protection Authority, guidelines, recommendations and best practices of the European Data Protection Committee and decisions of courts on the matter.

Follow us closely

Stay up to date with our activities and follow us on our social media channels

Close Cookie Preference Manager
Cookie Settings
This website uses cookies to measure visitor statistics via Google Analytics. We ask you to give permission for this once. More about our cookie policy.
Functional cookies (always)
These cookies are required for basic website functionality.
Save Settings
Accept everything
Made by Flinch 77
Oops! Something went wrong while submitting the form.
Cookie preferences
Close Cookie Popup
Cookie Settings

This website uses cookies to measure visitor statistics via Google Analytics. We ask you to give permission for this once. More about our cookie policy.

Accept
Cookie settings
Made by Flinch 77