This policy contains the guidelines that VGD Accountants & Tax Consultants and VGD Bedrijfsrevisoren apply when processing personal data, in accordance with the objectives and obligations arising from the Act on the protection of natural persons with regard to the processing of personal data of 30 July 2018 and other relevant laws and regulations.
- The private company with limited liability 'VGD Accountants & Tax Consultants', with registered office at 1780 Wemmel, Neerhoflaan 2, registered in the register of legal entities in Brussels, Dutch-speaking department and with VAT number BE 0875.430.542.
- The private company with limited liability 'VGD Company Auditors', with registered office at 1780 Wemmel, Neerhoflaan 2, registered in the register of legal entities in Brussels, Dutch-speaking department and with VAT number BE 0875.430.443.
- The private limited liability company 'VGD Xperity', with registered office 9090 Melle, Brusselsesteenweg 94/box 101, registered in the register of legal entities in Ghent, and with VAT number BE 0696.968.655. Hereafter all collectively referred to as 'VGD'.
Hereafter all collectively referred to as 'VGD'.
VGD would like to ask you to read this privacy policy carefully, as this document contains essential information on how your personal data are processed. As a data controller we are responsible for the processing of a great deal of data. Part of this information relates to your personal data and in this context we inform you of the following.
The personal data processing purposes
Below you can find a summary of the purposes for which VGD processes your personal data and on which foundation this processing is based. The processing of personal data relates to your capacity as a client of the office, but also to the business relations of our clients (such as the situation in which you are a supplier or customer of our client).
Services
Personal data are processed by VGD in the framework of the services. This includes the following categories of personal data: (digital) identification data, contact details, financial data, ...
This is to enable VGD to perform its various services in respect of its clients. For a comprehensive overview of all our services, please have a look at https://be.vgd.eu/en/services.
Non-exhaustive this can be, for example, taking up an audit mandate, Maintenance of Books of Accounts, tax advice, legal advice, tailor-made assistance, etc.
VGD is at the same time subject to various legal obligations. Again, non-exhaustive reference can be made here to the customer due diligence in the anti-money laundering law and the legal obligation to keep social, tax and accounting documents.
VGD is also, within its audit and accountancy business lines, bound to the specific provisions and professional codes of the Institute of Company Auditors (IBR-IRE) and the Institute for Tax Advisors and Accountants (ITAA).
Finally, to improve our services, we continuously work on optimising our (internal) processes and investigating new services.
The consultancy provided by us makes the processing of personal data dependent on the service(s) used by the client.
For example, in some cases we also process personal data of our clients' employees. Furthermore, We process personal data of our clients' employees and customers during the performance of an audit. Last but not least, we process personal data of clients while maintaining accounts and personal data of clients' family members in the context of estate planning advice.
Recruitment Purposes
Personal data are collected with regard to recruiting new employees. This happens via our employer branding website www.werkenbijvgd.be.
This processing finds its legal basis on the one hand in the pre-contractual phase in the realisation of the agreement (if the recruitment leads to an employment or services agreement) and on the other hand in the legitimate interest (if the recruitment does not lead to an employment or services agreement). After all, it is essential for VGD to recruit a suitable candidate for a suitable position. We highlight that we will only contact you in the framework of recruitment if we are convinced that we have a possible and suitable position in store for you.
Website
In the context of the access you grant yourself and the use you make of our website, the following personal data will be processed:
• Your IP address
• Your browsing behavior (Google Analytics)
• Cookies
VGD processes the aforementioned data with regard to optimising the content and functioning of the website, in accordance with the visitor's needs. For this processing, we rely on the legitimate interest we have in offering an easily accessible, understandable, adequate, complete and relevant website.
For more information concerning the use of the website be.vgd.eu, we would like to refer to the cookie policy.
Direct marketing
When delivering newsletters and brochures (electronically or by post), the following personal data will be processed:
• Your name and first name
• Your address
• Your email address
The aforementioned data will be processed with regard to personalising our newsletter and our brochures, as well as to keep you informed of relevant and interesting information for your company. This means we will send you information that we think you may find interesting and/or information that can help you in the search for a suitable candidate or employer. More specifically, this can be about promotions, offers, network and customer events, reports, vacancies.
VGD does this on a basis of the legitimate interest. After all, we take great care to tailor this direct marketing, so that it is very closely aligned with the recipients' interests or future perspectives.
VGD will invariably provide an opt-out option.
You can, at any time and free of charge, object to the use of your personal data for direct marketing purposes. To do so, you can send a simple request to the VGD privacy team, which can be reached via privacy.be@vgd.eu.
No obligation to transfer data.
You are not obliged to transfer your personal data to VGD. Nevertheless, you are aware that the refusal of some basic data may result in us being unable to provide certain services.
Retention period
Your personal data processed by VGD will be stored in accordance with the legal obligation that VGD has to do so or for as long as these data are necessary to guarantee a qualitative service. Personal data that are kept under the law of September 18, 2017 (identification data, copy of supporting documents, internal and external agents, as well as the ultimate beneficiaries) will, in accordance with the law, be kept for up to ten years after the end of the business relation with the client or to be calculated from the date of an occasional performance.
Personal data other than those mentioned above will only be stored for the periods provided in the applicable legislation, such as theaccounting legislation, tax legislation and social legislation, unless a longer retention period is justified to cover possible legal claims.
Rights
As a data subject whose personal data are processed, you have a number of rights concerning the operations carried out by us.
To exercise your rights, you must contact the VGD privacy team, which can be reached via privacy.be@vgd.eu or via or via the online contact form.
VGD is obliged to respond to this request within a period of one month. Only when you submit your request to exercise your rights via the aforementioned procedure to the competent service, an appropriate response will be given within the prescribed period.
You have the following rights:
Right of inspection and access
You have the right to access your personal data, as well as the right to consult its use via privacy.be@vgd.eu. You can obtain at any time a free copy of your available personal data upon simple request.
Right to correction, erasure and restriction
Except for those personal data that must necessarily be processed in the context of anti-money laundering legislation and client acceptance procedure or in the context of retention under a legal obligation, you can indicate yourself which personal data may not be processed at all or only for a limited number of operations. In addition, you can ask to delete those personal data that may not be processed in whole or in part. You can also ask to verify and, if necessary, rectify your personal data
Right to object, automated decisions and profiling
You can object to the processing of your personal data at any time, if this objection is based on serious and legitimate reasons. If you wish to object to the use of your personal data for direct marketing purposes, you do not need to state a reason.
The processing of personal data does not take place on the basis of automated decisions, in other words not without any human intervention. Profiling does not occur on the basis of the available personal data.
Right to withdraw consent
If a processing of your personal data is based on the consent you have given, you have the possibility to withdraw this consent at any time.
Right to portability
Under the conditions stated in the GDPR, you have the right to obtain your personal data in a structured, commonly used and machine-readable format. You can request to transfer your data in this way to another controller.
Transfer to third parties
VGD undertakes not to sell, lease, distribute or otherwise make your personal data available to third parties, unless the communication to the third party takes place in the framework of a legal obligation. In exceptional cases, binding legislation obliges us to transfer your personal data to the competent government authorities. The same applies if a court order imposes on VGD the obligation to communicate personal data to a number of persons who, pursuant to the court order, are authorised to become acquainted with the personal data in question.
However, VGD has a reservation for the partial or complete reorganisation or a transfer of the business activities. In this case, the business activities will, together with your personal data, be transferred to those third parties who are involved in the transfer and the confidential negotiations prior to the transfer.
As far as possible, you will be informed of the transfer to the aforementioned third parties.
Data Recipients
Your personal data are passed on internally and between the different entities of VGD based on a “need to know” principle.
In accordance with the foregoing, and except to the extent that the communication of personal data to organisations or entities whose intervention as third party service providers is required on behalf of and under the control of the responsible party, the VGD office will not share, sell, lease or exchange the personal data collected in this context with any other organisation or entity, unless you have been informed of this in advance and have given your express consent.
VGD relies on third service providers:
• VGD uses an e-accounting software and a corresponding portal;
• VGD engages other software suppliers to perform its services;
• VGD calls on external employees to perform certain tasks or specific assignments (company auditor, civil law notary, ...)
The necessary guarantees have been built into the agreements with all these third service providers to bring the transfer into compliance with the relevant data protection regulations, be it through a processor agreement, be it through determining the respective capacities.
Security and confidentiality
VGD guarantees that the processing of your personal data takes place in an adequate, correct and secure manner. Below you will be informed in a transparent manner about the processing procedures and the appropriate technical and organisational measures taken to prevent any loss, falsification or unlawful modification of, as well as unlawful access to the personal data.
Organisational measures
1. VGD has drawn up an extensive privacy policy, in which both external and internal are provided with explanations regarding the personal data processed by VGD. In those privacy policies, among other things, the rights of the data subjects, the security and the retention policy were extensively stated.
2. All employees were informed and sensitised by VGD. In addition, by drawing up policies and procedures, we can keep an eye on specific matters and by asking employees to participate in internal information sessions and periodic training courses.
3. A Data Protection Officer was appointed within VGD and an internal privacy team was assembled. Can be reached via privacy.be@vgd.eu.
4. VGD undertakes to thoroughly consider the rights of the data subjects in the implementation or developing of any new project and to conduct a data protection impact assessment (DPIA) if necessary.
Legal Measures
1. In the employment contracts, work regulations and other internal policies for our internal employees provisions are included with regard to the confidentiality and protection of privacy concerning data entrusted to us in the context of our assignment. These documents were updated where necessary to comply with the GDPR requirements;
2. Processor agreements have been drafted in order to correctly encapsulate the data transfer to our suppliers who are processors within the sense of GDPR.
3. Clauses relating to privacy, security and protection of personal data in contracts and other documents exchanged with clients have been and are strictly followed and evaluated at all times.
4. VGD also urges any counterparties who are also data controllers to submit a GDPR statement, so that guarantees are also offered in this business relation in connection with the GDPR compliant with the processing of personal data.
Technical measures
1. Control of physical access to the data center, whereby identification via identity card is mandatory.
2. Physical security of the data center infrastructure also includes redundant cooling systems, alarm systems and internet lines.
3. Redundant internet lines are equipped in all offices, whereby an automatic switch-over to the backup line - from another provider - is provided.
4. Redundant environment that automatically switches if one of the physical devices has problems. This applies to servers, gateways, firewalls, switches and storage.
5. Multiple backups per day which are encrypted and written to physically separated locations. This also involves writing to a cloud backup storage that is also deduplicated.
6. A firewall that ensures and controls access for only a few allowed regions and IP addresses. This for services that can be reached externally. For this we also use underlying reverse proxies as extra security.
7. Access to internal systems is secured with a personal password that is required to be changed on a regular basis and must meet a certain complexity. Access to data is determined in the framework of the position and what is effectively required to be able to perform this position.
8. Through a VPN connection, access can be granted to the VGD network and data. For this an authorization based on a personal password - same as point 7 - is also needed.
9. A complete test environment in which all software are first installed in test and verified extensively afterwards.
10. All software and systems are updated on a frequent basis for security and performance reasons.
11. Each device is equipped with an anti-virus that retrieves current threats and information from a global database.
12. Users do not have administrator rights, so only offered and approved business software is available on the PCs.
13. E-mail first passes through an anti- pam filter before being delivered to the user. Here too, a global database is being used.
14. Control of the input, modification and erasure of data through a logging system so that it can be determined afterwards who made which changes to the software applications.
15. Clean desk policy to prevent physical data loss.
16. WiFi offered in the offices is completely separated from the VGD network, so that access to our network is not possible for third parties via this way.
Complaints
If you believe that your rights as a data subject are being harmed by or in the processing of your personal data, you have the right to file a complaint with the Supervisor (Data Protection Authority, Drukpersstraat 35, 1000 Brussels, email: contact@apd-gba.be, tel. +32 (0)2 274 48 00, fax +32 (0)2 274 48 35), without prejudice to any other possibility of lodging an administrative appeal.
Modifications
VGD reserves the right to modify its current policy.
If substantial changes are made, we will take all reasonable measures to notify you before the changes become effective.