PRIVACY POLICY

Introduction

In our capacity as certified accountants and tax advisers, we are responsible for processing a significant amount of data, part of which constitutes personal data.

The personal data we process may relate to you as a client of the firm, but also as a business relation of our clients (for example, if you are a supplier or a customer of our client).

As a data subject whose personal data we process, we are required to inform you of the following.

1. Data Controller

The data controller is FIDUCIAIRE MONTGOMERY SRL, registered with the Crossroads Bank for Enterprises under number 0464.532.406, with its registered office at Chaussée de La Hulpe 177/20, 1170 Brussels.

The controller is registered with the Institute for Tax Advisors and Accountants (ITAA) under external member number 50404836.

For any questions relating to the protection of personal data, please contact FIDUCIAIRE MONTGOMERY SRL by post at the registered office address or by email at a.delachevalerie@fmg.be.

The person responsible for data protection is Mr Amaury de la Chevalerie, director.

2. Purposes of the processing of personal data

The firm processes personal data for the following purposes:

A. Compliance with the Act of 18 September 2017 on the prevention of money laundering and terrorist financing and the restriction of the use of cash

1° Pursuant to Article 26 of the Act of 18 September 2017, the firm is required to collect the following personal data relating to its clients and their representatives: surname, first name, date of birth, place of birth and, where possible, address.

2° Pursuant to Article 26 of the Act of 18 September 2017, the firm is required to collect the following personal data relating to the ultimate beneficial owners of clients: surname, first name and, where possible, date of birth, place of birth and address.

The processing of these personal data is a legal obligation. Without these data, no business relationship can be established (Article 33 of the Act of 18 September 2017).

B. Compliance with obligations towards Belgian or foreign authorities or international institutions

This processing is carried out pursuant to a legal or regulatory obligation, a judicial decision, or for the defence of a legitimate interest, including but not limited to compliance with current and future tax and social legislation (VAT listings, tax forms, etc.).

The processing of these personal data is a legal obligation. Without these data, no business relationship can be established.

C. Performance of contracts for accounting, tax and legal services

The processing of personal data concerns data relating to clients themselves, members of their staff, directors, as well as other persons involved in their activities, such as customers and suppliers.

In the absence of communication and processing of these data, we are unable to properly perform our assignment as auditor, accountant or tax adviser.

3. Which personal data and from whom?

For the purposes mentioned above, the firm may process the following personal data: first name, surname, email address, biometric data (copy of electronic identity card or passport), address, company number, national register number, etc.

For personal income tax returns via Tax-on-Web, the following data are also processed: first names and ages of children, date and place of birth, bank account number.

The firm processes personal data provided directly by the data subject or their relatives.

It also processes personal data not provided directly by the data subject, such as data transmitted by the client relating to its employees, directors, customers, suppliers or shareholders.

Personal data may also originate from public sources such as the Crossroads Bank for Enterprises, the Belgian Official Gazette and its annexes, and the National Bank of Belgium (Central Balance Sheet Office).

Personal data are processed only insofar as necessary for the purposes set out above and are never transferred to third countries or international organisations.

4. Recipients of the data

Except where communication of personal data to third-party service providers acting on behalf of and under the control of the controller is required, the firm does not sell, rent, exchange or otherwise disclose personal data unless you have been informed in advance and have explicitly consented.

The firm uses third-party service providers acting as data processors, including:

  • software providers for tax calculations, document transfer and the client portal;
  • external collaborators for specific tasks or missions (statutory auditors, notaries, subcontracted accountants, etc.).

The firm may take all necessary measures to ensure proper management of its website and IT systems.

Personal data may be disclosed to competent authorities if required by law or if the firm believes in good faith that such disclosure is necessary to comply with legal obligations or to protect its rights, those of its clients, its website or yourself.

5. Security measures

To prevent unauthorised access as far as possible, the firm has implemented appropriate organisational and technical security procedures relating to the collection and storage of personal data.

These measures also apply to all subcontractors engaged by the firm.

6. Data retention periods

6.1 Personal data retained under the Act of 18 September 2017

This concerns identification data and copies of supporting documents relating to clients, their representatives and beneficial owners.

In accordance with Articles 60 and 62 of the Act of 18 September 2017, such data are retained for a maximum period of ten years after the end of the professional relationship or after the date of an occasional transaction.

6.2 Other personal data

Other personal data are retained only for the periods required by applicable legislation, such as accounting, tax and social law.

6.3 Deletion

Once the applicable retention periods have expired, personal data are deleted unless a longer retention period is required by law.

7. Rights of access, rectification, erasure, portability, objection, non-profiling and security breach notification

7.1 Data retained under the Act of 18 September 2017

With regard to such data, Article 65 of the Act of 18 September 2017 applies, which limits the exercise of data subject rights.

Requests concerning these rights must therefore be addressed to the Data Protection Authority.

7.2 Other personal data

For all other personal data, you may exercise your rights by contacting the data controller indicated in section 1.

8. Complaints

You may lodge a complaint with the Belgian Data Protection Authority: