Accountancy
Tax & legal
Corporate finance

Van Reybrouck Privacy Policy

1. Introduction – who we are
The private limited liability company (“besloten vennootschap”, abbreviated into “BV”) Van Reybrouck (hereinafter “Van Reybrouck”, “we” or “us”) is an independent consultancy firm specialising in accountancy, tax and legal advice and corporate finance.

We attach great importance to your privacy and consider it important that your personal data are always treated with the necessary care and confidentiality. The statement below clarifies how your personal data can be processed and what your rights are.

This statement applies to the personal data that we process as controller.

This statement applies to our clients and their employees, their directors, etc., as well as to other persons associated with the client. In addition, this statement also applies to (each visitor to) our Website https://www.vanreybrouck.be (hereinafter “Website”) and to the associated activities or the (commercial) relationships that would ensue from this, such as contacting us via the Website if you have questions or are interested in our services (prospects), job applications (applicants), sending and receiving newsletters, …

For questions about this statement or about the processing of your personal data, we refer you in the first place to your contact person. You can also always reach us via the contact details below: 

Ten Briele 10/9
8200 Bruges (Sint-Michiels)
T: +32 50 38 10 53 
F: +32 50 38 26 30 



2. What we do with your personal data
2.1. When do we collect your data?
We collect and process your data as controller if: 
  • you are a client of ours (and if you are a staff member, director,… of a client);
  • you are a business contact of a client (e.g. you are a supplier or client of our client);
  • you subscribe to our newsletter or we believe that it may be of interest to you as an existing or former client;
  • you contact or have contacted us, for example, on the occasion of a visit to our Website (via "contact us"), submitting a request to exercise your rights or applying for a job at our company.


2.2. What data can we collect?
We may process the data below from you depending on the purposes for which it was obtained. 

2.2.1 General 
  • Your identification data: identity card details, scan of your identity card,… which we will request for example before we can grant a request to exercise your rights;
  • Your contact information: your name, e-mail address and all other contact details that you provide to us for example when contacting us;
  • Your contact history: communication sent and received (e.g. e-mail messages,…) in connection with communication we conduct and maintain with you;
  • Your personal details: for example, age, date of birth, place of birth,… especially when you provide it to us when applying for a job at our company, whether or not through a temporary employment agency;
  • Your electronic identification data: your IP address, browser type, connection times,… on the occasion of, for example, a visit to our Website that makes use of cookies or comparable techniques;
  • Your work-related data: CV, training followed, certificates, language skills, employer (incl. history), professional activities, professional skills, publications, salary, assessment & development reports, interview report, follow-up of references, social media profiles,…when you provide them to us in the context of a job application, whether or not through a temporary employment agency.

In principle, we will not process special categories of data (medical data, political views, religious or philosophical beliefs, trade union membership) unless they are provided to us with your express permission. 

2.2.2 Clients
  • Your personal data: date and place of birth, marital status, family composition, language, enterprise number for sole proprietorship,…;
  • Your social security data: social security registration number,…;
  • Your financial and tax information: payslip/issued invoices (e.g. from the company manager himself), repertory number, personal income tax return, accounting documents, copy of loan agreements,…;
  • Other: medical data (e.g. in the context of obtaining beneficial treatment),…

2.2.3 Suppliers
Your contact details: surname name and first name (e.g. of our client's regular contact person at the supplier), e-mail address, telephone number,…

The personal data (non-exhaustively) listed above will only be processed to the extent necessary for the purposes stated below. 


2.3. For what purposes do we collect your data and on what legal basis? 
In general, we process your data for one of the following purposes:  

(a) Application of the Belgian Act of 18 September 2017 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and limitations to the use of cash.

1° In application of Article 26 of the Belgian Act of 18 September 2017, our office must collect the following personal data with regard to our clients and their attorneys-in-fact: the name, first name, date and place of birth and, to the extent possible, the address;
2° In application of Article 26 of the Belgian Act of 18 September 2017, our office must collect the following personal data with regard to the ultimate beneficial owners of our clients: the name, first name and as far as possible, date and place of birth and address. 

The processing of these personal data is a legal obligation. Without these data, we are unable to enter into a business relationship (Art. 33 Belgian Act of 18 September 2017 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and limitations to the use of cash). 

(b) Obligations of the office to the Belgian government, foreign governments or international institutions in implementation of a legal or regulatory obligation, in implementation of a judicial decision, or in the context of promoting a legitimate interest by among others, but not limited to, present and future tax (e.g. VAT listings, tax forms) and social security laws, require us to process personal data in the context of the assignment with which we were charged.
The processing of these personal data is a legal obligation and we cannot enter into a business relationship without them.

(c) Performance of an agreement regarding our advice and services in the fields of accountancy, tax & legal and corporate finance. The processing of the personal data concerns the data of the clients themselves, their employees, their directors and the like, as well as the other persons who are involved in the activity as a client or supplier.
Without the provision and processing of this data, we are unable to properly perform our assignment.

(d) Based on your consent (e.g. subscribing to the newsletter).
This consent is derived from the voluntary and direct provision of your data to us, whether orally, in writing or via an electronic web form/message.


2.4 From whom do we receive your data?
We can obtain personal data from you directly or from third parties (data obtained through a temporary employment agency, personal data provided by our client regarding employees, directors, clients, suppliers, shareholders, …). 
The personal data may also come from public sources such as the Crossroads Bank of Enterprises, the Belgian State Gazette and its annexes, the National Bank of Belgium and the like.

If we obtain your data from third parties and we as controller process your data in our systems, we will inform you about the processing of your data no later than at the time of contact, among others by means of a reference to this privacy statement.  


2.5 Who will receive your data through us?
We will not pass on, sell, rent or exchange your personal data with third parties, unless it is necessary for achieving one of our aforementioned purposes.  
This concerns the so-called data processors that we use. These are service providers who process data for us based on our written instructions. For example: recruitment and selection service providers (temporary employment agencies), service providers that manage our IT systems (servers and back-up), suppliers that provide accounting software (e.g. Exact Online, Top Account), calculation tools (Kluwer), reporting tools (Silverfin) or management of office tasks, time registration and work planning (e.g.  Admin Consult), the government (e.g. Belcotax),…. 

In addition, we may transfer personal data from our clients, from our Website and/or from you at the request of any legally competent authority, or even at our own initiative if we believe in good faith that it is necessary to comply with applicable laws and/or regulations, or to defend and/or protect our rights or property. 
In all other cases, we will not pass on, sell, rent or exchange your personal data with third parties, unless you have been informed in advance and agree to this. 
Your personal data will never be passed on to third countries or international organisations (i.e. outside the European Economic Area). 


2.6 How long do we keep your data?
We do not store your personal data longer than is necessary for the purpose for which the data were collected or processed. 

Since the period for which the data can be retained depends on the purposes for which the data were collected, the storage period can vary in each situation. Sometimes specific (accounting/tax/ social) legislation will require us to keep the data in question for a specified period of time. 

Our retention periods for personal data are based on legal requirements and a weighing of your rights and expectations with that which is useful and necessary for the provision of our services. 

2.7 How do we protect your data?
We have taken the necessary physical and appropriate technical and organisational (precautionary) measures to protect your personal data against loss or any form of unlawful processing. 

These measures guarantee an appropriate level of security, taking into account the state of the art and the associated processing costs. The measures are aimed among other things at preventing the unnecessary collection and further processing of personal data.

The relevant procedures initiated also apply to all the data processors we rely on. 

If a breach occurs in connection with your personal data, we will inform the competent authority within 72 hours and if the risk that you suffer a personal disadvantage is high, we will also inform you without delay. 


3. What are your rights?
You have various rights with regard to the personal data collected about you. If you wish to invoke one of the following rights, please contact us via the aforementioned contact details (by e-mail, telephone/fax or post).  


3.1. Your rights
  • Right of access and to obtain a copy: if you wish, you can access your personal data and obtain a copy thereof;
  • Right to modification or rectification: if you believe that we have incorrect data about you, please let us know and we will rectify it for you;
  • Right to data erasure (right to be forgotten): if you so wish, you can request that we erase your personal data. We may still have to process these data for other purposes;
  • Right to restriction of processing: if you believe that we are processing your personal data unlawfully or incorrectly, you can also limit this processing;
  • Right to object: you can also object to the processing of your personal data;
  • Right to data portability: if you wish to transfer your personal data, please contact us.


3.2. Expectations
However, the exercise of the above rights is subject to certain exceptions to protect the public interest, our interests and the interests of other individuals.

Specifically regarding the personal data that we must keep in accordance with the Belgian Act of 18 September 2017 (see Part 2.3 (a)), the legal exception included in Article 65 of the Belgian Act of 18 September 2017 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and limitations to the use of cash:

“The person to whom the processing of personal data applies pursuant to this Act does not enjoy the right to access and rectification of his or her data, nor the right to be forgotten, to data transferability or to raise objections, nor to the right not to be profiled, nor to notify the security breaches.
The right of the data subject to access the personal data concerning him or her is exercised indirectly, pursuant to Article 13 of the aforementioned Act of 8 December 1992, with the Commission for the Protection of Privacy as instituted by Article 23 of the same Act. (…)”

For the application of your rights with regard to your personal data you must therefore contact the Data Protection Authority (see Part 4.) 


3.3. Procedure for exercising your rights
When you submit a request to exercise your rights, we will first and foremost verify your identity by requesting a copy of your identity card. We do this to prevent your data from falling into the wrong hands.   

The exercise of your rights is in principle free of charge. However, if your request is manifestly unfounded or excessive, we may charge you a reasonable fee in light of the administrative costs incurred by us. In the same case, however, we can also choose not to act on your request. In this case you will be informed of the reasons for such. 

In any case, we will always inform you in writing of the action taken on your request within a period of four weeks (for simple requests) or 3 months (for complex or multiple requests).  


4. What are your complaint options?
We will always make every effort to protect your privacy and to comply with the relevant legislation. However, it is always possible that you do not agree with the way in which we collect, use and/or process your personal data. 

In this case, you of course can always contact us: 
Ten Briele 10/9 
8200 Bruges (Sint-Michiels)
T: +32 50 38 10 53 
F: +32 50 38 26 30
   

You also have other (external) complaint options. You first of all can file a complaint with the supervisory authority using the following contact details:  
By phone: +32 (0)2 274 48 00
By fax: +32 (0)2 274 48 35
By e-mail:
By letter: Data Protection Authority 
     Attn. Complaint - privacy department rue de la Presse 35 
     1000 Brussels 

In addition, if you suffer damage, you can also file a claim for damage compensation before the competent court. 
For more information regarding complaints and options for redress, we invite you to consult the Data Protection Authority website: https://www.dataprotectionauthority.be/.

5 Final provision 
This Privacy Statement applies from 25 May 2018.
We may unilaterally decide to make changes to this Privacy Statement. However, the most recent version will always be available on our Website.