As a firm of Registered Auditors, we are responsible for processing a large volume of data, some of which is personal data.
The personal data that we process may concern you as a client of our audit firm, but also as a business relationship of our clients (if you are a supplier or a client of our client, for example). We are required to inform you, as the data subject whose personal data we process, of the following.
1. Responsible for processing personal data
The person responsible for processing personal data is L&S Registered Auditors.
The head office of our audit firm is located at 1120 Brussels, Chemin du Rossignol n ° 23 and our company number is 0681.575.448.
The audit company is registered with the Institute of Registered Auditors, under approval number B00958.
For any questions relating to the protection of personal data, please contact L&S Registered Auditors, by post to the above address or by email ase(at)lsaudit(dot)eu │ slu(at)lsaudit(dot)eu).
2. Purposes of the processing of personal data
The firm processes personal data for the following purposes:
A. Application of the law of September 18, 2017 on the prevention of money laundering and terrorist financing and on the limitation of the use of cash (hereinafter law of September 18, 2017).
- Pursuant to article 26 of the law of September 18, 2017, our firm is required to collect the following personal data concerning our clients and their representatives: last name, first name, date of birth, place of birth and, in wherever possible, address.
- Pursuant to article 26 of the law of September 18, 2017, our firm is required to collect the following personal data concerning the beneficial owners of clients: surname, first name and, as far as possible, date of birth , place of birth and address.
The processing of this personal data is a legal obligation. Without this data, we cannot conclude a business relationship (article 33 of the law of September 18, 2017).
B. The obligations incumbent on the firm vis-à-vis Belgian authorities, foreign authorities or international institutions, in application of a legal or regulatory obligation, in application of a judicial decision or in the context of the defence of a legitimate interest, in particular, but not exclusively, if current and future tax (VAT listings, tax records, etc.) and social laws require us to process personal data within the framework of the assignment for which we have been designated.
The processing of this personal data is a legal obligation. Without this data, we cannot enter into a business relationship.
C. Execution of this contract relating to accounting, tax and audit services. The processing of personal data concerns the data of the customers themselves, of their staff members, of their directors, among others, as well as of other persons, such as customers and suppliers, involved in their activities.
In the absence of communication and processing of this data, we are unable to carry out our mission as company auditor.
3. What personal data and from whom?
Within the framework of the purposes mentioned in point 2, our firm is authorized to process the following personal data: first name, last name, e-mail address, biometric data (copy of CI or passport), address, number of company, national number …
In the context of tax declarations, the following data is also processed: children, membership of a trade union or political organization, medical data.
The firm processes personal data that the data subject or his or her relatives have / have themselves provided.
The firm also processes personal data which has not been provided by the data subject, such as personal data transmitted by the client and concerning his employees, directors, clients, suppliers, or even shareholders.
Personal data may also come from public sources such as the Crossroads Bank for Enterprises, the Belgian Official Gazette and its annexes and the National Bank of Belgium.
The data is only processed if this processing is necessary for the purposes mentioned in point 2.
Personal data is not transmitted to third countries or to international organizations.
4. Data recipient
In accordance with the above, and except if it is necessary to communicate personal data to organizations or entities whose intervention as third party service providers on behalf and under the control of the person in charge is required for the purposes above, the firm will not transmit the personal data collected in this context, nor will it sell, rent or exchange it with any organization or entity, unless you have been informed in advance and that you have explicitly given your consent.
The firm uses third-party service providers:
↘ the firm uses electronic software and related IT portals;
↘ the firm uses cloud computing software as a work interface;
↘ the firm uses the services of external experts to carry out certain tasks or specific missions (auditor, notary, accountant, etc.).
The firm can take all necessary measures to ensure proper management of the website and its IT system.
The firm may transmit personal data at the request of any legally competent authority or on its own initiative if it considers in good faith that the transmission of this information is necessary in order to comply with the law or regulations or in order to defend and / or protect the rights or property of the firm, its clients, its website and / or yourself.
5. Security measures
In order to prevent, as far as possible, any unauthorized access to personal data collected in this context, the firm has developed security and organizational procedures. These procedures concern both the collection and storage of this data.
These procedures also apply to all subcontractors that the firm uses.
6. Retention period
6.1. Personal data that we must keep under the law of September 18, 2017 (see point 2A)
This concerns identification data and the copy of evidence relating to our clients, internal and external agents as well as the beneficial owners of our clients.
In accordance with Articles 60 and 62 of the Law of September 18, 2017, this personal data is kept for a maximum of ten years after the end of the professional relationship with the client or from the date of an occasional transaction.
6.2. Other personal data
The personal data of persons who are not referred to above are only kept for the periods provided for by the applicable legislation, such as accounting legislation, tax legislation and social legislation.
Once the aforementioned periods have expired, the personal data will be erased, unless another legislation in force provides for a longer retention period.
7. Rights of access, rectification, right to be forgotten, data portability, opposition, non-profiling and notification of security breaches
7.1. Personal data that we must keep in application of the law of September 18, 2017
This concerns the personal data of our customers, agents and beneficial owners of customers.
In this regard, we must draw your attention to article 65 of the law of September 18, 2017.
For the application of your rights relating to your personal data, you must therefore contact the Data Protection Authority (see point 8).
7.2. All other personal data
For the application of your rights relating to all other personal data, you can always contact: Abdel Serghini, ase (at) lsaudit (dot) eu or Saskia Luteijn, slu(at)lsaudit(dot)eu.
With regard to the processing of personal data by our audit firm, you can submit a complaint to the Data Protection Authority: https://www.dataprotectionauthority.be