top of page
WSH-accountants-audit-bv-favicon.png
ACCOUNTANTS
AUDIT B.V.
floriane-vita-FyD3OWBuXnY-unsplash.jpg

Privacy statement

Model privacy statement WSH Accountants Audit BV

Introduction

In the context of our services, we process personal data. We may have received this data from you, for example via our website, email, telephone or app. In addition, we may obtain your personal data in the context of our services via third parties (for example your employer). With this privacy statement, we inform you about how we handle this personal data.

Personal data to be processed

The personal data we process depends on the exact service and circumstances. It often concerns the following data:

  • Name and address details;

  • Date and place of birth or age;

  • Gender;

  • Contact details (email addresses, telephone numbers) and name and position of contact persons;

  • Copy of identity document (only if necessary!);

  • Citizen service number (only if necessary!);

  • Salary and other data required for tax returns, salary calculations, etc.;

  • Marital status, partner details and any information about children; to the extent necessary for tax returns, for example);

  • Bank account number;

  • Information about previous education and positions (in the context of an application);

  • Data about your activities on our website, IP address, internet browser and device type.

Purposes and bases of processing

In some cases we process personal data to be able to comply with a legal obligation, but we usually do this to be able to perform our services. There may also be a legitimate interest to process personal data, such as in the case of an application procedure.

Some data is recorded for practical or efficiency reasons, which we assume (may) are also in your interest, such as:

  • Communication and information provision;

  • To provide our services as efficiently as possible;

  • Billing and collection

We may contact you to ask for feedback on services provided by us or for market or other research purposes. If you do not appreciate this, please read below what your rights are in this regard.

In some cases, we may want to process personal data for reasons other than those listed above and we will ask your explicit permission for this. If we want to process personal data that we are allowed to process based on your permission for other or more purposes, we will first ask your permission again.

Finally, we may also use your personal information to protect our rights or property and those of our users and, if necessary, to comply with legal process.

Applicants

We would like to point out the following to applicants. You are requested never to include your citizen service number or religious beliefs in your application letter and you do not need to include a passport photo or copy of your ID either. If this is relevant, it will be discussed during the application process. Your application will be kept by the responsible employee for the duration of an application procedure, after which it will be destroyed. If we are interested in your profile, but we cannot invite you for an interview immediately, we may ask you to give explicit permission to keep your application in our portfolio for up to 12 months.

Provision to third parties

In the context of our services, we may use the services of third parties, for example if these third parties have specialist knowledge or resources that we do not have in-house. These may be so-called processors or sub-processors. Other third parties who are strictly speaking not processors of the personal data but do have or may have access to it, are for example our system administrator or advisors whose advice we obtain regarding your assignment. If the involvement of third parties results in them having access to the personal data or that they record and/or otherwise process themselves, we will agree with those third parties (in writing) that they will comply with all obligations of the GDPR. Naturally, we will only involve third parties of whom we can and may assume that they are reliable parties who handle personal data adequately and can and will comply with the GDPR. This means, among other things, that these third parties may only process your personal data for the purposes mentioned above.

Of course, it may also be the case that we must provide your personal data to third parties in connection with a legal obligation. We would also like to point out that when you send us a public message via social media, others may take note of this message. Therefore, send sensitive information in a different way as much as possible.

Processing within the EEA

We will only process personal data within the European Economic Area, unless you agree otherwise in writing with us. Exceptions to this are situations in which we want to map contact moments via our website and/or social media pages (such as Facebook and LinkedIn). Think of, for example, visitor numbers and requested web pages. Your data is stored by third parties outside the EU when using Google Analytics, LinkedIn or Facebook. These parties are 'EU-US Privacy Shield' certified, so they must comply with European privacy regulations. Incidentally, this only concerns a limited number of sensitive personal data, in particular your IP address.

Security

We have taken appropriate organizational and technical measures to protect personal data insofar as these can reasonably be expected of us, taking into account the interest to be protected, the state of the art and the costs of the relevant security measures.

We oblige our employees and any third parties who necessarily have access to the personal data to maintain confidentiality. Furthermore, we ensure that our employees have received correct and complete instruction on the handling of personal data and that they are sufficiently familiar with the responsibilities and obligations of the GDPR. If you would like this, we would be happy to inform you further about how we have designed the protection of personal data.

Your rights

You have the right to inspect, rectify, limit or delete the personal data we have about you (except of course if this would conflict with any legal obligations). Furthermore, you can object to the processing of your personal data (or part thereof) by us or by one of our processors. You also have the right to have the data provided by you transferred by us to yourself or directly to another party if you so wish.

Complaints

Should you have a complaint about the processing of your personal data, we ask you to contact us about this. Should this not lead to a satisfactory outcome, you always have the right to file a complaint with the Dutch Data Protection Authority; the supervisory authority in the field of privacy. The contact details of the Dutch Data Protection Authority can be found via the website www.autoriteitpersoonsgegevens.nl .

Retention periods

We will not process your personal data for longer than is necessary for the purpose for which it was provided (see the paragraph 'Purposes of and bases for processing'). This means that your personal data will be stored for as long as it is necessary to achieve the relevant purposes. Certain data must be stored for longer (usually 7 years), because we must comply with statutory retention obligations (for example the fiscal retention obligation) or in connection with regulations from our professional association.

Incidents involving personal data

If an incident (a so-called data breach) occurs involving your personal data, we will inform you immediately, unless there are compelling reasons, if there is a significant risk of negative consequences for your privacy and the realization thereof. We aim to do this within 48 hours of discovering the data breach or being informed of it by our (sub)processors. In any case, we will always report a data breach to the Dutch Data Protection Authority.

Cookie Statement

Our website only uses functional and analytical cookies. These cookies are necessary for the proper functioning of the website and help us gain insight into the use of the site. They do not collect any personal data and are not shared with third parties. No permission is required for these cookies.

Changes

Our privacy policy will undoubtedly be changed from time to time. The most recent version of the privacy statement is logically the applicable version and can always be found on our website.

Finally

We hope that this privacy statement has given you a clear picture of our privacy policy. However, if you have any further questions about how we handle personal data, we would like to hear from you. The first point of contact for privacy aspects at our organization is Wikash Jagesar, email: w.jagesar@wshaudit.nl .

bottom of page