PRIVACY POLICY

As an accounting firm, we are responsible for processing a significant amount of data. Some of this data concerns personal information, and in this regard, we inform you as follows.

The firm collects and processes identity and contact details received from the client, relating to the client themselves, their family members, employees, associates, appointees, and business relations (such as suppliers or customers of the client), as well as any other useful contact persons. These personal data are processed by the firm in accordance with Belgian data protection laws and the provisions of Regulation 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, applicable since May 25, 2018 (hereinafter “General Data Protection Regulation” or GDPR).

The client is responsible for the accuracy and updating of the personal data they provide to the firm and undertakes to strictly comply with the provisions of the GDPR concerning the persons whose data they have shared. The client is also responsible for all personal data they may receive from their own customers, staff, associates, and appointees.

The client acknowledges having read the information below and authorizes the firm to process the personal data provided within the framework of the services delivered by the firm, in accordance with this privacy policy.

1. Data Controller

The data controller is ACCRYPTAX BV, headquartered at De Keyserlei 60C/1301 – 2018 Antwerpen, Belgium (company number 1021.594.892).

The controller is registered with the Institute for Tax Advisors & Accountants under registration number 53.436.690.

For any questions regarding data protection, you can contact ACCRYPTAX BV by mail at the address above or by email at info@accryptax.xyz

2. Purpose of Personal Data Processing

2.1 Processing Scope

Only data relevant to the intended purpose are processed. Processing includes any operation performed on personal data (manual or automated).

Data may only be shared with subcontractors, recipients, and/or third parties as necessary to fulfil the purposes below.

2.2 General Purposes

1. Anti-Money Laundering (AML) Act of September 18, 2017

Under Article 26, our firm must collect: name, first name, date and place of birth, and if possible, the address of clients and their legal representatives.

For beneficial owners: name, first name, and, where possible, date/place of birth and address.

This is a legal requirement; without these details, we cannot enter into a business relationship (Article 33 of the AML Act).

1. Legal and Regulatory Obligations

The firm is required to process data for obligations imposed by Belgian and international authorities, judicial decisions, and lawful interests, including tax and social security regulations (e.g., VAT listings, tax slips).

1. Execution of Contractual Services

The data processed relate to clients, their employees, managers, and other stakeholders (e.g., suppliers/customers). Without this data, the firm cannot properly perform its accounting and tax duties.

1. Direct Marketing Activities

This includes newsletters or promotional information. Clients may unsubscribe at any time by emailing info@accryptax.xyz

2.3 Specific Use Cases

• Initiate and manage the client relationship;
• Analyze, adapt, and improve the firm’s website;
• Perform services;
• Enable the client to receive messages/information;
• Respond to inquiries;
• Communicate updates and changes;
• Any other purpose explicitly authorized by the client.

2.4 Legal Basis for Processing

• (i) Consent of the client (revocable at any time without affecting prior processing);
• (ii) Necessary to fulfil the client’s request or execute a contract;
• (iii) Legal obligation (e.g., taxes, accounting, AML);
• (iv) Legitimate interest (e.g., communication, fraud prevention, legal defense, service improvement), always balanced against client rights.

3. Data Categories and Sources

3.1 Data Provided by the Client

• Identification data (name, marital status, birth date, address, occupation, national ID, company number);
• Biometric data (e.g., copy of ID or passport);
• Banking info (IBAN, BIC/SWIFT);
• Invoices, communications;
• Personal tax data (e.g., children, union membership, medical info);
• Other necessary personal data.

3.2 Data Provided by the Client About Others

Employees, directors, customers, suppliers.

3.3 Data Not Provided by the Client

• Public sources (e.g., Belgian Official Gazette, National Bank of Belgium);
• Other entities involved in a case;
• Authorities, bailiffs, notaries;
• Tax and social administrations.

4. Data Recipients

4.1 Disclosure to Authorities or Third Parties

Data may be disclosed to legally authorized authorities, or in good faith if necessary to comply with laws or protect the rights of the firm, clients, or third parties.

4.2 Disclosure to Third-Party Providers

Includes:

• E-accounting software and portals;
• External professionals (auditors, notaries).

Data shared with these parties will only be what is necessary, and they may not share it further unless required by law or regulation (e.g., for AML compliance).

4.3 Transfers Outside the EEA

Data will only be transferred to countries offering adequate protection or where legal safeguards are in place (e.g., contractual clauses).

5. Security Measures

The firm has taken appropriate technical and organizational measures to:

• Prevent unauthorized access, misuse, alteration, destruction, or accidental loss;
• Enforce strict confidentiality for staff and contractors.

The firm cannot be held liable for data theft or misuse by third parties despite these safeguards.

6. Retention Periods

6.1 AML Data

Stored up to 10 years after the end of the business relationship or from the date of a one-off transaction (per Article 60 AML Act).

6.2 Other Data

Retained per relevant accounting, tax, or social law timeframes. Data may be kept longer if legally required or during active legal disputes.

6.3 After the retention period, data will be erased unless otherwise required by law.

7. Data Subject Rights

7.1 General Rights

Subject to exceptions in 7.2, clients have:

• Right to information;
• Right of access;
• Right to object;
• Right to rectification;
• Right to restrict processing;
• Right to erasure (“right to be forgotten”), with exceptions;
• Right to data portability;
• Right to lodge a complaint.

Requests must be in writing and accompanied by ID (email: info@accryptax.xyz or by mail).

7.2 Exceptions (AML Data)

Under Article 65 AML Act:
Clients do not have the rights of access, rectification, erasure, portability, objection, profiling, or breach notification regarding data processed under AML obligations.

In such cases, access requests must be directed to the Data Protection Authority, which may verify the data lawfulness without disclosing sensitive information.

8. Complaints

You may file a complaint with the Belgian Data Protection Authority:

Drukpersstraat 35, 1000 Brussels 
Tel: +32 (0)2 274 48 00
 Fax: +32 (0)2 274 48 35
 Email: contact@apd-gba.be
 Website: https://www.gegevensbeschermingsautoriteit.be

9. Updates to the Privacy Policy

This policy may be updated. Clients will be notified via the firm’s website or email of any changes, especially those related to new legislation, guidance from data protection authorities, or court decisions.