Privacyvoorwaarden & Cookiebeleid
In het document vindt u onder andere:
• Welke persoonsgegevens wij verwerken;
• Hoe wij met uw persoonsgegevens omgaan;
• Met wie en welke software partijen wij de gegevens delen.
Hieronder vindt u de privacyvoorwaarden van De Administratie voor het MKB, Stichtingen en Verenigingen B.V.
U kunt het volledige document ook hier downloaden: Privacyvoorwaarden De Administratie voor het MKB, Stichtingen en Verenigingen B.V.
Privacyvoorwaarden – De Administratie voor het MKB, Stichtingen en Verenigingen B.V. – AVG
Partijen:
Klant, hierna te noemen: “Verantwoordelijke”, “U” of “Uw”.
en
De Administratie voor het MKB, Stichtingen en Verenigingen B.V., hierna te noemen: “Verwerker”, “Wij”, “Ons” of “Onze”.
hierna gezamenlijk aangeduid als “Partijen”, “We” of “Wij Gezamenlijk”
Overwegingen:
- Verantwoordelijke en Verwerker zijn een overeenkomst aangegaan betreffende het verzorgen van de financiële administratie en, indien van toepassing, fiscale en belasting gerelateerde diensten en salarisadministratie. Deze diensten leiden ertoe dat de Verwerker in opdracht van de Verantwoordelijke persoonsgegevens verwerkt.
- Wij zijn – vanwege het uitvoeren van de overeenkomst én met betrekking tot de Persoonsgegevens die Wij hierbij zullen Verwerken – aan te merken als “Verwerker” en U als “Verantwoordelijke”. In deze Voorwaarden leggen We onze wederzijdse rechten en verplichtingen vast.
1. Definities
In deze Voorwaarden wordt een aantal begrippen gebruikt. De betekenis van deze begrippen is hieronder verduidelijkt. De genoemde begrippen worden in deze Voorwaarden met een hoofdletter geschreven. Veelal wordt in de opsomming hieronder gebruik gemaakt van de omschrijving van het begrip uit de wet- en regelgeving op het gebied van privacy.
The person concerned:
The person to whom Personal Data relates.
Processor:
A natural or legal person, a public authority, agency or other body that processes personal data on behalf of the Controller, without being subject to its direct authority.
Sub-processor:
Another processor engaged by the Processor to perform specific processing activities on behalf of the Controller.
Controller / Controller:
A natural or legal person, a public authority, agency or other body that, alone or jointly with others, determines the purpose and means of the processing of personal data.
Special Personal Data:
These are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health, or data concerning a person’s sexual behaviour or sexual orientation. As well as personal data concerning criminal convictions and offences or related security measures.
Data breach / Breach relating to personal data:
A security breach that accidentally or unlawfully leads to – or where it cannot reasonably be ruled out that it could lead to – the destruction, loss, alteration, or unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored, or otherwise processed.
Third parties:
Other than You and Us.
Data Breach Notification Obligation:
The obligation to report data breaches to the Dutch Data Protection Authority and (in some cases) to the Data Subject(s).
Staff
Persons working for You or for Us, either in an employment relationship or temporarily hired.
Underlying assignment:
The assignment as referred to above in considerations under A.
Conditions:
These Privacy Terms
Personal data:
All information relating to an identified or identifiable natural person (“the Data Subject”) processed within the framework of the “Underlying Assignment”; an identifiable natural person is one who can be identified, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or by one or more elements characteristic of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Personal data of a sensitive nature
Personal data where loss or unlawful processing could lead to (among other things) stigmatization or exclusion of the Data Subject, damage to health, financial damage or (identity) fraud.
These categories of personal data must in any case include:
• Special personal data
• Data concerning the financial or economic situation of the Data Subject
• (Other) data that could lead to the stigmatization or exclusion of the Data Subject
• Usernames, passwords, and other login credentials
• Data that can be misused for (identity) fraud
Process / Processing:
Any processing or set of processing operations performed on personal data or on a set of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, updating or modification, retrieval, consultation, use, provision by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
GDPR
General Data Protection Regulation, including the implementing act of this regulation. The GDPR replaces the Personal Data Protection Act as of 25 May 2018.
2. Applicability and duration
2.1 These Terms and Conditions apply to any Processing performed by Us as Processor based on the Underlying Instruction given by You as Controller.
2.2 These Terms and Conditions enter into force on the date the Underlying Assignment becomes effective and terminate at the moment we no longer hold Personal Data that we process for you in the context of the Underlying Assignment. It is not possible to terminate these Terms and Conditions prematurely.
2.3 Articles 6 and 7 of these Terms and Conditions shall continue to apply, even after the Terms and Conditions (or the Underlying Assignment) are no longer applicable.
3. Processing
3.1 We process the Personal Data exclusively in the manner agreed upon with you in the Underlying Assignment. We do not process this data for longer or more extensively than is necessary for the execution of this Underlying Assignment. The processing takes place in accordance with your written instructions, unless we are required by law or regulation to act otherwise (for example, when assessing whether a report of an “unusual transaction” must be made in the context of the Anti-Money Laundering and Counter-Terrorism Financing Act (Wwft)).
If, in our opinion, an instruction infringes the GDPR, we will notify you immediately.
3.2 The Processing takes place under Your responsibility. We have no control over the purpose and means of the Processing and do not make decisions regarding matters such as the use of Personal Data, the retention period of the Personal Data processed for you, and the provision of Personal Data to Third Parties. You must ensure that You have clearly established the purpose and means of the Processing of the Personal Data. Control over the Personal Data never rests with Us. Should We have an independent obligation based on statutory regulations or the professional and ethical rules applicable to administrators/accountants regarding the Processing of Personal Data, We shall comply with these obligations.
3.3 You are legally obliged to comply with applicable laws and regulations regarding privacy. In particular, you must determine whether there is a lawful basis for Processing the Personal Data. We ensure that We comply with the regulations applicable to us as a Processor regarding the Processing of Personal Data and the agreements We have made in these Terms and Conditions.
3.4 We ensure that only Our Employees have access to the Personal Data. The exception to this is included in Article 3.5. We restrict access to Employees for whom access is necessary for their work, whereby access is limited to Personal Data that these Employees need for their work. Furthermore, we ensure that the Employees who have access to the Personal Data have received proper and complete instructions regarding the handling of Personal Data and that they are aware of the responsibilities and legal obligations.
3.5 We may engage other processors (Sub-processors) to perform certain activities arising from the Underlying Assignment, for example if these Sub-processors possess specialized knowledge or resources that We do not have. If the engagement of Sub-processors results in them Processing Personal Data, we will impose the obligations set out in these Terms and Conditions on those Sub-processors (in writing). By reading these Terms and Conditions, you consent to the engagement of the Sub-processors listed in the Appendix to these Terms and Conditions. We will inform you in advance about the engagement of other Sub-processors and give you the opportunity to object thereto.
3.6 To the extent possible, We will assist You in fulfilling Your obligations to handle requests for the exercise of rights by Data Subjects. If We receive requests (directly) from the Data Subject(s) for the exercise of their rights (for example, access, modification, or deletion of Personal Data), We will forward these requests to You. You will handle these requests yourself, although We can naturally assist You if We have access to these Personal Data within the scope of the Underlying Assignment. We may charge costs for this.
3.7 We will only Process the Personal Data within the European Economic Area, unless We have made other arrangements with You regarding this. We will record these arrangements jointly in writing, or by email. By acknowledging these Terms and Conditions, you consent to the Processing outside the EEA mentioned in the Annex accompanying these Terms and Conditions.
3.8 If We receive a request to make Personal Data available, We will only do so if the request has been made by a competent authority. Furthermore, We will first assess whether We are of the opinion that the request is binding, or whether We are required to comply with the request on the basis of rules of conduct and professional ethics. If there are no criminal or other legal impediments, We will notify You of the request. We will endeavor to do so within such a short period of time that it is possible for You to institute any legal remedies against the provision of the Personal Data. If We are permitted to notify You, We will also consult with You regarding the manner in which and which data We will make available.
4. Security measures
4.1 We have taken the security measures listed in the Annex to these Conditions. When taking the security measures, account was taken of the risks to be mitigated, the state of the art, and the costs of the security measures.
4.2 You have informed yourself well about the security measures We have taken and are of the opinion that these measures provide a level of security that is appropriate to the nature of the Personal Data and the scope, context, purposes, and risks of the Processing.
4.3 We will inform you if any of the security measures change substantially.
4.4 We provide appropriate safeguards for the application of the technical and organizational security measures regarding the Processing to be performed. If you wish to have the manner in which we comply with the security measures inspected, you may submit a request to us for this purpose. We will make arrangements with you jointly regarding this. The costs of an inspection shall be for your account. You shall make a copy of the inspection report available to us.
5. Data breaches
5.1 In the event of a Data Breach, We will notify You thereof. We endeavor to do so within 48 hours after we discover the Data Breach, or as soon as possible after we have been informed thereof by Our Sub-processors. Further agreements regarding the manner in which this is done are included in Article 11 of these Terms and Conditions. We will provide You with the information you reasonably require to – if necessary – make a correct and complete report to the Dutch Data Protection Authority and, where applicable, the Data Subject(s) in the context of the Data Breach Notification Obligation, or we will forward the report from our Sub-processor to you. We will also keep You informed of the measures taken by Us, or our Sub-processor, in response to the Data Breach.
5.2 Reporting data breaches to the Dutch Data Protection Authority and (if applicable) the Data Subject(s) is always your own responsibility.
5.3 Maintaining a register of data breaches is always your own responsibility.
6. Duty of confidentiality:
6.1 We keep the Personal Data obtained from you confidential and also require Our Employee and any Sub-processors to maintain confidentiality.
7. Liability
7.1 You warrant that the Processing of Personal Data based on these Terms and Conditions is not unlawful and does not infringe upon the rights of the Data Subject(s).
7.2 We are not liable for damage resulting from your failure to comply with the GDPR or other laws or regulations. You also indemnify us against claims from Third Parties based on such damage. The indemnification applies not only to the damage suffered by Third Parties (material as well as immaterial), but also to the costs we must incur in connection therewith, for example in any legal proceedings, and the costs of any fines imposed on Us as a result of your actions.
7.3 The limitation of Our liability agreed upon in the Underlying Assignment and the associated general terms and conditions applies to the obligations as set forth in these Terms and Conditions, provided that one or more claims for damages arising from these Terms and Conditions and/or the Underlying Assignment shall never lead to exceeding the limitation.
8. Transferability of Conditions
8.1 Unless We Jointly agree otherwise in writing, neither You nor Us are permitted to transfer these Terms and Conditions and the rights and obligations associated with these Terms and Conditions to another party.
9. Termination and return / destruction of Personal Data
9.1 If the Underlying Assignment is terminated, We will return the Personal Data provided by You to Us to You or – if You request us to do so – destroy it. We will only retain a copy of the Personal Data if We are required to do so pursuant to law or (professional) regulations.
9.2 The costs of collecting and transferring Personal Data upon termination of the Underlying Assignment shall be for your account. The same applies to the costs of destroying the Personal Data. If you request it, We will provide you with a cost estimate in advance.
10. Additions and amendments to Terms and Conditions
10.1 Additions and amendments to these Terms and Conditions are only valid if they are in writing. “In writing” also includes amendments communicated by email, followed by an agreement by email from the other party.
10.2 A change in the Personal Data processed or in the reliability requirements, privacy regulations, or your requirements may give rise to supplementing or amending these Terms. If this leads to significant adjustments to the underlying assignment, or if We are unable to provide an adequate level of protection, this may be grounds for Us to terminate the Underlying Assignment.
11. Final provisions
11.1 At your request, We will make available to you all information necessary to demonstrate compliance with the obligations set forth in these Terms and Conditions. We will facilitate and contribute to audits, including inspections, by you or an auditor authorized by you. The costs of such requests, audits, or inspections shall be for your account. Any audits at Our Sub-processors shall also be for your account.
11.2 The Parties shall cooperate with the supervisory authority in the performance of its tasks upon request.
11.3 These Terms and Conditions are governed by Dutch law, and the Dutch courts have jurisdiction to hear all disputes arising from or related to these Terms and Conditions.
11.4 These Terms and Conditions take precedence over other agreements concluded by Us with You. If You use general terms and conditions, these shall not apply to these Terms and Conditions. The provisions of these Terms and Conditions prevail over the provisions in Our general terms and conditions, unless explicit reference is made to a provision in the general terms and conditions.
11.5 If one or more provisions in these Terms and Conditions prove to be invalid, this shall not affect the validity of the other provisions in these Terms and Conditions. We will then consult with you to jointly draft a new provision. This provision shall be as much as possible in the spirit of the invalid provision, but naturally formulated in such a way that the provision is valid.
Appendix 1 – to Conditions
Register of Personal Data and Data Subjects
Personal data
The data listed below are processed for the purpose of handling the Underlying Assignment, the financial administration, and, where applicable, fiscal and tax-related matters and the payroll administration. The data is recorded in the financial administration, in fiscal and tax-related matters, in the payroll administration, and in internal storage. We are bound by a retention obligation of at least 7 years.
The following personal and other data may be processed within the framework of the Underlying Assignment:
• Company name
• Name and address details
• Date of birth
• BSN
• Email address
• Phone number
• Chamber of Commerce number
• VAT number
• Payroll tax number
• RSIN
• IBAN
• Business start date
• IP address
• Medical data
Processing
We process Personal Data for you in the following ways:
We register your data for the purpose of carrying out the Underlying Assignment regarding financial administration, and, where applicable, for performing work on fiscal and tax-related services and payroll administration.
You determine which Personal Data is processed and in what manner. You are the Controller of this processing.
Categories of Stakeholders
• You
• Your Partner
• Your children
• Your Employees
• Your Relationships
Cookiebeleid
Onze website maakt gebruik van cookies. Een cookie is een eenvoudig klein bestandje dat met pagina’s van deze website wordt meegestuurd en door de browser op de harde schijf van je computer wordt opgeslagen. Hierdoor kunnen we je bij een volgend bezoek herkennen. Cookies worden gebruikt om onze website gebruiksvriendelijker te maken. Ook gebruiken wij cookies voor onze CRM systeem Zoho, social media zoals LinkedIn en Meta, en Google Analytics.
Het gebruik van cookies is veilig. Persoonlijke informatie wordt niet opgeslagen in cookies. Cookies zijn bedoeld om het gebruik van onze website gemakkelijker te maken en om ons inzicht te geven in hoe de website wordt gebruikt. Door verder gebruik te maken van onze website ga je akkoord met het gebruik van cookies zoals beschreven in dit cookiebeleid.
CRM systeem Zoho
Door middel van cookies kunnen we gebruikersgegevens in ons CRM systeem Zoho opslaan, zoals bijvoorbeeld de gegevens van je bezoek, of informatie die je invult bij het invullen van een formulier op onze website. Hierdoor kunnen we vervolgacties op onze website personaliseren.
Social media
Onze website bevat de Meta-pixel en LinkedIn-Insight. Deze tags werken door middel van stukjes code die van de betreffende social media zelf afkomstig zijn. Dit gebruiken wij voor eventuele advertenties op Facebook, Instagram en LinkedIn.
Google Analytics 4
Onze website maakt gebruik van Google Analytics 4. Dat is een webanalyse-service die wordt aangeboden door Google. Google Analytics 4 maakt gebruik van cookies om ons inzicht te geven in hoe bezoekers de website gebruiken. Het kan zijn dat Google op grond van geldende wet- en regelgeving verplicht is om inzage in deze gegevens te geven.
Dit cookiebeleid is voor het laatst bijgewerkt op 10 januari 2023. Wij behouden ons het recht voor om wijzigingen aan te brengen in het cookiebeleid. Het is daarom raadzaam om regelmatig dit beleid te raadplegen zodat je op de hoogte bent van eventuele wijzigingen.
Indien je vragen hebt over ons cookiebeleid of over de cookies die op onze website worden geplaatst, kun je contact met ons opnemen.