Personal data and purposes of processing
We provide tax advice, prepare tax returns and administrative records, including payroll records. We process personal data for these fiscal and administrative services. This concerns, among other things, name and address details, identity documents, salary data, citizen service numbers, VAT numbers, telephone numbers, email addresses and all other financially relevant information. If you have subscribed to our newsletter, or have procured services from us, we will occasionally inform you of developments in the field of taxation. You can unsubscribe from our newsletters at any time via a link in the relevant email. You have to register first before using Digidos. In that case, you must provide information about yourself and choose a username. We use it to create an account, after which you can log in with that username and a password of your choosing. We store this information for as long as your account exists. You can modify information via your account whenever you want.
Security of the personal data
The personal data is saved and stored on both local servers and in the cloud. We have taken appropriate technical and organisational measures in order to protect the personal data as effectively as possible against unauthorised access and misuse. Access to our servers from outside is excluded by both hardware and software applications. We have a strict policy regarding the use of very strong usernames and passwords. Our website, including Digidos, works on the basis of the HTTPS protocol. The Digidos environment has two-step verification. Our WiFi network is completely separate from our server environment. Access to business email via a smartphone has an extra layer of security.
Personal data that we share with third parties
We do not share personal data with third parties, except in the following cases:
- Companies that we engage for the purpose of our service provision (‘sub-processors’), such as Flexwebhosting, Reed Business Information, CASH Software and Mailchimp. We have made agreements with the sub-processors about the careful use and appropriate protection of your personal data in processing agreements. Where possible, we make use of two-step verification.
- Authorities or parties to whom we have to disclose specific personal data based on a statutory provision.
We do not store your personal data longer than is necessary for the purposes for which we received the personal data. This means that we normally store your data for a period of 10 years. You are entitled to request that we delete your data sooner. You also have the right to request inspection, modification, addition to or transfer of your personal data. Furthermore, you can submit a request to limit specific data processing or lodge an objection against this. You can submit a request for this in writing or by email using the contact details below. After receiving your request, we will respond within the statutory period of four weeks.
Contact – questions or complaints
If you have questions, comments or complaints about the processing and/or protection of your personal data by us, please contact us in writing, or by email via [email protected]. Of course, you can also contact your fixed contact person at our office.
For the sake of completeness, we would also like to point out that you are entitled to submit a complaint to the regulatory authority. The Dutch regulatory authority with regard to data protection is the Dutch Data Protection Authority: https://autoriteitpersoonsgegevens.nl/.