Global Privacy Policy


1. Why do we use your personal data?

The General Data Protection Regulation (hereinafter: GDPR) requires that we handle personal data with care. In this privacy statement we explain why and how we use your personal data.

We require information from you because of the contractual agreements between you and RSM Nederland, because we provide you with business services, such as auditing or consultancy activities, the preparation of the annual accounts, tax activities or payroll administration.

Laws and regulations also require us to pass on personal data to the authorities. For example, under the Money Laundering and Terrorist Financing (Prevention) Act (Wwft), we are required to carry out client screening, identify and verify clients and report unusual transactions.

In addition, we will process your data if you register to participate in a meeting or to receive information. We do this in various ways: a newsletter, the website, targeted mailings, personal advice, etc. We always consider your privacy. In these cases, we request your permission to use your data. You will always have the option to deregister.

2. What principles do we apply?

RSM Nederland handles personal data in a safe manner and respects the privacy of the data subjects. RSM Nederland adheres to the following principles:

2.1. Lawfulness, decency, transparency

Personal data is processed in accordance with the law and with due care. We do not process special personal data and/or sensitive personal data.

2.2. Basis and purpose limitation

RSM Nederland ensures that personal data is only collected and processed for specific, explicitly described and justified purposes. Personal data is only processed on a legitimate basis.

2.3. Data minimisation

RSM Nederland only processes the minimum personal data necessary for the predefined purpose. RSM Nederland aims for minimal data processing. Where possible, less or no personal data will be processed.

2.4. Retention period

The retention of personal data may be necessary for the proper performance of the tasks or to comply with statutory obligations. We do not retain or use your data for longer than is necessary and permitted by law. After that we will delete any data relating to you that we have. If we need certain data for internal analyses and reports, we anonymize personal data. We apply the instructions of the professional organisation and the legal requirements in respect of the retention periods. For example, we use a retention period of 2 years for sending information and registering at meetings.

2.5. Integrity and confidentiality

RSM Nederland handles personal data with care and treats it confidentially. For example, personal data is only processed by persons subject to an obligation of confidentiality and for the purpose for which this data has been collected. In doing so, RSM Nederland ensures the appropriate security of personal data. This security is laid down in the data security policy.

2.6. Sharing with third parties

We will only pass on your data to other parties if this is really necessary for our services. If we cooperate with external parties that process personal data, RSM Nederland will make agreements about the requirements such data exchange must meet. These agreements comply with privacy legislation. RSM Nederland checks these agreements periodically.

The parties we give access to your data may only use them to carry out the work requested by us, unless they are responsible for obtaining and protecting your data. We do not sell your data to third parties.

2.7. Subsidiarity

To achieve the purpose for which the personal data is processed, infringement of privacy is limited to the extent possible.

2.8. Proportionality

We assess whether the purpose of the processing can also be achieved in any other way using less privacy-sensitive data.

2.9. Rights of data subjects

Obviously, you remain in charge of your data. If you would like to modify, delete or limit the use of your data, change your email preferences or view the use of your data, please contact us by telephone, by post or by email. You can also object to the use of your data in this way or indicate that you believe that your privacy outweighs our interests. In that case, we will review the situation.

Unsubscribing from newsletters and mailings is easy by using the link at the bottom of the newsletter or mailing.

3. How do we handle your data?

3.1. Register of processing operations

RSM Nederland keeps a register of all processing operations for which we are the controller. This register contains a description of what takes place during processing, and what data is used for this purpose. The following information is recorded:

  • The name and contact details of the controller and, if possible, of the joint controller;
  • The purposes of the processing operation:
  • A description of the type of personal data and the associated data subjects;
  • A description of the recipients of the personal data;
  • A description of the sharing of personal data with a third country or international organisation;
  • The time limits within which the various personal data are to be deleted;
  • A general description of the security measures.

3.2. Profiling

Profiling refers to automated processing of personal data, which involves looking at certain personal aspects in order to categorise and analyse this person, or to make predictions.

RSM Nederland uses profiling, but only after you have given your consent. We always ask for your explicit consent. You can always withdraw your consent.

3.3. Use of cameras

Cameras can be a major invasion of privacy. To safeguard privacy as much as possible, we only use cameras when there are no other ways to achieve the purpose, and the use of cameras has to meet certain requirements.

RSM Nederland only uses camera surveillance to improve the safety of specific areas. For example, a car park near an RSM office. For each office, we clearly indicate where cameras are installed.

3.4. Appropriate technical and organisational measures

RSM Nederland takes appropriate measures to reduce security risks to an acceptable level. The aim is to prevent data breaches and unwanted use of personal data. We apply the NEN/ISO 27001/2 set of standards for this.

3.5. Cookies

RSM Nederland uses technical and functional cookies on its website. A cookie is a small text file that is stored on your computer, tablet or smartphone when you visit this website for the first time. The cookies we use are necessary for the technical operation of the website and your convenience. They ensure that the website functions properly and remembers, for example, your preferred settings. It also enables us to optimise our website. In addition, we place cookies that track the surfing behaviour of visitors, allowing us to see how often certain content is visited. The purpose is to provide the best possible information via the website. Cookies may not be used to identify you on third party websites. You can opt out of cookies by changing the settings of your internet browser so that it no longer stores cookies. In addition, you can delete all information previously stored through your browser's settings.

4. Do you have any questions or complaints?

We are responsible for the data you entrust to us.

For questions or complaints about the protection of your data and the protection of your privacy, please contact us:

Monica Versteegh at our Amsterdam office, email: [email protected], or Eric Mantelaers at our Heerlen office, email: [email protected].

You can also send an email to: [email protected]

If you have a complaint about the manner in which we handle your privacy, you may also contact the privacy authority.

The privacystatement  can also be obtained in pdf.