1. WHY DO WE USE YOUR PERSONAL DATA?
The General Data Protection Regulation (hereinafter: GDPR) requires that we handle personal data with care. In this privacy statement we explain why and how we use your personal data.
We require information from you because of the contractual agreements between you and RSM, because we provide you with business services, such as auditing or consultancy activities, the preparation of the annual accounts, tax activities or payroll administration. Laws and regulations also require us to pass on personal data to the authorities. For example, under the Money Laundering and Terrorist Financing (Prevention) Act (Wwft), we are required to carry out client screening, identify and verify clients and report unusual transactions.
In addition, we will process your data if you register to participate in a meeting or to receive information. We do this in various ways: a newsletter, the website, targeted mailings, personal advice, etc. We always consider your privacy. In these cases, we request your permission to use your data. You will always have the option to deregister.
2. WHAT PRINCIPLES DO WE APPLY?
RSM handles personal data in a safe manner and respects the privacy of the data subjects. RSM adheres to the following principles:
2.1. LAWFULNESS, DECENCY, TRANSPARENCY
Personal data is processed in accordance with the law and with due care. We do not process special personal data and/or sensitive personal data.
2.2. BASIS AND PURPOSE LIMITATION
RSM ensures that personal data is only collected and processed for specific, explicitly described and justified purposes. Personal data is only processed on a legitimate basis.
2.3. DATA MINIMISATION
RSM only processes the minimum personal data necessary for the predefined purpose. RSM aims for minimal data processing. Where possible, less or no personal data will be processed.
2.4. RETENTION PERIOD
The retention of personal data may be necessary for the proper performance of the tasks or to comply with statutory obligations. We do not retain or use your data for longer than is necessary and permitted by law. After that we will delete any data relating to you that we have. If we need certain data for internal analyses and reports, we anonymize personal data. We apply the instructions of the professional organisation and the legal requirements in respect of the retention periods. For example, we use a retention period of 2 years for sending information and registering at meetings.
2.5. INTEGRITY AND CONFIDENTIALITY
RSM Nederland handles personal data with care and treats it confidentially. For example, personal data is only processed by persons subject to an obligation of confidentiality and for the purpose for which this data has been collected. In doing so, RSM Nederland ensures the appropriate security of personal data. This security is laid down in the data security policy.
2.6. SHARING WITH THIRD PARTIES
We will only pass on your data to other parties if this is really necessary for our services. If we cooperate with external parties that process personal data, RSM will make agreements about the requirements such data exchange must meet. These agreements comply with privacy legislation. RSM checks these agreements periodically.
The parties we give access to your data may only use them to carry out the work requested by us, unless they are responsible for obtaining and protecting your data. We do not sell your data to third parties.
To achieve the purpose for which the personal data is processed, infringement of privacy is limited to the extent possible.
We assess whether the purpose of the processing can also be achieved in any other way using less privacy-sensitive data.
2.9. RIGHTS OF DATA SUBJECTS
Obviously, you remain in charge of your data. If you would like to modify, delete or limit the use of your data, change your email preferences or view the use of your data, please contact us by telephone, by post or by email. You can also object to the use of your data in this way or indicate that you believe that your privacy outweighs our interests. In that case, we will review the situation.
Unsubscribing from newsletters and mailings is easy by using the link at the bottom of the newsletter or mailing.
3. HOW DO WE HANDLE YOUR DATA?
3.1. REGISTER OF PROCESSING OPERATIONS
RSM keeps a register of all processing operations for which we are the controller. This register contains a description of what takes place during processing, and what data is used for this purpose. The following information is recorded:
The name and contact details of the controller and, if possible, of the joint controller;
The purposes of the processing operation:
A description of the type of personal data and the associated data subjects;
A description of the recipients of the personal data;
A description of the sharing of personal data with a third country or international organisation;
The time limits within which the various personal data are to be deleted;
A general description of the security measures.
Profiling refers to automated processing of personal data, which involves looking at certain personal aspects in order to categorise and analyse this person, or to make predictions.
RSM uses profiling, but only after you have given your consent. We always ask for your explicit consent. You can always withdraw your consent.
3.3. USE OF CAMERAS
Cameras can be a major invasion of privacy. To safeguard privacy as much as possible, we only use cameras when there are no other ways to achieve the purpose, and the use of cameras has to meet certain requirements.
RSM only uses camera surveillance to improve the safety of specific areas. For example, a car park near an RSM office. For each office, we clearly indicate where cameras are installed.
3.4. APPROPRIATE TECHNICAL AND ORGANISATIONAL MEASURES
RSM takes appropriate measures to reduce security risks to an acceptable level. The aim is to prevent data breaches and unwanted use of personal data. We apply the NEN/ISO 27001/2 set of standards for this.
A cookie is a small text file, which often includes a unique identifier, which is issued to your computer or device when you visit a website.
Each website can send its own cookie to your browser if your browser's preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites. Many websites do this whenever a user visits their website in order to track online traffic flows.
4. DO YOU HAVE ANY QUESTIONS OR COMPLAINTS?
We are responsible for the data you entrust to us.
For questions or complaints about the protection of your data and the protection of your privacy, please contact us:
• Monica Versteegh: email: [email protected], or
• You can also send an email to: [email protected]
If you have a complaint about the manner in which we handle your privacy, you may also contact the privacy authority.
The privacystatement can also be obtained in pdf.