Privacy statement
Less Grey in Alkmaar
Version 1.3, 18 December 2018
1. Introduction
Less Grey is an independent tax consultancy in the field of indirect taxation, specialising in turnover tax (VAT). In addition to providing advice, we provide support with clients' reporting obligations and applications for the refund of foreign VAT. We act as a proxy in the application of the legal remedies of objection and appeal.
Less Grey's work is carried out from Less Grey B.V. (advice), Less Grey Rep B.V. (VAT representation and compliance) and Less Grey Refund Services B.V. (VAT4U Netherlands).
Less Grey's clients are primarily companies and institutions that act as VAT taxable persons. Our services consist of advising and supporting our clients in the design and implementation of their business operations and the business models to be used.
For the execution of our advisory work, you will receive an order confirmation for signature and your company data, including contact person data, will be included in a data file. In order to fulfil the legal obligations pursuant to the Money Laundering and Terrorist Financing (Prevention) Act (Wwft), we identify the client and record data.
This data also relates to the identification of the natural person representing the client. We protect this personal data in accordance with the General Data Protection Regulation (AVG).
2. Recording and processing
The business and personal data that we record relate to the execution of our work as laid down and agreed in the order confirmation. In addition, company and personal data are recorded in order to fulfil the legal obligation we have under the Wwft.
Your data will be stored in a separate database and used exclusively for our communication in order to carry out our consultancy work.
The recording, storage and retention of personal data in a database means that we are processors as referred to in the AVG. Less Grey is the data controller within the meaning of the AVG.
2.1 Consultancy work
Personal data is only recorded and stored for the purposes of the consultancy business in so far as it forms part of the business data of our clients with whom we have concluded an order confirmation.
2.2 Compliance work, VAT declarations
We use third-party software to perform work relating to the fulfilment of declaration obligations and/or additional reporting obligations for clients. We have concluded a processing agreement with the supplier of the software package concerned.
2.3 Applications for refund of foreign VAT
We use the software solutions of VAT4U for our foreign VAT refund activities. Less Grey Refund Services B.V. has been appointed as the Dutch representative of VAT4U and trades under the name VAT4U Netherlands when performing these activities.
The agreements concluded by VAT4U with Dutch clients for the purpose of reclaiming foreign VAT, and the applicable legal obligations under the AVG in this regard, are included and reflected in a separate Privacy Statement.
3. Less Grey privacy policy
The agreements with Dutch clients form the basis for us to record company and personal data. In addition, the legal obligation as referred to in the Wwft is a basis on which personal data is recorded, stored and retained.
The personal data that we record relate to:
- the name of the representative(s) of our client;
- the telephone number of such representative(s);
- the e-mail address of the representative(s);
- the data as stated on the identification document that has been provided in copy or from which an inspection has been made, containing name, place of birth, date of birth and the number of the identification document.
The number of the identification document is a mandatory prescribed part of the identification of persons within the framework of the Wwft.
Personal data will be retained for the duration of our agreement and after the expiry of this agreement for the period within which we are obliged to comply with statutory retention periods, including those set in connection with the levying of taxes in the Netherlands.
3.1 Other personal data
We may capture, store and keep personal data relating to persons who are not known to be the representative of clients.
These are relations whose personal data have been provided to us by the person concerned. These data can be used to send invitations, newsletters or other business communications aimed at informing the data subject.
The data recorded relate to:
- Company name;
- First name and/or initials;
- Surname;
- E-mail address;
- Telephone number;
- Profile / sector classification
This personal data is stored and retained for as long as the individual is considered to be a relation of Less Grey who is interested in our information.
3.2 Personnel data
Data of persons who are employed by Less Grey as an employee and/or have been employed by Less Grey, is recorded, stored and retained in such a way that this data is only accessible within the organisation to the officer appointed for human resources.
The services of third parties are used to perform activities relating to the payroll and salary administration of staff members, as well as for the recording of disability, illness and pensions. Processing agreements have been concluded with these parties.
3.3 Provision of personnel data to third parties
In the execution of various activities, it is explained in section 2 when use is made of a third party. In addition to the processors mentioned there, Less Grey uses one or more third-party software packages for its financial administration, and the service and support of an external service provider is used for the management and security of our ICT environment.
Less Grey has also concluded processing agreements with parties who provide Less Grey with services, such as in the field of ICT, accountancy, disability and absence administration, pensions and payroll administration.
We do not provide personal data to parties with whom we have not concluded a processing agreement.
3.4 Security
We have taken technical and organisational measures appropriate for the collection and storage of company and personal data. Digital data is stored on a server located within our office building in a special room accessible only to authorised persons.
Access to this digital data is by means of user names and passwords on all our systems.
The back-up of these digital data is provided in a secure environment in a data centre located in the Netherlands. For this purpose, a processor's agreement has been concluded with our ICT manager.
Less Grey's employees are informed about the importance of protecting company and personal data.
3.5 Cookies or similar techniques
Less Grey respects the privacy of visitors to its website www.lessgrey.eu and of users of the mylessgrey.eu portal.
When you visit the website www.lessgrey.eu, your personal data is processed for the improvement of our website and social media sharing. The website keeps track of general visit data, such as IP addresses of the computer, the possible user name, the time of request and data that the browser of a visitor sends.
This data is recorded and can be used to obtain statistical information on the quality and/or effectiveness of the website.
Our website uses three types of cookies: necessary cookies, analytical cookies and social media plug-ins. A cookie is a small text file that is placed on the hard drive of your computer or mobile device by a website you visit. This text file stores information about your visit. This information can be recognised by this website during a later visit. Sometimes another website can also read the cookie and store information in it.
Necessary cookies are cookies required for the functioning of the website.
Analytical cookies are cookies that are used to track how users use the website. Tools such as Google Analytics are used for this purpose.
Google stores this data on servers in the United States. Google is a member of the EU-U.S. Privacy Shield Framework.
We have taken measures within Google Analytics to limit the traceability of visitors to the website and we do not allow Google to use the information obtained for other Google services.
Google may provide the information obtained to third parties if Google is legally obliged to do so, or for these third parties to process the information on behalf of Google (Google processors). You can read the privacy policy of Google here. You can read the specific privacy policy of Google Analytics here.
Social media plug-ins for the social networks LinkedIn, Twitter and Facebook are buttons on a website with which information can be shared on our website. The transmission of data is effected by a code from the social networks themselves.
A plug-in for LinkedIn has been placed on our website. You can read the privacy statement of LinkedIn here.
You have the ability to control and reject cookies by modifying the cookie settings in your browser. Most browsers will tell you how to refuse cookies, how to be informed when a cookie is placed and how to delete cookies placed.
3.6 News & Invitations
Less Grey may offer a newsletter and/or send invitations to those registered as client contacts and to business associates. To send this newsletter or invitations, we use the services of Mailchimp, which stores the data in the U.S. Mailchimp is affiliated with the EU-U.S. Privacy Shield Framework. You can read Mailchimp's privacy policy here.
3.7 Rights concerning your personal data
Natural persons whose data we have recorded, stored and who are subject to retention are entitled to inspect, correct or delete all or part of their personal data.
3.8 Complaints and or questions
If you have a complaint or question about the processing of your personal data by Less Grey, please contact us.
Less Grey
Robijnstraat 26
1812 RB ALKMAAR
secretariaat@lessgrey.eu