INVOICE SUBJECT TO THE TERMS OF PAYMENT:

TERMS OF PAYMENT

1. By using the services of Auditor Guy Parmentier, the client waives the application of his/her own terms of payment. All payment requests from Auditor Guy Parmentier are payable within 10 days in Schoten, Valkenlaan 31, unless otherwise agreed in writing.
2. Any delay in payment will automatically and without prior notice result in the client being liable to pay interest of 8% per year, starting from the day after the due date.
3. Each reminder sent will automatically incur an additional charge of 50 euros per reminder for the client.
4. In the event of legal recovery, a conventional compensation of 10% on the total outstanding amount, with a minimum of 150 euros, as well as court costs, will be charged.
5. The inclusion of this invoice in our accounting records serves as proof of its dispatch and receipt by the recipient.
6. If payment requests remain unpaid despite our formal notice, Auditor Guy Parmentier reserves the right to cease all further services. Auditor Guy Parmentier cannot be held liable for any damages resulting therefrom.
7. Any complaints must be submitted by registered mail within 8 days from the invoice date.
8. All payment requests and the general terms and conditions applicable to them, including their validity, interpretation, or execution, as well as any consequences or disputes arising therefrom, shall be governed exclusively by Belgian law. The application of any other law is explicitly excluded.
9. All payment requests and the general terms and conditions applicable to them, including their validity, interpretation, or execution, as well as any consequences or disputes arising therefrom, shall fall under the exclusive jurisdiction of the Belgian courts, specifically the courts of the judicial district of Antwerp, Antwerp division.
10. The liability of Auditor Guy Parmentier, his employees, or appointees is limited to the maximum amount payable by the professional liability insurer.

Privacy and Protection of Personal Data

Introduction
As a statutory audit firm, we process a significant amount of data. Some of this data pertains to personal data, and in this context, we inform you of the following.
The personal data we process may relate to you as a client of the firm, or to you as a business contact of our clients (such as if you are a supplier or customer of our client). In any case, as a data subject whose personal data we process, we must inform you of the following.

1. Controller of Personal Data Processing
The controller of the personal data is BV ovv BVBA Guy Parmentier.

The registered office of the controller is located at 2900 Schoten, Brechtsebaan 200, with company number 0480.463.170.

The controller is registered with the Institute of Statutory Auditors under recognition number A01479.

For any questions regarding the protection of personal data, you can always contact BV ovv BVBA Guy Parmentier by mail at the above address or via email at guy@parmrev.be.

2. Purposes of Personal Data Processing
The firm processes personal data for the following purposes:

A. Application of the Law of 18 September 2017 on the prevention of money laundering and terrorist financing and limiting the use of cash.

1° In accordance with Article 26 of the law of 18 September 2017, our firm must collect the following personal data concerning our clients and their representatives: name, first name, date and place of birth, and, if possible, the address.

2° In accordance with Article 26 of the law of 18 September 2017, our firm must collect the following personal data concerning the ultimate beneficial owners of the clients: name, first name, and, if possible, date and place of birth, and address.

Processing this data is a legal obligation. Without this information, we cannot enter into a business relationship (Art. 33 of the Law of 18 September 2017).

B. Obligations imposed on the firm by Belgian authorities, foreign authorities, or international institutions under legal or regulatory obligations, judicial decisions, or in the context of legitimate interests (e.g., but not limited to, current and future tax obligations—such as VAT listings, tax forms—and social legislation) require us to process personal data.

This processing is legally required. Without this data, we cannot establish a business relationship.

C. Execution of an agreement regarding accounting and tax services. This concerns data of clients themselves, their employees, directors, and others involved such as customers or suppliers.

Without providing and processing this data, we cannot properly execute our duties as statutory auditor.

3. What personal data and from whom?
For the purposes outlined in section 2, our firm may process the following data: first name, surname, email address, biometric data (copy of ID card or passport), address, company number, national registry number, etc.

Please list but clearly limit to what is necessary for the intended purpose.

In the context of personal income tax filings via Tax-on-web, we may also process: children, union or political memberships, medical information.

We process personal data provided by the data subjects themselves or their associates.

We also process personal data not directly provided by the data subject, such as data supplied by the client about their employees, directors, customers, suppliers, or shareholders.

Data may also originate from public sources such as the Crossroads Bank for Enterprises, the Belgian Official Gazette, the National Bank of Belgium (Central Balance Sheet Office), etc.

Data will only be processed to the extent necessary for the purposes listed in point 2.

Personal data will not be transferred to third countries or international organizations.

4. Data Recipients
In accordance with the above and except when disclosure is required to third-party service providers acting on behalf of and under the control of the controller, the firm will not disclose, sell, rent, or exchange collected personal data with any other organization or entity unless you have been informed and expressly consented beforehand.

The firm works with third-party service providers:

• The firm uses electronic accounting software and a related portal.
• The firm engages external service providers for specific tasks or assignments (e.g. statutory auditor, notary…).
• ….

The firm may take any necessary measures to ensure proper management of the website and its IT systems.

The firm may disclose personal data at the request of any legally authorized authority, or on its own initiative if it believes in good faith that disclosure is necessary to comply with laws or regulations, or to defend or protect the firm’s rights or property, its clients, its website, and/or you.

5. Security Measures
To prevent, as far as possible, unauthorized access to the collected personal data, the firm has implemented security and organizational procedures covering both the collection and storage of this data.

These procedures also apply to all processors used by the firm.

6. Retention Period
6.1. Personal data that we must retain under the Law of 18 September 2017 (see 2.A.)
This includes identification data and copies of supporting documents related to our clients, internal and external representatives, and the ultimate beneficial owners of our clients.

These personal data are stored, in accordance with Article 60 of the Law of 18 September 2017, for a maximum of ten years after the end of the business relationship or from the date of a one-off transaction.

6.2. Other personal data
Personal data not mentioned above are retained only for the periods provided in the applicable legislation, such as accounting, tax, or social law.

6.3. After the expiration of the above periods, personal data will be deleted, unless other legislation requires a longer retention period.

7. Rights to access, rectification, erasure, data portability, objection, non-profiling, and breach notification
7.1. Concerning the personal data we are required to retain under the Law of 18 September 2017
This concerns personal data of our clients, representatives, and the ultimate beneficial owners of clients.

Please note Article 65 of the Law of 18 September 2017:

“Art. 65. The person whose personal data is processed under this law does not have the right to access or rectify their data, nor the right to erasure, data portability, objection, non-profiling, or to be notified of data breaches.

The right of access may only be exercised indirectly under Article 13 of the law of 8 December 1992 by contacting the Data Protection Authority established under Article 23 of that law.

The Authority will only confirm whether verification was carried out and whether the data processing was lawful.

These data may be disclosed to the applicant only if the Authority, in consultation with the CFI and after advice from the controller, determines that such disclosure would not reveal the existence of a suspicious transaction or undermine the objectives of AML/CTF laws, and that the data pertains to the applicant and is held by obligated entities, the CFI, or supervisory authorities under this law.”

To exercise your rights regarding such data, you must contact the Data Protection Authority (see point 8).

7.2. All other personal data
To exercise your rights concerning other personal data, you can always contact Mr. Guy Parmentier.

8. Complaints
If you wish to file a complaint regarding the processing of personal data by our firm, you may contact the Data Protection Authority:

Data Protection Authority (GBA)
Drukpersstraat 35, 1000 Brussels
Tel: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
Email: commission@privacycommission.be
URL: https://www.privacycommission.be