020-716 5444

info@fsfh.nl

Suikersilo-West 16

1165 MP Halfweg

Contact

Privacy policy

appendix 1 – Processing of personal data

(Related to the Processor Agreement entered into between Controller and Processor regarding processing of Personal Data)

 

 

The following types of Personal Data may be Processed by Processor on behalf of Processor:

 

  • NAW data
  • Phone number
  • Email address
  • Website
  • Citizen Service Number
  • Salary and pension information
  • Fiscal data
  • Bank account numbers
  • Copy ID

 

 

Categories of Data Subjects
If payroll administration is performed by us, we process the necessary personal data of affected employees in order to comply with legal provisions.

 

In the event that we prepare income tax returns, we process the necessary personal data of affected individuals.

Purpose of processing:

 

Administration

– Setting up an efficient administration (general ledger chart of accounts);

– Providing incoming and outgoing invoices with an account number that corresponds to the customer’s general ledger account schedule (coding);

– Checking customer self-coded incoming and outgoing invoices;

– Processing records to be supplied by customer (cash book, bank account statements, copies of incoming and outgoing invoices) in customer’s records on our administrative office’s computer;

– Checking the records processed by the client on his computer against the balance sheet, general ledger and journal entries (which, at the request of our office, will be accompanied by: cash book, bank statements and copies of incoming and outgoing invoices);

 

Payroll

– Calculating and preparing gross/net wage statements for employees;

– Providing payment orders related to wages payable to employees of client;

– Handling the registration and deregistration of client employees with the Internal Revenue Service and providing payroll tax statements;

– Taking care of sick and recovery notifications of employees of client and consulting with the Occupational Health Service to ensure reintegration obligations;

– Checking any post-tax assessments for combined payroll tax payments, as well as notes from the pension fund implementing agency and industry scheme implementing agency;

– drafting employment contracts;

– Reviewing collective wage statements for the purpose of preparing financial statements;

– checking the wages paid in relation to already issued combined payroll tax remittances and, if necessary, making known additional remittance obligations (own notification of correction);

– Providing client monthly returns for combined payroll tax payments;

– Creating the payroll journal entry for processing in client’s records and maintaining a payroll statement for each individual employee;

– Providing annual wage statements on behalf of client’s employees after the end of the calendar year;

– making pro forma calculations of net wages and payroll costs when new employees are (potentially) hired;

– periodically checking that the wages of customer’s employees are in compliance with the Minimum Wage and Minimum Holiday Allowance Act and the collective bargaining agreement;

– verifying the existence of applicable wage subsidies, remittance deductions and the like, and applying for and applying them as necessary;

 

 

Duration of processing:

 

Processor has to comply with the legally prescribed retention periods:

 

Retention period for data relating to real estate 10 years

Retention period other data 7 years

 

Subprocessors:

 

Twinfield www.twinfield.com

Exact Online www.exactonline.com

Numbers www.nmbrs.nl

 

 

 

 

 

 

 

 

APPENDIX 2 – COORDINATORS

(Related to the Processor Agreement concluded between Controller and Processor regarding the Processing of Personal Data)

 

 

 

 

Coordinator(s) to be determined by Controller:

 

Name Coordinator Function Phone Email

 

 

 

 

Coordinator(s) Processor:

 

Name Coordinator Function Phone Email
Mrs. Margo Derr Secretariat 020-4100933 margo@raijmad.nl
Mrs. Donna Marbus Secretariat 020-4100922 donna@raijmad.nl

 

 

 

 

 

Procedure for Data Breaches:

 

The Coordinator of Processor shall report Data Breaches, in the case referred to in Article 6.2 of the Processor Agreement, to the Coordinator of Controller in accordance with the following procedure:

Processor shall report a Data Breach both by telephone and by electronic message.

 

  1. Processor shall include at least the following information:

The (probable) cause of the Data Breach , where possible indicating the (categories of) data subjects and personal data records in question and, approximately, the number of data subjects and personal data records in question;

 

  1. The (as yet known and/or foreseeable) consequences of the Data Breach;

 

  1. location details of the Data breach;

 

  1. any unauthorized recipients of the Personal Data and any available information about them;

 

  1. proposals for mitigation measures;

 

  1. other data that a notification of a Data Breach to a supervisory authority and to Data Subject must include according to the relevant laws and regulations, including in particular the Annex ‘Data in the notification’ to the ‘Policy Rules for application of Article 34a of the Wbp’ of the Personal Data Authority.

 

appendix 3 – technical and organizational security measures

(Related to the Processor Agreement entered into between Controller and Processor regarding processing of Personal Data)

 

 

 

Security measures per creation of Processor Agreement:

We take appropriate security measures to minimize misuse of, and unauthorized access to, personal data held by us.

 

Through our Information Security policy, we ensure that only the necessary individuals have access to the data and that access to the data is adequately protected. In addition, our security measures are regularly monitored and reviewed.