Privacy statement
Version 2026-05-14
1. Who processes your data?
Your accountancy firm (the data controller) processes your personal data for the sole purpose of preparing, discussing with you and filing your personal income tax return with the FPS Finance. The technical processing happens via the mijnpersonenbelasting.be platform.
2. Which data?
- Identification data (name, date of birth, national register number)
- Contact data (email, mobile, address)
- Family situation (civil status, partner, dependent children)
- Tax data (profession, IBAN, answers to the short questionnaire)
- Photos of your eID (front and back), optionally also of your partner
The photos of your eID are read only on your own device (local OCR in the browser). Only when you press Submit are the photo and extracted fields sent to your office, encrypted in transit.
3. Legal basis
We process your data on the basis of your explicit consent (art. 6.1.a GDPR) and — once the engagement letter is signed — on the basis of the performance of the contract between you and your accountancy firm (art. 6.1.b GDPR). The national register number is processed on the basis of a legal obligation in the context of the personal income tax return.
4. Retention period
Your data is kept for as long as needed to handle your tax file and for the statutory retention periods applicable to accountancy firms (as a rule 7 years). After that it is permanently deleted.
5. Who sees your data?
- Staff at your accountancy firm who handle your file
- The FPS Finance, for filing your return
- Our technical service provider for hosting the platform (within the EU, under a data processing agreement)
Your data is never sold or used for marketing purposes.
6. Your rights
You have the right at any time to:
- access, correct or delete your data;
- restrict or object to the processing;
- withdraw your consent via the revocation link you receive after submission, or by contacting your office directly;
- lodge a complaint with the Belgian Data Protection Authority (www.gegevensbeschermingsautoriteit.be).
7. Security
All data transfer is TLS-encrypted. Access is limited to authorised staff at your office. Access logs and the origin of changes are kept.