Accountant Data Processing Agreement

3 Requirements applicable to the provider 3.1 The provider must process the personal data in accordance with the current Danish data protection regulation, including the General Data Regulation, as soon as it enters into force The data controller must have a precise list of the categories of personal data it processes, in particular if this treatment differs from the categories listed by the subcontractor in Appendix A. „The qualification of accountants may vary depending on the context. When accountants provide services to the general public and small traders on the basis of very general instructions („Create my tax returns“), then, as with lawyers acting in similar circumstances and for similar reasons, the accountant is a data controller. The data controller is responsible at all times for the accuracy, integrity, content and reliability of the personal data processed by the processor. They have fulfilled all mandatory requirements relating to the notification or obtaining of authorisation from the competent authorities with regard to the processing of personal data. They have also fulfilled their disclosure obligations to the competent authorities with regard to the processing of personal data, in accordance with all applicable data protection laws. (i) any request for information from a public authority regarding the disclosure of personal data covered by the Agreement, unless the Supplier is prohibited from informing the Customer in accordance with European Union or State law that applies to the Supplier, (ii) any suspicion or observation of (a) security breaches resulting in destruction, accidental or unlawful loss or alteration; unauthorized disclosure of or unauthorized access to personal data transmitted, stored or processed by the Provider under this Agreement, or (b) any other breach of the Provider`s obligations under clause 3.3 and 3.4 or (iii) any request for access to Personal Data obtained directly by a data subject or a third party. The purpose of entrusting the data processing activities to the provider is to carry out the entire accounting and related activities for 3. Part (z.B of the Customer Controller or SKAT (Danish Tax Authorities). also helps facilitate the client`s pay slip, tax and pension matters concerning the client`s employees, vacation management for the client`s employees, payment of salaries and other salaries.

This includes the transfer of personal data to SKAT (Danish tax authorities), pension companies, nets (digital payment system), Danmarks Statistik (Statistics Denmark), etc., on behalf of the customer. The data controller must be informed before the processor replaces its subcontractors. The data controller may then object to a new processor who processes his or her personal data on behalf of the processor, but only if the processor does not process the data in accordance with the relevant data protection legislation. The processor may demonstrate compliance by giving the data controller access to the data protection assessment carried out by the processor. In the event of termination of a subscription, the data controller may also delete all data from his account. After the implementation of the data erasure procedure initiated by the data controller, the processor deletes all personal data, with the exception of those that it must keep in accordance with the applicable legal requirements, and is stored in this case in accordance with Debitoor`s technical and organizational security measures. If you do not perform legal checks, accountants should analyze the service they have provided to determine whether they are acting as data processors or data controllers. They can do this by asking themselves: „As a service provider, do I have control over the purposes and means of processing this personal data?“ The data controller has the full capacity to retrieve all his personal data within the application of the service….