Privacy Statement Customers

This privacy statement applies to the processing of personal data of customers by KeesdeBoekhouder B.V.’s and/or its subsidiaries, including Founders Finance B.V., Backseat Surfer B.V. and KeesdeBoekhouder Office B.V. (hereinafter jointly referred to as “KeesdeBoekhouder”).

The protection of your privacy is very important to KeesdeBoekhouder. We therefore take our responsibility to protect your personal data very seriously. That is why, among other things, KeesdeBoekhouder has drawn up this privacy statement for customers.

The purpose of this privacy statement is to be transparent about the manner in which KeesdeBoekhouder collects, uses and protects your personal data. We will also explain how we comply with privacy legislation, such as the GDPR. Please read this statement carefully in order to gain an understanding of how we handle your personal data.

We use the personal data only for the purpose for which we have obtained these data. We provide you with information by adding this privacy statement to the agreements we conclude with you and by placing this privacy statement on our website.

What are personal data?

The General Data Protection Regulation (GDPR) stipulates that personal data means any information relating to an identified or identifiable natural person. This means that information either concerns someone directly or can be traced back to this person.

About us

KeesdeBoekhouder, with its registered office at Nieuwe Teertuinen 25a in (1013 LV) Amsterdam, the Netherlands. is the controller within the meaning of the GDPR of the data we receive from you on account of your being a customer with us.

The purposes for processing your personal data

We process your personal data only for carefully established purposes. Below you will find more information about the various purposes.

1. For the performance of our agreement

What does this purpose entail?

We process personal data for the provision of our services. For handling your administrative accounts or filing tax returns, for example. We can only provide our services if we also process personal data. These services include: day-to-day communication, processing business administration, drawing up annual financial statements/income tax returns/turnover tax returns/intra-community services returns/wage tax returns. The basis is the performance of our agreement with you (Article 6(1)(b) GDPR).

Which personal data do we process for this purpose?

This differs for each service KeesdeBoekhouder provides. To provide our services, we process data including the following:

• Name and address details • Gender/salutation

• E-mail address

• BSN (citizen service number)

• VAT identification number

• VAT number

• Date of birth

• Starting date of the company

• IBAN of the company

• Withholding tax number

• Legal Entities and Partnerships Identification Number (RSIN)

• Ch. of Comm.

• Business activity

• Language

• Tax partner (Date of birth, citizen service number)

• Children

• Old financial statements

• Old VAT returns

• Annual statement of banks

• Data of other companies you own but which are not customers with us

• Annual income statements

• Loan overviews and related documents

• Documents relating to capital

• Bonus

• Spousal maintenance

• Annuity contract

• Invalidity insurance

• Medical expenses

• Gifts

• Study expenses

• Dividends

• Other income

2. Maintaining the customer relationship

What does this purpose entail?

In order to maintain our relationship with you in the best possible way, we also store personal data in the form of notes. We do this so that, when we are drawing up your tax returns or when you call us, for example, we know what the current state of affairs is and whether there are any relevant particulars. The basis is our legitimate interest in effective customer relations (Article 6(1)(f) GDPR).

Which personal data do we process for this purpose?

• Personal circumstances you share with us

• Personal characteristics and preferences you share with us

3. For the customer service: handling questions/remarks/complaints

What does this purpose entail?

You can contact our customer service for all your questions, remarks or complaints. In order to answer all questions, we require certain data. The data we require differs for each question. The basis for processing is our legitimate interest in the efficient processing of questions/comments and complaints (Article 6(1)(f) GDPR).

Which personal data do we process for this purpose?

Name, e-mail address, telephone number and any other data you share with us during the contact with our customer service.

4. Legal obligations

What does this purpose entail?

As a trust office, we are obliged to comply with the Anti-Money Laundering and Anti-Terrorist Financing Act. This requires us to be able to identify our customers. The basis for processing is compliance with a legal obligation (Article 6(1)(c) GDPR.

Which personal data do we process for this purpose?

• Identity document (passport, ID card, Dutch driving licence)

• Name

• Date of birth

5. For analyses and for the development of our website, products and services

We also process data you provide to us indirectly. This is because our website uses cookies for functional, analytical and marketing purposes. The functional cookies are required for the website to function correctly.

It concerns the following data:

• Location data

• IP address or app IDs

• Internet browser and device type

• Website language

The data from the analytical and marketing cookies are not linked to other data. We refer to our cookie statement for more information about cookies.

For more information about cookies, please see our cookie statement. The legal basis is consent, which you give by agreeing to our cookie conditions in the cookie banner on the website (Article 6(1)(a) GDPR) or, if it concerns functional cookies, our legitimate interest in a properly functioning website (Article 6(1)(f) GDPR.

6. For marketing purposes

What does this purpose entail?

For marketing purposes it is important that we recognise and approach our target groups. Therefore, we use your e-mail address to approach our customers’ “lookalikes” on Facebook and LinkedIn. By uploading our customers’ hashed e-mail addresses, we can use an advertisement to approach a target group on Facebook and LinkedIn that resembles our customer base. We can also use your email address to send you our newsletter.

If you do not want us to use your e-mail address for this purpose, you can send an e-mail to or unsubscribe from the newsletter by clicking on the unsubscribe button at the bottom of the newsletter.

Which personal data do we process for this purpose?

• E-mail address

The legal basis is our legitimate interest in an effective marketing campaign (Article 6(1)(f) GDPR.

Your rights

You have the right to be well informed about what we do with your data and why we need your data. We are informing you by means of this privacy statement. In addition to the right to be informed in a transparent manner, you have the following rights:

• Right to access (if you want to know which data we collect from you);

• Right to rectification (we will gladly modify any data that are no longer correct);

• Right to erasure (in some cases you can request that we delete your data);

• Right to restriction of processing (in some cases you can request that we restrict the processing of your personal data);

• Right to data portability (if you want to we can pass on your data to another party or give you a copy of your data);

• Right to object (in some cases you may object to the use of your personal data).

If you wish to exercise any of your rights, please contact us by sending an e-mail to We always respond to your request within a month.

Who do we share the data with and where do we store them?

In a number of cases we provide your data to third parties. To processors who help us process your personal data, for example. However, we will never sell your data to another party.

Processors who help us process your personal data may only use your data on our instructions and for the performance of the relevant services they provide to us. They are not allowed to use or pass on your data independently.

We work with various applications to process certain data. In order to protect your privacy, we choose our suppliers carefully and these applications are subject to strict rules. Most data are stored within the European Union.

For data processed outside of the EU we only work with parties that offer sufficient protection according to European rules. If we process your data outside of the EU – possibly via our external service providers – we make sure that your personal data are adequately protected. We guarantee this, for example, by using special contracts (such as EU model contract clauses).

How long do we retain your data?

We retain your data for as long as this is necessary for the purpose for which we use your data and/or for as long as the law requires us to retain the data. How long this is, exactly, is different for each case. This ranges from several months to many years, for example because this is required for our bookkeeping.

We in any case retain your data for as long as your account remains active unless you ask us to remove data or your account via You can always access part of your data and/or change it in your own account.

How do we protect your personal data?

Pursuant to Article 32 GDPR, we are obliged to implement suitable technical and organisational measures to prevent the loss or unlawful processing of personal data. We properly secure your personal data by means of physical, administrative, organisational and technical measures.

Only employees who have been given authorisation for this purpose have access to the data. They have also signed a confidentiality statement. As a result, we have an appropriate level of protection in place. We also periodically adjust this level of protection if necessary.

Our organisation is structured in such a way that we do everything to prevent breaches of security, i.e. “data breaches”. If there is a data breach, we will act in accordance with the Data Breach Protocol.

Contact and complaints

If you have any questions about this privacy statement or your rights as a data subject, please contact us via If you have any complaints about the manner in which we use your personal data or how we respond to privacy-related questions, you can lodge a complaint with the Dutch Data Protection Authority.

Amsterdam, June 2022