a. In connection with fulfilling the assignment agreement and the role of the adviser, the accounting firm will register some information about the business, owners, board, employees, and other business relationships. The information is stored in the financial system, partly in support systems or on paper. This information must not be sold, shared, rented out, or used in any other way in contexts other than what is naturally associated with the accounting assignment.
b. Personal data must be processed in line with the personal data protection legislation currently in force.
c. The accounting firm must, through planned and systematic measures, ensure satisfactory information security when processing personal data to ensure that unauthorized persons gain access to the data and to protect against accidental changes. The parties must document the information system and security measures to achieve satisfactory information security. The documentation must be available to both parties.
d. Upon termination of the commission agreement, the accountancy firm will, on request, make the customer’s data stored in the system available to the customer. Requests for this must be made within 1 month from the end of the agreement. The engagement documentation is the property of the accountancy firm and is required to be kept by the Accountants’ Act for 5/10 years after the end of the accounting year. The part of the assignment documentation that possibly contains personal data must be deleted when the assignment ends, and within 3 months at the latest.