Your Rights, Our Responsibilities...
As a U.S. tax return preparer and thus data controller and data processor, U.S. Tax Solutions Japan and U.S. Tax Solutions GmbH managed by Darkoa Naito-Hanke, EA, are bound by the requirements of the Gramm-Leach-Biley Act, the Federal Trade Commission (FTC) Financial Privacy and Safeguards Rule (Safeguards Rules), and the new General Data Protection Regulations (GDPR) – together referred to in the rest of this document as Data Protection Law.
What we use client data for:
We obtain data from clients only in order to perform U.S. tax services that clients request which include:
Preparation of U.S. income tax returns, including all required IRS forms/Schedules/Statements/worksheets;
Preparation of Treasury information forms e.g. (FinCEN Form 114) and related documents;
Communicating with the Internal Revenue Service/Treasury Department on your behalf to resolve issues;
Provide you with tax U.S. tax technical advice, and special calculations upon your request.
We collect information about you through our website when you inquire about our services through our inquiry form, in order that we may respond to your questions and provide certain information you request. We also collect your data via our online client center for the preparation of your United States IRS, state tax forms and FBAR.
We do not use client data for marketing purposes.
How we use your information:
We only use clients' personal information to provide the services that they request from us, listed in a letter of engagement. We use client information subject to their instructions only, Data Protection Law and our duty of confidentiality. Our lawful reason for processing client personal information is ‘a contract with the individual to supply services they have requested’. This includes steps taken before the engagement letter is signed.
We use a cloud-based tax preparation software and client data portal for collecting client data, provided by a 3rd party service called Thomson Reuters. We are working with all our 3rd-party service providers to ensure that their services are compliant with the Data Protection Laws. Client data is not shared with any 3rd-party except where it is necessary to perform services requested by clients. Where data sharing with a 3rd-party is necessary, it is our policy that such data sharing is limited to the minimum and handled strictly in accordance with the applicable laws.
Security Precautions in place for data collected:
Within our offices, we have implemented physical and electronic safeguards to ensure client data is protected. This includes secure access to the offices, secure filing cabinets, access to data only on a need-to-know basis to authorized persons (staff only), shredding of obsolete documents and media and secure disposal, return of all client originals to client, and security cameras.
Our staff are all trained and legally required to respect the requirements of the BDSG and U.S. data protection laws. They are informed of the provisions of our IRS Written Information Security Plan (WISP) and are required to adhere to its provisions.
Client data is processed on dedicated business grade computers based in our offices, with password protection and 256-bit encryption on SSL (bank-level, the highest level of security available currently). Our computers, network and internet have been secured via multiple measures and are also monitored by professional IT/Cyber security support.
We would like to highlight that we cannot guarantee the security of information transmitted to us via email. Clients who do so, do that at their own risk. We strongly recommend that clients use our enterprise-level secure Thomson Reuters Onvio client center for safe transfer of data to our offices, alternatively in-person delivery or conventional mail. Once we receive client information, we make our best effort to ensure its security on our systems. Where a client is given (or they have chosen) a password which enables them to access our client portal, they are responsible for keeping this password confidential and not to share it with anyone. Multi-factor Authentication is required/implemented for access to all our online systems internally within our offices and on the client side.
Our 3rd-party service providers do not have access to sensitive client personal data (book-keeper/payroll, IT support, legal support, etc.). Our professional tax preparation software and online portal hosted by Thomson Reuters, employ 256-bit encryption, described above. They are also covered by the ‘Privacy Shield’ whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information between the European Union and the United States.
How long will we hold your data for:
The U.S. tax code requires preparers of tax returns to keep copies of tax returns and supporting data for a minimum of 3 years from the original due date of a tax return. It also provides increased statute of limitations for certain losses/omissions up to 6 or 7 years and we believe it wise to retain data in some cases for up to 7 years in case of audit. After the required/necessary data retention period has elapsed, applicable client data will be deleted: hard copy data will be shredded and securely disposed, and electronic data will be deleted permanently, electronically.
Access to your information, correction, portability and deletion:
Clients have the right to request a copy of the information we hold about them. They also have the right to receive personal data which they have given us, in a structured, commonly used and machine-readable format; the right to transmit that data to another controller without delay from the current controller under certain conditions; and, the right to be forgotten. Upon a client's request, we will delete all client information we hold as soon as possible.