Beneficiary EU consortium – PNO Group holding B.V.

Normally PNO’s role in a Consortium is based on the Consortium Agreement / Annexes. Normal is for all consortium partners to become Controller. When a Processor /third party is engaged, a Processing Agreement is needed. Data exchange between consortium beneficiaries and/or third parties should be described in the consortium agreement/annexes.

GDPR road-map:
1 – The Consortium Agreement / Annexes will cover all liabilities with respect to the GDPR. Most times there is ‘nothing new’ about these texts. When in doubt just assume a role as Controller and comply with GDPR.

Make sure the Personal Data used aligns with the Personal Data mentioned in the PNO Privacy Statement. When not, a specific Privacy Statement must be made and used.

Personal data flows from the Person owning the data (Data Subject) via a Client / Consortium (Controller) to PNO (Controller or Processor) and from there to third parties ((sub-) Processor). Across the chain, data must be handled ‘GDPR-proof’.

Data Subject >Consent> Client >GDPR Text> PNO >Processing Agreement> (sub) Processor

2 – In case PNO operates a website for the Consortium the PNO Privacy Statement, Disclaimer, Netiquette, and Cookie Policy applies.

Websites are technically maintained by a Processor. The preferred PNO suppliers for (technical) website maintenance, SEO (Search Engine Optimation), statistics, etc. are InnovationEngineering S.l.r. and Cloudselling B.V. In 2022 both entities are part of the PNO group and they use ISO 27001 certified contractors for data processing.
Contact marketing@pnoconsultants.com for the look and feel, stats, and functionalities of the website.

3 – Depending on the work-package PNO subscribes to, consent must be gathered for a newsletter, gig, mailing list, donating human tissue, etc. Per service/action research what Personal Data is at hand => technical and/or organizational measures and when needed follow-up DPIA work.

The Processing Agreement is a document the client must keep in its archive. Sometimes clients provide their own version of a Processing Agreement which must be checked by PNO Legal or the PNO DPO using email legal@pnoconsultants.com or gdpr@pnoconsultants.com. It is also good practice to have a second opinion by Legal (overall) and/or DPO (GDPR specific) on the Consortium Agreement / Annexes.