Personal Data Flow – PNO Group holding B.V.

*** Check GDPR Flowchart PNO for practical information implementing GDPR within PNO ***

Data Subject >Consent> Client >GDPR Text> PNO >Processing Agreement> (sub) Processor

Flow:	Data Subject	Consent	Role Client	Text	GDPR role PNO	Others
Regular advisory by PNO ¹⁾	Contact	HR Client	KvK# Controller Shared responsibility	Contract, Terms & Conditions, Privacy Statement, Cookie Policy, Disclaimer	Controller Shared responsability	Any (sub) Processor
Alternative on client’s request ¹⁾	Contact	HR Client	KvK# Controller	Procurement Policy, Processing Agreement	Processor	Any (sub) Processor
Marketing	Potential client	Yes	Not Applicable	Privacy Statement, Cookie Policy, Disclaimer	Controller	Any (sub) Processor like Pixel marketeers; CloudSelling etc.
EU- site ²⁾	All users	Yes	Controller Co-responsible	Privacy Statement, Cookie Policy, Disclaimer	Controller Co-responsible	Any (sub) Processor like CloudSelling of hosting company
Live / digital meeting Quote / reference / part.-list ³⁾	All users	Yes, plus for recording explicitly consent!	Controller	Privacy Statement, Cookie Policy, Disclaimer	Controller/ Processor	Any (sub) Processor like Teams; WebEx
Newsmail	All users	Yes	Not Applicable	Privacy Statement, Cookie Policy, Disclaimer	Controller	Any (sub) Processor like running Mail-service
Questionnaire	All users	Yes, also on IP and/or personal data!	Not Applicable	Privacy Statement, Cookie Policy, Disclaimer	Controller	Any (sub) Processor like running Q-service

1) See https://dpo.pno.group/Advice/ 2) See https://dpo.pno.group/Beneficiary-EU-consortium/ 3) for most projects PNO will be Controller

Personal data flows from the Person owning the data (role: Data Subject) via a (potential) Client / Consortium (role: Controller or Not Applicable) to PNO (role: Controller or Processor) and from there to third parties (role: (sub-) Processor). Across the chain, data must be handled ‘GDPR-proof’.