Personal Data Flow

*** Check GDPR Flowchart PNO for practical information implementing GDPR within PNO ***

Data Subject >ConsentClient >GDPR TextPNO >Processing Agreement> (subProcessor

Flow:Data SubjectConsentRole ClientTextGDPR role PNOOthers
Regular advisory by PNO 1) ContactHR ClientKvK# Controller Shared responsibilityContract,
Terms & Conditions,
Privacy Statement,
Cookie Policy,
Disclaimer
Controller
Shared responsability
Any (sub) Processor
Alternative on
client’s request 1)
ContactHR ClientKvK# ControllerProcurement Policy,
Processing Agreement
ProcessorAny (sub) Processor
MarketingPotential clientYesNot ApplicablePrivacy Statement,
Cookie Policy,
Disclaimer
ControllerAny (sub) Processor
like Pixel marketeers; CloudSelling etc.
EU- site 2)All usersYesController Co-responsible Privacy Statement,
Cookie Policy,
Disclaimer
Controller
Co-responsible
Any (sub) Processor
like CloudSelling of hosting company
Live / digital meeting
Quote / reference / part.-list 3)
All usersYes,
plus for recording
explicitly
consent!
ControllerPrivacy Statement,
Cookie Policy,
Disclaimer
Controller/ Processor Any (sub) Processor
like Teams; WebEx
NewsmailAll usersYesNot ApplicablePrivacy Statement,
Cookie Policy,
Disclaimer
ControllerAny (sub) Processor
like running Mail-service
QuestionnaireAll usersYes,
also on
IP and/or
personal
data!
Not Applicable Privacy Statement,
Cookie Policy,
Disclaimer
Controller Any (sub) Processor
like running Q-service
1) See https://dpo.pno.group/Advice/ 2) See https://dpo.pno.group/Beneficiary-EU-consortium/ 3) for most projects PNO will be Controller

Personal data flows from the Person owning the data (role: Data Subject) via a (potential) Client / Consortium (role: Controller or Not Applicable) to PNO (role: Controller or Processor) and from there to third parties (role: (sub-) Processor). Across the chain, data must be handled ‘GDPR-proof’.