Date: November 1, 2022
Subject: <name PNO entity> use of PNO Group Microsoft Teams and SharePoint Online platforms
PNO Group GDPR Compliance and privacy statement
PNO Group holding B.V. (PNO) – of which <name entity> is a 100% owned entity – maintains business processes that comply with the main GDPR principles for data processing in respect to lawfulness, transparency, purpose limitation and correctness. PNO maintains technical and organizational measures to protect personal data which are apt, operational, adequate, and maintained.
The PNO Group privacy statement can be found here: https://www.pno.group/privacy-statement/
PNO Group IT ISO 27001 certification
The policies and management for the systems provided by PNO Group IT to <name PNO entity> are certified for ISO 27001. Information processing certified for ISO 27001 and GDPR compliance go hand-in-hand. Employed policies are the same; for which the crux is: integrity, availability, and safety of (personal) data and information.
In case ISO 27001 is not known, information can be found here: https://www.iso.org/isoiec-27001-information-security.html
<Name project / program> use of Microsoft Teams and SharePoint Online
For the <Name project / program>, PNO has made available a collaborative workspace in Microsoft Teams and SharePoint Online. These are cloud-based services provided by Microsoft. PNO Group employs a whitelisting-only approach to all project team workspaces on Teams, meaning only specifically allowed users are given access.
The access to the workspace for the <Name project / program> is limited to the following ARTTIC personnel: <names users>.
The access to the workspace for the <name project / program> project is limited to the following <PNO entity> personnel: <names PNO staff>.
There will be no direct IT administrator membership of this workspace, although IT administrators can feasible obtain access for technical reasons, as must be the case for any IT system.
PNO Group and ARTTIC confirm that the forementioned employees will use their access to this workspace solely to execute their missions in the framework of the project. No data pertaining to this project and stored on the proposed collaborative platform will be used, downloaded, forwarded or shared outside the consortium of both projects.
For questions regarding GDPR, Privacy and/or ISO, contact W.J. Pels (Manager GDPR and Data governance) at GDPR@PNO.group or GDPR@PNOConsultants.com
For technical questions, contact M.J.T. Heintz (Group IT Manager) at maarten.heintz@pnoconsultants.com