Knowledge, expertise, and trust are crucial pillars of the service by all group companies affiliated with the PNO Group holding B.V. We are committed to giving you clarity on how we handle your personal data. PNO operates under the names ARTTIC, ARTTIC Innovation, PNO Consultants, CiaoTech, PNO Chemistry, Cloudselling, EGEN, figs, Grant Assurance, INNFLOW, InnovationEngineering, InventiveNL, InnovationPlace, Nehem, ttopstart , WheesBee and AdoptIdee. In this Privacy Statement, we inform you about our approach to handling and processing personal data.
Rijswijk, March 1st, 2021
1. Contact details
PNO Group holding B.V. (PNO Consultants B.V. / PNO) is the controller and is located at Laan van Zuid Hoorn 15, 2289 DC in Rijswijk. You can contact us by at +31 (0) 88-838 13 81, by e-mail at gdpr[at]pno[dot]group.
2. Who is this Privacy Statement applicable to?
This Privacy Statement applies to all persons whose personal data PNO processes, with the exception of persons working at PNO. Personal data means any data that contains information about persons through which those persons are identifiable.
This Privacy Statement applies to:
- clients of PNO,
- potential clients with whom PNO has made or wants to make contact,
- visitors to the website of PNO,
- recipients of newsletters and commercial e-mails from PNO, and
- any other person who contacts PNO or whose personal data is processed by PNO.
This Privacy Statement does not apply to employees, temporary workers, temporary workers, student trainees, and applicants.
3. Which personal data do we process?
By processing personal data we mean: collecting, recording, organizing, storing, updating, modifying, retrieving, consulting, using, providing by means of forwarding, distribution, or any other form of posting, bringing together, linking together, and to protect, erase or destroy your personal data.
We process personal data that you have provided to us, personal data generated during your visit to our website and reading newsletters, and personal data that we have derived from other sources, such as business social media platforms and business cards.
Personal information provided by you:
- contact details and other personal data needed to handle your assignment by a consultant,
- contact details and other personal data entered on contact forms or other web forms, and
- contact information provided during introductory talks, events, seminars, etc., such as information on business cards.
Personal data obtained through- or generated by our website, electronic newsletters, commercial e-mails, or related technologies:
- IP number,
- your surfing behavior on the website, such as data about the first visit, previous visit and current visit, the pages viewed and the way in which the website is navigated, and
- whether you open a newsletter or commercial e-mail and on which parts you click.
Personal data obtained from other sources:
- personal data available on public business social media platforms such as LinkedIn,
- personal data obtained from the Trade Register of the Chamber of Commerce, and
- personal data available on public business websites.
4. What do we use your personal data for?
We use your personal data for different purposes. These are listed and elaborated on below:
- The execution of a contract in which you have engaged us for the purpose of delivering innovation and financial consulting services by our consultants.
If you hand over an assignment to a consultant your contact details will be requested. Other personal data may also be necessary for the handling of the assignment, depending on the nature of the assignment. Furthermore, the data is used for invoicing for the services provided.
- Compliance with legal obligations.
- Maintaining contact with you.
Your contact data are kept in EU located relationship management system and may be used for the purpose of sending newsletters, updates, invitations to events and seminars, and sending information you requested from us.
- Improving our product and service information and carrying out targeted marketing campaigns.
Part of our service is to keep you informed with information that is relevant to you and your business. To make this possible, we combine and analyze the personal data available to us. On that basis, we determine which information and channels are relevant and which moments are most suitable for providing information or establishing contact. In marketing campaigns, we do not process special personal data or confidential data. If we would like to create a personal, individual customer profile, we will ask for your prior permission. Withdraw of consent is always possible.
We analyze the following information:
- Interaction data: Obtain personal data and contact between PNO and you. For example about your use of our website or supported applications. This also applies to offline interactions, such as how often and when there is contact between PNO and you.
- Performing and analysing research on client satisfaction.
- Sometimes we ask clients to cooperate in a client satisfaction survey. This is done through an online questionnaire. Participation is voluntary. Prior to each client satisfaction survey you will receive further information about the working method and the way we deal with the information gathered.
- Improving and securing our websites like www.pnoconsultants.com.
- Creating user statistics. The user statistics of the website enable us to track the number of visitors, the duration of the visit, which parts of the website are being viewed and the click-behavior. It concerns generic reporting, without information about individuals. We use the information obtained to improve the website.
- Access control and company security.
- If you visit our office, we will note your name on arrival. In addition, camera images may be made on the outside of the office, at the reception desk and at the entrance to the meeting rooms. We do this to know in case of emergencies who is in the building and to ensure that unauthorised people do not have access to the office. Camera images are in principle destroyed after 10 working days.
5. Security level
We protect personal data through technical and administrative security measures to minimize the risk of loss, misuse, unauthorized access, disclosure, and modification. You can think of security software such as a virus scanner and firewalls, a secure internet connection, encryption of data, and physical and administrative access controls to data and servers. The PNO IT and HR departments are ISO 27001 certified for the ffiqs and Nehem processes where PNO processes sensitive, or large volumes of data.
6. Storage of personal data
We do not store your personal data for longer than is strictly necessary for the execution of the purposes. If legal regulations apply to the storage, the personal data will not be kept longer than prescribed by law.
7. Legal basis of the processing
We process personal data on the basis of one of the following legal grounds:
- on the basis of an agreement or in the run up to the conclusion of an agreement,
- legal obligation,
- in connection with a legitimate interest.
A controller may only process personal data if this can be based on one of the limited enumerated legal grounds in the General Data Protection Regulation (AVG). The legal bases on which PNO Consultants relies are:
- Permission: If we have requested your permission to process your personal data and you have given this permission, then you also have the right to withdraw this consent.
- Agreement or in the run up to the conclusion of an agreement: If you give us an assignment to provide innovation or financing consultancy services, we process personal data if and insofar as this is necessary for the execution of the assignment.
- Legal obligation: We only provide personal data to supervisors of investigative authorities if this is legally required. We will take measures in such cases that are reasonably necessary to ensure that your personal data is protected as good as possible.
- Justified interest: We may also process personal data if we have a legitimate interest and do not therefore disproportionately infringe your privacy. For example, we use your contact information to invite you for seminars and events.
We may use service providers (processors) for the processing of your personal data that only process personal data in our order. We conclude a processing agreement with these processors that meets the requirements set by the General Data Protection Regulation (AVG).
For example, we work with service providers that offer SaaS solutions (software as a service) or provide hosting services. Furthermore, there are ICT service providers who offer us support in keeping our systems safe and stable. We also use third-party services for sending newsletters and commercial e-mails. These are examples of parties that can be designated as (sub) processors as referred to in the General Data Protection Regulation (AVG).
9. Share personal data with third parties
Sometimes it is necessary to share your personal data with third parties, which – depending on the circumstances of the case – are necessary for the handling of your dossier. We also share a basic set of contact details with our subsidiaries within Europe with the aim of generating consultancy opportunities. There are also legal obligations that lead to personal data being passed on to third parties.
In the following cases personal data will be provided to third parties:
- When processing a dossier, it may be necessary to share your personal data with third parties. For example in probing or asking for funding to a government, or the conclusion of an agreement with further parties.
- If a court decision obliges us to provide personal data to third parties, we will have to comply with this.
- Your personal data will not be shared with third parties for commercial purposes. There is one exception to this. Sometimes we organise a joint activity with another organization, such as an event or seminar. In that case, only the necessary contact details are exchanged.
- Personal data can also be provided to third parties, in the event of a reorganisation or merger of our company or sale of (a part of) our company.
We never sell your personal data to third parties and do not make automated decisions that could have significant consequences for you.
10. Transfer outside the (European Economic Area) EEA
Under the General Data Protection Regulation (AVG), personal data may only be passed on to parties outside the EEA when an appropriate level is guaranteed for the protection of personal data or when a specific deviation applies.
We may pass on personal data to a party outside the EEA when necessary for the execution of the contract on provision of innovation- or financing consultancy services.
11. If you have questions about your personal data
Every person can exercise certain rights with respect to his or her personal data on the basis of the law. This gives you the right to inspect, rectify and delete personal data. You can also object to the use of your data or request that the use be restricted. In certain cases, you can request your data and take it to another party. For all these questions contact us on +31 (0) 88-838 13 81 or by email via gdpr[at]pno[dot]group.
If you have complaints about how we handle your personal data, you can contact us by sending a mail to gdpr[at]pno[dot]group or call +31 (0) 88-838 13 81. We are happy to help you find a solution within a period of four weeks after receiving your request. If that does not work, you can always contact the Dutch Data Protection Authority.
Developments go fast and as a result, there may also be changes in the personal data we request from you and the way in which we use your personal data. Regulations can also change. In that case, we will update this Privacy Statement. We, therefore, invite you to regularly check the Privacy Statement so that you are kept informed. In the event of major changes, we will also make you aware of this via our website.
Last check by DPO, May 1st, 2022
This policy covers the use of information collected by PNO during your website visit.
Rijswijk, June 1st, 2019
What is a “cookie”?
A “cookie” is a text file containing small amounts of information which downloads to your personal computer or mobile device when you visit a website. Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at: www.allaboutcookies.org and www.youronlinechoices.com. Various types of cookies facilitate you navigate between different pages on a website efficiently, remembering preferences you gave while visiting a website, and improving overall user experience. Others are used to provide you with advertising tailored to your interests or to measure the number of site and page visits.
Session based versus Persistent cookies
Some cookies are installed only for the duration of your visit to a website; these are called session based cookies. They automatically expire when you close your browser. Another type of cookie would remain on your device for a period of time. These are known as persistent cookies. The cookies used on this site are based on the International Chamber of Commerce guide for cookie categories:
- Strictly necessary
Types of cookies PNO uses
1. Strictly necessary cookies. These cookies enable services you have specifically asked for. For those types of cookies that are strictly necessary, no consent is required. These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. For example these cookies will:
- remember information you’ve entered on forms when you navigate to different pages in a single session, and
- identify you as logged in to the website.
These cookies don’t gather any information about you that could be used for marketing or remembering where you’ve been on the internet. These cookies are not used to gather information that could be used to advertise products or services to you or remember your preferences or username beyond your current visit. Accepting these cookies is a condition of using the website, so if you disable these cookies we cannot guarantee or predict how our website will perform during your visit.
2. Performance cookies collect information about how you use our website e.g. which pages you visit, and if you experience any errors. We use them only to improve our site or measure response rates. All information collected by these cookies is anonymous and does not in any way impact your privacy. We need to use them to maintain our site’s effectiveness and ease of use and to improve how our website works, understand what interests our users or measure how effective certain features of our website are.
For example we use these to provide statistics on how our website is used. We do not pass this information to anyone. We also use performance cookies to help us improve the website by measuring any errors that occur or test different designs of our website.
In some cases, some of these cookies are managed for us by third parties. Where cookies are managed by third parties, any data may be used by such third parties but all data is collected and used in aggregated anonymised form.
Using our site indicates that you accept the use of ‘Performance’ cookies. Accepting these cookies is a condition of using the website, so if you prevent them we cannot guarantee how our site will perform for you.
3. Functionality cookies are used to provide services or to remember settings and choices you make to improve your experience during your visit. For example, these cookies will:
- show you when you are logged into the website,
- remember your login details,
- remember the settings you’ve applied such as preferences,
- remember whether we’ve already asked you if you want to fill in a survey, and
- measure traffic received from various websites.
Functionality cookies collect non-identifiable data. No personal details are stored in this process and the information collected is only used in aggregate. We sometimes share some of the information with partners to provide a service on our website. In addition, some of these cookies are managed for us by third parties. In any case, the information shared or collected by third parties is only to be used to provide the service, product or function and not for any other purpose.
4. Targeting cookies are used to deliver PNO content more relevant to you and your interests. They are also used to limit the number of times you see, as well as help measure the effectiveness of, PNO marketing campaigns.
How we collect your consent
Cookies can also be removed from your device using browser settings but there will still be some deterioration in the service you receive (for example you may not be able to access a page you earlier personalised).
Your browser lets you choose whether to accept, not to accept or to be warned before accepting cookies. Settings can be found in the advanced preferences.
If you delete all your cookies and when you use a different device, computer profile or browser you will have to tell us your preferences again.
This policy applies to the domain pnoconsultants.com and pno.group. However other PNO websites may contain policies which are different from this one. If you visit other PNO websites please check the cookies policy of the site you visit.
We cannot be responsible for the policies and practices of other websites even if you:
- accessed the third party website using links from our website, or
- linked to our website from a third party website.
We recommend that you check the policy of each linked site you visit and contact the owner or operator of that website if you have any concerns or questions.
For more information about our policy, please contact firstname.lastname@example.org.
Last check by DPO, March 1st, 2021
The use of IONOS is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
Note on the responsible body
The entity responsible for data processing on this website is:
Dr. Martin Dietz
Telephone: 0049 (0) 89 248 83 03 0
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right of appeal to the competent supervisory authority
In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
- If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- browser type and browser version
- Operating system used
- referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be collected.
If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) lit. f DSGVO) or on your consent (Art. 6 (1) lit. a DSGVO), if this has been obtained.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after completion of the processing of your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
Request by e-mail, phone or fax
If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.
YouTube with enhanced privacy
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube – regardless of whether you watch a video – establishes a connection to the Google DoubleClick network.
As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Google Web Fonts
This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This enables Google to know that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on his website. If a corresponding consent has been requested (e.g. a consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO; the consent can be revoked at any time.
If your browser does not support web fonts, a standard font from your computer will be used.
This site uses Font Awesome for uniform display of fonts and symbols. The provider is Fonticons, Inc, 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.
When you call up a page, your browser loads the required fonts into its browser cache in order to display texts, fonts and symbols correctly. For this purpose, the browser you use must connect to Font Awesome’s servers. This enables Font Awesome to know that your IP address has been used to access this website. The use of Font Awesome is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the uniform presentation of the typeface on our website. If a corresponding consent has been requested (e.g. a consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO; the consent can be revoked at any time.
If your browser does not support Font Awesome, a default font will be used by your computer.
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For the purpose of designing and continuously optimising our pages to meet your needs, we use Google Analytics, a web analysis service of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website such as
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and the design of these Internet pages in line with requirements. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are made anonymous, so that an assignment is not possible (IP masking).
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.
As an alternative to the browser add-on, especially in the case of browsers on mobile devices, you can also prevent Google Analytics from recording the data by clicking on this link. An opt-out cookie is set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics help.
Google Tag Manager
This website uses the Google Tag Manager. Through this service, website tags can be managed through an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.