Lost
Close this search box.

Privacy Statement PNA

This is the privacy statement of Nijssen Adviesbureau voor Informatica B.V., known by the trade names PNA and PNA GROUP, and the subsidiaries of Nijssen Adviesbureau voor Informatica B.V. being PNA B.V., PNA Products B.V., PNA ActiveMedia B.V. and PNA Ventures B.V. (jointly 'PNA', 'PNA Group', 'we', 'us').

PNA processes personal data. By means of this privacy statement, we wish to provide you with clear and transparent information on this processing. Please read this information carefully so that you understand why and how we process personal data and what your rights are in this respect.

We use certain words in this privacy statement. Below you will find what we mean by some of these words:

  • Personal data: data that directly or indirectly say something about you. For example, your name, address and place of residence, but also your telephone number and e-mail address.
  • Processing: everything that can be done with personal data. For example, the collection, but also the storage, use and deletion of your personal data.

This privacy statement is structured as follows

  1. From whom does PNA process personal data?
  2. Who is responsible for processing my data?
  3. What does PNA process personal data for?
  4. Does PNA also process special personal data?
  5. How does PNA handle my personal data?
    Storage term of personal data. PNA websites: cookie policy, logging, links, security. Minors. Applicable law.
  6. What rights do I have when my personal data are processed by PNA? How do I exercise my rights?
  7. Where can I make a communication, request, question or complaint?
  8. Can PNA amend this document?

1. From whom does PNA process personal data?

We process personal data of people with whom we have a direct or indirect relationship, want to have or have had a relationship and in the execution of our services. So, for example, these are personal data of:
  • Customer representatives and employees.
  • People who show interest in our products and services.
  • Visitors to one of the PNA websites.
  • Students.
  • Applicants.
  • PNA staff.
  • People who are associated with a company or organisation with which we have, want to have or have had a relationship.
  • Personal data in files that we process in a prescribed manner within the framework of contractually agreed services.

2. Who is responsible for processing my personal data?

All divisions of PNA process personal data. In some situations we cooperate with other organisations or companies in the execution of our services and our business operations on the basis of a legal basis or an agreement. Determining who is responsible for processing personal data is governed by law. The outcome depends on the situation. It is therefore possible that PNA is not the data controller.

PNA is the data controller when we determine the purposes and means of processing personal data. By way of illustration, this is the case in the examples given in point 1. From whom does PNA process personal data? is the case for all examples except 'Personal data present in files which we process in a prescribed manner within the framework of contractually agreed services'.

We understand that this is a tricky bit and are happy to make it clear to you. Would you like to know who is responsible for your personal data that PNA processes? Then please contact us as described below in point 7. Where can I go with an announcement, request, question or complaint?

3. What does PNA process personal data for?

 We process personal data for the following purposes:

a. To establish a relationship with you.
For example: You want to purchase a product or service from us. Then we need your personal data.

b. To maintain the relationship with you and execute orders.
If you are a customer with us, we want to serve you well. To this end, we process personal data. We use your name and address details, for example, to maintain contact with you. If you call us, your name, any company details, the date/time and who you are calling will be recorded for quality control and process improvement purposes. We may also record recordings, for example of an analysis session via telephone, image connection and/or chat. We do this in order to safeguard the information provided by you. For this, we always ask your explicit permission first.

c. To protect your and our interests.
For example, we protect the personal data you have entrusted to us by using technical and organisational security measures to minimise the risk of loss, misuse, unauthorised access, disclosure and unintentional modification. In this context, for example, personal data are included in log files for detection and prevention.

d. For the development and improvement of our products and services.
In order to continue to serve you well, we are constantly working on developing and improving our products and services. In some cases, we process personal data for this purpose. For example, if you ask a question about a product.

e. For promotional and marketing purposes.
We may process your personal data for promotional or marketing purposes. For example, to inform you about a new product that may be of interest to you or to better meet your needs. Do you not want to be approached for commercial purposes? Then please contact us as described below in point 7. Where can I go with a communication, request, question or complaint?

We may link your use of our websites to the information we hold about you in order to improve our services. We may also use the personal data we have recorded about you in analyses, also with the aim of improving our services to you.

For sending newsletters, PNA uses the email service provider Mailchimp. This enables us to see, for example, how often a particular article is clicked on. We use this information to better tailor our newsletters to your needs. As long as your subscription lasts, only the data necessary for the newsletter is known to Mailchimp. Mailchimp is based in the US and certified for the EU-US Privacy Shield. On this basis, it is permitted to share personal data with Mailchimp. PNA has concluded a model contract with Mailchimp (processor's agreement) on the basis of Article 26, paragraph 4 of the European Directive nr.95/46/EG. This means, among other things, that Mailchimp meets the legal security requirements and that the stored data may only be used on behalf of PNA.

f. To enter into and implement agreements with suppliers and business customers.
If you have contact with us in connection with your work, we may process your personal data. For example, to be able to determine whether you may represent your company or to give you access to our offices.

g. To comply with legal obligations.
PNA is obliged to process personal data on the basis of certain laws and regulations. Think for example of legislation in the field of taxes or for the conclusion and execution of an employment contract.

h. For our business operations.
Personal data are necessary for the daily implementation, monitoring and management of our business processes. Think for example of the registration of the personal data of all our relations (such as customers, employees, students, applicants, suppliers) in order to be able to communicate with them.

i. For archival purposes.
We do not collect more personal data than necessary for the above purposes. If we do not keep personal data for those purposes, we may still keep the personal data for archive purposes. This means that the personal data will only be used for legal proceedings or for historical, statistical or scientific purposes.

The justification of the above purposes for which we process personal data is based on at least one of the following legal grounds:

  • In preparation for or for the execution of a contract (purposes a, b, f, g).
  • To fulfil a legal obligation (purposes c, g, i).
  • For the protection of legitimate interests (all purposes). Explanation: This concerns the processing of personal data in the performance of tasks relating to business activities.
  • Because you may have given your consent to the processing of your personal data for one or more specific purposes. 

4. Does PNA also process special personal data?

 Special personal data are sensitive data. For example about health, criminal record, ethnic data, religious beliefs, biometric data for the unique identification of a person or data concerning race. The processing of special personal data is prohibited. However, there are a number of exceptions to this under specific conditions:
  • You give your explicit consent or you have disclosed the personal data to which the processing by PNA relates.
  • Processing by PNA is necessary within the framework of implementing rules in the field of labour and social security law. For example in the framework of an employment contract.
  • The processing by PNA is necessary to protect vital interests. For example: you lose consciousness at a PNA location and health data must be provided to emergency services.

PNA processes special personal data for business purposes and to be able to comply with legal obligations, as we execute employment contracts and company emergency services, among other things. We only process special personal data when this is legally permitted and necessary. Even if you ask us to record special personal data about you or if you make these personal data public yourself, we will weigh the necessity of collecting them.

5. How does PNA handle my personal data?

PNA takes the protection and privacy of your personal data very seriously. We have therefore drawn up a single information security policy with a privacy policy that applies to all parts of PNA.

PNA takes appropriate technical and organisational measures to secure the personal data entrusted to us, in line with the applicable legal requirements and guidelines. These measures are designed to prevent abuse, loss, unauthorised access, unwanted disclosure and unauthorised changes to your personal data. If you believe that your data is not properly secured or if there are indications of misuse, please contact us as described in point 7below . Where can I go with a communication, request, question or complaint?

Within PNA, your personal data can only be used by employees who, in view of their position, should have access to them. Our employees have a duty of confidentiality and have been informed about the importance of protecting personal data. Your personal data can be exchanged between the divisions of PNA. But only when this is compatible with the purpose for which the data have been collected. For example, data that establish your identity can also be used by another part of PNA with which you wish to do business.

We will never provide your personal data to third parties, unless this is legally required or permitted, for example in the context of payment transactions or for the prevention of crime. We may provide the data you supply to us to trusted third parties if this is necessary for the implementation of the purposes described in point 3. What does PNA process personal data for? A third party can only receive our assignment if they guarantee confidentiality with regard to personal data and demonstrably have taken appropriate technical and organisational security measures which are in line with our own.

Data retention period
Your personal data will be stored carefully and no longer than is necessary for the purpose for which it was processed or is required by law. The retention period therefore depends on the situation. If your personal details are no longer necessary, they will be anonymised or removed. If you would like to know more about the retention period of your personal data by PNA in a specific situation, please contact us as described below in point 7. Where can I go with a communication, request, question or complaint?

PNA websites: cookie policy, logging, links, security
Most PNA websites, including pna-group.com, use cookies and similar techniques to enable the website to function properly and to analyse how the website is used. A cookie is a small file containing information about your visit that is created by the website and stored on your computer.

It is not always necessary to ask permission to place cookies. Cookies that do not require this are:

  1. Cookies needed to carry out the communication.
  2. Cookies that are strictly necessary for a service requested by the user (e.g. a cookie that is necessary to process an order or to log in).
  3. Cookies that are used to obtain information about the quality and/or effectiveness of a service provided (e.g. a website).

These cookies are referred to as functional cookies (1 and 2) or non-privacy-sensitive analytical cookies (3). All other cookies such as tracking cookies (these can identify and track you personally) require your consent before being placed.

Use the PNA websites:

  • Functional cookies to make the website work properly, for example to remember your preferences or whether you have already filled in certain information.
  • Non-privacy-sensitive analytical cookies to collect statistics about the use of the website, such as number of visitors, frequently visited pages and search queries. This information is used to improve the website.

The data collected with these cookies cannot be used to identify you personally and will not be used for any other purpose than that stated or made available to third parties. As explained above, it is not necessary to obtain permission for the installation of these cookies. If desired, the current list of cookie names and their purpose for a specific website can be requested by contacting us as described below in point 7. Where can I go with a communication, request, question or complaint?

If you do not want cookies to be placed, you can refuse the use of cookies via your browser's settings or options. Please note that PNA websites will then remain accessible but that, in exceptional cases, some parts of a website may no longer be able to be used correctly. You must adjust the settings of each browser separately on each computer. If necessary, consult an external website with more information about the browser and version you are using.

The PNA web servers log session information, including: pages visited, duration of the visit, type of equipment and software (device, browser, operating system), search terms and the IP address (the traceability of which can be limited by anonymising the last few digits of each IP address). This logging is for internal processing only and is regularly analysed for points of improvement and further on technical aspects with the aim to remain up-to-date with regard to the browsers and techniques to be supported, and possibly analysed in case of technical problems. In addition, this logging is part of the security measures for the detection and prevention of unwanted activities.

PNA websites and documents may contain links (references) to (parts of) external websites. For example, pna-group.com contains links to Google, the Object Management Group, LinkedIn, BOL, Wikipedia and various partners of PNA. PNA has no influence on the information, cookies, products or services offered via these external websites, nor on the accessibility of these external websites. Therefore, this privacy statement does not apply to those external websites. PNA accepts no liability for the possible processing of your personal data by external websites. The use of such external websites is at your own risk. We therefore advise you always to consult the privacy statement of the external website (if any) before using it. PNA has implemented numerous technical and organizational measures to ensure adequate protection for personal data processed through a PNA website. Nevertheless, internet-based data transmissions may have security gaps and absolute protection cannot be guaranteed. For this reason, anyone is free to provide personal data to us in writing or by telephone by contacting us as described in point 7below . Where can I make a communication, request, question or complaint?

Minors
We value the need for privacy of minors (persons under 16 years of age) and encourage parents, guardians or legal representatives to take an active role in their children's online activities and interests.

The PNA websites do not intend to collect data from minors. If you, as a parent, carer or legal representative, become aware that your minor child has shared personal data with us via a PNA website or in any other way without your written consent and this is undesirable, we request that you contact us as described in point 7below . Where can I go with a communication, request, question or complaint?

If we become aware that a minor child has shared personal data with us via a PNA website or otherwise, without the written consent of a parent, guardian or legal representative, we will delete such personal data.

Applicable law
PNA is located within the Netherlands in the EU and has no branches outside the Netherlands. The processing of personal data by PNA is therefore subject to the official Dutch translation of the European privacy legislation and the further interpretation of specific provisions in relation thereto by Dutch law. In particular it concerns: the General Data Protection Regulation (AVG) and the Implementation Act on the General Data Protection Regulation (UAVG). If you would like to know more about this, please consult: httpss://autoriteitpersoonsgegevens.nl/en/topics/avg-european-privacy-law.

6. What rights do I have when my personal data are processed by PNA?

 You have various rights to control the processing of your personal data:
 
  • The right to information about the processing operations.

You have the right to know what happens to your personal data and why. This privacy statement, among other things, is an interpretation of this right. We will also inform you, if possible, if your personal data is further processed for a purpose other than that for which it was collected.

  • The right to access your personal data.

You have the right to inspect the personal data collected from you. You will receive one written copy or one copy in a common electronic format (e.g. PDF).

  • The right to correct personal data if they are incorrect.

If your personal data is incorrect or incomplete, you have the right to request the correction of your personal data.

  • The right to erasure and 'right to be forgotten'.

Under certain circumstances, you have the right to have your data deleted, for example, if the processing is unlawful.

In addition to the right of erasure, you also have the right to be 'forgotten', also under certain circumstances. This right is an extension of the right to erasure. It concerns situations where your personal data has been made public as part of a specific processing (for example, by putting it online) and you want it erased.

  • The right to restrict data processing.

This right means that under certain circumstances you are given the possibility to temporarily 'stop' the processing of your personal data. The personal data may then only be processed with your consent or by operation of law.

  • The right to transfer your personal data (data portability).

The right to transfer personal data gives you the right, under certain circumstances, to receive a copy in a structured, commonly used and machine-readable form (CSV, JSON, XML et cetera) of the personal data you have provided and which is processed through an automated process. The purpose of this is to increase your control over your data and to make it possible for you to take this data with you, for example, to another provider.

  • The right to object to data processing.

Under certain circumstances, you have the right to object to specific processing of your personal data.

  • The right not to be subjected to automated individual decision-making including profiling.

Profiling is the assignment of persons to categories (profiles) based on their personal data. Based on these profiles, automated individual decisions can then be made.

When personal data are used to reach a certain decision and this decision is solely based on the automated processing of personal data, this is called automated individual decision-making. In other words, in automated individual decision-making there is no (significant) human intervention so that any results can be corrected.

Under certain circumstances, you have the right not to be subjected to these decisions based solely on automated processing and to request a 'human view'.

  • The right to withdraw consent for specific processing of personal data on the legal basis of consent.

If the legal basis for the processing of your personal data is consent, and you have given your informed, free and unequivocal consent to PNA to this end, you have the right to withdraw your consent. This does not affect the processing that took place before the moment of withdrawal.

You can only exercise these rights against the data controller. As indicated in 2. Who is responsible for the processing of my personal data? this is not always PNA. In addition, a number of rights can only be exercised under certain circumstances. For these, it must be determined per situation whether the right can be exercised or not.

If the right can be reasonably exercised and PNA is the data controller, we must comply with it. No charge may be made for exercising these rights, unless the request is impossible, involves a disproportionate amount of effort, is unreasonable, unfounded or excessive (and we may refuse to do so).

How do I exercise my rights?
PNA wants to offer you an accessible way to exercise your rights. If PNA processes your personal data, you can submit a request to exercise one or more of your rights by contacting us as described in 7. Where can I go with a communication, request, question or complaint? You do not need to know whether PNA is the data controller and whether your request meets the requirements. 

If PNA is not the data controller, we will forward your request to the data controller and inform you accordingly. PNA is then no longer responsible for processing (but may play a role). If PNA is the data controller and parts of your request do not meet the conditions, we will inform you accordingly.

We will inform you, at the latest, within one month of receipt of the request by which you invoke your rights. If necessary, this period may be extended by two months. You will be informed of this extension within one month of receipt of your request.

If we do not accede to your request, we shall inform you, giving reasons, within one month of receipt at the latest.

7. Where can I make a communication, request, question or complaint?

 The PNA privacy policy establishes a central contact point for the rapid and adequate handling of anything you may wish to communicate to PNA or ask about your personal data. Contact information for the central contact point: privacy@pna-group.com

Should you have a request to exercise your rights in respect of your personal data (see point 6. What rights do I have regarding the processing of my personal data by PNA?) or should you have a complaint about the processing of your personal data, please contact us via the central contact point indicated above.

Communication via the central hotline is preferred. If this is not possible, it is also possible to write or call.

Contact details PNA write/call:
PNA
t.a.v. privacy
Postbus 408
6400 AK Heerlen
+31 (0) 88 777 0 444

For all communications, we may request additional information from you in order to confirm your identity. Information will only be communicated by telephone (verbal) provided that your identity has been proven by other means. Requests and complaints will only be handled in writing (including e-mail).

If we cannot work it out with you, you have the right under privacy law to file a complaint with the Dutch Data Protection Authority (AP). In the Netherlands, the AP is the supervisor of compliance with privacy legislation. You can submit a complaint to the AP via the website httpss://autoriteitpersoonsgegevens.nl/ and then at the top the button 'Submit a Complaint'.

8. Can PNA change this document?

 This privacy statement may be amended by PNA without prior notice. Should the processing of personal data by PNA change, for example as a result of amended legislation and regulations, then, if necessary, we will amend the privacy statement accordingly. It is therefore advisable to consult this privacy statement regularly. Changes come into effect from the moment they are published there. The latest amendment is from 22-01-2020.

The most recent version of this privacy statement can always be found at:
www.pna-group.com/privacyverklaring/