Privacy Policy

Rijswijk, 1 November 2019

Knowledge, expertise and trust are important pillars of the service of the consortium members of the Arbaheat project and the members affiliated to the Arbaheat project. We are committed to giving you clarity on how we handle your personal data. In this Privacy Policy we inform you about our approach to handling and processing of personal data.

1. Contact details

PNO Consultants B.V. (PNO Consultants) is the controller of this website and is located at Laan van Zuid Hoorn 15, 2289 DC in Rijswijk. You can contact us by e-mail at

2. Who is this Privacy Policy applicable to?

This Privacy Policy applies to all persons whose personal data the Arbaheat project administration processes. Personal data means any data that contains information about persons through which those persons are identifiable.

This Privacy Policy applies to:

  • clients of the Arbaheat project adminstration,
  • potential clients with whom the Arbaheat project administration has made or wants to make contact,
  • visitors to the website of the Arbaheat project,
  • recipients of newsletters and commercial e-mails from the Arbaheat project, and
  • any other person who contacts the Arbaheat project administration or whose personal data is processed by the Arbaheat project administration.

This Privacy Policy does not apply to employees, temporary workers, temporary workers, student trainees and applicants.

3. Which personal data do we process?

By processing personal data we mean: collecting, recording, organising, storing, updating, modifying, retrieving, consulting, using, providing by means of forwarding, distribution or any other form of posting, bringing together, linking together, and to protect, erase or destroy your personal data.

We process personal data that you have provided to us, personal data generated during your visit to our website and reading newsletters and personal data that we have derived from other sources, such as business social media platforms and business cards.

Personal information provided by you:

  • contact details and other personal data needed to handle your request,
  • contact details and other personal data entered on contact forms or other web forms, and
  • contact information provided during introductory talks, events, seminars, etc., such as information on business cards.

Personal data obtained through or generated by our website, electronic newsletters, commercial e-mails or related technologies:

  • IP number,
  • your surfing behavior on the website, such as data about the first visit, previous visit and current visit, the pages viewed and the way in which the website is navigated, and
  • whether you open a newsletter or commercial e-mail and on which parts you click.

See our cookie statement

Personal data obtained from other sources:

  • personal data available on public business social media platforms such as LinkedIn,
  • personal data obtained from the Trade Register of the Chamber of Commerce, and
  • personal data available on public business websites.

Our website may contain hyperlinks to websites of other parties and social media buttons. We are not responsible for the content of those websites or the services of that person social media platforms. Nor is the Arbaheat project administration responsible for the privacy policy and the use of cookies on those websites and social media platforms.

4. What do we use your personal data for?

We use your personal data for different purposes. These are listed below:

If you fill out our contact form with a request, at the minimum your contact details will be requested. Other personal data may also be necessary for the handling of the assignment, depending on the nature of the request or assignment. 

  • Compliance with legal obligations.
  • Maintaining contact with you.

Your contact data are kept in EU located relationship management system and may be used for the purpose of sending newsletters, updates, invitations to events and seminars and sending information you requested from us.

  • Improving our product and service information and carrying out targeted marketing campaigns.

Part of our service is to keep you informed with information that is relevant to you and your business. To make this possible, we combine and analyse the personal data available with us. On that basis we determine which information and channels are relevant and which moments are most suitable for providing information or establishing contact. In marketing campaigns we do not process special personal data nor confidential data. If we would like to create a personal, individual customer profile, we will ask for your prior permission. If you would like to withdraw this consent later, this is always possible.

We analyse the following data:

    • Interaction data: Obtain personal data and contact between the Arbaheat project and you. For example about your use of our website or supported applications. This also applies to offline interactions, such as how often and when there is contact between members of the Arbaheat consortium and you.
    • Behavioral data: Personal data that the Arbaheat project administration processes about your behavior, such as your preferences, opinions, wishes and needs. We can derive this data from your surfing behavior on our website, reading our newsletters or by requesting information. But also through contact, incoming telephone calls and e-mail contact with our employees. Information obtained through tracking cookies, we collect and use only with your permission, which you can always withdraw. See our cookie statement
  • Improving and securing our website
  • Creating user statistics.The user statistics of the website enable us to get a picture of the number of visitors, the duration of the visit, which parts of the website are being viewed and the click-behavior. It concerns generic reports, without information about individuals. We use the information obtained to improve the website.
  • Access control and company security.

5. Security level

We protect personal data through technical and administrative security measures to minimise the risk of loss, misuse, unauthorised access, disclosure and modification. You can think of security software such as a virus scanner and firewalls, a secure internet connection, encryption of data and physical and administrative access controls to data and servers.

6. Storage of personal data

We do not store your personal data for longer than is strictly necessary for the execution of the purposes. If legal regulations apply to the storage, the personal data will not be kept longer than prescribed by law.

7. Legal basis of the processing

We process personal data on the basis of one of the following legal grounds:

  • permission,
  • on the basis of an agreement or in the run up to the conclusion of an agreement,
  • legal obligation,
  • in connection with a legitimate interest.

A controller may only process personal data if this can be based on one of the limitative enumerated legal grounds in the General Data Protection Regulation (AVG). The legal bases on which the Arbaheat project administration relies are:

  • Permission: If we have requested your permission to process your personal data and you have given this permission, then you also have the right to withdraw this consent.
  • Agreement or in the run up to the conclusion of an agreement: If you give us an assignment to provide information, we process personal data if and insofar as this is necessary for the execution of the assignment.
  • Legal obligation: We only provide personal data to supervisors of investigative authorities if this is legally required. We will take measures in such cases that are reasonably necessary to ensure that your personal data is protected as well as possible.
  • Justified interest: We may also process personal data if we have a legitimate interest and do not therefore disproportionately infringe your privacy. For example, we use your contact information to invite you for seminars and events.

8. Processors

We may use service providers (processors) for the processing of your personal data that only process personal data in our order. We conclude a processor agreement with these processors that meets the requirements set by the General Data Protection Regulation (AVG).

For example, we work with service providers that offer SaaS solutions (software as a service) or provide hosting services. Furthermore, there are ICT service providers who offer us support in keeping our systems safe and stable. We also use third-party services for sending newsletters and commercial e-mails. These are examples of parties that can be designated as processors as referred to in the General Data Protection Regulation (AVG).

9. Share personal data with third parties

Sometimes it is necessary to share your personal data with third parties. Which – depending on the circumstances of the case – are necessary in the handling of your request. There are also legal obligations that lead to personal data being passed on to third parties.

  • In certain cases, personal data will be provided to third parties in the following cases:
  • When processing a file, it may be necessary to share your personal data with third parties. 
  • If a court decision obliges us to provide personal data to third parties, we will have to comply with this.
  • Your personal data will not be shared with third parties for commercial purposes. There is one exception to this. Sometimes we organise a joint activity with another organization, such as an event or seminar. In that case, only the necessary contact details are exchanged.

We never sell your personal data to third parties and do not make automated decisions that could have significant consequences for you.

10. Transfer outside the (European Economic Area) EEA

Under the General Data Protection Regulation (AVG), personal data may only be passed on to parties outside the EEA if an appropriate level is guaranteed for the protection of the personal data or if a specific deviation applies. We may pass on personal data to a party outside the EEA if this is necessary for the execution of our services.

11. If you have questions about your personal data

Every person can exercise certain rights with respect to his or her personal data on the basis of the law. This gives you the right to inspect, rectify and delete personal data. You can also object to the use of your data or request that this use be restricted. In certain cases you can even request your data and take it to another party. For all these questions contact us by email via

12. Complaints

If you have complaints about how we handle your personal data, you can contact us by sending a mail to We are happy to help you find a solution within a period of four weeks after receiving your request. If that does not work, you can always contact the Dutch Data Protection Authority.

13. Changes

Developments are fast and as a result, there may also be some changes in the personal data we request from you and the way in which we use your personal data. Regulations can also change. In that case, we will adjust this Privacy Policy. We therefore invite you to regularly check the Privacy Policy so that you are kept informed. In the event of major changes, we will also make you aware of this via our website.

Rijswijk, June 17, 2019