ProjectNext Leadership, LLC

General Data Protection Regulation (GDPR) Compliance

Last Updated 8/21/2023

ProjectNext Leadership Statement on GDPR Compliance

ProjectNext Leadership (“PNL”) takes reasonable measures to safeguard the confidentiality of all information consistent with GDPR. We use industry-standard administrative, physical, and security technologies and procedures to help protect personal information from unauthorized access, use, or disclosure. PNL is committed to the security, availability, confidentiality, and processing integrity of all information collected, regardless of location.

PNL maintains an information security and privacy program consistent with industry standards, which includes appropriate administrative, physical, and technical safeguards to a) maintain and protect against anticipated threats or hazards to the security, privacy, confidentiality, and integrity of data; and b) protect against any security incident. Additionally, PNL has undertaken GDPR readiness and impact assessments to ensure the proper policies and procedures are in place for compliance.

Legal Basis

In regard to GDPR, PNL is generally considered a Processor or Sub-Processor, although there may be some instances where PNL is a Controller (i.e. customer relationship management, accounting processes). As such, PNL’s legal basis for processing Personal Data will typically rely on the following provisions: Article 6(1)(b) ‘performance of a contract’, and Article 6(1)(f) ‘legitimate interest’.

Capitalized terms used in this statement have the meaning ascribed to such terms under GDPR.

Data Retention

Personal Data will be retained by PNL 1) for as long as the Controller or Processor is a client of PNL, 2) until the data is requested to be deleted by the Controller, Processor, or Data Subject, or 3) until the data is no longer necessary to provide the requested services. Anonymized data may be aggregated for our own research or business purposes.

Model Clauses

PNL utilizes the European Commission’s Standard Contractual Clauses developed and approved as ensuring adequate protection for Data Subjects in accordance with the EU Data Protection Directive 95/46/EC.

Technical Security

PNL has security and privacy policies and procedures which address the key components within GDPR legislation. An important component of our current security and privacy compliance is the US-based SSAE 18 Service Organization Control (SOC2) Trust Principles. SOC2 compliance and audits map to ISO standards, and as such, share many principles with GDPR in the areas of technical and organizational measures on data security, availability, processing integrity, confidentiality and privacy.

Please contact us with requests for data access, data deletion, or any other questions. We can be reached at cybersecurity@projectnextleadership.com.