ProjectNext Leadership, LLC
General Data Protection Regulation (GDPR) Compliance
Last Updated 8/21/2023
ProjectNext Leadership Statement on GDPR Compliance
ProjectNext Leadership (“PNL”) takes reasonable measures to safeguard the confidentiality of all information consistent with GDPR. We use industry-standard administrative, physical, and security technologies and procedures to help protect personal information from unauthorized access, use, or disclosure. PNL is committed to the security, availability, confidentiality, and processing integrity of all information collected, regardless of location.
PNL maintains an information security and privacy program consistent with industry standards, which includes appropriate administrative, physical, and technical safeguards to a) maintain and protect against anticipated threats or hazards to the security, privacy, confidentiality, and integrity of data; and b) protect against any security incident. Additionally, PNL has undertaken GDPR readiness and impact assessments to ensure the proper policies and procedures are in place for compliance.
In regard to GDPR, PNL is generally considered a Processor or Sub-Processor, although there may be some instances where PNL is a Controller (i.e. customer relationship management, accounting processes). As such, PNL’s legal basis for processing Personal Data will typically rely on the following provisions: Article 6(1)(b) ‘performance of a contract’, and Article 6(1)(f) ‘legitimate interest’.
Capitalized terms used in this statement have the meaning ascribed to such terms under GDPR.
Personal Data will be retained by PNL 1) for as long as the Controller or Processor is a client of PNL, 2) until the data is requested to be deleted by the Controller, Processor, or Data Subject, or 3) until the data is no longer necessary to provide the requested services. Anonymized data may be aggregated for our own research or business purposes.
PNL utilizes the European Commission’s Standard Contractual Clauses developed and approved as ensuring adequate protection for Data Subjects in accordance with the EU Data Protection Directive 95/46/EC.
PNL has security and privacy policies and procedures which address the key components within GDPR legislation. An important component of our current security and privacy compliance is the US-based SSAE 18 Service Organization Control (SOC2) Trust Principles. SOC2 compliance and audits map to ISO standards, and as such, share many principles with GDPR in the areas of technical and organizational measures on data security, availability, processing integrity, confidentiality and privacy.
Please contact us with requests for data access, data deletion, or any other questions. We can be reached at email@example.com.