Privacy Statement/ Cookie Statement

Twynstra Gudde is a Dutch organisational consultancy at the centre of the world. Our consultants contribute to a world where people and organisations develop in a sustainable fashion. In the fields of healthcare, security, public investments, mobility and infrastructure, water, energy, education, living and working. From strategy through to realisation, based on a foundation of expertise collaboration, change management, organisational management, and project and programme management. Our consultants have a wide range of expertise, experience and skills. For instance, they are project and programme managers or change management managers; they oversee innovations, draft business cases and supervise processes.


1. Introduction and company details
This statement applies to Twynstra Gudde Holding B.V. and/or to its affiliated businesses. Hereafter: Twynstra Gudde. Any affiliated businesses that are an exception to the stipulations of this Privacy Statement and/or any other regulation will be stated in the given article. The processing of personal data that Twynstra Gudde undertakes as part of its work falls under the EU General Data Protection Regulation (GDPR). GDPR stipulates obligations on responsibilities regarding the processing of personal data and gives rights to citizens, where protecting the privacy of the natural person as an individual takes precedence. Twynstra Gudde has very high standards on safeguarding your privacy and ensuring the confidentiality of the data and information you entrust us with. We handle your data with care and ensure the maximum security.

Contact details:
Twynstra Gudde
P.O. Box 907
3800 AX Amersfoort

For privacy matters, please contact Juliette de Voogd (

2. Terms
Controller: A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In the context of this Privacy Statement, Twynstra Gudde is the controller.

Personal data: Any information relating to an identified or identifiable natural person (individual).

Data processing: Any operation or set of operations performed upon personal data, at least including the collection, recording, organisation, storage, adaptation, alteration, retrieval, consultation, use and destruction of personal data.

Database: A structured system of personal data, accessible according to particular criteria.

Processor: A natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller.

3. Personal data
Twynstra Gudde collects the below data. We only do this if you explicitly make these data available to us. These data are managed in a secure environment (database), only accessible to authorised persons.

  • If you send us a message via email and/or our website or another manner, e.g. by post, we use your name and email address.
  • Any information you send us yourself via a form, CV or any other document.
  • When signing up for a particular service or newsletter, we ask you for data to able to provide that service. For every online form, we ask your permission to collect and use these data.
  • If you are working on or have worked on a project for Twynstra Gudde, we save information on these projects, a report of our contact history with you and any notes and/or comments from clients. Our reports are based on information received directly from you, public sources and third parties.

4. Purpose and use of data
We use the data we receive via our website and by email for various purposes. These data concern data you have provided yourself.

  • To respond to a request you have sent in, for instance, a request for information about our services or about your search for a job (vacancy) or application to fill a (interim) role, or your request to be included in our contact database.
  • Your data can be used to select the right candidate for a vacancy or project, to reach suitable candidates or to invite candidates to our events.
  • We also use data from our clients, where necessary, to be able to contact them about current projects, to maintain our relationship with them and to be able to invite them to our client events.
  • We process your personal data for promotional and/or other marketing purposes. For instance, to inform you of our services and update you on new developments.

5. Obligations of the controller (Twynstra Gudde)
In accordance with GDPR, the controller has obligations regarding its staff and staff files. In very general terms, these are:

  • Personal data are collected and processed with the permission of the person in question.
  • Personal data are only collected for the lawful purposes described in this Privacy Statement. They are processed in accordance with the law and in a fair and careful manner.
  • If personal data are processed by third parties, Twynstra Gudde will ensure this is done in accordance with GDPR standards, by concluding such things as a processing agreement.
  • The personal data recorded must have been lawfully obtained.
  • Twynstra Gudde is obliged to ensure the correctness and accuracy of data in the database. The personal data that are processed are sufficient for the above purposes and not extreme.
  • Twynstra Gudde has appropriate technical and organisational measures in place to ensure the security of personal data against loss or any form of unlawful processing.
  • Twynstra Gudde ensures that personal data are not saved for any longer than necessary to realise the purposes for which the personal data were processed.

6. Sharing data
Your information is saved in Twynstra Gudde’s database. Our database is secure and only accessible to our staff.
Your data may be shared in strictest confidence outside our network with:

  • (Potential) contacts/clients that also have to process your data for the above-mentioned purposes.
  • Third parties, when required by law.
  • Our service providers, only to be able to carry out tasks on behalf of Twynstra Gudde (such as security web hosting, background checks and other administrative tasks). Where necessary, processing agreements or other measures have been concluded with these companies to protect the personal data, e.g. via general terms and conditions.

In a limited number of cases, Twynstra Gudde shares personal data with companies or agencies outside the EU. As a rule, data is transferred based on an adequacy decision by the European Commission. If no adequacy decision has been taken for the country or sector in question, personal data are only transferred in accordance with the rules of exception in article 49 of the GDPR.

  • 7. Saving data
    Twynstra Gudde saves your personal data as long as necessary to provide you with services, doing so lawfully or until you submit a request to have your data removed.
  • For the personal data that we process for marketing purposes, the acquisition of projects, relationship management and personalised content, we employ a standard saving time of one year after the end of our contact with you or the relationship.
  • Personal data you provide as part of a job application procedure are removed two months after the end of process, unless other agreements have been made with you. For instance, agreements on including your data in a database.
  • In terms of the database for interim managers via TGIM BV, by answering our confirmation email you give Twynstra Gudde permission to keep your personal data in a database for a two-year period. At the end of this period, we will contact you to see if you agree to us extending this period.


You are entitled, at any time, to write to us and request that your data be adjusted or removed (see above section ‘Rights’).

8. Cookie statement
What is a cookie?
A cookie is a simple, small file that is sent with pages on this website and saved by your browser in the memory of your device. The information saved in this can, on a return visit to our website, be sent back to our servers. We use cookies on this website.

Use of permanent cookies
By using permanent cookies, we can recognise you on a return visit to our website. As such, our website can be set to your preferences. Even if you have given permission for cookies to be stored, we can keep this by using a cookie. As a result, you do not need to repeatedly state your preferences, meaning you can enjoy our website more and save time. You can remove permanent cookies via your browser settings.

Google Analytics
Cookies are placed on our website by the US firm Google as part of its Analytics service. We use this service to keep track of how our website is being used and to get reports on this. Google can provide this information to third parties, if legally obliged to do so, or insofar as third parties process the information on Google’s behalf. We have no influence on this. We have given Google permission to use the Analytics information acquired for other Google services.

The information Google collects is anonymised where possible. Your IP address is expressly not shared. The information is transferred to Google and saved by it on servers in the U.S. Google says it adheres to the Privacy Shield Principles and is a member of the Privacy Shield Program of the US Department of Commerce. This means there is an appropriate level of security for the processing of any personal data.

Social media
Our website has buttons linking to our pages on social media networks like LinkedIn, YouTube and Twitter. These buttons are based on small pieces of code from LinkedIn, YouTube and Twitter. Because of this code, cookies are stored in the memory of your device. Twynstra Gudde has no influence on this. Please refer to the privacy statement of these companies (which can regularly change) to read what they do with he (personal) data they process via these cookies.

The information that these companies collect is anonymised where possible. The information received is saved on servers in the U.S. LinkedIn, Twitter and Google say they adhere to the Privacy Shield Principles and are members of the Privacy Shield Program of the US Department of Commerce. This means there is an appropriate level of security for the processing of any personal data.

Activating, deactivating and deleting cookies
For more information on activating, deactivating and deleting cookies please refer to the instructions and/or the Help function for our browsers.

9. Rights
Right of access
You have the right of access to your personal data and information about how these data are processed. The right of access means: Information that Twynstra Gudde is using your personal data, the specifics on these data, for what purpose these data are being used, to whom these data have been sent and the provenance thereof (if known).

Right to rectify the collected personal data
You have the right to request the rectification of your personal data. The right to rectify means that you may ask Twynstra Gudde to improve, supplement, remove or screen off personal data. This can be requested if the personal data are factually incorrect, incomplete or are not being used for the purpose for which they were collected, or are being used unlawfully.

Right to be forgotten
If it is no longer necessary for Twynstra Gudde to save or process your data, you can ask for the processing of your personal data to stop (or be limited) or to have the personal data removed in part or entirely.

Right to data portability
You can ask us to transfer data – known to us – to another party

Right to lodge a complaint
Insofar as the processing of personal data is based on the lawful interests of Twynstra Gudde (and not on other processing grounds), you are entitled to lodge a complaint against the processing of personal data by Twynstra Gudde, preferably in the first instance with the organisation itself or otherwise with the Dutch authority for personal data, the Autoriteit Persoonsgegevens. If you wish to make use of the above-mentioned rights, please contact Renate Lanjouw by email. If your query concerns the right of access to the personal data linked to a cookie, please include a copy of the cookie in question in your request You can find these in your browser settings. You will receive a response to your request within 30 days.

10. Security
Sharing data via the internet is never completely secure or without problems. Nevertheless, we take every possible technical and organisational measure to protect your personal data against loss, misuse, unauthorized access, publication, alteration and destruction.

Twynstra Gudde reserves the right to change this Privacy Statement. Changes will be published on our website.

June 2018