Legal

Privacy Statement

Privacy Statement  Jonathan Warner Operations B.V.

Last update – March 2026

Jonathan Warner Operations B.V. is an advisory firm and business partner in leadership development. We help organisations move from strategy to execution — through the human dimension. Our services aim to strengthen the leadership of clients, in the broadest sense of the word. In doing so, we process personal data carefully, proportionately and in line with applicable data protection law, including the EU General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (UAVG/AVG). This statement explains what we process, why we process it, on what legal grounds, and how we safeguard it.

 

1. Our responsibility

Jonathan Warner Operations B.V., based in the Netherlands, acts as data controller for personal data processed in the context of our services, website and business operations.

Contact: info@jonathanwarner.nl

Website: www.jonathanwarner.nl

Address: Bilderdijkstraat 12, 2311 XE Leiden

Chamber of Commerce (KvK): 99387263

If required, we will cooperate with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) as supervisory authority.

Data Protection Officer (DPO/FG): Jonathan Warner Operations B.V. has not appointed a Data Protection Officer. For privacy questions you can contact info@jonathanwarner.nl

 

2. What data we process

We process professional data relevant to our advisory work, including:

  • Name, role and organization;
  • Professional contact details;
  • Information shared in leadership advisory, coaching and development programmes;
  • Assessment-related information where applicable;
  • Business and contractual information;
  • Professional communications;
  • Website usage data (such as IP address, browser type and cookies).
  • Special categories of personal data (e.g., health data) are not intended to be processed unless strictly necessary for the engagement and only with appropriate safeguards and a lawful basis.

We only process the data that is necessary for a defined and legitimate purpose. We do not sell personal data and we do not process personal data for unrelated commercial exploitation.

3. Where we obtain personal data

We generally obtain personal data directly from you. In some cases, we may receive professional contact details and engagement-related information from your employer or contracting organization (our client) or from publicly available professional sources (e.g., company websites or professional networking platforms). Where we receive data indirectly, we will provide the information required under Article 14 GDPR where applicable.

 

4. Why we process data

We process personal data for the following purposes:

  • Delivering leadership advisory and development services;
  • Supporting organizations in translating strategy into behavior and execution;
  • Facilitating coaching, reflection and development processes;
  • Managing client and partner relationships;
  • Meeting contractual and legal obligations;
  • Protecting the integrity and security of our systems;
  • Improving our services and website.

Under the GDPR, we rely on one or more of the following legal bases:

  • Performance of a contract;
  • Compliance with a legal obligation;
  • Legitimate interests, such as maintaining professional relationships, information security and fraud prevention, service quality improvement and business continuity;
  • Consent, where required (e.g., for certain cookies or specific processing activities).

 

5. Confidentiality

Our work may involve sensitive professional information about leadership, behavior and organizational dynamics. We treat such information with strict confidentiality. Access is limited to individuals directly involved in delivering our services and bound by contractual and professional confidentiality obligations. Professional trust is non-negotiable.

 

6. Data sharing

We may share personal data with carefully selected service providers, such as IT, cloud, communication and assessment platform providers, where this is necessary to deliver our services. We may also share engagement outputs (e.g., agreed reports or summaries) with the contracting organization (our client) where this is part of the engagement and agreed.

Where third parties process data on our behalf, this is governed by data processing agreements in accordance with Article 28 GDPR. If personal data is transferred outside the European Economic Area (EEA), we apply appropriate safeguards, such as:

  • European Commission Standard Contractual Clauses (SCCs); or
  • Transfers to countries subject to an adequacy decision.

 

7. Data retention

We retain personal data only for as long as necessary for:

  • The purpose for which it was collected;
  • The duration of our professional engagement;
  • Compliance with legal, tax or regulatory obligations;
  • The establishment, exercise, or defence of legal claims.

After the applicable retention period, data is securely deleted or anonymized.

8. Security

We apply appropriate technical and organizational measures to protect personal data against loss, misuse and unauthorized access, including:

  • Secure cloud infrastructure;
  • Access controls and authentication (including multi-factor authentication where feasible);
  • Encryption where appropriate;
  • Contractual safeguards with service providers;
  • Ongoing monitoring of information security risks.

In the event of a personal data breach, we will act in accordance with applicable legal notification obligations.

 

9. Website and cookies

Our website uses cookies and similar technologies. Where required, we request your consent before placing non-essential cookies. You can manage your preferences via the cookie banner and/or your browser settings. For more information (types of cookies, purposes and retention periods), see our Cookie Statement at: [insert link/path on website].

 

10. Automated decision-making

We do not make decisions that produce legal effects concerning you or similarly significantly affect you based solely on automated processing (including profiling). If assessment tools are used, results are interpreted by qualified professionals and discussed within the engagement context.

10. Your rights

Under the GDPR, you have the right to:

  • Access your personal data;
  • Request correction of inaccurate data;
  • Request erasure where applicable;
  • Restrict processing in certain circumstances;
  • Object to processing based on legitimate interests;
  • Request data portability where applicable;
  • Withdraw consent where processing is based on consent.

You may exercise your rights by contacting info@jonathanwarner.nl. We will respond within one month of receiving your request (subject to GDPR conditions and any lawful extensions).

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

10. Updates to this statement

We review this statement periodically to ensure it remains accurate and aligned with how we work. If we make material changes, we will publish an updated version on our website.

We bring surprisingly human solutions to any business challenge.

Discover more