This website is owned by ZRG Partners and operated by Walking the Talk B.V. ("Walking the Talk"). Walking the Talk B.V. is located at Keizersgracht 555, 1017 DR, Amsterdam, Netherlands.

Walking the Talk is committed to ensuring compliance with a range of data protection regulations, including the General Data Protection Regulation (GDPR), Privacy and Electronic Communications Regulations (PECR), ePrivacy Directive, US and other relevant Data Protection Legislations.  Whenever the term 'GDPR' is referenced in this document, it pertains to both The Regulation (EU) 2016/679 (EU GDPR) and The Data Protection Act 2018 (UK GDPR). Should there be a need to refer to other regulations, they will be appropriately and distinctly named.

We are dedicated to respecting the privacy of visitors to our websites. This Privacy Policy outlines Walking the Talk's current practices regarding the collection of Personal Data by Walking the Talk from you directly and/or through the Walking the Talk website.

This Privacy Policy is not only intended for individual users but also applies to companies that avail our services. We understand the importance of ensuring GDPR compliance when delivering services to our client companies. As a data controller, Walking the Talk is dedicated to safeguarding the personal data of our clients, adhering to GDPR principles and legal requirements, and offering full transparency.

Protecting your privacy is of utmost importance to us, and Walking the Talk will act in accordance with current legislation and internet best practices.

  Data Protection Legislations means (i) the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”) and the Directive on Privacy and Electronic Communications (Directive 2002/58/EC); (ii) the EU GDPR as it forms part of UK law by virtue of the European Union (Withdrawal) Act 2018, as modified by the Data Protection Privacy and Electronic Communications (Amendments, etc) (EU Exit) Regulations 2019 (SI 2019/419) (“UK GDPR”); (iii) the Data Protection Act 2018; (iv) the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426); (v) all other applicable data protection and privacy legislation in force in the UK and European Economic Area; and (vi) all relevant codes of practice and guidance issued by the Commissioner, supervisory authorities or other bodies in relation to the processing of personal data, in each case as amended and in force from time to time.

Walking the Talk acts as the Data Controller and is dedicated to protecting the rights of individuals in line with the GDPR. If you have any questions or concerns about your privacy or data protection, please contact our Data Protection Lead at the following details:

Phone: +31 (0) 20 240 2233


Personal Data

As defined by the GDPR and other data protection legislation, personal data refers to any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. This broad definition encompasses a wide range of information, including but not limited to, names, addresses, email addresses, identification numbers, IP addresses, and cookie identifiers.
Walking the Talk collects personal data on its website when such data is submitted by you during the registration process or when you request information about our organization. The personal data you provide will only be used by Walking the Talk to provide you with the requested information or services. We will process your data in order to send you the information, updates and other information you have requested until you ask us to stop. Your information will be stored for up to 7 years after our last interaction with you and as defined in our Data Retention policy..
Walking the Talk ensures compliance with the GDPR, and other applicable data protection legislation as far as practicable by complying with the principles of data protection, by keeping personal data up to date, securely storing and destroying it, collecting and retaining only necessary data, protecting it from unauthorized access and disclosure, and implementing appropriate technical measures for data protection.


How do we use your information?

This privacy policy tells you how we, Walking the Talk, will collect, store, process , and use your personal data, including data collected through the use of cookies.

The personal data that we collect directly from you, from our own sources, and data we receive ourselves and receive from third parties may include the following: your name, address, e-mail address, phone number, place of work, job position, and any other details relating to your account, as well as information collected via cookies during your interactions with our website or services.

We use your data to send periodic emails, manage your subscriptions and settings, to improve our website to ensure that content is presented in the most effective manner. We may send you marketing information concerning our products or services which you use or our similar products or services which we think may be of interest to you such as periodic newsletters, latest research reports or series of content we feel could benefit you. This may include information concerning promotions or offers which could benefit you.

Walking the Talk's services may be delivered by consultants located in the EU, Brazil, USA, Australia, and other countries. These consultants are an integral part of our service delivery team and may require access to your personal data to provide you with the best possible experience.
Walking the Talk is committed to enhancing the quality of our services. To achieve this, we may implement artificial intelligence (AI) technologies to improve user experiences, personalize content, and streamline processes. These AI systems will process data for the purpose of enhancing the services we provide. We ensure that these technologies are implemented in compliance with data protection regulations.

We will only use your personal data for the purposes for which we collected it and as you would reasonably expect your data to be processed and only where there is a lawful basis for such processing, for example:


Type of data

Lawful basis for processing

To register you as a new customer

a.   First Name

b.   Last Name

c.   Business Email

d.   Company Name

e.   Job Title

f.    Countryz

a.   Performance of a contract with you

b.   Consent

To process and deliver the consultancy products and services you request, including culture-changing solutions, and to manage payments, fees, and charges.

a.   Identity

b.   Contact

c.   Financial

d.   Transaction

a.   Performance of a contract with you

b.   Necessary for our legitimate interests to recover debts owed to us

c.   Consent

To manage our ongoing relationship with you which will include notifying you about changes to our terms, services or privacy policy, to maintain our records

a.   Identity

b.   Contact

c.   Profile

d.   Marketing and Communications

a.   Performance of a contract with you

b.   Necessary to comply with a legal obligation

c.   Necessary for our legitimate interests to keep our records updated and to study how customers use our services

d.   Consent


To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

a.   Contact information

b.   User preferences and other account-related details

a.   Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise

b.   Necessary to comply with a legal obligation

c.   Consent

To use data analytics to improve our website, services, marketing, customer relationships and experiences

a.   Email address

b.   User preferences and other account-related details

c.   Technical

d.   Usage

a.   Necessary for our legitimate interests to define types of customers for our services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy

b.   Consent

To make suggestions and recommendations to you about services that may be of interest to you

a.   Identity

b.   Contact

c.   Technical

d.   Usage

e.   Profile

a.   Necessary for our legitimate interests to develop our services and grow our business

b.   Consent

Conducting assessments and surveys to evaluate and understand corporate culture within client organizations

a.   Demographic data of employees or participants.

b.   Responses to survey questions related to behaviors, attitudes, and cultural attributes.

c.   Feedback and comments provided by employees or participants.

a.   Consent

b.   Legitimate interest

c.   Contractual performance

d.   Compliance with Legal Obligations

Designing and planning corporate culture transformation journeys

a.   Organizational data

b.   Employee data

c.   Behavioral data

a.   Consent

b.   Legitimate interest

c.   Contractual performance

d.   Compliance with Legal Obligations

Measuring and tracking cultural changes over time

a.   Employee data

b.   Behavioral data

c.   Performance data

a.   Consent

b.   Legitimate interest

c.   Contractual performance

d.   Compliance with Legal Obligations

e.   Vital Interests

Developing leadership and middle-management teams to align with desired cultural attributes

a.   Leadership and Management data contact data

b.   Assessment data

c.   Behavioral data

d.   Performance data

e.   Feedback and Comments data

a.   Consent

b.   Legitimate interest

c.   Contractual performance



Providing training programs to facilitate behavioral changes

a.   Participant Information

b.   Training Records

c.   Assessment Data

d.   Feedback and Evaluation

e.   Performance Data

a.   Consent

b.   Legitimate interest

c.   Contractual performance




How do we collect your personal data?

Each time you visit our website, we may automatically collect information and personal data about your computer for system administration, including where available, your IP address, operating system and browser type subject to you accepting or rejecting our cookies and other tracking pixels.

During the registration process or at any point where personal data is collected by us about you, you may be asked to indicate your preference regarding Walking the Talk sending you information about other Walking the Talk products or services. 

We may contact you in relation to your request and our products and services.  We may contact you by email, post. and/or phone call.  You can ask us not to contact you at anytime and we will amend your preferences for you.

You may unsubscribe at any time by following the ‘unsubscribe’ link at the bottom of any email you receive or by clicking on this link and submitting your email to be unsubscribed.

Why does Walking the Talk need to collect and store personal data?

Walking the Talk recognizes the importance of personal data protection, and we are committed to complying with the General Data Protection Regulation (GDPR) and other relevant data protection legislation in all aspects of our operations. We collect and store personal data for the following lawful purposes, which are integral to our core business of delivering culture change services to other companies:
-    Service Delivery and Personalization: To efficiently manage the Walking the Talk website and provide the services requested by both individuals and our client organizations. To analyze visitor behavior, enabling us to enhance our website and service offerings for improved customer support.
-    Communication: To keep individuals, employees, and clients informed about news, events, activities, or services offered by Walking the Talk. These communications aim to support our core mission of facilitating culture change within client companies and are essential for providing a seamless and informed experience.
-    Feedback and Improvement: We may contact individuals and clients, through surveys to gather insights about their opinions regarding our current services and the potential new services that may aid in achieving culture change goals. This feedback-driven approach is vital in continually enhancing our services.
-    Legitimate Business Interests: Additionally, the collection and storage of personal data align with our legitimate business interests, as we believe it is crucial for advancing our core mission of empowering organizations to foster positive culture changes. Walking the Talk ensures that the data collected is proportionate and necessary for these specified purposes and is processed in a manner that respects your privacy rights, providing a secure and confidential environment.
In any event, we are committed to ensuring that the data we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.

Will Walking the Talk share my personal data with anyone else?

Under specific circumstances and to fulfill our obligations to you as outlined in this document, your personal data may be shared with carefully chosen third parties, including but not limited to:
-    Service providers offering IT and system administration services.
-    Various third parties, such as data processors, suppliers, and equipment providers, necessary for the operation and expansion of our business.
-    Professional advisors, including lawyers, bankers, auditors, and insurers, providing services such as consultancy, credit scoring, legal aid, fraud protection, insurance, and accounting.
-    Other technology companies involved in tracking, analytics, and advertising activities.
-    Social media companies.
-    Companies within our group of companies.
-    Partners and other organizations contributing to the provision of our services to you and the management of our company.
-    Government organizations, regulators, and other legal authorities requiring disclosure of processing activities in specific situations.
-    Third parties to whom we sell, transfer, or merge parts of our business or assets.
-    Other companies necessary for fulfilling our obligations to you and maintaining our business operations.

We ensure that all third parties receiving your data respect the security of your personal information and handle it in compliance with relevant legislation. We only permit such third parties to process your personal data for specific purposes and in accordance with our guidelines.

Regarding the sharing of your personal data, Walking the Talk may disclose your information to third parties based on the following lawful basis:

-    Consent: Sharing of your data may occur if you explicitly consent to such sharing.
-    Legal Obligations: In some instances, we may be legally obligated to disclose your data to third parties, such as government authorities or regulatory bodies, to comply with the law.
-    Legitimate interest: We might collaborate with third-party organizations to facilitate the provision of our services. These organizations are contractually obligated to uphold the security of your data and utilize it exclusively for the purposes outlined by us.
-    Business Transition: In the event of a merger, acquisition, or asset sale involving Walking the Talk, your personal data may be transferred to the acquiring entity, and you will be duly informed of such a transfer.

Is my data transferred to other countries by Walking the Talk?

We might transfer and store the information we collect about you in countries different from the one where the data was initially gathered, which may include the United States, or other locations beyond the European Economic Area (EEA) and the United Kingdom. These countries may not have the same data protection regulations as the one in which you originally provided the data. When we transfer your data to other countries, we will safeguard the data as detailed in this Privacy Policy and adhere to the applicable legal requirements that ensure adequate protection for data transfers outside the EEA and the United Kingdom. This includes but is not limited to the Data Processing Agreement (DPA), Standard Contractual Clauses (SCC), Transfer Impact Assessments (TIAs), International Data Transfer Agreement (IDTA) or the UK Addendum, as applicable.

If you are situated within the EEA or the United Kingdom, we will only transfer your personal data if:
-    The destination country has received a positive adequacy decision from the European Commission, or
-    We have established suitable protective measures for the transfer, such as entering into EU standard contractual clauses, the International Data Transfer Agreement (IDTA) or the UK Addendum and implementing additional safeguards with the recipient, or the recipient adheres to binding corporate rules authorized by an EU or UK supervisory authority.
For more details about the protective measures we've implemented for personal data transfers, please contact us using the information provided in the "How to contact us" section below.

How will Walking the Talk use the personal data it collects about me?

Walking the Talk will handle (collect, store, and process) the data you provide in line with the provisions of the GDPR and other pertinent data protection legislation. Our processing endeavors are geared towards maintaining the accuracy and currency of your data, ensuring that it is not retained longer than necessary. Moreover, as part of our core business in delivering services to other companies for cultural transformation, we are obliged to retain certain data in compliance with legal requirements, including those related to income tax and audits.

How to change your preferences?

At Walking the Talk, we strictly adhere to GDPR and other data protection legislation, reflecting our commitment to safeguarding your rights and privacy. We are prepared to promptly address your requests related to personal information access, rectification, data transfer, or discontinuation of processing. Additionally, we can provide guidance on how to file complaints with the relevant authorities. If you wish to make a request or express objections, we encourage you to submit your preferences in writing to the Data Protection Lead at Alternatively, you can reach out to us through our website, phone, or email to exercise your rights, file a complaint, or modify your preferences at any time.

How to make a complaint? 

In cases where you have provided consent for us to process your data, such as opting in for marketing information or agreeing to the processing of financial data, you retain the right to contact us to revise or revoke your consent at any time. Furthermore, you have the option to object to processing and request the deletion of your data. We fully respect all user rights as defined in the GDPR and described below. If you have any comments or wish to lodge a complaint, please do not hesitate to contact us.

How will Walking the Talk will keep my data secure? 

Walking the Talk is dedicated to maintaining the confidentiality, integrity, and availability of your personal data and to safeguarding your privacy rights. Our commitment to data security includes protecting your personal data from unauthorized access, securely storing and destroying it, retaining only necessary data, and implementing technical measures for protection.

These security measures are regularly reviewed and updated to align with evolving security standards and best practices.

Under what circumstances will Walking the Talk contact me?

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the data you provide will be subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure.

How long will Walking the Talk retain my personal data?

Your personal data is stored by Walking the Talk on its servers and on the servers of cloud-based service providers that Walking the Talk engages, which may be located in the UK, EU or United States. We may maintain your information in hard copy or electronic format, in storage facilities that we either own and operate ourselves or are owned and operated by our service providers.

Furthermore, your data may be processed by individuals operating outside the EEA, including our own staff, staff from our service providers, or other parties. Any such transfer of personal data outside the EEA will be carried out in compliance with the requirements of the GDPR and other pertinent data protection legislation.

Walking the Talk retains your personal data for as long as necessary, considering the purposes for which it was initially collected or legally processed. We may also retain data as required by our legal obligations. For personal data used in marketing, we will continue to keep it until you inform us that you no longer wish to receive such information.

This approach aligns with our core business of providing services to other companies for cultural transformation and adheres to the relevant data protection legislation. For further details on our data retention policy, please refer to our Data Retention Policy.

Can I find out the personal data that the organization holds about me?

Walking the Talk at your request, can confirm what data we hold about you and how it is processed. If Walking the Talk does hold personal data about you, you can request the following data:
•    Identity and the contact details of the person or organization that has determined how and why to process your data. In some cases, this will be a representative in the EU and/or UK.
•    Contact details of the Data Protection Lead, where applicable.
•    The purpose of the processing as well as the legal basis for processing.
•    The categories of personal data collected, stored, and processed.
•    If we intend to transfer personal data to a third country or international organization, data about how we ensure this is done securely. The EU and UK have approved sending personal data to some countries because they meet a minimum standard of data protection.
•    How long the data will be stored.
•    Details of your rights to correct, erase, restrict or object to such processing.
•    Data about your right to withdraw consent at any time.
•    How to lodge a complaint with the supervisory authority.
•    Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
•    The source of personal data if it wasn’t collected directly from you.
What are my rights as a data subject?
•    Right of access – you have the right to request a copy of the information that we hold about you.
•    Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
•    Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
•    Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
•    Right of portability – you have the right to have the data we hold about you transferred to another organisation.
•    Right to object – you have the right to object to certain types of processing such as direct marketing.
You can exercise your data protection rights at any time by contacting our Data Protection Lead at  We are committed to responding to data protection requests in accordance with GDPR guidelines.

Our aim is to provide a timely response within one month of receiving your request, which may be extended to two months if your request is complex or if there are multiple requests from you. This extension will be communicated to you within one month, along with the reasons for the delay.

Subject Access Request (SAR) responses are typically provided free of charge. However, we reserve the right to reject or apply reasonable fees to requests that are manifestly unfounded, excessive, or repetitive, in accordance with legal requirements. We will always provide a clear explanation if such a situation arises.

We are fully committed to complying with relevant Data Protection Legislations and will cooperate with any investigations or requests made by the relevant authorities.

If, for any reason, you are not satisfied with our response or handling of your data protection request, you retain the right to directly approach your local data protection authority. A list of these authorities can be found at: Data Protection Authorities List.

Please be aware that our website may include links to external websites operated by our partner networks, advertisers, and affiliates. It is important to note that these websites have their own privacy policies, and we do not accept any responsibility or liability for the content or practices of these websites. We recommend reviewing their privacy policies before providing any personal data to these external sites.

What are our Obligations?

As a company, we are dedicated to safeguarding the personal data of our clients and employees. In accordance with this commitment, we comply with the principles of the General Data Protection Regulation (GDPR) when collecting, utilizing, and handling personal data. This includes adherence to principles of legality, fairness, and transparency; limiting data collection to specific purposes; minimizing the amount of data collected; ensuring accuracy; limiting data storage; maintaining integrity and confidentiality; and being accountable for data protection." can be included in the Privacy Policy.

Changes of this Policy

We will review and update this Privacy Policy regularly to ensure that it is up-to-date and complies with the GDPR and data protection regulation.

We will notify you of any changes to this Privacy Policy by posting the revised policy on our website and/or by sending you an email notification if there are major material changes. You can always access the latest version of this Privacy Policy by visiting our website.

California Consumer Privacy (Exclusive to California Residents)

Distinct regulations pertain to the personal data of individuals residing in California. Additional details can be found by clicking this link. 
In accordance with California's "Shine the Light Act," residents of California have the right to seek details regarding how we disclose specific data categories to third parties for their marketing purposes.

How to contact us:


Supervisory Authority Contact Details

Data Protection Lead (DPL) Contact Details

Contact name

Autoriteit Persoonsgegevens

Steve McLay


Prins Clauslaan 60

P.O. Box 93374

2509 AJ Den Haag/The Hague


Keizersgracht 555

1017 DR Amsterdam



+31 70 888 8500

+31 (0) 20 240 2233

+31 70 888 8501

Website Autoriteit Persoonsgegevens