Skip to main content
WAIMAKERS
About UsCareersContact
|
Schedule Free Call

Privacy Policy

Last updated: April 2026

1. Introduction

WAIMAKERS ("we," "us," or "our") is committed to protecting the privacy of our users and clients. This Privacy Policy explains how we collect, use, and disclose information about you when you use our website waimakers.com, engage with our services, or otherwise interact with us.

As a boutique consultancy specialising in AI transformation, we understand the importance of data protection. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Who We Are

We are WAIMAKERS B.V. (trading as WAIMAKERS), a boutique consultancy focused on AI transformation for businesses.

Data Controller Details:

  • KVK-nummer: 91822416
  • Address: Joop Geesinkweg 201-224, 1114 AB Amsterdam, The Netherlands
  • Contact: admin@waimakers.com
  • Phone: +31 6 20 08 67 83

3. Information We Collect

3.1 Information You Provide to Us

We may collect the following types of personal data that you provide directly to us:

  • Identity Data: name, job title, company name
  • Contact Data: email address, phone number, business address
  • Professional Data: information about your business needs, industry, and requirements
  • Communication Data: information contained in your communications with us, including emails, meeting transcripts, and other correspondence
  • Service Data: information needed to provide our services to you

3.2 Information Collected Automatically

When you visit our website, we automatically collect:

  • Technical Data: IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology identifiers on the devices you use
  • Usage Data: information about how you use our website, including page views, time spent on pages, navigation paths, and interaction with content
  • Device Data: information about the device you are using to access our website

3.3 Information From Third Parties

We may receive information about you from third parties, including:

  • Business partners
  • Service providers
  • Public databases
  • Social media platforms, if you interact with us through those channels

4. How We Use Information

We use your information for the following purposes:

4.1 To Provide Our Services

  • To deliver consulting and implementation services related to AI transformation
  • To communicate with you about our services
  • To respond to your enquiries and requests
  • To maintain our client relationship

4.2 For Legitimate Business Interests

  • To improve and optimise our website and services
  • To analyse usage patterns and trends
  • To protect the security and integrity of our services
  • To develop new products, services, and business opportunities
  • To process communications more efficiently using AI tools (further detailed in Section 8)

4.3 For Marketing Purposes (with consent)

  • To send you updates about our services, industry insights, and events
  • To provide personalised content and recommendations

4.4 To Comply with Legal Obligations

  • To meet legal, regulatory, and contractual requirements
  • To establish, exercise, or defend legal claims

5. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Performance of a Contract: when processing is necessary to fulfil our contractual obligations to you
  • Legitimate Interests: when processing is necessary for our legitimate business interests, provided these interests are not overridden by your rights. This includes:
    • Processing email communications and other correspondence using AI tools to improve efficiency and response quality
    • Maintaining and improving our services
    • Business development and relationship management
  • Consent: when you have given us explicit consent to process your data for specific purposes
  • Legal Obligation: when processing is necessary to comply with a legal obligation

When you contact us as a prospective client or business contact, we typically rely on legitimate interests to process your communications, including using AI assistance to help us respond effectively.

Our legitimate interest balancing test. Before relying on legitimate interests for AI-assisted processing, we have assessed: (a) Purpose — efficient, high-quality business communication and service delivery to you; (b) Necessity — AI assistance materially improves response speed, accuracy, and consistency in ways manual processing cannot reasonably replicate; (c) Balancing — we limit AI use to B2B professional contacts, restrict processing to vendors whose terms of service and/or Data Processing Agreements prohibit model training on your data, keep humans in the loop for all outbound communication and CRM updates, and provide an easy right to object. A summary Legitimate Interest Assessment (LIA) is available on request via admin@waimakers.com.

6. Data Sharing and Disclosure

We may share your information with:

6.1 Sub-Processors We Use

We share information with the following primary processors and service providers who help us operate our business, run the website, and deliver services. Where these vendors process personal data on our behalf, we rely on appropriate Data Processing Agreements or data protection terms, which may be separately executed or incorporated by reference via the vendor's terms of service. For our AI processors, we use business, enterprise, or API tiers whose terms and/or Data Processing Agreements prohibit the use of customer content to train their foundation models. Processors may retain limited operational metadata for abuse detection, security, service delivery, and product telemetry in line with their published policies — see Section 8.3 for details.

Processor / service provider Purpose Hosting region Transfer mechanism / safeguard
OpenAI Ireland Ltd. / OpenAI LLC Generative AI for drafting, summarisation, analysis EU / US DPA, SCCs, EU-US Data Privacy Framework where applicable
Anthropic PBC (Claude) Generative AI for drafting, summarisation, analysis US / global Commercial Terms and DPA/SCCs where applicable
Microsoft Ireland (Microsoft 365 + Copilot) Email, calendar, document collaboration, AI assistance EU (EU Data Boundary) —
Fireflies AI Inc. Meeting recording and transcription US DPA, SCCs, EU-US Data Privacy Framework where applicable
Notion Labs, Inc. Internal knowledge base, CMS content, job applications, uploaded application files US / global, with EU residency options for eligible workspaces DPA and SCCs where applicable
Resend, Inc. Transactional email notifications from website forms US / global DPA, SCCs, EU-US Data Privacy Framework where applicable
Slack Technologies, LLC Internal notification routing for website form submissions US / global DPA and SCCs where applicable
Google LLC reCAPTCHA spam protection, Google Analytics after consent Global Google data protection terms and transfer safeguards where applicable
Pipedrive OÜ CRM EU + US DPA and EU-US Data Privacy Framework where applicable
Vercel Inc. Website hosting, analytics, and performance monitoring Global DPA and SCCs where applicable
Calendly LLC Meeting scheduling when you book a call US / global DPA and SCCs where applicable
Zapier Inc. Workflow automation US DPA and SCCs where applicable

We may engage additional processors as our tooling evolves. We maintain this list as the authoritative record and update it when material changes occur. For the current list or to be notified of changes, contact admin@waimakers.com.

6.2 Analytics and Marketing Providers

With your consent, our website loads analytics and marketing tools that may process device, usage, and online identifier data for measurement, website improvement, and B2B lead generation. These providers may act as processors, independent controllers, or joint controllers depending on the feature and legal terms that apply.

Provider Purpose Loaded only after cookie consent?
Vercel Analytics and Speed Insights Website analytics and performance measurement Yes
Google Analytics 4 Website analytics Yes
Leadfeeder / Dealfront B2B company identification and lead analytics Yes
Hotjar Heatmaps, session recordings, and user-experience analytics Yes
LinkedIn Insight Tag Advertising measurement, conversion tracking, and retargeting Yes

6.3 Professional Advisors

We may share information with professional advisors, such as lawyers, auditors, and insurers.

6.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6.5 Legal Requirements

We may disclose information if required to do so by law or in response to valid requests by public authorities.

7. International Data Transfers

Our operations are primarily based in the Netherlands, but we may transfer your personal data to countries outside the European Economic Area (EEA). When we do, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Other legally approved transfer mechanisms

Some of the technology services we use, including certain AI, analytics, email, and workflow providers, may process personal data outside the EEA. Where international transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, the EU-US Data Privacy Framework where applicable, and vendor data protection terms.

Our website is hosted on Vercel, which may process data in multiple regions globally. Vercel publishes data protection terms for international transfers.

8. Use of Generative AI in Our Operations

8.1 AI Tools We Use

As an AI transformation consultancy, we use various AI tools in our business operations, including:

  • Generative AI models — OpenAI (ChatGPT Team and OpenAI API), Anthropic's Claude, Microsoft Copilot
  • Meeting transcription — Fireflies.ai and internal tools built on top of it
  • CRM and research assistants — internal tools that query the above AI providers via their APIs
  • Other generative AI platforms as our tooling evolves

The current authoritative list of AI sub-processors is maintained in Section 6.1 above.

8.2 How We Use AI with Your Data

We may use AI tools to process communications you send to us (including emails) for purposes such as:

  • Analysing and summarising meeting transcripts
  • Drafting responses to enquiries
  • Generating follow-up communications
  • Extracting and organising information for our CRM system
  • Conducting stakeholder research using information you've provided

Our specific AI workflows include:

  1. Meeting Processing: Converting recorded meetings to text and generating summaries
  2. Stakeholder Research: Analysing communications to create comprehensive profiles
  3. CRM Maintenance: Identifying and updating contact information and opportunities
  4. Follow-up Communication: Preparing appropriate follow-up messages

8.3 AI Processing Safeguards

When using these services, we:

  • Prioritise business/enterprise/API versions that offer enhanced privacy protections
  • Have Data Processing Agreements in place with every AI sub-processor, whether separately executed or incorporated by reference through the vendor's subscription terms
  • Contractually prohibit our AI sub-processors from training their foundation models on your data. Limited retention for abuse/safety monitoring and de-identified product telemetry may occur in line with each vendor's DPA
  • Implement internal guidelines that forbid staff from entering client data into consumer-tier AI products (e.g., consumer ChatGPT, Claude.ai consumer) that may use input for training
  • Ensure human review of AI-generated content before it is sent or acted upon
  • Only use these tools for legitimate business purposes
  • Apply appropriate security measures to protect data in transit and at rest

8.4 Your Control Over AI Processing

We believe in transparency regarding our use of AI. If you would prefer that we not process your communications using AI tools, you have the right to object to this specific processing. Please inform us by emailing admin@waimakers.com with your preference, and we will accommodate your request.

When we record or transcribe meetings you participate in, we provide notice in the meeting invitation and verbally at the start of the call. You may object before or during the meeting and we will disable the recording.

8.5 No Solely Automated Decisions

AI tools assist our team but do not make decisions about you on their own. All outbound communications, CRM entries, research outputs and client deliverables are reviewed and approved by a human before they are used or sent. We do not engage in the type of solely automated decision-making with legal or similarly significant effects that would trigger Article 22 GDPR.

8.6 Our Branded AI Tools (Maia, Emile, Paulito, Kai)

Maia (meeting intelligence), Emile (email assistance), Paulito (CRM enrichment), and Kai (research) are Waimakers-branded interfaces that pass data to the third-party foundation model providers listed in Section 6.1. No independent model training occurs within these tools. For client engagements involving these tools, we screen intended use against EU AI Act Annex III to identify any high-risk applications and apply appropriate safeguards.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including:

  • The duration of our business relationship
  • The period required to provide our services
  • As necessary to comply with legal obligations
  • As needed to protect our legal interests

Communication data from prospective clients is typically retained for 2 years from the last interaction, unless a business relationship is established.

10. Data Security

We have implemented appropriate security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Using secure communication channels
  • Implementing access controls
  • Training our team on data protection
  • Using reputable service providers with strong security practices
  • Ensuring proper security configurations for AI tools

11. Your Data Protection Rights

Under the GDPR, you have the following rights:

  • Right to Access: Request access to your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data under certain circumstances
  • Right to Restrict Processing: Request limitation of processing in specific scenarios
  • Right to Data Portability: Request a copy of your data in a structured format
  • Right to Object: Object to processing based on legitimate interests (including our use of AI tools with your data) or for direct marketing
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent
  • Right to Lodge a Complaint: Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl) or the supervisory authority in your country of residence

To exercise these rights, please contact us at admin@waimakers.com. We will respond to your request within one month.

12. Cookies and Similar Technologies

We use cookies and similar tracking technologies on our website. For detailed information, please see our Cookie Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and if the changes are significant, we will provide a more prominent notice.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

WAIMAKERS B.V. (trading as WAIMAKERS) Joop Geesinkweg 201-224 1114 AB Amsterdam The Netherlands Email: admin@waimakers.com Phone: +31 6 20 08 67 83

WAIMAKERS

Learn. Lead. Make.

AI Transformation Boutique · Amsterdam

Make work exciting, make businesses unstoppable.

Who We Help

View all roles & industriesCEOs & Board MembersPE & Investment ManagersCFOs & Finance LeadersInnovation DirectorsCTOs & IT LeadersCommercial Directors

What We Do

View all servicesOur ApproachLearnTailored Training ProgrammesAI Champions ProgrammeAgentic Way of WorkingE-learningLeadMake

Company

About UsResourcesContactCareersPodcast ↗

© 2026 WAIMAKERS. All rights reserved.

Privacy PolicyCookie Policy