Data Controller: The Responsible AI Center, Amsterdam, The Netherlands & Brussels, Belgium
Contact: info@theraicenter.org
Website: www.theraicenter.org
The Responsible AI Center ("we", "us", or "our") is committed to protecting the privacy and personal data of visitors to our website and users of our services. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Dutch data protection legislation.
By using our website or engaging with our services, you acknowledge that you have read and understood this Privacy Policy. If you have questions or concerns, please contact us at info@theraicenter.org.
1. Who we are
The Responsible AI Center is an AI governance advisory firm registered in The Netherlands. We provide governance diagnostics, advisory services, and thought leadership to organisations navigating the EU AI Act and broader responsible AI frameworks. Our proprietary diagnostic instrument, ALMA (AI Literacy & Mindset Assessment), measures psychological readiness for AI oversight.
For the purposes of the GDPR, The Responsible AI Center acts as the data controller for personal data collected through this website and our services.
2. What personal data we collect
2.1 Data you provide directly
| Category | Data collected | When |
|---|---|---|
| Contact form enquiries | Name, organisation, role/job title, description of governance challenge | When you submit a request via our contact form |
| Email correspondence | Name, email address, content of messages | When you contact us by email |
| Newsletter subscription | Email address | When you subscribe to our insights newsletter |
| Event registration | Name, email, organisation, role | When you register for speaking events or workshops |
| ALMA assessment participation | Role, function, industry, organisation size, AI usage level, assessment responses | When your organisation engages us to conduct an ALMA governance diagnostic |
2.2 Data collected automatically
When you visit our website, we may collect limited technical data including your IP address, browser type, operating system, pages visited, time spent on pages, and referral source. This data is collected through essential server logs and, where you have given consent, through analytics tools.
2.3 Cookies
Our website uses cookies. We distinguish between:
- Essential cookies: Required for the basic functioning of the website. These do not require your consent.
- Analytics cookies: Used to understand how visitors interact with our website. These are only placed after you have given your explicit consent.
- Marketing cookies: We do not currently use marketing or advertising cookies.
You may manage your cookie preferences at any time through the "Cookie preferences" link in the footer of any page. For full details, see our Cookie Policy.
3. Why we process your data and our legal basis
We process your personal data only where we have a lawful basis to do so under Article 6 of the GDPR:
| Purpose | Legal basis | Article 6 ground |
|---|---|---|
| Responding to contact form enquiries | Legitimate interest in responding to business enquiries | Art. 6(1)(f) |
| Delivering contracted advisory services | Performance of a contract | Art. 6(1)(b) |
| Sending the insights newsletter | Consent | Art. 6(1)(a) |
| Analytics and website improvement | Consent | Art. 6(1)(a) |
| Compliance with legal obligations | Legal obligation | Art. 6(1)(c) |
Where we rely on legitimate interest, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interest at any time.
4. How we use ALMA assessment data
When your organisation engages us to conduct an ALMA governance diagnostic, the assessment collects responses about mindset and behavioural readiness for AI oversight. This data is:
- Processed under contract with the commissioning organisation, which acts as either the data controller or joint controller depending on the engagement structure.
- Aggregated and anonymised for organisational-level reporting. Individual assessment results are not shared with the commissioning organisation in a manner that identifies individual respondents, unless explicitly agreed with the respondent.
- Not used for automated decision-making or profiling that produces legal effects on individuals.
- Retained only for the duration specified in the service agreement, after which it is securely deleted.
We may use anonymised and aggregated assessment data for research, benchmarking, and the improvement of our diagnostic instruments. No individual can be identified from this aggregated data.
5. Who we share your data with
We do not sell, rent, or trade your personal data to third parties. We may share your data with:
- Service providers: Trusted third-party processors who assist with website hosting, email delivery, and analytics. These processors act only on our instructions and are bound by data processing agreements in compliance with Article 28 of the GDPR.
- Professional advisers: Legal, accounting, or insurance advisers where necessary for the operation of our business, bound by professional confidentiality obligations.
- Regulatory authorities: Where required by law or in response to a valid legal request.
We do not transfer personal data outside the European Economic Area (EEA) unless adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or an adequacy decision.
6. How long we retain your data
| Data type | Retention period | Reason |
|---|---|---|
| Contact form and email enquiries | 2 years from last contact | Legitimate interest in maintaining business records |
| Newsletter subscriptions | Until you unsubscribe | Consent-based; you may withdraw at any time |
| ALMA assessment data | As specified in service agreement | Contractual obligation; securely deleted on expiry |
| Website analytics data | 13 months (if analytics enabled) | Standard analytics retention period |
| Financial and contractual records | 7 years | Legal obligation under Dutch tax and accounting law |
When the retention period expires, personal data is securely deleted or anonymised.
7. Your rights
Under the GDPR, you have the following rights regarding your personal data:
Right of access
Request a copy of the personal data we hold about you.
Right to rectification
Request correction of inaccurate or incomplete data.
Right to erasure
Request deletion of your personal data where there is no compelling reason for continued processing.
Right to restriction
Request that we restrict processing of your data in certain circumstances.
Right to portability
Receive your data in a structured, machine-readable format.
Right to object
Object to processing based on legitimate interest at any time.
Right to withdraw consent
Withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at info@theraicenter.org. We will respond within 30 days and may ask you to verify your identity before processing the request.
8. Data security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted communications (TLS/SSL), access controls, secure hosting environments, and regular review of our data protection practices.
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining a level of protection appropriate to the nature and sensitivity of the data we process.
9. Third-party links
Our website may contain links to third-party websites, such as LinkedIn or academic publications. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.
10. Children's privacy
Our website and services are directed at business professionals and organisations. We do not knowingly collect personal data from children under the age of 16. If we become aware that we have collected personal data from a child, we will take steps to delete that information promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
12. Complaints
If you believe that we have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with the relevant supervisory authority. For The Netherlands, this is:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Bezuidenhoutseweg 30, 2594 AV Den Haag
Telephone: +31 (0)70 888 8500
Website: autoriteitpersoonsgegevens.nl
13. Contact us
For any questions, requests, or concerns about this Privacy Policy or how we handle your personal data, please contact:
The Responsible AI Center
Mulya van Roon — Founder & Principal Advisor
Email: info@theraicenter.org
Website: www.theraicenter.org
Locations: Amsterdam, The Netherlands & Brussels, Belgium