Data Controller: The Responsible AI Center, Amsterdam, The Netherlands & Brussels, Belgium
Contact: info@theraicenter.org
Website: www.theraicenter.org
The Responsible AI Center ("we", "us", or "our") is committed to protecting the privacy and personal data of visitors to our website and users of our services. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Dutch data protection legislation.
By using our website or engaging with our services, you acknowledge that you have read and understood this Privacy Policy. If you have questions or concerns, please contact us at info@theraicenter.org.
1. Who we are
The Responsible AI Center is an AI governance advisory firm registered in The Netherlands. We provide governance diagnostics, advisory services, and thought leadership to organisations navigating the EU AI Act and broader responsible AI frameworks. Our proprietary diagnostic instrument, ALMA (AI Literacy Mindset Assessment), measures psychological readiness for AI oversight.
For the purposes of the GDPR, The Responsible AI Center acts as the data controller for personal data collected through this website and our services.
2. What personal data we collect
2.1 Data you provide directly
| Category | Data collected | When |
|---|---|---|
| Contact form enquiries | Name, organisation, role/job title, description of governance challenge | When you submit a request via our contact form |
| Email correspondence | Name, email address, content of messages | When you contact us by email |
| Newsletter subscription | Email address | When you subscribe to our insights newsletter |
| Event registration | Name, email, organisation, role | When you register for speaking events or workshops |
| ALMA assessment participation | Role, function, industry, organisation size, AI usage level, assessment responses | When your organisation engages us to conduct an ALMA diagnostic |
2.2 Data collected automatically
When you visit our website, we may collect limited technical data including your IP address, browser type, operating system, pages visited, time spent on pages, and referral source. This data is collected through essential server logs and, where you have given consent, through analytics tools.
2.3 Cookies
Our website uses cookies. We distinguish between:
- Essential cookies: Required for the basic functioning of the website. These do not require your consent.
- Analytics cookies: Used to understand how visitors interact with our website. These are only placed after you have given your explicit consent.
- Marketing cookies: We do not currently use marketing or advertising cookies.
You may manage your cookie preferences at any time through your browser settings. Refusing non-essential cookies does not affect your ability to use the website.
3. Why we process your data and our legal basis
We process your personal data only where we have a lawful basis to do so under Article 6 of the GDPR:
| Purpose | Legal basis |
|---|---|
| Responding to your contact form submission or email enquiry | Legitimate interest (Art. 6(1)(f)) — to respond to prospective client enquiries |
| Delivering advisory and diagnostic services (including ALMA) | Performance of a contract (Art. 6(1)(b)) |
| Sending our newsletter and thought leadership content | Consent (Art. 6(1)(a)) — you may withdraw consent at any time |
| Improving our website functionality and user experience | Legitimate interest (Art. 6(1)(f)) — with consent for analytics cookies |
| Complying with legal or regulatory obligations | Legal obligation (Art. 6(1)(c)) |
| Protecting our legitimate business interests | Legitimate interest (Art. 6(1)(f)) |
Where we rely on legitimate interest, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interest at any time.
4. How we use ALMA assessment data
When your organisation engages us to conduct an ALMA governance diagnostic, the assessment collects responses about mindset and behavioural readiness for AI oversight. This data is:
- Processed under contract with the commissioning organisation, which acts as either the data controller or joint controller depending on the engagement structure.
- Aggregated and anonymised for organisational-level reporting. Individual assessment results are not shared with the commissioning organisation in a manner that identifies individual respondents, unless explicitly agreed with the respondent.
- Not used for automated decision-making or profiling that produces legal effects on individuals.
- Retained only for the duration specified in the service agreement, after which it is securely deleted.
We may use anonymised and aggregated assessment data for research, benchmarking, and the improvement of our diagnostic instruments. No individual can be identified from this aggregated data.
5. Who we share your data with
We do not sell, rent, or trade your personal data to third parties. We may share your data with:
- Service providers: Trusted third-party processors who assist with website hosting, email delivery, and analytics. These processors act only on our instructions and are bound by data processing agreements in compliance with Article 28 of the GDPR.
- Professional advisers: Legal, accounting, or insurance advisers where necessary for the operation of our business, bound by professional confidentiality obligations.
- Regulatory authorities: Where required by law or in response to a valid legal request.
We do not transfer personal data outside the European Economic Area (EEA) unless adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or an adequacy decision.
6. How long we retain your data
| Data category | Retention period |
|---|---|
| Contact form enquiries | 24 months from last correspondence, or until you request deletion |
| Email correspondence | Duration of business relationship plus 24 months |
| Newsletter subscriber data | Until you unsubscribe or request deletion |
| ALMA assessment data (identifiable) | As specified in the service agreement, typically 12 months after project completion |
| ALMA assessment data (anonymised) | Indefinitely, for research and benchmarking purposes |
| Website analytics data | 26 months (standard analytics retention) |
| Contractual and financial records | 7 years, in accordance with Dutch fiscal retention requirements |
When the retention period expires, personal data is securely deleted or anonymised.
7. Your rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): You may request deletion of your personal data where there is no compelling reason for its continued processing.
- Right to restriction (Art. 18): You may request that we restrict the processing of your data in certain circumstances.
- Right to data portability (Art. 20): You may request to receive your personal data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): You may object to processing based on legitimate interest at any time.
- Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us at info@theraicenter.org. We will respond to your request within 30 days. We may ask you to verify your identity before processing the request.
8. Data security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted communications (TLS/SSL), access controls, secure hosting environments, and regular review of our data protection practices.
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining a level of protection appropriate to the nature and sensitivity of the data we process.
9. Third-party links
Our website may contain links to third-party websites, such as LinkedIn or academic publications. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.
10. Children's privacy
Our website and services are directed at business professionals and organisations. We do not knowingly collect personal data from children under the age of 16. If we become aware that we have collected personal data from a child, we will take steps to delete that information promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
12. Complaints
If you believe that we have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with the relevant supervisory authority. For The Netherlands, this is:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Bezuidenhoutseweg 30, 2594 AV Den Haag
Telephone: +31 (0)70 888 8500
Website: autoriteitpersoonsgegevens.nl
We would appreciate the opportunity to address your concerns before you approach the supervisory authority. Please contact us first at info@theraicenter.org.
13. Contact us
For any questions, requests, or concerns regarding this Privacy Policy or how we handle your personal data, please contact:
The Responsible AI Center
Mulya van Roon — Founder & Principal Advisor
Email: info@theraicenter.org
Website: www.theraicenter.org
Locations: Amsterdam, The Netherlands & Brussels, Belgium