Legal

Privacy Policy

Last updated: March 2026

1. Introduction

The Responsible AI Center ("we", "us", "our") is committed to protecting the privacy and personal data of individuals who interact with our services, website, and communications. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — and applicable Belgian data protection law.

The Responsible AI Center is based in Brussels, Belgium and operates under Belgian and EU law. We serve organisations across the European Union and beyond.

2. Data controller

The data controller for the purposes of this policy is:

The Responsible AI Center

Brussels, Belgium

Email: [email protected]

3. What personal data we collect

We collect and process the following categories of personal data, depending on how you interact with us:

3.1 Website visitors

  • Technical data: IP address (anonymised), browser type, operating system, and device information
  • Usage data: pages visited, time spent on pages, and referral sources
  • Cookie data: as described in our cookie preferences (see Section 8)

3.2 Discovery Conversation and engagement enquiries

  • Contact information: name, email address, telephone number, and organisation
  • Professional information: job title, role, and area of responsibility
  • Communication content: the substance of your enquiry or correspondence

3.3 Client engagements

  • Professional and organisational data necessary to deliver our governance diagnostic and advisory services
  • Assessment data: responses to diagnostic instruments, where applicable, are processed in aggregated and anonymised form
  • Billing and contractual information

4. How we use your personal data

We process personal data for the following purposes:

  • Service delivery: to conduct Discovery Conversations, deliver governance diagnostics, and provide advisory services
  • Communication: to respond to enquiries, schedule meetings, and maintain professional correspondence
  • Website operation: to ensure the functionality, security, and performance of our website
  • Analytics: to understand how our website is used and to improve our content and services (using privacy-respecting analytics)
  • Legal compliance: to meet our obligations under applicable law, including tax and accounting requirements

5. Legal basis for processing

Under the GDPR, we rely on the following legal bases for processing your personal data:

  • Contractual necessity (Article 6(1)(b)): processing necessary for the performance of a contract or to take steps at your request prior to entering into a contract
  • Legitimate interests (Article 6(1)(f)): processing necessary for our legitimate interests, including operating our website, improving our services, and maintaining professional relationships — provided these interests are not overridden by your rights
  • Consent (Article 6(1)(a)): where you have given specific consent, for example for non-essential cookies or marketing communications
  • Legal obligation (Article 6(1)(c)): processing necessary to comply with a legal obligation to which we are subject

6. Data sharing and transfers

We do not sell, rent, or trade your personal data. We may share personal data with:

  • Service providers: trusted third-party providers who assist with website hosting, email services, and analytics — each bound by data processing agreements compliant with the GDPR
  • Professional advisors: legal, accounting, or regulatory advisors where necessary
  • Legal authorities: where required by law or in response to valid legal process

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods include:

  • Website analytics data: 26 months (anonymised)
  • Enquiry and correspondence data: 3 years from last contact
  • Client engagement data: 7 years from completion of the engagement (in line with Belgian legal requirements)
  • Diagnostic assessment data: stored in aggregated, anonymised form for research purposes; individual-level data is deleted upon completion of the engagement unless otherwise agreed

8. Cookies

Our website uses a minimal set of cookies to ensure functionality and to understand how the site is used. We use privacy-respecting analytics that do not require cookie consent under GDPR in most configurations.

We do not use advertising cookies, tracking pixels, or third-party marketing tools. If our cookie practices change, this policy will be updated accordingly.

For full details on the specific cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

9. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: to obtain confirmation of whether your data is being processed and to receive a copy
  • Right to rectification: to have inaccurate personal data corrected
  • Right to erasure: to request deletion of your personal data, subject to legal retention requirements
  • Right to restriction: to request that processing of your data be restricted in certain circumstances
  • Right to data portability: to receive your data in a structured, commonly used, machine-readable format
  • Right to object: to object to processing based on legitimate interests
  • Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

10. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures are reviewed regularly and updated as necessary to reflect current best practice and regulatory requirements.

11. Supervisory authority

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données):

Gegevensbeschermingsautoriteit (GBA)

Drukpersstraat 35, 1000 Brussels

Website: gegevensbeschermingsautoriteit.be

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, regulatory requirements, or applicable law. Any material changes will be communicated through our website. We encourage you to review this policy periodically.

13. Contact

If you have any questions about this Privacy Policy or our data processing practices, please contact us:

The Responsible AI Center

Email: [email protected]

Website: www.theraicenter.org

This website uses essential cookies to ensure functionality and privacy-respecting analytics to understand how the site is used. We do not use advertising cookies or third-party tracking. Read our Privacy Policy and Cookie Policy for details.