Privacy Policy

AI Business Academy, based at the A20 Trade Center in Nieuwerkerk aan den IJssel, registered with the Dutch Chamber of Commerce under number 87755106, VAT number NL004471708B98, is the data controller within the meaning of the General Data Protection Regulation (GDPR). For questions about this policy or about data processing you may contact us at info@ai-businessacademy.nl or by phone on +31 10 322 0009.

Depending on how you interact with AI Business Academy we process:

• Contact details: name, email address, phone number, organisation, job title.
• Programme participation: enrolment data, attendance, assignments submitted and faculty notes (Cohort Programme).
• Practice Scan answers: the six answers you submit in the AI Practice Scan, plus any contact details you choose to share for follow-up.
• Operational data shared during in-company programmes: processed strictly under the data processing agreement.
• Website analytics: first-party anonymised analytics. No cross-site tracking. Daily-rotating IP hash.

We process personal data on one of the following bases under Article 6 GDPR: performance of a contract, your explicit consent (e.g. the Practice Scan), our legitimate interest (business operations), or a legal obligation (e.g. tax law).

Contact and programme data are retained for the duration of the relationship and up to seven years thereafter for fiscal purposes. Practice Scan answers are retained for as long as needed to follow up. Analytics events are retained anonymously for up to thirteen months.

We do not sell or share personal data with third parties for marketing purposes. Sub-processors (e.g. our email and hosting providers) operate under a GDPR-compliant data processing agreement. All processing takes place inside the European Union.

You have the right to access, rectify, erase, restrict, transfer and object to the processing of your personal data. You can exercise these rights by emailing info@ai-businessacademy.nl. You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

We apply appropriate technical and organisational measures including encryption in transit, access controls, daily-rotating salts for analytics IP hashing, and EU-only hosting. Any data breach is reported to the supervisory authority within 72 hours where required.

The website uses first-party analytics that store only anonymised session and visitor tokens. No third-party advertising cookies are set. Optional product analytics (PostHog EU) is enabled only when you do not have Do Not Track active.

We may update this policy. The current version is dated above; we encourage you to review it periodically. Material changes are announced via the website.