Home / Legal / EU / EEA (GDPR)

EU / EEA (GDPR)

EU/EEA Privacy Notice

Information required under the EU General Data Protection Regulation for individuals in the European Union and European Economic Area.

Last updated: 1 June 2026

This notice supplements our Privacy Policy and provides information required under the European Union's General Data Protection Regulation (GDPR) for individuals in the European Union and European Economic Area. Where this notice and the general Privacy Policy differ for EU/EEA individuals, this notice prevails.

Data controller and representative

The controller of your personal data is the Artificial Intelligence Foundation, contactable at [email protected]. [If the Foundation is established outside the EU/EEA and Article 27 applies, insert the name and contact details of your appointed EU representative here. If you have a Data Protection Officer, insert their contact details.]

Legal bases for processing

Under Article 6 of the GDPR, we process personal data only where we have a lawful basis to do so:

  • Consent (Art. 6(1)(a)) — for our briefing and for non-essential cookies. You may withdraw consent at any time without affecting prior processing.
  • Legitimate interests (Art. 6(1)(f)) — for operating, securing, and improving our website, balanced against your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)) — where we must process data to comply with the law.

Your rights under the GDPR

As an individual in the EU/EEA, you have the right to:

  • Access the personal data we hold about you;
  • Request rectification of inaccurate or incomplete data;
  • Request erasure of your data ("right to be forgotten") in certain circumstances;
  • Restrict or object to certain processing, including processing based on legitimate interests;
  • Receive your data in a portable format and have it transmitted to another controller where technically feasible;
  • Withdraw consent at any time where processing is based on consent;
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, contact [email protected]. We will respond within one month, as required by Article 12, and will not charge a fee except as permitted by law.

International data transfers

If we transfer your personal data outside the EU/EEA, we will ensure an appropriate safeguard under Chapter V of the GDPR applies — such as an adequacy decision of the European Commission or Standard Contractual Clauses. [Specify the transfer mechanism(s) your deployed site relies upon and the destination countries.]

Supervisory authority

You have the right to lodge a complaint with the data protection supervisory authority in your EU/EEA Member State of residence, place of work, or the place of the alleged infringement. [You may insert the contact details of the lead supervisory authority relevant to your establishment here.] We would, however, appreciate the chance to address your concerns directly before you do so.

Automated decision-making

We do not use your personal data to make decisions about you based solely on automated processing that produce legal or similarly significant effects, within the meaning of Article 22 of the GDPR.

Contact

For any GDPR-related request or question, contact [email protected].

Editorial note for the site operator: This document is a thorough, good-faith template reflecting common legal requirements. It is not legal advice. Before publication, have it reviewed by qualified counsel and complete every [bracketed placeholder] with your organisation's verified details.