Privacy Policy

Welcome to AIORA Consulting ("AIORA", "we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy rights.

This Privacy Policy explains how we collect, use, store, and share your personal data when you visit www.aioraconsulting.com ("Website"), contact us, or use our services. It is written in compliance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and applicable Dutch data protection law.

Please read this Policy carefully. If you have any questions, contact us at info@aioraconsulting.com.

The data controller responsible for your personal data is:

AIORA Consulting
The Hague, Netherlands
Email: info@aioraconsulting.com

As data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that processing is lawful.

We collect the following categories of personal data:

Data you provide directly:

• Contact form submissions: Name, company/organisation, work email address, country, service of interest, and message content
• Newsletter subscriptions: Email address
• Email correspondence: Name, email address, and any personal data contained in your communications

Data collected automatically:

• Technical data: IP address, browser type and version, operating system, referral URL, pages visited, time and date of visit, and time spent on pages
• Cookie data: Data collected via cookies and similar technologies — see our Cookie Policy for details

Data we do not collect: We do not collect special categories of personal data (Article 9 GDPR) such as health data, racial or ethnic origin, political opinions, religious beliefs, or biometric data.

We process your personal data on the following lawful bases under Article 6 GDPR:

• Contractual necessity (Art. 6(1)(b)): Processing required to provide our consulting services to you as a client
• Legitimate interests (Art. 6(1)(f)): Processing for website analytics, security monitoring, fraud prevention, and improving our services — where our legitimate interests are not overridden by your rights
• Consent (Art. 6(1)(a)): Processing based on your consent — specifically for marketing emails and non-essential cookies. You may withdraw consent at any time
• Legal obligation (Art. 6(1)(c)): Processing required to comply with applicable EU or Dutch law

We use your personal data for the following purposes:

• Responding to enquiries: To respond to contact form submissions and email enquiries about our services
• Service delivery: To provide, manage, and improve our AI consulting services to existing clients
• Newsletter: To send our AI Intelligence briefing to subscribers who have consented to receive it
• Website analytics: To understand how visitors use our Website and improve its content and functionality
• Security: To monitor and protect the security of our Website and systems
• Legal compliance: To comply with applicable laws, regulations, and legal processes

We do not use your personal data for automated decision-making or profiling as defined in Article 22 GDPR.

We do not sell your personal data to third parties. We may share your personal data with:

• Service providers (processors): Trusted third-party providers who process data on our behalf, such as web hosting providers, email delivery platforms, and analytics services — bound by data processing agreements (DPAs) ensuring GDPR compliance
• Professional advisors: Legal counsel, accountants, and auditors, where necessary and subject to confidentiality obligations
• Regulatory authorities: National competent authorities, courts, or law enforcement where required by applicable law or legal process

Any third-party processors we engage are required to implement appropriate technical and organisational security measures and may only process your data on our documented instructions.

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• Adequacy decisions: Transfers to countries recognised by the European Commission as providing adequate data protection
• Standard Contractual Clauses (SCCs): EU Commission-approved standard contractual clauses incorporated into agreements with non-EEA processors

You may request details of transfer safeguards by contacting us at info@aioraconsulting.com.

We retain personal data only for as long as necessary for the purposes for which it was collected:

• Contact enquiries: 3 years from last contact, unless an ongoing client relationship extends this
• Client data: Duration of the engagement plus 7 years (Dutch statutory limitation period for contractual claims)
• Newsletter subscriptions: Until you unsubscribe or withdraw consent
• Website analytics data: 26 months maximum (anonymised/aggregated data may be retained indefinitely)
• Cookie data: As specified in our Cookie Policy

When data is no longer required, we securely delete or anonymise it.

Under the GDPR, you have the following rights with respect to your personal data:

• Right of access (Art. 15): Request a copy of the personal data we hold about you
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data
• Right to erasure (Art. 17): Request deletion of your personal data where there is no compelling reason to continue processing
• Right to restrict processing (Art. 18): Request that we limit processing of your data in certain circumstances
• Right to data portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format
• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent (Art. 7(3)): Withdraw consent at any time where processing is consent-based, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at info@aioraconsulting.com. We will respond within 30 days. We may need to verify your identity before fulfilling requests.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl or with the supervisory authority in your country of residence.

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• Encryption of data in transit (TLS/HTTPS)
• Access controls limiting data access to authorised personnel
• Regular security assessments of our systems and processors
• Incident response procedures for potential data breaches

While we take all reasonable steps to protect your data, no transmission over the internet is completely secure. If you have reason to believe your personal data has been compromised, please contact us immediately at info@aioraconsulting.com.

We use cookies and similar tracking technologies on our Website. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please see our Cookie Policy.

Our Website and services are directed at business professionals and are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at info@aioraconsulting.com and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. We will post the updated Policy on this page with a revised "Last Updated" date. For material changes, we will provide more prominent notice. Your continued use of our Website after any changes constitutes your acknowledgement of the updated Policy.

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

AIORA Consulting
The Hague, Netherlands
Email: info@aioraconsulting.com