At AI Adoption Framework (aiadoptionframework.eu), we take your privacy seriously. This Privacy Policy outlines how we collect, use, and safeguard your personal data when you visit our website or use our app to complete the AI Maturity Scan.

Who we are

This website is operated by Patrick Wilson under the name AI Adoption Framework, accessible via:

• Website: https://aiadoptionframework.eu

• App: https://app.aiadoptionframework.eu

• Contact Email: [email protected]

This platform is currently in beta phase and is operated on a best-effort basis. While we strive for compliance and security, some features may still be under development.

What personal data we collect and why we collect it

We may collect the following data types when you interact with the website or app:

• Identity data: Name, email address, organization (entered by you).

• Account data: Preferences, usage history, maturity scan inputs.

• Technical data: IP address, browser type, cookies, device information.

• Communication data: Any data submitted via contact forms or email.

Legal basis: Data is processed based on your explicit consent or on legitimate interest for improving platform performance, compliance, and service quality.

Comments

Our site currently does not enable public comments.

Media

Users are not able to upload media to the platform. If this becomes available in future releases, any uploaded media will be subject to appropriate access controls.

Contact forms

If you use the contact form or reach out via email, we store the information you provide (e.g. name, email, message) for up to 12 months for customer service purposes. We do not use this data for marketing purposes without your explicit consent.

Cookies

We use cookies for the following purposes:

• To maintain session state and login functionality.

• To enable platform analytics via tools like Google Analytics (anonymised IP).

• To support Elementor plugin functionality.

Cookies may include:

• wordpress_logged_in_* – session handling

• elementor – page builder performance

• ga, _gid, _gat – analytics cookies

You may control or disable cookies via your browser settings.

Analytics

We use Google Analytics and may use Elementor’s built-in analytics tools. These services may collect anonymised usage data. You can opt out via Google’s opt-out tools.

Who we share your data with

We do not sell your data. We share data only with trusted processors under data processing agreements (e.g. hosting providers, analytics services, cloud storage). These include:

• Google (analytics)

• Cloud hosting partners in the EU (for infrastructure)

• Our platform backend (Bubble.io for the app)

How long we retain your data

• Contact form entries: 12 months

• Maturity scan results: until account deletion or after 24 months of inactivity

• Analytics: up to 14 months

• Account data: until user requests deletion

What rights you have over your data

You have the right to:

• Request access to your data

• Request correction or deletion

• Withdraw consent at any time

• Lodge a complaint with a data protection authority

To exercise your rights, contact: [email protected]

Where your data is sent

We aim to store and process all data within the European Economic Area (EEA). Some tools (e.g. Google Analytics) may process data outside the EU under Standard Contractual Clauses or equivalent mechanisms.

Use of AI

At this moment, we do not use any artificial intelligence (AI) to process your personal data.

In the future, we may introduce AI-supported functionality to better analyze assessment results and provide more tailored insights. Any such use of AI will be fully compliant with the EU AI Act, GDPR, and relevant ethical guidelines. You will be informed and asked for explicit consent if such functionality is introduced.

How we protect your data

• SSL encryption

• Access-controlled infrastructure

• Limited internal access

• Regular audits and testing

What data breach procedures we have in place

We monitor for data breaches and will notify affected users within 72 hours as required by GDPR. Procedures include internal logs, audit trails, and reporting mechanisms.

What third parties we receive data from

We do not currently receive personal data from third parties. If this changes (e.g., through integration of third-party identity providers), this policy will be updated.

Automated decision making and profiling

When using the AI Maturity Scan, results are based on your input and processed using predefined scoring rules. No automated decision-making with legal or similar effects takes place. You can always request manual review or deletion.

Industry regulatory disclosure

This website and app are designed in alignment with the GDPR and aim to be compatible with the forthcoming EU AI Act and ISO/IEC 42001 AI management principles. Updates to our compliance position will be published on this page.