GDPR compliance
This page explains how The Responsible AI Center processes personal data in connection with the ALMA platform, in compliance with Regulation (EU) 2016/679 (the General Data Protection Regulation).
Our commitment: ALMA is designed with data minimisation and privacy by design as core principles. We collect only what is strictly necessary to provide the service, we store it securely within the EU, and we never sell your data to third parties.
ALMA is operated by The Responsible AI Center (trading as TRAC), a consultancy registered in Belgium. The Responsible AI Center acts as the data controller for all personal data processed through the ALMA platform.
For any data protection enquiries, please contact us at [email protected].
ALMA collects and processes the following categories of personal data, depending on how you use the platform:
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, work email address, job title, organisation | Account creation, authentication, and communication |
| Assessment data | Psychometric responses, dimension scores, readiness indicators | Generating your AI literacy diagnostic report |
| Usage data | Page views, feature interactions, session duration | Platform improvement and security monitoring |
| Technical data | IP address, browser type, device type | Security, fraud prevention, and service delivery |
We do not collect or process any special categories of personal data (sensitive data) as defined under Article 9 GDPR, such as health data, biometric data, or data revealing racial or ethnic origin.
We rely on the following lawful bases under Article 6 GDPR for processing your personal data:
Contract (Art. 6(1)(b))
Processing your account and assessment data is necessary to provide the ALMA service you have requested.
Legitimate interests (Art. 6(1)(f))
We process usage and technical data to improve platform security, prevent fraud, and enhance the user experience. Our interests do not override your rights.
Consent (Art. 6(1)(a))
Where we send optional communications such as regulatory update newsletters, we rely on your explicit consent, which you may withdraw at any time.
Legal obligation (Art. 6(1)(c))
We may process data where required by applicable law, including EU AI Act Article 4 compliance documentation obligations.
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.
Under the GDPR, you have the following rights with respect to your personal data. To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
Right of access (Art. 15)
Request a copy of the personal data we hold about you.
Right to rectification (Art. 16)
Request correction of inaccurate or incomplete data.
Right to erasure (Art. 17)
Request deletion of your data where there is no compelling reason to continue processing.
Right to restriction (Art. 18)
Request that we restrict processing of your data in certain circumstances.
Right to portability (Art. 20)
Receive your data in a structured, machine-readable format.
Right to object (Art. 21)
Object to processing based on legitimate interests, including profiling.
Right to withdraw consent
Withdraw consent at any time where processing is based on consent.
Right to lodge a complaint
Lodge a complaint with your national data protection authority.
If you are based in Belgium, you may also lodge a complaint with the Autorité de la protection des données / Gegevensbeschermingsautoriteit (APD/GBA) , the Belgian data protection authority.
We do not sell your personal data. We share data only with trusted third-party processors who provide infrastructure and services necessary to operate ALMA, and only under strict data processing agreements (DPAs) compliant with Article 28 GDPR.
We do not transfer personal data outside the European Economic Area (EEA) without appropriate safeguards in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration, in accordance with Article 32 GDPR. These measures include:
ALMA uses a minimal set of cookies strictly necessary for the platform to function. We do not use advertising cookies or third-party tracking cookies.
Maintains your authenticated session · Session (expires on browser close)
Protects against cross-site request forgery attacks · Session
Anonymised page view counting for platform improvement · 12 months
For any questions about this GDPR compliance statement, to exercise your data subject rights, or to raise a data protection concern, please contact:
If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your EU member state. As The Responsible AI Center is registered in Belgium, our lead supervisory authority is the Autorité de la protection des données / Gegevensbeschermingsautoriteit (APD/GBA) .