Back to Home

Privacy Policy

Last amended: April 2026

About AICX and 5CA

AICX is a brand and product of 5CA B.V. ("5CA"), part of the 5CA Group. While AICX operates its own website at aicx-platform.com, the data controller for all personal data processing is 5CA B.V., located at Stationsstraat 154, 3511 EK Utrecht, the Netherlands. This privacy policy explains how we process personal data in connection with the AICX website, products, and services, and is aligned with the 5CA Privacy Policy, which applies in full.

All processing occurs under the General Data Protection Regulation (GDPR) and applicable privacy legislation.

Privacy Mission

Mission: Enable AICX and 5CA to navigate a dynamic future in privacy through transparent, ethical, and innovative uses of personal data.

Our long-term goals:

  • Promulgate privacy by design
  • Build trust as a data steward
  • Manage privacy risk proactively and pragmatically
  • Advocate for the innovative and ethical use of data
  • Be a recognized leader in data privacy

Who Does This Policy Apply To?

This privacy policy applies to the following categories of individuals:

  • Website Visitors — those visiting aicx-platform.com
  • Requesters — those contacting AICX via forms, email, or messages
  • Prospects and Clients — those entering into or exploring a service relationship with AICX
  • Vendors — service providers to AICX or 5CA
  • Participants — those participating in AICX marketing campaigns, events, or content

Which Information Do We Collect and Why?

Website Visitors

Data collected: IP address, browser type, device type, browsing time, hashed email address (via application or contact forms, with consent).

Purposes: Providing website features, user verification, saving preferences, advertising on other sites, traffic analysis, and statistical analysis.

Legal ground: Consent (except for strictly necessary cookies, which rely on legitimate interest).

Requesters

Data collected: First and last name, email address, phone number, company name, and details of your inquiry.

Purposes: Processing and responding to inquiries, providing requested information, system hosting and security.

Legal ground: Performance of a contract, consent, legitimate interest, legal obligation.

Prospects and Clients

Data collected: Contact details, contractual and financial information, tax identification numbers, banking details, signatures, account information, activity logs, and device details.

Purposes: Communication, account management, contract negotiation and renewal, invoicing, and system security.

Legal ground: Performance of a contract, legitimate interest, legal obligation.

Vendors

Data collected: Contact details, contractual and financial information, account information, and activity logs.

Purposes: Communication, invoicing, vendor management, and contract execution.

Legal ground: Performance of a contract, legal obligation.

Participants

Data collected: First and last name, email address, pictures, and videos (collected with consent).

Purposes: Brand promotion, event marketing, social media sharing, and system security.

Legal ground: Consent.

Legal Bases for Processing

We process personal data on the following legal bases:

  • Performance of a Contract — We process your personal data as necessary to negotiate, review, enter into, sign, and fulfill a contract with you.
  • Legitimate Interest — We process data for legitimate business purposes including relationship management, account registration, data maintenance, security measures, and the establishment or defense of legal claims.
  • Consent — Where processing is based on consent, that consent is prior, freely given, informed, unambiguous, and specific. You have the right to withdraw your consent at any time.
  • Legal Obligation — We process personal data where required by law, including for registries, bookkeeping, tax compliance, conflict resolution, and responses to authority requests.

Retention Period

How long we retain your data depends on the category and sensitivity of the data, the purpose of processing, and the nature of our relationship with you. For example, financial data is retained for 7 years under Dutch law. Where technically feasible, automated anonymization or deletion is applied at the end of the applicable retention period.

Sharing Personal Data With Third Parties

We may share personal data with the following categories of recipients:

  • Cloud environment providers (Microsoft)
  • Hosting and backup providers
  • 5CA Group entities
  • E-signature providers
  • Legal and compliance providers (accountants, law firms, auditors)
  • Banking partners
  • Public authorities (as required by law)
  • Website hosting providers
  • Cookie and analytics providers (e.g. Google)
  • Cookie management platforms (e.g. OneTrust)

These parties may use additional sub-processors. For specific details, please contact us at privacy@aicx-platform.com.

Data Transfers, Storage, and Processing Globally

Most of our processing partners are located in the European Economic Area (EEA). Some partners are located outside the EEA, including in the United States, United Kingdom, Argentina, Hong Kong, South Africa, the Philippines, and Turkey.

For transfers to countries without an EU adequacy decision, we apply appropriate safeguards including Standard Contractual Clauses and organizational and technical safeguards. All vendors are required to protect the confidentiality and security of personal data.

AICX is European by design. Our architecture is GDPR-native, all core data processing happens within EU borders, and our security posture — from zero-trust architecture to full audit trails — is designed for organisations that take data sovereignty seriously.

How Do We Protect Your Information?

We implement robust security measures including:

  • Regular prevention, detection, and response systems scanning for vulnerabilities
  • Secured networks with access limited on a need-to-know basis
  • Encrypted communications using Secure Socket Layer (SSL) technology
  • A Zero Trust approach to security
  • Multiple security measures at all data entry and access points

You are responsible for maintaining the security of your own computer, device, network, and credentials.

Your Privacy Rights

Under the GDPR, you have the right to:

  • Lodge a complaint with a supervisory authority or seek a court remedy
  • Object to profiling
  • Object to or request restriction of processing
  • Request rectification of inaccurate data
  • Request details of the legal basis for transfers of your data outside the EEA
  • Request data portability in a machine-readable format
  • Request erasure of your data (subject to exceptions, such as the defense of legal claims)
  • Access the personal data we hold about you
  • Withdraw your consent at any time

To exercise any of these rights, please submit your request to privacy@aicx-platform.com. We will respond promptly in accordance with applicable law. We may request additional information to verify your identity. Fees may be charged where permitted by law if requests are manifestly unfounded or excessive.

Changes to This Privacy Policy

We may update this privacy policy from time to time. We recommend reviewing it regularly. Changes will be tracked via the date stamp at the top of this page.

Contact

If you have questions, comments, or requests regarding the processing of your personal data, please contact the 5CA Privacy Team:

Email: privacy@aicx-platform.com

For the full 5CA Group privacy policy, please visit 5ca.com/privacy-policy.