Privacy Policy

Effective Date: 28 February 2026

Centre for AI Leadership Ltd. ("we," "our," "us") is committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data in compliance with the General Data Protection Regulation (GDPR) and the Personal Data Protection Act (PDPA) in Singapore.

1. Scope of Policy

This Privacy Policy applies to all personal data collected by Centre for AI Leadership Ltd., whether through our website, the AI Maturity Diagnostic assessment, programmes, events, or other services (collectively, "Services"). By using our Services, you agree to the collection and use of your personal data as described in this policy.

2. Personal Data We Collect

We may collect and process the following types of personal data:

• Identity Data: Name, and other identifiers you choose to provide.
• Contact Data: Email address, organisation, role, and other contact details.
• Assessment Data: Your responses to diagnostic assessment questions, computed maturity scores, path classification, risk signals, and related analytical outputs.
• Technical Data: IP address, browser type, device information, and other technical data from your interactions with our website.
• Usage Data: Information about how you use our Services, including assessment completion and page interactions.

3. How We Collect Your Data

We collect your personal data in the following ways:

• Direct Interactions: When you complete the AI Maturity Diagnostic, provide your email address to receive results, or communicate with us.
• Automated Technologies: When you interact with our website, we may collect technical data using cookies and similar technologies.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• To deliver your diagnostic assessment results by email.
• To provide and manage our Services.
• To communicate with you about relevant programmes, workshops, and services based on your assessment results.
• To improve the diagnostic tool and our Services through aggregated, anonymised analysis of assessment data.
• To comply with legal obligations and protect our legal rights.

5. Legal Basis for Processing (GDPR Compliance)

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: Providing your email address and agreeing to this privacy policy constitutes consent to receive your results and related communications. Assessment completion without providing an email does not require consent as no personal data is collected.
• Legitimate Interests: Improving our diagnostic tool and Services through anonymised, aggregated analysis of assessment patterns.
• Legal Obligation: Where processing is required to comply with legal obligations.

6. Assessment Data

The AI Maturity Diagnostic collects assessment responses to compute your maturity profile. Specifically:

• What we collect: Your answers to diagnostic questions, your computed path (A/B/C), maturity level or band, risk signals, and - if you choose to provide them - your email, name, organisation, and role.
• Purpose: Delivering your personalised results, emailing you a copy of your analysis, and contacting you about relevant services where you have provided consent.
• Retention: Assessment data is retained for 12 months from the date of completion, after which it is anonymised (all personal identifiers removed). Anonymised data may be retained indefinitely for research and improvement purposes.
• Email is optional: You can complete the diagnostic without providing any personal contact information. Your assessment is processed and initial results are shown without requiring an email address. Providing your email unlocks the full detailed results and a copy sent to your inbox.

7. Disclosure of Personal Data

We may share your personal data with:

• Service Providers: Third parties who provide services on our behalf, such as email delivery (SMTP providers) and hosting services.
• Legal and Regulatory Authorities: Where required by law or to protect our legal rights.

We do not sell, rent, or trade your personal data to third parties.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside of Singapore or the European Economic Area (EEA). We ensure that such transfers comply with applicable data protection laws, including GDPR's standard contractual clauses or equivalent safeguards.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. This includes using encryption for data in transit, secure server infrastructure, and access controls.

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Assessment data with personal identifiers is retained for 12 months, then anonymised. Other data may be retained as required by legal, accounting, or reporting requirements.

11. Your Rights

You have the following rights regarding your personal data:

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can request that we correct any inaccurate or incomplete data.
• Deletion: You can request that we delete your personal data, subject to certain conditions.
• Objection: You can object to the processing of your data based on legitimate interests or for direct marketing purposes.
• Restriction: You can request that we restrict the processing of your personal data in certain circumstances.
• Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format.

To exercise any of these rights, please contact us at [email protected].

12. Consent Withdrawal and Opt-Out

Where processing is based on your consent, you have the right to withdraw your consent at any time. You can also opt out of receiving marketing communications by following the unsubscribe instructions provided in the communication, or by contacting us directly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other reasons. We will notify you of any significant changes by posting the updated policy on our website and indicating the effective date.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Centre for AI Leadership Ltd.
[email protected]

We will respond to your request within a reasonable timeframe, in accordance with applicable laws.