AIFC Global Privacy Policy

Last updated June 30, 2025

This “AIFC Global Privacy Policy” (the “Privacy Policy”) is established effective as of 30 June 2025 (“Effective Date”) by Stacy Williams (“the Client”), acting for and on behalf of AI Founders Connect, Inc. (“AIFC”), a New York–based 501(c)(3) nonprofit organization dedicated to advancing the global artificial intelligence ecosystem through international founder, investor, and industry leader connectivity. WHEREAS, AIFC operates cross-border events, platforms, and related online services designed to facilitate collaboration and engagement between founders, investors, corporate leaders, and strategic partners; WHEREAS, AIFC is committed to safeguarding the privacy, integrity, and security of personal data collected in connection with its global operations and events, and ensures compliance with all applicable laws and regulations covering data protection and privacy, including but not limited to the UK/EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), the UK Data Protection Act 2018, Australian Privacy Act, and the Singapore Personal Data Protection Act (PDPA); WHEREAS, this Privacy Policy applies to all individuals who register for, attend, or interact with AIFC’s events, platforms, and communication channels, irrespective of location; WHEREAS, for the purpose of UK and EU data subjects, Westminster & Partners acts as AIFC’s data-protection representative under Article 27 GDPR; WHEREAS, this Privacy Policy addresses AIFC’s practices regarding the collection, use, storage, transfer, sharing, and security of personal data, the rights of participants, AIFC’s media and publicity policies, and limitations of liability, all consistent with its nonprofit mission and operational requirements; WHEREAS, this Privacy Policy remains in effect from the Effective Date and continues until amended, superseded, or terminated in accordance with its provisions, with amendments taking effect upon publication and notification as described herein; NOW, THEREFORE, by providing personal information to AIFC, accessing its platforms, registering for or attending its events, all individuals expressly acknowledge and agree to the terms and duration of this Privacy Policy as set forth herein.

1. Scope And Application

This Privacy Policy applies to all individuals (hereinafter ‘Participants’ or ‘Attendees’) who register for, attend, or otherwise interact with any events, platforms, or activities organized by AI Founders Connect, Inc. (‘AIFC’). The scope includes both in-person and virtual engagements facilitated by AIFC, as well as any Personal Data collected through these interactions. This policy covers the data handling practices implemented during event registrations processed via Eventbrite and other third-party registration platforms. The Privacy Policy ensures compliance with global data protection regulations, including the GDPR, CCPA, Australian Privacy Act, Singapore PDPA, and other applicable laws. Additionally, this policy extends to all founders, investors, corporates, and industry partners participating in AIFC’s initiatives. Attendees must acknowledge and agree to the terms outlined in this Privacy Policy by providing their Personal Data, accessing AIFC platforms, or participating in AIFC events. For events and data processing activities under the jurisdiction of UK/EU laws, Westminster & Partners may act as AIFC’s data protection representative as per Clause 18: Jurisdictional Notes and Representative for UK/EU Data Subjects.

2. Data Collection Practices

AIFC collects various categories of personal data to facilitate and enhance your experience during its global operations and events. The main categories of personal data collected include name, email address, company, job title, and country of residence. Additionally, individuals may opt to provide further details, which are entirely optional, such as LinkedIn profile, investment focus, fundraising amount, sector interests, startup stage, and typical ticket size. AIFC does not intentionally collect sensitive or financial data unless voluntarily provided by individuals for specific needs, such as accessibility or dietary requirements. AIFC strictly prohibits the collection of personal data from minors (individuals under the age of 16) and implements age verification procedures as part of its compliance measures (see <<Clause 10: Participant Age and Sensitive Data Restrictions>>). Personal data may be gathered through third-party platforms and services like Eventbrite, HubSpot, Google Workspace, TidyCal, Gmail, and other future vendors (see Clause 12: Vendors and Subprocessors). AIFC reserves the right to expand its data collection fields for further personalization efforts, ensuring that any such fields remain clearly optional and are presented accordingly.

3. Lawful Bases For Processing

In accordance with global privacy laws, AIFC processes personal data based on several lawful bases to ensure compliance and the protection of individual rights. The lawful bases for processing personal data include the following: a. Performance of Contract: This basis applies to data processing necessary for the performance of a contract to which the data subject is a party. This includes processing related to the registration and participation in AIFC events and use of its platforms. b. Legitimate Interest: AIFC relies on this basis for processing activities where it has a legitimate interest in optimizing network performance, conducting analytics, and generating post-event reports. This legal ground is preferred, where permissible, to minimize consent fatigue among participants. c. Consent: In certain situations, AIFC will seek explicit consent from individuals for specific processing activities, such as marketing communications and sharing personal data with third parties. Where consent is required, it will be sought in a clear and distinguishable manner, and individuals have the right to withdraw their consent at any time. All processing activities undertaken by AIFC are justifiable under one or more of the legal bases mentioned above, ensuring that every processing activity aligns with legal requirements and respects the rights of data subjects.

4. Use And Purpose Of Personal Data

AIFC collects and processes personal data for various legitimate purposes to uphold its mission and operational requirements. The primary uses and contexts for processing personal data include: a. Event Administration and Operation: Personal data is essential for organizing, managing, and operating events, ensuring a streamlined registration process, maintaining attendee lists, and facilitating on-site logistics. b. Providing Updates and Resources: AIFC uses personal data to send updates, resources, and information about events, services, and relevant opportunities. This communication is managed through double-opt-in mechanisms via HubSpot to ensure consent and compliance with applicable regulations. c. Facilitating Networking and Logistics: Personal data, including contact information, is utilized to enhance networking opportunities among attendees and to coordinate event logistics. This may involve the creation of attendee directories and scheduling interactive sessions. d. Internal Analytics and Reporting: AIFC anonymizes personal data where possible for internal analytics, reporting, and research to improve its events, services, and overall mission effectiveness. e. Contacting Existing Attendees: Utilizing legitimate interest provisions, AIFC may contact previous attendees about similar future events, with an easy-to-use unsubscribe mechanism available for individuals wishing to opt out of such communications. f. Accessibility and Dietary Needs: Collection of non-essential personal data for accommodating accessibility and dietary requirements is strictly limited. Such data is handled with confidentiality, used exclusively for the specific event, and deleted after its conclusion. Refer to Clause 10: Participant Age and Sensitive Data Restrictions for further details.

5. Data Sharing And Transfers

Data may be shared or transferred globally by AIFC under the following circumstances and legal mechanisms, while ensuring no data is sold. The sharing and transferring of data is always conducted considering the highest standards of data protection and privacy in compliance with applicable laws and regulations. Key circumstances and mechanisms include: a. Partner, Sponsor, and Investor Engagement: AIFC shares data with its partners, sponsors, and investors strictly on an opt-in basis. This means that the data subjects must provide explicit consent for their data to be shared for such purposes. b. Legal and Administrative Purposes: Data may be shared with legal or administrative partners such as Westminster & Partners to ensure compliance with relevant legal obligations and administrative requirements. c. Service Providers and Vendors: AIFC engages various vendors and service providers such as Eventbrite, HubSpot, Google Workspace, TidyCal, and Gmail for operational support. Data shared with these entities is subject to appropriate contracts, including Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs), ensuring adequate data protection measures are in place. d. Attendee-to-Attendee Data Sharing: While AIFC facilitates connections between event attendees, it is not responsible for any onward sharing or processing of data by attendees who connect independently during or after events (refer to Clause 11: Attendee-to-Attendee Data Sharing Disclaimer). e. International Transfers: When transferring data internationally, AIFC ensures that such transfers are executed using recognized legal mechanisms, including adequacy decisions, SCCs, and equivalent safeguards, guaranteeing the same level of data protection as required by relevant data protection laws.

6. Data Retention And Storage

AIFC retains Personal Data for up to three (3) years following the conclusion of the related event. After this period, Personal Data shall be securely disposed of, unless retention is required for legal or compliance reasons. Anonymized Data, including data that has been aggregated to remove any identifiable information, may be retained indefinitely. This anonymized or aggregated data will be used for purposes such as analytics, reporting, research, and supporting AIFC’s nonprofit mission. The secure disposal process of Personal Data includes methods such as data deletion, physical destruction of storage media, or other industry-standard practices that ensure complete and irreversible deletion of the data.

7. Cookies And Tracking Technologies

AIFC utilizes cookies and tracking technologies, such as Google Analytics and LinkedIn Insight Tag, to enhance user experience, gather analytics, and manage content more effectively. Below is an explanation of the types of cookies and tracking technologies used and the consent requirements involved. 1. Cookie: A small text file stored on the user’s device by a website, used to remember information about the user’s visit. There are different types of cookies based on their functionality, duration, and the party placing them. 2. Analytics Cookie: These cookies are used to collect information about how users interact with our website to improve user experience and website performance. AIFC uses Google Analytics for this purpose. Analytics cookies will only be set on your device after you provide explicit consent through our cookie banner. 3. Social Media Pixel: A snippet of code that enables social media platforms to track users’ interactions with our website and provide targeted advertisements based on their behavior. The LinkedIn Insight Tag is one such social media pixel used by AIFC. Similar to analytics cookies, these pixels require your consent before being activated via our cookie banner. AIFC ensures that non-essential cookies, such as analytics cookies and social media pixels, are used solely after you provide consent through our cookie banner, which allows you to manage and customize your cookie settings. Specific vendor technologies, including those mentioned above, are subject to Clause 12: Vendors and Subprocessors.

8. Marketing And Communications

AIFC is committed to ensuring that all marketing and communications with participants are conducted in compliance with all relevant legal and regulatory requirements. This section outlines AIFC’s practices for managing participant communications preferences and disseminating marketing materials. Marketing communications, including newsletters and promotional emails, will only be sent to participants who have explicitly provided Consent through a double-opt-in process managed via HubSpot. This ensures that participants affirm their interest in receiving such communications before any marketing materials are sent. Under the principle of Legitimate Interest, AIFC may send event-related emails to prior attendees, provided these emails are directly related to similar events and activities. Each communication will include a clear and easy-to-use unsubscribe option, allowing participants to opt-out of future emails at any time. AIFC will not send any marketing communications without a lawful basis, ensuring respect for privacy and compliance with applicable regulations.

9. Rights Of Data Subjects

Participants (Data Subjects) have the following rights concerning their Personal Data: a. Right of Access: Data Subjects have the right to obtain confirmation from AIFC as to whether or not their Personal Data is being processed and, where that is the case, access to the Personal Data and information regarding its processing. b. Right to Rectification: Data Subjects have the right to request the correction of inaccurate or incomplete Personal Data held by AIFC without undue delay. c. Right to Erasure: Data Subjects have the right to request the deletion or removal of their Personal Data where there is no compelling reason for its continued processing. AIFC may decline deletion requests if the data is required for compliance with legal obligations or is anonymized. d. Right to Restriction of Processing: Data Subjects have the right to request the restriction or suppression of their Personal Data in certain circumstances. This means that AIFC is permitted to store the Personal Data but not process it. e. Right to Data Portability: Data Subjects have the right to obtain and reuse their Personal Data for their own purposes across different services. This allows them to move, copy, or transfer Personal Data easily from one IT environment to another in a safe and secure way. f. Right to Object: Data Subjects have the right to object to the processing of their Personal Data for legitimate interests pursued by AIFC or direct marketing purposes. g. Right to Withdraw Consent: Where processing is based on consent, Data Subjects have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To exercise any of these rights, Data Subjects may contact the Data Protection Officer at Muklesur@westminstermail.com. All requests will be verified through reasonable identity checks. If Data Subjects are not satisfied with the handling of their request, they may initially contact AIFC, and if necessary, escalate the matter to the appropriate supervisory authorities as detailed in Clause 16: Complaints, Data Protection Contact, and Supervisory Authorities.

10. Participant Age And Sensitive Data Restrictions

Participants under the age of 16 are strictly prohibited from participating in any of AIFC’s events, platforms, or related services. As part of the registration process, age verification measures are implemented to ensure compliance with this restriction. AIFC does not knowingly collect or process personal data of minors. If it is discovered that any personal data of a minor has been inadvertently collected, such data will be promptly deleted in accordance with legal requirements. Regarding special category data (also referred to as sensitive personal data), AIFC does not collect, process, or store such information unless it is necessary to address specific accessibility or dietary needs of participants. Any special category data collected for these purposes will be handled with the highest level of confidentiality, strictly limited to relevant event personnel, and will be deleted immediately following the conclusion of the event. These actions are in place to ensure compliance with applicable data protection laws and to uphold the privacy rights of all participants.

11. Attendee-To-Attendee Data Sharing Disclaimer

AIFC explicitly disclaims any responsibility or liability for the sharing, transfer, or any form of distribution of personal data between Attendees/Participants who connect independently during or after its events. Any Personal Data exchanged directly between Attendees/Participants outside the facilitated platforms and communication channels of AIFC is done at their own risk and discretion. AIFC does not have control over, nor does it monitor or influence, such independent interactions. Attendees/Participants are solely responsible for ensuring their compliance with data protection and privacy laws relevant to any personal data they share independently. For clarity, AIFC only controls and is accountable for the Personal Data it collects and shares through its own systems or those of its designated vendors/partners, as outlined in Clause 5: Data Sharing and Transfers.

12. Vendors And Subprocessors

AIFC utilizes a range of third-party vendors and subprocessors to assist in its data processing activities, thereby ensuring smooth operation of its events, platforms, and communications. These vendors and subprocessors fall into distinct categories, including but not limited to: event registration platforms such as Eventbrite, customer relationship management (CRM) systems like HubSpot, communication tools such as Gmail and other Google Workspace services, scheduling and event management tools such as TidyCal, and analytics platforms for tracking and improving user engagement. The specific vendors and subprocessors employed may change over time without specific notice to individuals. All such third parties are bound by appropriate data processing agreements (DPAs), Standard Contractual Clauses (SCCs), and are subject to stringent processor agreements to ensure the highest standards of data protection and regulatory compliance. These vendors and technologies (including cookies and registration methodologies) are further referenced in Clause 7: Cookies and Tracking Technologies and Clause 2: Data Collection Practices. By leveraging these third-party services, AIFC aims to enhance the overall user experience while maintaining compliance with relevant data protection laws.

13. International Data Transfers

AIFC employs various safeguards and procedures to ensure that any personal data transferred internationally remains protected in accordance with applicable privacy laws. These measures encompass the following: a. Adequacy Decisions: AIFC may transfer personal data to jurisdictions that have been recognized by relevant supervisory authorities as providing an adequate level of data protection. b. Standard Contractual Clauses: Where adequacy decisions are not applicable, AIFC utilizes Standard Contractual Clauses (SCCs) approved by GDPR or other equivalent legal mechanisms to facilitate the secure transfer of personal data. c. Equivalent Legal Mechanisms: In situations where SCCs are unavailable, AIFC may implement other legal mechanisms that ensure a comparable level of data protection as required by applicable regulations. d. Event Operation and Vendor Partnerships: These safeguards apply to all necessary data transfers connected to AIFC’s event operations, partnerships with vendors, and compliance requirements. All international data transfers are carried out in strict adherence to the procedures described under Clause 5: Data Sharing and Transfers. AIFC remains committed to maintaining a high level of data security and privacy for all data subjects involved in its global operations.

14. Media, Publicity, Photography And Event Recordings

All photos, videography, and other media produced at events hosted by AIFC are the exclusive property of AIFC. AIFC retains full and unlimited global rights to use such Media/Data for promotional, educational, and nonprofit purposes. By attending AIFC events, all attendees consent to the capture and use of their image, voice, and likeness in these Media/Data for AIFC’s lawful nonprofit and promotional purposes. This consent is provided automatically through attendance, subject to the following conditions: a. Opt-out: Attendees who do not wish to have their image, voice, or likeness recorded can opt out by submitting a written request to AIFC before the commencement of the event. b. Request for Removal: AIFC is under no obligation to retroactively remove or alter any Media/Data unless a serious legal or privacy concern is raised, and then only if such removal or alteration is technically feasible.

15. Security Measures And Limitation Of Liability

AIFC implements appropriate technical and organizational measures designed to safeguard Personal Data against unauthorized access, alteration, loss, or misuse. These measures include, but are not limited to, encryption, access controls, regular security audits, and staff training programs. While AIFC strives to ensure the highest level of security in its data handling and event administration operations, it cannot guarantee absolute security. To the fullest extent permitted by law, AIFC disclaims any liability for unauthorized access to Personal Data that is beyond its reasonable control. By using AIFC’s services and providing Personal Data, individuals acknowledge and accept these security limitations. Any liability associated with data breaches or unauthorized access is further limited as described in AIFC’s Terms & Conditions and this Privacy Policy.

16. Complaints, Data Protection Contact, And Supervisory Authorities

If you have any concerns or complaints regarding your privacy and data protection rights under this Privacy Policy, we encourage you to contact us immediately to address the issue. You may reach out to our Data Protection Officer, Muklesur, at Muklesur@westminstermail.com for any privacy or data protection inquiries. Our aim is to satisfactorily resolve any complaints or issues you may have as quickly as possible. In the event that you are not satisfied with our resolution of your complaint, you have the right to escalate your complaint to the relevant supervisory authority. For Data Subjects within the UK, the lead supervisory authority is the Information Commissioner’s Office (ICO). EU Data Subjects may contact the Commission Nationale de l’Informatique et des Libertés (CNIL), while Data Subjects in Australia and Singapore may contact the Office of the Australian Information Commissioner (OAIC) and the Personal Data Protection Commission (PDPC), respectively. Please note that we request you initially contact us to attempt resolution before approaching the appropriate regulatory body.

17. Changes To This Privacy Policy, Version Control And Notifications

AIFC reserves the right to amend this Privacy Policy at any time to reflect changes in its practices, legal requirements, or operational needs. Such amendments will be made in alignment with versioning practices and will be tracked in conjunction with the Terms & Conditions. Policy updates will be published on AIFC’s official website and will take effect on the specified Effective Date, as indicated by the version control. Participants will be notified of updates via email to the address provided during registration. Continued participation in AIFC’s events, platforms, or services after the effective date of the amended policy indicates acceptance of the changes. The current version of this Privacy Policy is ‘Version 1.1 – Effective 30 June 2025.’

18. Jurisdictional Notes And Representative For UK/EU Data Subjects

This section of the AIFC Global Privacy Policy provides specific information relevant to AIFC’s cross-border status and its efforts to comply with multi-jurisdictional data protection laws, including those in the UK, EU, US, AU, and SG. We emphasize that AI Founders Connect, Inc. (AIFC) is a US-based nonprofit organization. For the purpose of data protection compliance for UK and EU data subjects, AIFC has appointed Westminster & Partners as its representative under Article 27 of the General Data Protection Regulation (GDPR). This arrangement aims to ensure that individuals within the UK and EU have a local point of contact for issues related to data protection and privacy compliance with GDPR requirements. The representative is available to handle any inquiries or complaints regarding the processing of personal data, ensuring AIFC’s adherence to GDPR across its global operations. This section specifically highlights the ongoing commitment of AIFC to uphold the highest standards of data privacy and protection in all jurisdictions where it operates.