aiboardcourse.com Privacy Policy
1. Introduction
Welcome to Fallon Holdings Ltd. ("we," "us," or "our"). We provide AI governance training courses for corporate directors and board members.
This Privacy Policy explains how we collect, use, share, and protect your personal information when you:
- •Visit our website (https://aiboardcourse.com)
- •Register for or purchase our courses or consulting services
- •Interact with our marketing materials or AI chat
- •Contact us via email, WhatsApp, or other channels
Our commitment: We respect your privacy and are committed to transparency about our data practices.
Legal framework: We operate under:
- •General Data Protection Regulation (GDPR) - EU Regulation 2016/679
- •UK GDPR - Data Protection Act 2018
- •California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
- •And other applicable privacy laws based on your location (see Section 15)
2. Who We Are (Controller Information)
Data Controller:
Fallon Holdings Ltd.
52 Highwoods Park, Old Langho, Blackburn, England, BB6 8HN
Email: privacy@aiboardcourse.com
EU & UK GDPR Representative (Article 27):
We have voluntarily appointed a representative for both EU GDPR and UK GDPR purposes to serve as a single point of contact for data subjects in the UK and EEA:
EU GDPR Representative:
Euverify Ltd (Ireland)
Unit 3D North Point House
North Point Business Park
New Mallow Road, Cork T23 AT2P
Ireland
Email: gdpr@euverify.com
UK GDPR Representative:
Euverify Ltd (UK)
3rd Floor, 86-90 Paul Street
London, EC2A 4NE
United Kingdom
Email: gdpr@euverify.com
Note: UK residents may contact us directly at privacy@aiboardcourse.com (as we are UK-established) or use the representative above for fastest routing and convenience.
3. Information We Collect from Public Sources
3.1 Data Sources and Collection Methods
We may identify potential course participants by collecting publicly available information about corporate directors and board members from the following sources:
Public Business Registers:
- •UK Companies House
- •US Securities and Exchange Commission (SEC) Edgar Database
- •Hong Kong Stock Exchange (HKEX) Director Search Database
- •Other jurisdiction-specific public company registers
Professional Verification:
- •Manual review of LinkedIn public profiles
- •Corporate websites and executive team pages
- •Professional association member directories and commercial databases
3.2 Categories of Data Collected
From these sources, we collect and process the following categories of personal data:
- •Identity information: Full name, professional titles/honorifics
- •Professional information: Job title, position, company name, company registration details
- •Contact information: Business email address (derived from public patterns or verified via enrichment tools)
3.3 Purposes of Processing
- 1.Identifying potential course participants: To reach directors and board members who would benefit from AI governance training
- 2.Creating targeted advertising audiences: We may share hashed (encrypted) email addresses with advertising platforms
- 3.Sending relevant course information: We may contact you via email with information about our AI governance courses
3.4 Legal Basis for Processing
Primary Legal Basis: Legitimate Interests (GDPR Article 6(1)(f) / UK GDPR Article 6(1)(f))
We process publicly available professional data on the basis of our legitimate interests. You retain the absolute right to object to this processing under Article 21 (see Section 9).
4. Information You Provide Directly to Us
4.1 Information We Collect
When you visit our website:
- •Automatically collected: IP address, browser type, device type, pages visited
- •Cookies and tracking: See Section 6 for detailed cookie policy
When you create an account / register for a course:
- •Name (required)
- •Email address (required)
- •Company name and job title (optional but recommended)
- •Country (required for compliance purposes)
4.2 Purposes of Processing
| Data Category | Purpose | Legal Basis |
|---|---|---|
| Account information | To create and manage your course account | Contractual necessity (Art. 6(1)(b)) |
| Course progress | To track your learning and issue certificates | Contractual necessity (Art. 6(1)(b)) |
| Payment information | To process course fees | Contractual necessity (Art. 6(1)(b)) |
5. How We Use AI Tools
We use artificial intelligence (AI) tools to enhance our services, improve customer support, and streamline operations.
5.1 AI Tools We Use
Claude (Anthropic):
- •Purpose: AI-powered customer support, content generation, course material development
- •Privacy: Claude operates under Anthropic's privacy policy and does not use customer data for AI training by default
Important Safeguards:
- •AI-generated content undergoes human review before being sent to customers
- •We use AI tools that comply with GDPR and have appropriate Data Processing Agreements
- •You may opt out of AI-assisted customer support by requesting human-only support (email privacy@aiboardcourse.com with "NO AI SUPPORT")
6. Cookies and Tracking Technologies
6.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us remember your login session, save your cookie preferences, understand how you use our website, and show you relevant advertisements.
6.2 Cookie Categories
| Category | Purpose | Legal Basis | Opt-Out? |
|---|---|---|---|
| Strictly Necessary | Essential for website functionality (login, security) | Legitimate interests (Art. 6(1)(f)) | No (required) |
| Functional | Remember your preferences | Consent (Art. 6(1)(a)) | Yes |
| Analytics | Understand website usage | Consent (Art. 6(1)(a)) | Yes |
| Advertising | Show relevant ads and measure campaigns | Consent (Art. 6(1)(a)) | Yes |
6.4 Consent Management Platform (InMobi CMP)
Provider: InMobi Pte Ltd (Singapore)
Purpose: To collect, manage, and store your cookie consent preferences in compliance with GDPR, UK GDPR, CCPA/CPRA, and other privacy regulations.
When you first visit our website, you'll see a cookie consent banner. You can accept all, reject all, or customize your choices by category. Your choice is saved for 25 months.
7. International Data Transfers
7.1 Our Primary Infrastructure (No International Transfers)
Our core infrastructure stores your personal data entirely within the UK and EU:
- •Website hosting: Vercel, London (lhr1) region - UK-based processing
- •Database: Supabase, Ireland (eu-west-1) via AWS - EU-based processing
- •Payment processing: Stripe, Ireland - EU-based processing
7.2 Transfers to the United States (Service Providers)
For certain services (analytics, AI tools, some advertising platforms), we transfer limited personal data to the United States.
Safeguards we use:
- 1.EU-US Data Privacy Framework (DPF): Some US service providers are certified under the EU-US Data Privacy Framework
- 2.Standard Contractual Clauses (SCCs): For US providers not covered by DPF, we use European Commission-approved Standard Contractual Clauses
- 3.Technical Safeguards: Encryption in transit (TLS 1.3), encryption at rest (AES-256), pseudonymization where possible
8. How We Protect Your Data
8.1 Security Measures
We implement industry-standard technical and organizational measures:
Technical Measures:
- •Encryption in transit: TLS 1.3 (HTTPS) for all website communications
- •Encryption at rest: AES-256 encryption for database storage
- •Password security: Bcrypt hashing (passwords never stored in plain text)
- •Access controls: Role-based access (only authorized team members)
Third-Party Security:
- •Vercel: ISO 27001, SOC 2 Type II certified
- •Supabase: ISO 27001, SOC 2 Type II certified
- •Stripe: PCI DSS Level 1 certified (highest payment security standard)
8.2 Data Breach Response
In the event of a personal data breach:
- •Within 72 hours: Notify the relevant supervisory authority (ICO for UK)
- •Without undue delay: Notify affected individuals if the breach is likely to result in high risk
- •Notification includes: Nature of breach, likely consequences, measures taken, contact point
9. Your Privacy Rights (Summary)
| Right | What It Means | How to Exercise |
|---|---|---|
| Access | Get a copy of your data | Email privacy@aiboardcourse.com |
| Rectification | Correct inaccurate data | Email privacy@aiboardcourse.com |
| Erasure | Delete your data | Email privacy@aiboardcourse.com |
| Restriction | Limit how we use your data | Email privacy@aiboardcourse.com |
| Object | Stop processing based on legitimate interests | Email privacy@aiboardcourse.com |
| Opt-Out of Marketing | Stop receiving marketing emails | Click "Unsubscribe" in any email |
| Data Portability | Get your data in machine-readable format | Email privacy@aiboardcourse.com |
| Lodge Complaint | File complaint with supervisory authority | See Section 14 |
Response Time: One month (may extend by two months for complex requests)
No Fee: Free (unless manifestly unfounded or excessive)
10. Children's Privacy
Our services are NOT directed at children.
We do not knowingly collect personal information from anyone under 18. Our services are designed for corporate directors and board members (professionals 18+).
Parents/Guardians: If you believe we have collected information from your child, email privacy@aiboardcourse.com immediately.
11. Third-Party Links
Our website may contain links to third-party websites.
Important:
- •This Privacy Policy applies ONLY to our website
- •Third-party websites have their own privacy policies
- •We are NOT responsible for third-party practices
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our data practices, new legal requirements, or new services or features.
How we'll notify you:
- •Material changes: Prominent notice on website, email notification to registered users, 30-day notice period before changes take effect
- •Non-material changes: Updated "Last Updated" date at top of policy
Version history: We maintain a version history with the "Last Updated" date. Each time we activate a new service provider or make material changes to data processing, we update the policy and version number the same day.
13. Contact Us
For all privacy-related inquiries:
Email:
General privacy questions: privacy@aiboardcourse.com
GDPR/Data protection requests: gdpr@euverify.com
Security concerns: security@aiboardcourse.com
Postal:
Fallon Holdings Limited
52 Highwoods Park, Old Langho, Blackburn, England, BB6 8HN
Attn: Data Protection
United Kingdom
EU GDPR Representative:
Euverify Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road, Cork
T23 AT2P, Ireland
Email: gdpr@euverify.com
UK GDPR Representative:
Euverify Ltd
3rd Floor, 86-90 Paul Street
London, EC2A 4NE
United Kingdom
Email: gdpr@euverify.com
14. Supervisory Authorities by Jurisdiction
If you believe we have not handled your data appropriately, you have the right to lodge a complaint:
United Kingdom (UK GDPR)
Information Commissioner's Office (ICO)
Website: https://ico.org.uk/
Phone: 0303 123 1113
Online complaint: https://ico.org.uk/make-a-complaint/
European Union (GDPR)
Find your national supervisory authority: https://edpb.europa.eu/about-edpb/about-edpb/members_en
California (CCPA/CPRA)
California Attorney General - Privacy Enforcement
Website: https://oag.ca.gov/privacy
Online complaint: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company
15. Additional Jurisdiction-Specific Information
15.1 California Privacy Rights (CCPA/CPRA)
This section applies ONLY to California residents.
Your CCPA Rights:
- 1.Right to Know: Request disclosure of personal information collected
- 2.Right to Delete: Request deletion (subject to exceptions)
- 3.Right to Correct: Request correction of inaccurate data
- 4.Right to Opt-Out of Sale/Sharing: We do NOT sell data. We DO share for advertising (opt-out available)
- 5.Right to Non-Discrimination: We will not discriminate for exercising rights
Do we "sell" personal information? NO.
Do we "share" for advertising? YES (with Google, LinkedIn, X for targeted ads).
How to opt out:
- •Enable Global Privacy Control (GPC) in your browser
- •Email: privacy@aiboardcourse.com with subject "CCPA OPT-OUT"
16. Effective Date and Version History
Current Version: 1.0
Effective Date: 2 December 2025
Last Updated: 2 December 2025
Version History:
- •v1.0: Initial privacy policy
Future Updates: This policy will be updated whenever we activate new service providers or make material changes to data processing. The "Last Updated" date reflects the most recent revision.
By using our services, you acknowledge that you have read and understood this Privacy Policy.
Questions? Contact privacy@aiboardcourse.com or gdpr@euverify.com.