PRIVACY & AI NOTICE

Moonraker Communications Group B.V.
Last updated: February 2026

1. PURPOSE OF THIS PRIVACY NOTICE

This Privacy Notice explains how Moonraker Communications Group B.V. ("Moonraker", "we", "us" or "our") processes personal data in connection with:

  • the operation of our websites (the “Sites”); and

  • the provision of our AI-led communications, strategy, creative, monitoring, and consulting services (the “Services”).

Moonraker is an AI-led communications agency based in Amsterdam, the Netherlands. We combine senior strategic expertise with AI-enabled tools to deliver communications and reputation services across the EU, the UK and internationally.

This Privacy Notice describes:

  • what personal data we collect;

  • why and how we use it;

  • the legal bases we rely on;

  • how AI systems are used in our Services; and

  • your rights under applicable data protection and AI governance laws.

This Privacy Notice is intended to comply with:

  • Regulation (EU) 2016/679 (EU GDPR);

  • the UK GDPR and Data Protection Act 2018; and

  • Regulation (EU) 2024/1689 (EU AI Act), where applicable.

Where relevant, we refer to EU GDPR and UK GDPR collectively as “GDPR”.

4A. USE OF ARTIFICIAL INTELLIGENCE

As an AI-led communications group, we use AI systems to enhance the efficiency, scale, and insight of our Services.

How We Use AI

AI tools may be used for:

  • media monitoring and sentiment analysis;

  • trend detection and stakeholder mapping;

  • drafting and content ideation;

  • research summarisation and intelligence analysis;

  • workflow automation;

  • translation and localisation;

  • structured data analysis.

Human Oversight

In line with our operating model (“AI-powered. Human-led.”), AI outputs are:

  • reviewed by qualified professionals;

  • validated before external publication or strategic use;

  • subject to internal quality controls and accountability structures.

We do not rely on AI systems to make solely automated decisions that produce legal or similarly significant effects on individuals, unless explicitly agreed and legally permitted.

4B. EU AI ACT COMPLIANCE

Where the EU AI Act applies to our activities, we act in accordance with its requirements.

Risk Classification

Moonraker does not develop or deploy AI systems intended for:

  • biometric identification;

  • social scoring;

  • predictive policing;

  • employment profiling without safeguards;

  • high-risk public authority decision-making.

Our use of AI primarily involves general-purpose AI tools and limited-risk systems used for communications, research, and analytics.

Transparency

Where legally required, we:

  • inform clients when AI systems are materially involved in service delivery;

  • ensure appropriate transparency where AI-generated content is published;

  • maintain documentation and internal oversight procedures consistent with the AI Act.

Training Data

Unless explicitly agreed with a client:

  • we do not use client confidential information to train public AI models;

  • we do not intentionally use personal data to train AI systems beyond what is necessary for service provision;

  • we apply data minimisation and purpose limitation principles.

Third-Party AI Providers

Where we use external AI tools, we:

  • assess providers for GDPR and AI Act compliance;

  • implement contractual safeguards;

  • evaluate data security and transfer risks.

9. HOW WE USE PERSONAL DATA

A. Website Operation & Analytics

Legal basis: consent (where required) and legitimate interests.

B. Provision of Services (Including AI-Led Services)

We process personal data to:

  • deliver communications and advisory services;

  • conduct monitoring and intelligence activities;

  • analyse public discourse and stakeholder positioning;

  • generate strategic insights using AI-assisted tools.

Where AI systems are used:

  • personal data processing remains subject to GDPR;

  • human oversight is applied;

  • automated processing does not replace professional judgement;

  • no solely automated decision-making with legal or similarly significant effects occurs without lawful basis and safeguards (Article 22 GDPR).

Legal basis: performance of contract, legitimate interests, or consent.

C. Marketing & Communications

Legal basis: consent or legitimate interests (B2B context, where permitted).

D. Business Administration & Compliance

Legal basis: legal obligation and legitimate interests.

11. SHARING PERSONAL DATA

We may share data with:

  • clients (where acting as processor);

  • IT, cloud, and AI system providers;

  • analytics providers;

  • professional advisers;

  • regulators and authorities.

Where AI providers process personal data:

  • they act under contractual data processing terms;

  • data is not used for independent model training unless contractually agreed;

  • transfers outside the EU/EEA are subject to appropriate safeguards.

12. INTERNATIONAL TRANSFERS

Where personal data is transferred outside the EU/EEA or UK, we rely on:

  • adequacy decisions;

  • EU Standard Contractual Clauses (SCCs);

  • UK International Data Transfer Addendum or UK SCCs;

  • supplementary safeguards where required following transfer impact assessments.

14. YOUR RIGHTS

Under the GDPR, you have the right to:

  • access;

  • rectification;

  • erasure;

  • restriction;

  • objection;

  • data portability;

  • withdraw consent.

Rights Related to Automated Processing

Where applicable, you also have the right:

  • not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects;

  • to request human intervention;

  • to express your point of view;

  • to contest a decision.

Requests can be submitted to:
privacy@moonrakercommunications.com

15. SECURITY & GOVERNANCE

We implement appropriate technical and organisational measures, including:

  • access controls;

  • encryption where appropriate;

  • role-based data access;

  • contractual safeguards with processors;

  • AI system oversight procedures;

  • internal review of AI-assisted outputs;

  • data minimisation and retention controls.

We maintain internal accountability documentation consistent with GDPR Article 5(2) and, where applicable, EU AI Act governance requirements.

17. UK GDPR & UK AI GOVERNANCE

UK GDPR applies where:

  • we target individuals in the UK; or

  • we process personal data of individuals located in the UK.

The UK currently regulates AI through a regulator-led, principles-based framework. Where our activities involve the UK, we:

  • apply the UK GDPR;

  • follow ICO guidance on AI and data protection;

  • ensure transparency, fairness, accountability, and human oversight in AI-assisted processing.