GEN3BLOCK Back to Home

GDPR Compliance

Our commitment to protecting your personal data and upholding your privacy rights under GDPR

Our Commitment to GDPR

GEN3BLOCK is committed to protecting your personal data and respecting your privacy rights in accordance with the General Data Protection Regulation (GDPR). As a UK-registered company providing AI consulting, development, and training services, we ensure that all personal data processing activities comply with GDPR requirements.

What Personal Data We Collect

We collect and process the following categories of personal data:

  • Contact Information: Name, email address, phone number, company details
  • Professional Information: Job title, industry, business requirements
  • Technical Data: IP address, browser type, device information
  • Usage Data: Website interactions, form submissions, consultation requests
  • Communication Data: Correspondence, feedback, support requests
  • Training Data: Course progress, certifications, learning preferences (for education services)

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Legitimate Interest: To provide AI consulting services and improve our offerings
  • Contract Performance: To deliver services you have requested or contracted
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: To comply with UK and EU legal requirements

How We Use Your Data

Your personal data is used for the following purposes:

  • Providing AI consultancy, development, and training services
  • Responding to inquiries and consultation requests
  • Managing customer relationships and project delivery
  • Improving our website and service offerings
  • Sending relevant communications (with consent)
  • Ensuring website security and preventing fraud
  • Conducting research and development for AI solutions

Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of processing activities
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for consent-based processing

Data Retention

We retain personal data for the following periods:

  • Customer Data: Duration of business relationship plus 7 years for tax purposes
  • Marketing Data: Until consent is withdrawn or 3 years of inactivity
  • Website Analytics: Up to 26 months for Google Analytics data
  • Training Records: 7 years for certification and compliance purposes
  • Legal Documentation: As required by UK and EU laws

Data Transfers

When we transfer personal data outside the UK/EEA, we ensure adequate protection through:

  • Adequacy decisions by the UK Information Commissioner's Office
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Certification schemes and codes of conduct
  • Binding corporate rules for multinational partners

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Access controls and authentication systems
  • Regular security assessments and monitoring
  • Staff training on data protection practices
  • Incident response and breach notification procedures

Third-Party Processing

We work with trusted third-party processors who provide adequate data protection guarantees:

  • Cloud service providers (with appropriate safeguards)
  • Analytics services (Google Analytics with privacy controls)
  • Customer support platforms
  • Payment processors (PCI DSS compliant)
  • Email marketing services (with consent management)

Data Protection Contact

Data Controller: GEN3BLOCK (UK Registered Company)

For Data Protection Inquiries:

  • Submit a consultation request through our website
  • Email us directly (contact information available through our consultation form)
  • Include "Data Protection Request" in your subject line

Response Time: We will respond to all data protection requests within 30 days as required by GDPR.

Supervisory Authority

You have the right to lodge a complaint with the relevant supervisory authority:

  • UK: Information Commissioner's Office (ICO) - ico.org.uk
  • EU: Your local Data Protection Authority

Automated Decision Making

We do not engage in automated decision-making or profiling that produces legal or significant effects. Any AI systems used in our services are designed with human oversight and transparency.

Privacy by Design

Our AI development and consulting services incorporate privacy by design principles:

  • Data minimization in AI model development
  • Privacy impact assessments for AI implementations
  • Transparent AI systems with explainability features
  • Regular audits of AI systems for bias and fairness

Updates to This Notice

We may update this GDPR compliance notice to reflect changes in our processing activities or legal requirements. Significant changes will be communicated through our website or direct notification.

Last Updated: January 2025

This GDPR compliance notice is effective as of the date listed above and applies to all data processing activities by GEN3BLOCK.