GDPR Compliance
Our commitment to protecting your personal data and upholding your privacy rights under GDPR
GEN3BLOCK Limited is a UK-registered company (ICO registration ZB960703) whose platform is built with data minimisation, privacy-by-design, and governance-first AI principles. This page summarises your data rights and our key processing commitments. Full details are in our Privacy Policy.
Who We Are
- Data Controller:
- GEN3BLOCK Limited
- Company Number:
- 16443115
- ICO Registration:
- ZB960703
- Address:
- Office 426 Kingsfield Close, Kings Heath Industrial Estate, Northampton, NN5 7QS, United Kingdom
- Contact:
- privacy@gen3block.com
Your Rights Under UK GDPR
To exercise any of these rights, email privacy@gen3block.com with the subject line “Privacy Rights Request”. We will respond within 30 days.
- Right of Access (Art. 15) — Request a copy of all personal data we hold about you
- Right to Rectification (Art. 16) — Request correction of inaccurate or incomplete data
- Right to Erasure (Art. 17) — Request deletion of your personal data — we will act within 14 days for platform data
- Right to Restrict Processing (Art. 18) — Request that we limit how we use your data while a dispute is resolved
- Right to Data Portability (Art. 20) — Request your data in a machine-readable format
- Right to Object (Art. 21) — Object to processing based on legitimate interests — we will cease unless we have compelling grounds
- Right to Withdraw Consent — Withdraw consent for marketing emails at any time — this does not affect assessment or platform data, which is processed on a different lawful basis
Key Principles
- Our platform is built with data minimisation and privacy-by-design principles — we collect only what is necessary to deliver the service
- Privacy and compliance controls are built into the platform architecture, not added after the fact
- All AI outputs (readiness scores, roadmap actions, governance analysis) are advisory and designed to support human decision-making, not replace it
- We do not sell your data. We do not use your data for advertising. We do not share it with third parties except where necessary to operate the service (see our Privacy Policy)
- Benchmark data is only generated from cohorts of 10 or more organisations. This threshold is enforced at the system level — no individual organisation can be identified in any aggregate output
- Where our Governance Gap Agent processes your assessment data via the Anthropic Claude API, this is disclosed in advance and Anthropic acts as a data processor under a Data Processing Agreement
Lawful Bases for Processing
We process personal data on the following lawful bases under UK GDPR Article 6:
- Contract performance — providing the assessment service and generating your report and roadmap
- Legitimate interests — improving our platform, preventing fraud, and administering our business. We have assessed that our legitimate interests do not override your rights
- Legal obligation — complying with applicable UK law
- Consent — sending marketing communications only. You may withdraw this consent at any time without affecting your access to the platform
We do not use consent as the lawful basis for assessment data processing. You do not need to consent to data collection in order to use the platform — assessment processing is based on contract performance and legitimate interests.
Key Data Processing Activities
The main ways we process personal data on this platform are:
- Running the AI readiness assessment — collecting your organisation's profile and responses, calculating pillar scores, and generating a personalised report and 90-day roadmap using deterministic (non-AI) logic
- Governance Gap Agent — where your governance score indicates meaningful risk, our platform may activate a conversational AI agent powered by Anthropic's Claude API. Your assessment responses and conversation messages are processed by Anthropic to generate the agent's replies. Conversations and Governance Action Briefs are stored on our platform. This feature is optional
- Benchmarking — anonymised, aggregated scoring data is used to generate sector benchmarks, subject to the 10-organisation minimum threshold
- Website analytics — pseudonymised usage data is collected via Google Analytics 4, with your consent
- Email communications — transactional emails related to your assessment, and marketing emails where you have given explicit consent
For data transferred outside the UK (Anthropic and Google Analytics are US-based), we rely on Standard Contractual Clauses and applicable adequacy mechanisms. See our Privacy Policy for details.
Full Policy Details
For complete information on how we collect, use, and protect your data, please read our:
- Privacy Policy — full data processing notice including lawful bases, retention periods, and third-party processors
- Cookie Policy — specific tools and cookies used on this website
- Terms of Service — the conditions governing use of our website and platforms
Supervisory Authority
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- ICO Registration Number for GEN3BLOCK Limited: ZB960703
Last updated: June 2026
GEN3BLOCK Limited · Co. No. 16443115 · ICO: ZB960703 · UKPRN: 10099894