GEN3BLOCK
Sign inStart Here
Back to Home
Legal

Privacy Policy

How we collect, use, and protect your personal data in line with UK GDPR

Your Rights Under UK GDPR

You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. You also have the right to withdraw consent and lodge a complaint with the Information Commissioner’s Office (ICO).

1Introduction

GEN3BLOCK Limited (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2Data Controller

Data Controller:
GEN3BLOCK Limited
Company Number:
16443115
ICO Registration Number:
ZB960703
UKPRN:
10099894
Contact:
privacy@gen3block.com
Address:
Office 426 Kingsfield Close, Kings Heath Industrial Estate, Northampton, NN5 7QS, United Kingdom

3Information We Collect

3.1 Personal Information

We may collect the following personal information:

  • Name and contact details (email, phone number)
  • Company information and job title
  • Educational background and qualifications
  • CV/Resume information for job applications
  • Payment and billing information
  • Communication preferences
  • AI readiness assessment responses and scores
  • Governance Gap Agent conversation data (where you engage with our post-assessment AI agent)

3.2 Technical Information

  • IP address and location data
  • Browser type and version
  • Device information
  • Website usage data and analytics
  • Cookies and similar technologies

3.3 Special Categories of Data

Our platform is not configured to collect, process, or store special categories of personal data (health, ethnicity, religion, biometrics, or similar sensitive data). Our assessment questions are designed to gather organisational and operational information only. If we become aware that a free-text response has inadvertently captured special category data, we will remove that data without undue delay and review the question design to prevent recurrence.

4How We Use Your Information

4.1 Lawful Bases for Processing

We process your personal data based on the following lawful bases:

  • Consent — for marketing communications and non-essential cookies
  • Contract — to provide our services and fulfil our obligations
  • Legitimate Interest — for AI readiness assessment data, business development, and improvement of services
  • Legal Obligation — to comply with legal requirements

4.2 Purposes of Processing

  • Providing AI consultancy and development services
  • Processing job applications and recruitment
  • Delivering training and educational programs
  • Customer support and communication
  • Marketing and business development (with consent)
  • Website analytics and improvement
  • Legal compliance and fraud prevention

5Data Sharing and Third-Party Processors

We do not sell your personal data. We work with the following categories of data processors:

  • Cloud Hosting (AWS) — infrastructure, data storage, and platform hosting; servers located in the EU/UK region
  • AI Processing (Anthropic) — our Governance Gap Agent is powered by Anthropic's Claude API. Where you engage with this agent, your assessment responses and conversation messages are processed by Anthropic's systems to generate your personalised governance analysis. Anthropic processes this data as a data processor under a Data Processing Agreement. Data is not used to train Anthropic's models. See Anthropic's privacy policy for details.
  • Analytics (Google Analytics 4) — website usage analytics; data is pseudonymised and subject to Google's Data Processing Terms
  • Email Communications — transactional and marketing emails where consent has been given
  • Legal Authorities — when required by law or to protect our rights
  • Professional Advisors — lawyers and accountants bound by confidentiality obligations

We do not use Meta, LinkedIn, or other advertising tracking pixels at this time. If this changes, this policy will be updated accordingly.

5.1 International Transfers

Some of our processors, including Anthropic, operate outside the UK. Where your data is transferred outside the UK, we ensure adequate protection through:

  • Adequacy decisions by the UK government
  • Standard Contractual Clauses
  • Certification schemes and codes of conduct

6Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy. Our retention schedule is:

  • Assessment responses, scores, and roadmap actions — 24 months from submission date
  • PDF reports and Governance Action Briefs — 24 months from generation date
  • Governance Gap Agent conversation logs — 12 months from session completion
  • Free-text (open) responses — 12 months from submission (reduced retention due to higher PII risk)
  • Customer account and contact data — for the duration of our relationship plus 7 years for legal and financial compliance
  • Job applications — 12 months from the application date
  • Marketing data — until you withdraw consent or after 3 years of inactivity
  • Website analytics — 26 months from collection

After the applicable retention period, data is permanently deleted or irreversibly anonymised so that no individual or organisation can be re-identified.

7Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access — request copies of your personal data
  • Right to Rectification — correct inaccurate or incomplete data
  • Right to Erasure — request deletion of your data
  • Right to Restrict Processing — limit how we use your data
  • Right to Data Portability — receive your data in a portable format
  • Right to Object — object to processing based on legitimate interests
  • Right to Withdraw Consent — withdraw consent at any time

To exercise these rights, contact us at privacy@gen3block.com. We will respond within 30 days.

8Cookies and Tracking

We use cookies and similar technologies to:

  • Ensure website functionality
  • Analyse website performance
  • Personalise your experience
  • Provide targeted advertising (with consent)

You can manage cookie preferences through your browser settings. Some cookies are essential for website functionality. See our Cookie Policy for full details.

9Data Security and Breach Handling

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and role-based permissions
  • Incident response procedures
  • Regular backups and disaster recovery plans

In the event of a personal data breach:

  • Affected individuals will be notified without undue delay where required by law
  • The ICO will be notified within 72 hours where the breach is likely to result in a risk to rights and freedoms

10Assessment Data Usage

When you use our AI Readiness Assessment platform, we collect and process your assessment responses in the following ways:

  • Assessment responses are collected to generate your personalised readiness report
  • Data is securely stored and processed on our platform
  • Results are used solely to generate insights for your organisation
  • Data may be aggregated and anonymised for benchmarking purposes
  • No individual organisation is identifiable within aggregated data
  • Assessment data is never sold to third parties

The lawful basis for processing assessment data is Legitimate Interest — to deliver the readiness analysis you have requested.

10aAutomated Processing and AI Systems

Scoring and roadmap generation

Our platform uses deterministic, rule-based logic to calculate your AI readiness scores and generate your 90-day roadmap. This processing does not involve AI decision-making. Outputs are advisory, not legally significant, and require human interpretation. You retain the right to request human review of any assessment output.

Governance Gap Agent (AI-powered conversation)

Where your governance score indicates meaningful risk, our platform may activate the Governance Gap Agent: a structured conversational AI agent powered by Anthropic’s Claude. This agent reads your assessment results and conducts a short diagnostic conversation to surface specific governance gaps and generate a personalised Governance Action Brief.

You should be aware of the following when using this feature:

  • Your assessment responses and conversation messages are sent to Anthropic's API to generate the agent's replies. Anthropic processes this data as a data processor (see Section 5).
  • The full conversation and the Governance Action Brief are stored on our platform and are accessible to the Gen3Block admin team for quality review and to support any paid follow-up engagement.
  • The Governance Gap Agent is not a solicitor, accountant, or regulated professional advisor. Its outputs are informational and governance-oriented only. Nothing it generates constitutes legal, financial, or compliance advice.
  • You retain the right to request deletion of your conversation log at any time by contacting privacy@gen3block.com.
  • Engaging with the agent is optional. Your assessment report and 90-day roadmap are available regardless of whether you use this feature.

11Children's Privacy

Our platform and services are designed for business and professional use and are not intended for, nor directed at, individuals under the age of 16. Our systems are not configured to knowingly accept, process, or store personal data from individuals under 16. If we become aware that we have inadvertently collected personal data from someone under 16, we will delete that data without undue delay and take steps to prevent further collection from that source.

12Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

  • Posting the updated policy on our website
  • Email notification for material changes
  • In-app notifications where applicable

13Complaints

If you have concerns about how we handle your personal data, you can:

  • Contact us directly at privacy@gen3block.com
  • Lodge a complaint with the Information Commissioner's Office (ICO)

ICO Contact: ico.org.uk  |  0303 123 1113

Contact Our Data Protection Contact

For any privacy-related questions or to exercise your rights:

Email: privacy@gen3block.com

Subject Line: “Privacy Rights Request”

Response Time: Within 30 days

Last updated: June 2026  ·  Complies with UK GDPR and Data Protection Act 2018

GEN3BLOCK Limited  ·  Co. No. 16443115  ·  ICO: ZB960703  ·  UKPRN: 10099894

Office 426 Kingsfield Close, Kings Heath Industrial Estate, Northampton, NN5 7QS, United Kingdom