Generativ AI
Consulting

Privacy Policy

How we collect, use, and protect your personal data.

Introduction

Generativ ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or engage with our services.

This policy applies to all personal data we process in connection with our website and our AI consultancy and digital marketing services. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. By using our website you acknowledge that you have read and understood its contents. If you have any questions, please contact us using the details provided at the end of this policy.

Data Controller

The data controller responsible for your personal data is Generativ. You can contact us at: hello@generativ.co.uk. Company registration number: [to be confirmed upon incorporation].

If you have any concerns about how we handle your personal data, or wish to exercise any of your rights, please contact us at the above email address and we will respond within one calendar month.

What Personal Data We Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

  • Full name and job title
  • Email address
  • Telephone number
  • Company or organisation name
  • Enquiry details and any information you voluntarily provide in messages
  • IP address and browser type
  • Website usage data, including pages visited, time on site, and referral source
  • Cookie identifiers and analytics identifiers

How We Collect Your Data

We collect personal data through the following means:

  • Contact and enquiry forms on our website
  • Consultation and discovery call booking requests
  • Direct email correspondence
  • Cookies and analytics tools placed on your browser when you visit our website (subject to your cookie preferences)

Why We Use Your Data

We use the personal data we collect for the following purposes:

  • To respond to your enquiries and provide information about our services
  • To provide and manage the AI consultancy and digital marketing services you have engaged us to deliver
  • To improve the performance, content, and user experience of our website
  • To send you marketing communications about our services where you have given us your consent to do so
  • To comply with legal and regulatory obligations

Lawful Basis for Processing

We process your personal data on one or more of the following lawful bases under UK GDPR:

  • Legitimate interests — to respond to enquiries, manage client relationships, and improve our services where those interests are not overridden by your rights
  • Performance of a contract — where processing is necessary to fulfil a contract we have entered into with you or to take steps at your request before entering into a contract
  • Consent — where you have given us explicit consent to process your data, for example to receive marketing communications
  • Legal obligation — where processing is necessary for us to comply with a legal obligation, such as tax or accounting requirements

Data Retention

We retain your personal data only for as long as is necessary for the purposes set out in this policy, subject to any legal obligations to retain it for longer. Our standard retention periods are:

  • Enquiry and contact form data: up to 24 months from the date of the last interaction
  • Client data relating to services delivered: up to 6 years from the end of the engagement, in line with our contractual and statutory obligations
  • Analytics and website usage data: 14–26 months, as determined by the analytics platform settings

Your Rights

Under UK GDPR you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your personal data in certain circumstances
  • Right to restrict processing — to request that we limit how we use your data in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format where processing is based on consent or contract
  • Right to object — to object to processing based on legitimate interests, or to direct marketing

To exercise any of these rights, please contact us at hello@generativ.co.uk. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.

Third-Party Service Providers

We share personal data with trusted third-party service providers who help us operate our website and deliver our services. These providers process data on our behalf and are contractually bound to appropriate data processing terms. Current providers include:

  • Vercel — website hosting and deployment infrastructure
  • Sanity — headless CMS for website content management
  • Google Analytics and Google Tag Manager — website analytics and tag management
  • Email and CRM platforms used for client communication and project management

We ensure that all third-party providers who process personal data on our behalf have entered into appropriate data processing agreements and provide sufficient guarantees of compliance with UK data protection law.

Cookies

Our website uses cookies and similar tracking technologies to improve your browsing experience and to collect analytics data. When you first visit our website, you will be asked to consent to the use of non-essential cookies. You may withdraw your consent at any time by adjusting your browser settings or via our cookie preference centre.

You can manage your cookie preferences at any time by clicking the "Cookie settings" button displayed on our website.

Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure. These measures include the use of encrypted connections (HTTPS), access controls, and secure hosting infrastructure.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO in accordance with our legal obligations.

International Data Transfers

Some of our third-party service providers may process personal data outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with UK GDPR, including the use of standard contractual clauses approved by the ICO or other lawful transfer mechanisms, so that your data receives an equivalent level of protection.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where we make material changes, we will notify you by updating the "Last updated" date below and, where appropriate, by placing a prominent notice on our website.

We encourage you to review this policy periodically. Continued use of our website following any changes constitutes your acknowledgement of the updated policy. Last updated: April 2026.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at: hello@generativ.co.uk.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at www.ico.org.uk or by calling 0303 123 1113.