PRIVACY POLICY

Generative AI Strategy B.V.
Last Updated: March 2025

1. Introduction

Generative AI Strategy B.V. ("we," "us," or "our") is committed to protecting the privacy of our users and clients. This Privacy Policy explains how we collect, use, and disclose information about you when you use our website www.generativeaistrategy.com, engage with our services, or otherwise interact with us.

As a boutique consultancy specializing in Generative AI implementations, we understand the importance of data protection. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Who We Are

We are Generative AI Strategy B.V., a boutique consultancy of approximately 8 specialists focused on implementing Generative AI solutions for businesses.

Data Controller Details:

KVK-nummer: 91822416
Address: Gordelweg 71 C, 3037AJ Rotterdam, The Netherlands
Contact: service@generativeaistrategy.com
Phone: +31 6 20 08 67 83

3. Information We Collect

3.1 Information You Provide to Us

We may collect the following types of personal data that you provide directly to us:

Identity Data: name, job title, company name
Contact Data: email address, phone number, business address
Professional Data: information about your business needs, industry, and requirements
Communication Data: information contained in your communications with us, including emails, meeting transcripts, and other correspondence
Service Data: information needed to provide our services to you

3.2 Information Collected Automatically

When you visit our website, we automatically collect:

Technical Data: IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology identifiers on the devices you use
Usage Data: information about how you use our website, including page views, time spent on pages, navigation paths, and interaction with content
Device Data: information about the device you are using to access our website

3.3 Information From Third Parties

We may receive information about you from third parties, including:

Business partners
Service providers
Public databases
Social media platforms, if you interact with us through those channels

4. How We Use Information

We use your information for the following purposes:

4.1 To Provide Our Services

To deliver consulting and implementation services related to Generative AI
To communicate with you about our services
To respond to your inquiries and requests
To maintain our client relationship

4.2 For Legitimate Business Interests

To improve and optimize our website and services
To analyze usage patterns and trends
To protect the security and integrity of our services
To develop new products, services, and business opportunities
To process communications more efficiently using AI tools (further detailed in Section 8)

4.3 For Marketing Purposes (with consent)

To send you updates about our services, industry insights, and events
To provide personalized content and recommendations

4.4 To Comply with Legal Obligations

To meet legal, regulatory, and contractual requirements
To establish, exercise, or defend legal claims

5. Legal Basis for Processing

We process your personal data on the following legal grounds:

Performance of a Contract: when processing is necessary to fulfill our contractual obligations to you
Legitimate Interests: when processing is necessary for our legitimate business interests, provided these interests are not overridden by your rights. This includes:
- Processing email communications and other correspondence using AI tools to improve efficiency and response quality
- Maintaining and improving our services
- Business development and relationship management
Consent: when you have given us explicit consent to process your data for specific purposes
Legal Obligation: when processing is necessary to comply with a legal obligation

When you contact us as a prospective client or business contact, we typically rely on legitimate interests to process your communications, including using AI assistance to help us respond effectively.

6. Data Sharing and Disclosure

We may share your information with:

6.1 Service Providers

We share information with third-party service providers who help us operate our business and deliver services, including:

Vercel (website hosting and analytics)
Email service providers
CRM systems (Pipedrive)
Analytics providers
AI service providers (OpenAI, Anthropic, and others as listed in Section 8)
Automation platforms (Zapier)
Meeting recording and transcription services (Fireflies.ai)

All service providers process data on our behalf and are bound by appropriate data processing agreements.

6.2 Professional Advisors

We may share information with professional advisors, such as lawyers, auditors, and insurers.

6.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6.4 Legal Requirements

We may disclose information if required to do so by law or in response to valid requests by public authorities.

7. International Data Transfers

Our operations are primarily based in the Netherlands, but we may transfer your personal data to countries outside the European Economic Area (EEA). When we do, we ensure appropriate safeguards are in place, such as:

EU Standard Contractual Clauses
Adequacy decisions by the European Commission
Other legally approved transfer mechanisms

The AI services we use (including OpenAI and Anthropic) are based in the United States. When we use these services to process your data, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses, to ensure adequate protection.

Our website is hosted on Vercel, which may process data in multiple regions globally. Vercel maintains appropriate data protection mechanisms for international transfers.

8. Use of Generative AI in Our Operations

8.1 AI Tools We Use

As a Generative AI consultancy, we use various AI tools in our business operations, including:

OpenAI's services (ChatGPT Team and OpenAI API)
Anthropic's Claude
Microsoft Copilot
Other generative AI platforms

8.2 How We Use AI with Your Data

We may use AI tools to process communications you send to us (including emails) for purposes such as:

Analyzing and summarizing meeting transcripts
Drafting responses to inquiries
Generating follow-up communications
Extracting and organizing information for our CRM system
Conducting stakeholder research using information you've provided

Our specific AI workflows include:

Meeting Processing: Converting recorded meetings to text and generating summaries
Stakeholder Research: Analyzing communications to create comprehensive profiles
CRM Maintenance: Identifying and updating contact information and opportunities
Follow-up Communication: Preparing appropriate follow-up messages

8.3 AI Processing Safeguards

When using these services, we:

Prioritize business/enterprise versions that offer enhanced privacy protections
Have entered into Data Processing Agreements with AI providers
Have verified that these services' terms prevent using client data for AI model training without consent
Implement internal guidelines to minimize the personal data entered into these systems
Ensure human review of AI-generated content before it is used
Only use these tools for legitimate business purposes
Apply appropriate security measures to protect data in transit and at rest

8.4 Your Control Over AI Processing

We believe in transparency regarding our use of AI. If you would prefer that we not process your communications using AI tools, you have the right to object to this specific processing. Please inform us by emailing service@generativeaistrategy.com with your preference, and we will accommodate your request.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including:

The duration of our business relationship
The period required to provide our services
As necessary to comply with legal obligations
As needed to protect our legal interests

Communication data from prospective clients is typically retained for 2 years from the last interaction, unless a business relationship is established.

10. Data Security

We have implemented appropriate security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

Using secure communication channels
Implementing access controls
Training our team on data protection
Using reputable service providers with strong security practices
Ensuring proper security configurations for AI tools

11. Your Data Protection Rights

Under the GDPR, you have the following rights:

Right to Access: Request access to your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data under certain circumstances
Right to Restrict Processing: Request limitation of processing in specific scenarios
Right to Data Portability: Request a copy of your data in a structured format
Right to Object: Object to processing based on legitimate interests (including our use of AI tools with your data) or for direct marketing
Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at service@generativeaistrategy.com. We will respond to your request within one month.

12. Cookies and Similar Technologies

We use cookies and similar tracking technologies on our website. For detailed information, please see our Cookie Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and if the changes are significant, we will provide a more prominent notice.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Generative AI Strategy B.V.
Gordelweg 71 C
3037AJ Rotterdam
The Netherlands
Email: service@generativeaistrategy.com
Phone: +31 6 20 08 67 83