PRIVACY POLICY

Generative AI Strategy B.V.
Last Updated: March 2025

1. Introduction

Generative AI Strategy B.V. ("we," "us," or "our") is committed to protecting the privacy of our users and clients. This Privacy Policy explains how we collect, use, and disclose information about you when you use our website www.generativeaistrategy.com, engage with our services, or otherwise interact with us.

As a boutique consultancy specializing in Generative AI implementations, we understand the importance of data protection. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Who We Are

We are Generative AI Strategy B.V., a boutique consultancy of approximately 8 specialists focused on implementing Generative AI solutions for businesses.

Data Controller Details:

  • KVK-nummer: 91822416
  • Address: Gordelweg 71 C, 3037AJ Rotterdam, The Netherlands
  • Contact: service@generativeaistrategy.com
  • Phone: +31 6 20 08 67 83

3. Information We Collect

3.1 Information You Provide to Us

We may collect the following types of personal data that you provide directly to us:

  • Identity Data: name, job title, company name
  • Contact Data: email address, phone number, business address
  • Professional Data: information about your business needs, industry, and requirements
  • Communication Data: information contained in your communications with us, including emails, meeting transcripts, and other correspondence
  • Service Data: information needed to provide our services to you

3.2 Information Collected Automatically

When you visit our website, we automatically collect:

  • Technical Data: IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology identifiers on the devices you use
  • Usage Data: information about how you use our website, including page views, time spent on pages, navigation paths, and interaction with content
  • Device Data: information about the device you are using to access our website

3.3 Information From Third Parties

We may receive information about you from third parties, including:

  • Business partners
  • Service providers
  • Public databases
  • Social media platforms, if you interact with us through those channels

4. How We Use Information

We use your information for the following purposes:

4.1 To Provide Our Services

  • To deliver consulting and implementation services related to Generative AI
  • To communicate with you about our services
  • To respond to your inquiries and requests
  • To maintain our client relationship

4.2 For Legitimate Business Interests

  • To improve and optimize our website and services
  • To analyze usage patterns and trends
  • To protect the security and integrity of our services
  • To develop new products, services, and business opportunities
  • To process communications more efficiently using AI tools (further detailed in Section 8)

4.3 For Marketing Purposes (with consent)

  • To send you updates about our services, industry insights, and events
  • To provide personalized content and recommendations

4.4 To Comply with Legal Obligations

  • To meet legal, regulatory, and contractual requirements
  • To establish, exercise, or defend legal claims

5. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Performance of a Contract: when processing is necessary to fulfill our contractual obligations to you
  • Legitimate Interests: when processing is necessary for our legitimate business interests, provided these interests are not overridden by your rights. This includes:
    • Processing email communications and other correspondence using AI tools to improve efficiency and response quality
    • Maintaining and improving our services
    • Business development and relationship management
  • Consent: when you have given us explicit consent to process your data for specific purposes
  • Legal Obligation: when processing is necessary to comply with a legal obligation

When you contact us as a prospective client or business contact, we typically rely on legitimate interests to process your communications, including using AI assistance to help us respond effectively.

6. Data Sharing and Disclosure

We may share your information with:

6.1 Service Providers

We share information with third-party service providers who help us operate our business and deliver services, including:

  • Vercel (website hosting and analytics)
  • Email service providers
  • CRM systems (Pipedrive)
  • Analytics providers
  • AI service providers (OpenAI, Anthropic, and others as listed in Section 8)
  • Automation platforms (Zapier)
  • Meeting recording and transcription services (Fireflies.ai)

All service providers process data on our behalf and are bound by appropriate data processing agreements.

6.2 Professional Advisors

We may share information with professional advisors, such as lawyers, auditors, and insurers.

6.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6.4 Legal Requirements

We may disclose information if required to do so by law or in response to valid requests by public authorities.

7. International Data Transfers

Our operations are primarily based in the Netherlands, but we may transfer your personal data to countries outside the European Economic Area (EEA). When we do, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Other legally approved transfer mechanisms

The AI services we use (including OpenAI and Anthropic) are based in the United States. When we use these services to process your data, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses, to ensure adequate protection.

Our website is hosted on Vercel, which may process data in multiple regions globally. Vercel maintains appropriate data protection mechanisms for international transfers.

8. Use of Generative AI in Our Operations

8.1 AI Tools We Use

As a Generative AI consultancy, we use various AI tools in our business operations, including:

  • OpenAI's services (ChatGPT Team and OpenAI API)
  • Anthropic's Claude
  • Microsoft Copilot
  • Other generative AI platforms

8.2 How We Use AI with Your Data

We may use AI tools to process communications you send to us (including emails) for purposes such as:

  • Analyzing and summarizing meeting transcripts
  • Drafting responses to inquiries
  • Generating follow-up communications
  • Extracting and organizing information for our CRM system
  • Conducting stakeholder research using information you've provided

Our specific AI workflows include:

  1. Meeting Processing: Converting recorded meetings to text and generating summaries
  2. Stakeholder Research: Analyzing communications to create comprehensive profiles
  3. CRM Maintenance: Identifying and updating contact information and opportunities
  4. Follow-up Communication: Preparing appropriate follow-up messages

8.3 AI Processing Safeguards

When using these services, we:

  • Prioritize business/enterprise versions that offer enhanced privacy protections
  • Have entered into Data Processing Agreements with AI providers
  • Have verified that these services' terms prevent using client data for AI model training without consent
  • Implement internal guidelines to minimize the personal data entered into these systems
  • Ensure human review of AI-generated content before it is used
  • Only use these tools for legitimate business purposes
  • Apply appropriate security measures to protect data in transit and at rest

8.4 Your Control Over AI Processing

We believe in transparency regarding our use of AI. If you would prefer that we not process your communications using AI tools, you have the right to object to this specific processing. Please inform us by emailing service@generativeaistrategy.com with your preference, and we will accommodate your request.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including:

  • The duration of our business relationship
  • The period required to provide our services
  • As necessary to comply with legal obligations
  • As needed to protect our legal interests

Communication data from prospective clients is typically retained for 2 years from the last interaction, unless a business relationship is established.

10. Data Security

We have implemented appropriate security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Using secure communication channels
  • Implementing access controls
  • Training our team on data protection
  • Using reputable service providers with strong security practices
  • Ensuring proper security configurations for AI tools

11. Your Data Protection Rights

Under the GDPR, you have the following rights:

  • Right to Access: Request access to your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data under certain circumstances
  • Right to Restrict Processing: Request limitation of processing in specific scenarios
  • Right to Data Portability: Request a copy of your data in a structured format
  • Right to Object: Object to processing based on legitimate interests (including our use of AI tools with your data) or for direct marketing
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at service@generativeaistrategy.com. We will respond to your request within one month.

12. Cookies and Similar Technologies

We use cookies and similar tracking technologies on our website. For detailed information, please see our Cookie Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and if the changes are significant, we will provide a more prominent notice.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Generative AI Strategy B.V.
Gordelweg 71 C
3037AJ Rotterdam
The Netherlands
Email: service@generativeaistrategy.com
Phone: +31 6 20 08 67 83