GDPR Compliance Information

Last Updated: January 12, 2026

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into force on May 25, 2018. It applies to organizations processing personal data of individuals in the European Union (EU) and European Economic Area (EEA), regardless of where the organization is located.

BLocal AI is committed to full compliance with GDPR and the UK Data Protection Act 2018, which incorporates GDPR principles into UK law following Brexit.

2. Our GDPR Commitments

We Are GDPR Compliant

BLocal AI has implemented comprehensive measures to ensure compliance with all GDPR requirements. We are committed to protecting the privacy and personal data of all individuals whose information we process.

3. Your Rights Under GDPR

GDPR grants you comprehensive rights over your personal data. We make it easy for you to exercise these rights:

1. Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a clear, structured format within one month of your request.

2. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. You can update most information directly in your account settings or contact us for assistance.

3. Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when there is no legal basis for processing.

4. Right to Restrict Processing

You can request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of data or object to processing.

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another data controller.

6. Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds to continue.

7. Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you.

8. Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before the withdrawal.

4. How to Exercise Your Rights

Making a Request

To exercise any of your GDPR rights, you can:

  • Email our Chief Compliance Officer at compliance@inchannels.net
  • Use the account settings in your BLocal AI dashboard
  • Send a written request to our compliance address (see contact information below)

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

5. Legal Basis for Processing

We process personal data only when we have a valid legal basis. Our processing activities are based on:

Consent

You have given clear, informed consent for us to process your data for specific purposes (e.g., marketing communications).

Contract

Processing is necessary to fulfill our contractual obligations to you (e.g., providing our services).

Legal Obligation

Processing is required to comply with legal obligations (e.g., tax reporting, anti-fraud measures).

Legitimate Interests

Processing is necessary for our legitimate business interests or those of a third party, unless overridden by your rights.

6. Data Processing Activities

We maintain detailed records of our processing activities as required by GDPR Article 30. These records include:

  • Categories of personal data processed
  • Purposes of processing
  • Legal basis for each processing activity
  • Categories of data subjects (individuals)
  • Recipients or categories of recipients of personal data
  • Details of international data transfers
  • Retention periods for different categories of data
  • Technical and organizational security measures

7. Data Protection by Design and Default

We implement data protection principles from the earliest stages of design:

  • Privacy is considered in all new products, services, and features
  • Data minimization is applied - we collect only necessary data
  • Default settings maximize privacy protection
  • Personal data is pseudonymized or anonymized where possible
  • Access to personal data is restricted to authorized personnel only
  • Regular privacy impact assessments are conducted

8. Data Protection Impact Assessments

For processing activities that are likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) to:

  • Identify and assess risks to individuals
  • Evaluate necessity and proportionality of processing
  • Implement measures to mitigate identified risks
  • Consult with supervisory authorities when required

9. International Data Transfers

When we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place:

  • Transfers only to countries with adequacy decisions
  • Use of Standard Contractual Clauses (SCCs)
  • Supplementary measures to ensure data protection equivalent to GDPR
  • Regular reviews of transfer mechanisms to ensure ongoing compliance

10. Data Breach Notification

In the unlikely event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required)
  • Notify affected individuals without undue delay if the breach is likely to result in high risk to their rights and freedoms
  • Provide clear information about the nature of the breach and steps being taken
  • Document all breaches, regardless of whether notification is required
  • Take immediate steps to contain and remediate the breach

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR.

UK Supervisory Authority:

Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Phone: 0303 123 1113

However, we encourage you to contact us first so we can address your concerns directly.

12. Contact Our Data Protection Officer

For any questions about GDPR compliance, to exercise your rights, or to raise a data protection concern:

Chief Compliance Officer: Iolo Jones

Company Address:
The Boathouse
46 Kenavon Drive
Reading RG1 3DH
United Kingdom

Compliance Email: compliance@inchannels.net