This Data Protection Notice summarises how personal data is handled in connection with the Enterprise GenAI Adoption Benchmark.
We collect and use limited business contact information to manage participation, authenticate users, support completion, maintain dataset integrity, and respond to enquiries. We also process organisation-level survey data and limited technical metadata needed to operate the service securely.
Our core purposes are:
- administering the survey and user access
- preventing duplicate or invalid submissions
- generating benchmark reports and comparative outputs
- maintaining longitudinal research datasets
- securing, improving, and supporting the platform
We aim to minimise the use of direct identifiers in research workflows. Where possible, identifiers are separated from survey response data and replaced with pseudonymous references for analysis and reporting processes.
Benchmark and research outputs are presented using aggregation, thresholding, suppression, and other disclosure controls intended to reduce re-identification risk. Reporting may be limited where cohort size or segmentation would make attribution too easy.
We retain data according to operational need, research continuity, legal obligations, and security requirements. Direct identifiers are retained for the minimum period reasonably necessary for service administration and rights handling. Pseudonymised longitudinal response data and aggregated benchmark outputs may be retained for longer.
We use service providers for hosting, authentication, email delivery, monitoring, and related infrastructure support. Where data is processed outside the UK, we seek to apply appropriate contractual or legal safeguards.
You may contact privacy@thebenchmark.site if you want to ask about the data we hold, request a correction, request deletion where appropriate, or raise a concern about how your data has been handled.
This notice may be updated as the service and research programme evolve.