Who we are?

BenevolentAI, a public limited liability company (société anonyme), incorporated under the laws of Luxembourg, having its registered office at 9, rue de Bitbourg, L-1273 Luxembourg, Grand Duchy of Luxembourg, registered with the Luxembourg Register of Commerce and Companies (R.C.S. Luxembourg) under number B255412 (“BenevolentAI”) and its subsidiary entities (“BenevolentAI Limited; BenevolentAI Bio Ltd; BenevolentAI Cambridge Ltd; Benevolent Technology, Inc; BenevolentAI Technology Ltd”, together, “we”, “us” or “BenevolentAI Group”) is an organisation that creates and applies artificial intelligence (AI) technologies to transform the way medicines are discovered and developed.

We seek to improve patient’s lives by applying technology designed to generate better data decision-making and in doing so lower drug development costs, decrease failure rates and increase the speed at which medicines are generated. For the purpose of applicable data protection laws, we are the data controller. Our representative in the European Economic Area (the “EEA”) is BenevolentAI and our representative in the United Kingdom (“UK”) is BenevolentAI Limited.

BenevolentAI Group is committed to conducting its businesses in accordance with all applicable Data Protection laws and regulations in line with the highest standards of ethical conduct. This privacy policy (this “Policy”) sets forth the expected behaviours of BenevolentAI Group practices in relation to the collection, use, retention, transfer, disclosure, and destruction of Personal Data belonging to all BenevolentAI Group contacts (i.e. the “Data Subjects”).

BenevolentAI Group strives to ensure continued and effective implementation of this Policy and expects all stakeholders to share this commitment. This Policy (together with our “Terms of use and any other document referred to on it) sets out the basis on which any personal data (as defined in Regulation (EU) 2016/679 (the “GDPR”)) that we hold (the “Personal Data”) are processed.

Please read the following carefully to understand our views and practices regarding your Personal Data and how it’s processed. If you have any concerns or need further information, our Data Protection Officer and Compliance Manager (“DPO”) can be contacted directly with the details below:

DPOBenevolentAI Limited
4-8 Maple Street, London, W1T 5HD United Kingdom
Phone: +44 (0)2037 819 360
Email: DPO@benevolent.ai

We may collect and process some or all of the following types of Personal Data:

  Data type (that we may hold at any time)   SOURCE (obtained data from)


  • Names
  • Home address
  • Email address
  • Phone number
  • Date of birth
  • NI / SS Number
  • Passport Number
  • Bank Account details
  • Other Credit Information (where necessary)
  • Job Agencies
  • Internal referral
  • Online
  • Onsite visitors’ registration system
  • Direct email messages
  • Direct phone calls

  Pseudonymous / Patient Level Data Sets

  • Pseudonymised data sets
  • Pseudonymised patient level data
  • Human tissues and blood samples
  • Data banks/Suppliers
  • Collaborators/Institutions
  • CROs

  Suppliers/Investors/ Partners Information

  • Supplier/Vendor/Contact ID
  • Email address
  • Company Physical Addresses
  • Company Contact Information
  • Name
  • Home Addresses
  • Phone number
  • Financial Information
  • Bank account
  • Onsite visits
  • Direct email messages
  • Phone calls

  Technical information we may collect:

  • Internet Browsing
  • Activity data, such as when you completed a form on this website
  • Information from your visits to this website, including the type of browser and operating system you use,
  • Access times, pages viewed, URLs clicked on, your IP address and the pages you visited
  • Tracking pixels that allow platforms such as Facebook and Twitter to interact with this website and give feedback on your actions; and
  • Device information, including the unique device identifier, hardware model, operating system and version and mobile network information
  • Cookies / Online contact forms / Social Media platforms



This section provides more detail on the types of personal information we collect from you, and why.

  Personal Information   Use   Legal basis
  • Account registration information: Name, email address and password
  • Email newsletter subscription: name and email address
  • Customer Support: email address and content of your message
  • We use this information to create and maintain your account
  • We use this information to send you email newsletters as per your subscription request.
  • We use this information to communicate with you, provide customer support and to address and remediate technical issues and bugs.
  • Necessary to perform our contract with you to provide services
  • We use this information with your consent.
  • It is in our legitimate interest to provide effective services to you and to be responsive to you.


We source data from providers from time to time which may be combined with information you give to us and information we collect about you. We may use this information and the combined data for the purposes set out in this Policy (depending on the types of data we have received).

Pseudonymised Datasets
We collect pseudonymised datasets from data suppliers, CROs and collaborators for internal research purposes.

Clinical Trial Data
We work with vetted CROs and test centres from time to time who provide participant’s pseudonymised data for use in our clinical trials and research. From time to time, these processing may involve special category personal health data. BenevolentAI Group relies on the exception under Articles 9(2)(i) and 9(2)(j); and Article 89(1) of the GDPR (Legitimate Interests, Scientific or Historical Research Purposes) and Schedule(1), Part (1) sections 10 and 19 of the Data Protection Act 2018 (“DPA 2018”) as our lawful basis for processing.

When you subscribe to BAI Group’s newsletter, we will ask for your:

  • Names
  • Email address, and
  • Any other content preferences that can help tailor our messages to your interests

Our use and storage of your data is based on your consent. This means you will receive tailored communication and updates regarding our upcoming events, products, services or opportunities from time to time. You can withdraw your consent or change your preference at any time, by following the ‘Unsubscribe' link on any of our emails or contacting us at hello@benevolent.ai

Event attendees When you register to attend one of our events (including via any of our third-party provider), we will ask for your:

  • Names
  • Email address, and
  • Any other relevant information as determined on an event-by-event basis; such as, job title or work-related email address.

We will collect this information when you enrol to attend an event. Our use and storage of these data is based on your consent. We use the data solely for the purposes of administering the event and send you tailored communication and updates regarding our upcoming events, products, services or opportunities from time to time. We may be required to share such data with third-party organisations where necessary to administer the event effectively.

We often take photographs at our events and those photos may be used on our website, social media, newsletters or other internal or external communications. Please contact us if you have any question or concern regarding the use of such photographs at any time. If you are a speaker at one of our events, we may promote your participation via platforms such as Twitter, LinkedIn and by marketing emails. External platforms may continue to store and use personal information after the event has ended.

When you unsubscribe, your personal data will be automatically removed from the newsletter distribution system. We use Hubspot to provide this service and they process your personal data on our behalf. You can read the Hubspot privacy notice here. Hubspot operates in the United States (“US”), so your information is transferred to, stored, and processed in the US. Hubspot is deemed to have technical and organisational measures in place to ensure the security of your personal data in compliance with the UK GDPR, DPA 2018, and the EU GDPR as outlined in their DPA here. Hubspot is also compliant with the EU-US Privacy Shield framework (albeit such framework being currently invalidated – see below). You can view their certification here.

We rely on Contractual Performance, Public Interest, Legitimate Interest, and Legal Obligation (each as defined in the GDPR) as the lawful basis on which we collect and use your Personal Data. We use your Personal Data to provide you with information about our products, and services and to improve those products and services. We will also use your Personal Data to notify you about changes and events and to ensure that content on our website is presented in the most effective manner for you and your computer.

All the Personal Data we collect from you are used for administrative (HR) and drug discovery purposes. If there is a need to disclose your Personal Data to other third parties, for new purposes outside the original scope or for purposes materially different from that for which they were originally collected, we will ensure that your rights and freedom are not undermined. Where applicable, we will give you the opportunity to decide if your Personal Data should be processed in such a manner. However, note that in certain circumstances, we might be required to disclose your data in response to lawful requests by public authorities, to meet national security, law enforcement, or investigations and we will oblige accordingly.

BenevolentAI Group and its affiliated/trusted third-party suppliers may store your Personal Data within and outside the EEA and the UK. Data protection and privacy laws in the countries to which your Personal Data are transferred may be deemed inadequate under the GDPR. In all cases, BenevolentAI Group takes all steps reasonably necessary to ensure your Personal Data remains protected and secure in compliance with applicable data protection and privacy laws. These measures include data transfer agreements, implementing standard contractual clauses, or International Data Transfer Agreements (“IDTAs”).

We take appropriate technical, organisational, and administrative measures to ensure all Personal Data is kept secure including security measures to prevent Personal Data from being accidentally collected, recorded, organised, structured, stored, altered, retrieved, consulted, used, disclosed by transmission, disseminated or otherwise made available, aligned or combined, restricted, erased or destroyed in an unauthorised manner. We limit access to your Personal Data to those who have genuine business needs and are duly trained for such processing. Those processing your information will do so only in an authorised manner that ensures confidentiality and accountability. We also have procedures in place to deal with any suspected data security breach. We will notify you and all applicable regulators of a suspected data security breach where we are legally required to do so within 72 hours.

Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through any online means outside the scope of this Policy, therefore any such transmission remains at your own risk as the transmission of information via the internet is not completely secure.

We will retain your Personal Data as follows:

(a) your account data for as long as you keep your account open or as needed to provide you with our products or services;
(b) if you contact us, we will keep your data for 24 months after you contact us; 
(c) your technical usage information may be retained for up to 24 months; and
(d) data on your use of our website and our products or services maybe retained for up to 24 months.

We will also retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes and enforce our terms and conditions, other applicable terms of service, and our policies. If you stop using our products or services, we will store your information in an aggregated and anonymised format; we may use this information indefinitely without further notice to you. 

For further information, contact our DPO at: DPO@benevolent.ai.

Rights relating to the processing of your Personal Data

The DPA 2018, the GDPR, the UK General Data Protection Regulation (“UK GDPR”) and the Privacy and Electronics Communications Regulation (“PECR”) provide you with specific rights relating to your Personal Data that BenevolentAI Group holds and processes at any given time. These rights include:

(a) Right to Access (Data Subject Access Request) – You have the right to access Personal Data we hold about you, how we use it, and who we share it with.
(b) Right to be Informed (Privacy Notices)
(c) Right to Object to Processing – You have the right to object to our processing of your Personal Data
(d) Right to Rectification – You have the right to correct any of your Personal Data we hold that is inaccurate.
(e) Right to Erasure (Right to be Forgotten) – In certain circumstance, you have the right to delete the Personal Data we hold about you.
(f) Right to Restrict Processing – You have the right to require us to stop processing the Personal Data we hold about you, other than for storage purposes, in certain circumstances.
(g) Right to Data Portability – You have the right to receive a copy of the Personal Data we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.

Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests, or where we are required by law to retain your Personal Data. You have the right to object to marketing at any time by [clicking the ‘Unsubscribe’ link on any of our emails or contacting us at hello@benevolent.ai..

Data Subject Access Request You can request access to the Personal Data we hold about you using the contact details set out below. Requests should include:

(a) Your full name, address and description of the information that you seek.
(b) Two proof of identification: (i) one photographic ID (a copy of your passport or driving license); and (ii) one proof of address (a recent bill or financial statement showing your current address).

Data Subject Access Requests should be addressed to:

DPO, BenevolentAI Limited
4-8 Maple Street, London, W1T 5HD
United Kingdom
Phone: +44 (0)2037 819 360
Email: DPO@benevolent.ai

We are obliged by the governing regulations to respond promptly to your request and in any event within one month of receipt. Exceptions may apply for an extended period of two months if the request proves particularly complex in nature, in which case you will be duly informed.

Should we need additional information to identify, validate and/or locate the information requested, we will contact you and wait for your response before we are able to process your request.

BenevolentAI Group acknowledges that the EU-U.S. Privacy Shield is no longer a valid transfer mechanism for Personal Data from the UK (or EEA) to the US. The US Department of Commerce, which oversees compliance with Privacy Shield, has stated that it will nonetheless continue to administer the Privacy Shield program and that participants are not relieved of their obligations under Privacy Shield. Benevolent Technology Inc., a participant in the Privacy Shield regime, will continue to comply with its commitments under the Privacy Shield (as broadly outlined below).

We comply with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EU to the US. We have certified to the US Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. We are also subject to the investigation and enforcement powers of the US Federal Trade Commission.

Following the recent invalidation of the EU-US Privacy Shield, for any transfers of Personal Data outside the EEA or the UK, the data transfer will be under the European Commission’s standard contractual clauses for the transfer of personal data to third countries (the “Model Clauses”), or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined by the European Commission or the relevant UK authorities, as applicable, to provide an adequate level of protection for individuals’ rights and freedoms for their Personal Data. Please contact our DPO at: DPO@benevolent.ai should you wish to examine a copy of the Model Clauses.

In compliance with the Privacy Shield Principles, BenevolentAI Group commits to resolve complaints about our collection or use of your Personal Data. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at:

Luxembourg Office
9, rue de Bitbourg,
L-1273 Luxembourg,
Grand Duchy of Luxembourg
Phone: +44 (0)2037 819 360
(Monday – Friday)
Email: DPO@benevolent.ai

London, UK Office
BenevolentAI Limited
4 - 8 Maple Street,
London W1T 5HD, United Kingdom
Phone: +44 (0)2037 819 360
(Monday – Friday)
Email: DPO@benevolent.ai

New York, USA Office
Benevolent Technology, Inc.
1 Dock 72 Way, 7th Floor,
Brooklyn, NY 11205, USA
Phone: +1 (929) 295-6550
(Monday – Friday)
Email: DPO@benevolent.ai

We have further committed to cooperate with the panel established by the EU data protection authorities (“DPAs”) with regard to unresolved Privacy Shield complaints concerning human resources data, de-identified/pseudonymised data sets and de-identified/pseudonymised patient level data, tissues/blood samples that may be transferred from the EU in the context of an employment relationship, business operations, and scientific research purposes.

We are committed to cooperating with the panel established by the DPAs with regard to unresolved Privacy Shield complaints concerning Personal Data transferred from the EU in the context of an employment relationship. As an EU Person, you have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information on this Framework, refer to the Privacy Shield website at: https://www.privacyshield.gov/EU-US-Framework.

Under the Privacy Shield Policy, you have the right to Personal Data that BenevolentAI Group holds about you as stated in “Your Rights” (section 12 above) if it has been processed in violation of the Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to your privacy, or where the rights of other persons would be violated). Requests can be sent to us using the contact information set out above.

As stated in our disclosure commitment (section 8 above), your Personal Data are used for administrative (HR) and drugs discovery research purposes. Where applicable, you will be duly informed if your Personal Data are to be shared with other third parties for any new purpose outside the scope or is materially different from that for which it was originally collected. We will give you the opportunity to choose whether to have your Personal Data disclosed or opt-out. However, note that in certain circumstances where BenevolentAI Group might be required to disclose your Personal Data in response to lawful requests by public authorities, to meet national security or law enforcement or investigations, we will oblige accordingly.

Before any onward transfer of your Personal Data to third parties, we will ensure measures are in place that meets the level of security appropriate to such onward transfer in terms of contract (Model Clauses/IDTAs) or agreement as appropriate to ensure adequacy in line with the provision of the Privacy Shield Principles. We will ensure that any third party receiving such Personal Data from us has entered into a written agreement or contract with us requiring that such third party provide at least the same level of privacy protection as the Privacy Shield Principles.

We remain responsible and liable under the Privacy Shield tenets, if any such third-party processes such Personal Data in a manner inconsistent with the terms of this Policy, unless BenevolentAI can prove that it is not responsible for the event leading to any breach. We will ensure that the third-party notifies us if it makes a determination that it can no longer meet the stated terms. The contract shall provide that when such a determination is made, they cease processing or take reasonable and appropriate steps to remediate so as to align with the Privacy Shield Principles.

In compliance with the NY SHIELD Act, BenevolentAI Group has implemented adequate data privacy and security safeguards, including:

(a) designating a Data Protection Officer, IT and Information Security personnel;
(b) implemented adequate controls for the protection of personal data;
(c) conducts employee training concerning data protection and cybersecurity;
(d) maintains updated documentation of policy practices and procedures;
(e) implemented an administrative procedure to notify affected individuals in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement; and
(f) implemented an administrative procedure to notify the NY State Attorney General, the department of state, and the state office of information technology services as to the timing, content, and distribution of the notices and an approximate number of affected persons. If you have any questions, please use the contact information detailed on this notice.

Read our full cookie policy here

Our website may contain links to other websites from time to time. Note that this Policy only applies to this website (https://benevolent.com/). Whenever you are redirected or linked to other websites, ensure you read and understand their privacy policies on their use of your Personal Data before consenting. We do not accept any responsibility or liability for external policies. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms, may also be viewable by other users of this website and/or users of those third-party online platforms without limitation as to its use by a third party or by us. Our inclusion of such links does not imply any endorsement of the content on such platforms or of their owners or operators except as disclosed on our website. We expressly disclaim any and all liability for the actions of third parties, including but without limitation to actions relating to the use and/or disclosure of Personal Data by third parties. Any information submitted by you directly to these third parties is subject to that third party’s privacy policy.

For concerns or questions about our privacy policy or how we process your data, contact our:

Luxembourg Office:
9, rue de Bitbourg,
L-1273 Luxembourg,
Grand Duchy of Luxembourg
Phone: +44 (0)2037 819 360
(Monday – Friday)
Email: DPO@benevolent.ai

London, UK Office New York, USA Office

Data Protection Compliance Manager
BenevolentAI Ltd
4 - 8 Maple Street,
London W1T 5HD, United Kingdom
Phone: +44 (0)2037 819 360 (Monday – Friday)
Email: DPO@benevolent.ai

Benevolent Technology, Inc.
1 Dock 72 Way, 7th Floor,
Brooklyn, NY 11205
United StatesPhone: +1 (929) 295-6550 (Monday – Friday)
Email: DPO@benevolent.ai


We believe that we can resolve any query or concern you may raise about our use of your Personal Data. The DPA 2018, the GDPR, the UK GDPR, and the PECR give you the right to lodge a complaint with a supervisory authority, in particular within the EU (or EEA) state where you work, normally live, or where any alleged infringement of data protection laws may have occurred.

The ICO is the supervisory authority for UK and may be contacted at:
Online: http://ico.org.uk/concerns/ 
Telephone: 0303 123 1113.

BenevolentAI Group keeps this Policy under regular review to continuously capture each emerging requirement. We will place any updates on this webpage.

Last updated: September 2022

At BenevolentAI, we keep our privacy policy under regular review to continuously capture each emerging requirement. We will place any updates on this webpage.

‍Last updated: April 2022