Privacy Policy

This website and the cosantio services are operated by Lanuntac Ltd., trading as cosantio, a company registered in Ireland (company number 666057).

For the purposes of the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, Lanuntac Ltd. is the data controller for the personal data described in this policy. You can reach us about any privacy matter at privacy@cosantio.com.

We collect only what we need to run our service and respond to you.

Information you give us

• Contact and enquiry details: your name, work email, company name, and role when you book a call, complete the Scorecard, request a resource, or contact us.
• Scorecard responses: the answers you provide to the readiness questions, which we use to generate your result.
• Correspondence: the content of messages you send us.

Information we collect automatically

• Limited technical data: basic information such as approximate location and device or browser type, to keep the site secure and working.
• Cookies and similar technologies: see our Cookie Policy for detail. We use only what is necessary to make the site function unless you tell us otherwise.

We use your personal data for the purposes below, each with a lawful basis under the GDPR.

• To provide the Scorecard and our services (lawful basis: performance of a contract, or steps taken at your request before entering one).
• To respond to your enquiries and book calls (lawful basis: our legitimate interest in answering people who contact us).
• To send you a resource or update you have asked for (lawful basis: your consent, which you can withdraw at any time).
• To secure, maintain, and improve the website (lawful basis: our legitimate interest in a safe, working service).
• To meet our legal and regulatory obligations (lawful basis: compliance with a legal obligation).

We do not sell your personal data, and we do not use it to make solely automated decisions that produce legal or similarly significant effects about you.

We share personal data only where necessary, and only with parties who are bound to protect it.

• Service providers (processors): trusted suppliers who host our site, send our email, and schedule our calls, acting on our instructions under a data processing agreement. The current set is Vercel (site hosting), Supabase (database), Resend (transactional email), and Calendly (call scheduling).
• Professional advisers: our lawyers, accountants, and insurers, where needed.
• Legal requirements: authorities or others where we are required by law to disclose, or to protect our rights.

We aim to keep personal data within the European Economic Area (EEA). Where a provider processes data outside the EEA, we rely on an adequacy decision or appropriate safeguards such as the European Commission's Standard Contractual Clauses. You can ask us for detail on the safeguards in place for any particular transfer.

We keep personal data only as long as we need it for the purpose we collected it, then delete or anonymise it. As a guide, enquiry and Scorecard data is held for 24 months unless you become a customer, and customer records are kept for the duration of our relationship plus any period required by law. You can ask us to delete your data sooner; see your rights below.

Under the GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify data that is inaccurate or incomplete.
• Erase your data in certain circumstances.
• Restrict or object to our processing in certain circumstances.
• Port your data to another provider where applicable.
• Withdraw consent at any time, where we relied on it.

To exercise any of these, email us at privacy@cosantio.com. We will respond within the timeframes the GDPR sets. You also have the right to complain to the Irish supervisory authority, the Data Protection Commission, at dataprotection.ie, though we would welcome the chance to resolve any concern first.

We use appropriate technical and organisational measures to protect personal data against loss, misuse, and unauthorised access. No method of transmission or storage is completely secure, but we work to keep our safeguards proportionate to the data we hold.

Our website and services are intended for businesses and the professionals who work in them. They are not directed at children, and we do not knowingly collect personal data from anyone under 16.

We may update this policy from time to time. When we do, we will change the date at the top, and for significant changes we will take reasonable steps to let you know.

For any question about this policy or your personal data, contact cosantio at privacy@cosantio.com.