Data Privacy Notice
Effective Date: April 15, 2026
Identity and Contact Details of the Controller
Sentio Consulting ("Sentio," "we," "us," or "our") is the controller of the personal data collected through our diagnostic assessments, intake processes, and client engagements, and is responsible for its processing under applicable data protection laws and regulations.
If you have questions or concerns regarding the processing of your personal data, please contact us at the email above.
Definitions
For the purposes of this Privacy Notice, "personal data" means any information about a specific individual, or that identifies or may reasonably identify a specific individual. "Processing" means any use of personal data, including but not limited to collection, recording, organization, storage, adaptation, analysis, transfer, disclosure, or deletion.
What Personal Data We Collect and Why
Sentio collects only the personal data necessary to deliver our services and engage with prospective and current clients. The table below describes the categories of data we collect, why we collect them, and the legal basis under which we do so.
| Category of Personal Data | Purpose of Processing | Legal Basis (GDPR) | CCPA Category |
|---|---|---|---|
| First name, last name | Personalizing assessment results; identifying the respondent for follow-up | Legitimate interest (client engagement and service delivery) | Identifiers |
| Work email address | Delivering assessment results; scheduling advisory follow-up; sending the newsletter if opted in | Legitimate interest / Consent (newsletter only) | Identifiers |
| Company size, industry | Benchmarking diagnostic responses against relevant peer groups; tailoring recommendations | Legitimate interest (service personalization) | Commercial information |
| Diagnostic responses (Likert scale scores) | Generating an AI maturity score; informing Sentio's advisory recommendations | Legitimate interest (service delivery and advisory preparation) | Professional or employment-related information |
| Optional open-text responses | Providing qualitative context to supplement scored responses | Legitimate interest (service delivery) | Professional or employment-related information |
| Opt-in/opt-out preferences | Honoring communication consent; maintaining compliant contact lists | Legal obligation / Consent | Identifiers |
- Purpose
- Personalizing assessment results; identifying the respondent for follow-up
- Legal Basis
- Legitimate interest (client engagement and service delivery)
- CCPA
- Identifiers
- Purpose
- Delivering assessment results; scheduling advisory follow-up; sending the newsletter if opted in
- Legal Basis
- Legitimate interest / Consent (newsletter only)
- CCPA
- Identifiers
- Purpose
- Benchmarking diagnostic responses against relevant peer groups; tailoring recommendations
- Legal Basis
- Legitimate interest (service personalization)
- CCPA
- Commercial information
- Purpose
- Generating an AI maturity score; informing Sentio's advisory recommendations
- Legal Basis
- Legitimate interest (service delivery and advisory preparation)
- CCPA
- Professional or employment-related information
- Purpose
- Providing qualitative context to supplement scored responses
- Legal Basis
- Legitimate interest (service delivery)
- CCPA
- Professional or employment-related information
- Purpose
- Honoring communication consent; maintaining compliant contact lists
- Legal Basis
- Legal obligation / Consent
- CCPA
- Identifiers
Sentio does not collect sensitive personal information as defined under CPRA (e.g., Social Security numbers, financial account data, health data, precise geolocation, or biometric data) through any of its standard intake or assessment processes.
Legitimate Interests
Where Sentio relies on legitimate interests as the legal basis for processing, we have determined that our interests — specifically, delivering high-quality AI advisory services, preparing for client engagements, and developing our consulting practice — do not override your interests, rights, or freedoms, given the limited nature of the data collected, the transparency provided in this notice, and the controls available to you. If you wish to understand how we have reached this determination, please contact us at the address above.
From Where We Obtain Your Personal Data
Sentio collects personal data directly from you when you complete the AI Growth Diagnostic Assessment, submit an intake questionnaire, book a discovery call, or otherwise initiate contact with our firm. We do not purchase personal data from data brokers or obtain your personal data from third-party sources without your knowledge.
What Happens If You Do Not Provide Personal Data
Providing your name, email address, company size, and industry is required to receive your diagnostic results and for Sentio to contact you to discuss them. If you choose not to provide this information, we will be unable to deliver your personalized results or engage you as a prospective client. Optional open-text responses and newsletter opt-in are not required and will not affect your ability to receive your results.
How We Share Your Personal Data
Sentio does not sell your personal data to third parties. We may share your personal data in limited circumstances with the following categories of recipients:
Service Providers
We may engage third-party technology providers (e.g., CRM platforms, email delivery services, assessment hosting tools) who process personal data on our behalf. These providers are contractually required to process data only on Sentio's instructions and in compliance with applicable data protection law.
Professional Advisors
We may share personal data with legal counsel, accountants, or insurers where necessary for the operation of our business.
Law Enforcement and Regulatory Bodies
We may disclose personal data where required to do so by applicable law, court order, or governmental authority.
Business Transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
Sentio does not share personal data with third parties for their own marketing purposes.
International Transfers
Sentio is based in the United States. If you are located in the EU, UK, or EEA and interact with our assessment or services, your personal data will be transferred to and processed in the United States. Where such transfers occur, Sentio will implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission or equivalent transfer mechanisms, to ensure your data receives a level of protection consistent with applicable law.
How Long We Retain Your Personal Data
Sentio retains personal data collected through the AI Growth Diagnostic and intake processes for no longer than 24 months from the date of collection, unless a client relationship is established, in which case data is retained for the duration of the engagement and for up to 36 months thereafter for legitimate business and legal purposes. Optional open-text responses that are incorporated into anonymized research or benchmarking analyses will be de-identified prior to use and will not be linkable to any individual respondent. You may request earlier deletion at any time (see Your Data Protection Rights below).
Your Data Protection Rights
Depending on your location, you may have the following rights with respect to your personal data:
All Users
- Access — request a copy of the personal data Sentio holds about you.
- Correction — request that inaccurate or incomplete data be corrected.
- Deletion — request that your personal data be deleted, subject to applicable legal obligations.
- Opt-out of contact — withdraw consent to marketing or follow-up communications at any time.
California Residents (CCPA/CPRA)
- The right to know what personal data is collected, used, shared, or sold.
- The right to delete personal data we hold about you.
- The right to correct inaccurate personal data.
- The right to opt out of the sale or sharing of personal data (Sentio does not sell or share personal data for cross-context behavioral advertising).
- The right to non-discrimination for exercising your privacy rights.
- The right to limit the use and disclosure of sensitive personal information (not applicable to Sentio's standard data collection).
EU/EEA/UK Residents (GDPR/UK GDPR)
- The right to object to processing based on legitimate interests.
- The right to restrict processing in certain circumstances.
- The right to data portability where processing is based on consent or contract.
- The right to lodge a complaint with a supervisory authority. EU residents may contact their national data protection authority; UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any of these rights, please contact us at kevin@sentio-consulting.com or by post at the address above. We will respond within the timeframe required by applicable law (45 days for CCPA requests; one month for GDPR requests, with the possibility of extension where necessary).
Cookies and Online Tracking
If you interact with Sentio's website or digital tools, we may use cookies or similar tracking technologies for essential functionality and analytics. A separate cookie notice will be presented where required by applicable law.
Changes to This Privacy Notice
Sentio may update this Privacy Notice from time to time to reflect changes in our practices or applicable law. The effective date at the top of this notice will be updated accordingly. We encourage you to review this notice periodically.