Konsiteo
Scrupulous Since 1985
Magnificentia
Privacy Notice—Konsiteo Ltd
Effective date: 22 June 2026
Konsiteo Ltd is a company registered in England and Wales, with its registered office at 71–75 Shelton Street, London WC2H 9JQ (company number 9835328, VAT number GB226792289, ICO registration ZA150392, and Croatian tax identification HR99353656457). Alen Karlović, Founder and Director, may be contacted by email at alen@konsiteo.com—OpenPGP-encrypted correspondence is encouraged, using the public key published at konsiteo.com, fingerprint 74E5 1E59 C219 E13C A611 4E4A 2966 8E19 C842 C2E3—or by end-to-end encrypted Signal communication. These contact details constitute the formal address for all data-related communications and enquiries addressed to the controller. This notice satisfies the transparency obligations set out in Articles 12, 13, and 14 of the UK General Data Protection Regulation and the Data Protection Act 2018. It is written not because the law requires words, but because this practice is constituted around a disposition that predates any regulatory framework: the refusal to hold anything—including another person's information—without accountability to a standard higher than what is merely permitted. What follows is that account, given plainly and completely.
What this website does not do
This website is hosted on servers located within the European Union in Amsterdam, The Netherlands. As is standard with all web hosting, the hosting infrastructure may generate server access logs—recording technical data such as IP addresses and page requests—as a routine function of delivering web pages. This technical logging is an inherent function of internet infrastructure, is not used by this practice for any analytical or commercial purpose, and is governed by the hosting provider's own data processing terms. This practice does not access, analyse, or use data collected in this way for any purpose relating to individual visitors. That it could is not a reason to do so—it is precisely the kind of question this practice holds itself answerable to. This website collects no tracking data, deploys no analytics platform, and sets no cookies of any kind—not functional, not analytical, not marketing, not statistical. No third-party script is loaded on page render, with the exception of a font stylesheet served from an external typography provider solely for the purpose of rendering the typeface used on this site. No data transmitted in this way is used by this practice for any purpose, and the provider's handling of technical request data is governed by their own terms. No device fingerprinting is performed. No pixel, tag, beacon, or link-decoration technique is used to observe, record, or transmit your behaviour, your identity, or your device characteristics to any party, including to Konsiteo itself. You arrive here, you read, and you leave—without leaving a trace that this practice has authored or permitted. The absence of cookies and tracking is not a compliance posture. It is a reflection of the same philosophy that governs every other decision made within this practice: that nothing is held which is not held for a purpose that can be defended on its own terms.
What personal data is collected, and how
The only personal data processed by Konsiteo is information that you choose, freely and deliberately, to transmit directly to Alen Karlović: your name, your email address, and the substance of your communication, whether delivered by email to alen@konsiteo.com or by encrypted Signal message. No web form, submission engine, session token, or behavioural tracking mechanism captures visitor information. The data that reaches this practice arrives because you sent it—and only because you sent it. End-to-end encrypted Signal communication is the preferred channel for all correspondence with this practice. These measures are not offered as features—they are the natural expression of a practice that treats the privacy of those who approach it as a responsibility that runs prior to and independent of any legal obligation.
Why that data is processed and on what legal basis
The personal data you choose to transmit is processed for one purpose only: to consider your correspondence and, where appropriate, to respond to it within the terms this practice has described. The lawful basis for this processing is the legitimate interest of both parties in conducting a private and substantive enquiry—an interest that, given the nature of this practice and the deliberate choice made by anyone who writes to it, clearly outweighs any privacy intrusion, which is in any case rendered minimal by the absence of any profiling, tracking, or third-party data sharing. Where a covenantal advisory relationship is entered into, the additional processing required to perform that contract is conducted on the basis of contractual necessity, and that processing will be described in the engagement documentation provided at that stage.
How long personal data is retained
Correspondence is retained for as long as the relationship that it documents remains active and, thereafter, for such period as is necessary to protect the legitimate interests of both parties in the event of any subsequent enquiry or dispute—a period not exceeding seven years from the conclusion of the relevant engagement or correspondence. Where no advisory relationship follows from an initial approach, correspondence is retained for no longer than is reasonably necessary to conclude the exchange and, in any event, for no more than two years. No correspondence is retained beyond these periods without a renewed purpose that can be independently justified.
With whom personal data is shared
Personal data transmitted to this practice is not shared with any third party for any purpose. It is not sold, licensed, or otherwise transferred to data brokers, marketing platforms, analytics providers, or any entity whose purpose is the secondary use of personal information. Where legal obligations or regulatory requirements compel disclosure—for instance, to a regulator, a court, or a financial institution in the course of meeting applicable compliance obligations—disclosure will be made to the minimum extent required and will not be treated as a routine matter. The legal counsel and banking relationships engaged by Konsiteo in the ordinary course of its operations are bound by confidentiality obligations that reflect the standards this practice holds in every dimension of its conduct.
International transfers
Konsiteo Ltd's registered office is in England and Wales; the practice is rooted in Rijeka, Croatia, within the European Union, and operates across jurisdictions. Personal data may therefore move between these two jurisdictions in the ordinary course of correspondence and engagement. The United Kingdom holds an adequacy decision under EU GDPR, renewed in December 2025, meaning that data flowing between Croatia and the UK travels under conditions recognised as providing equivalent protection—without the need for additional transfer safeguards. Where data moves beyond these two jurisdictions, such transfers are conducted in accordance with the requirements of UK GDPR Article 46 and EU GDPR Article 46, under appropriate safeguards, and subject to the same principle of necessity that governs all processing within this practice.
Your rights
Under the UK General Data Protection Regulation and the Data Protection Act 2018, you hold rights in relation to the personal data this practice holds about you. These include the right to be informed—which this notice fulfils—the right to access the personal data held, the right to rectify any inaccuracy, the right to erasure where the data is no longer necessary for the purpose for which it was collected, the right to restrict processing in certain circumstances, and the right to object to processing conducted on the basis of legitimate interest. None of these rights are exercised by automated decision-making, because no automated decision-making takes place within this practice. To exercise any of these rights, or to raise a concern about the processing of your personal data, please write to alen@konsiteo.com. All data protection complaints will be acknowledged within thirty days of receipt and investigated without undue delay, with the complainant kept informed of progress throughout. If you remain unsatisfied following the conclusion of that process, you have the right to lodge a complaint with the Information Commissioner's Office.
Changes to this notice
This notice reflects the practice as it stands at the effective date shown above. Should the processing activities described here change in any material respect, this notice will be updated and the revised effective date will be shown. The governing logic of this practice—the refusal to hold data beyond what is necessary, the commitment to encrypted communication, and the absence of any tracking or profiling—will not change, because it does not originate in regulation.
