Skip to main content
Spinnaker Consulting logo - sailing boat with spinnaker sail

Privacy Policy

Last updated: 10 May 2026

This policy explains how Spinnaker Consulting collects and uses personal data when you use the FIRM Assessment or any other tool on spinnaker.pt.

We've kept it short. If anything is unclear, email us at info@spinnaker.pt.

1. Who we are

Spinnaker Consulting Lda, registered in Portugal, is the data controller responsible for your personal data on this site.

You can reach us at: info@spinnaker.pt

2. What we collect

When you complete the FIRM Assessment, we collect:

  • Your name, email, and company name
  • Your role (e.g., CPO, Procurement Director)
  • Your industry
  • Your responses to the 16 assessment questions
  • Free-text fields you optionally provide (e.g., describing a situation that worries you)
  • Technical metadata: IP address, timestamp, browser type — for security and bot prevention

We do not collect anything you don't enter yourself, except basic technical data needed for the site to function and stay secure.

3. Why we collect it

We use your data to:

  • Generate and send your FIRM diagnostic report (the immediate reason you're here)
  • Follow up with you about your results, if relevant
  • Improve the assessment over time (using anonymous, aggregated patterns — never your individual responses linked to you)

Legal basis: your explicit consent, given via the checkbox on the contact page before you submit your responses.

4. How long we keep it

Your assessment data is automatically deleted 24 months after you submit it. After that, no record of your individual responses remains.

You can ask us to delete your data sooner — see Section 7 below.

5. Who we share it with

We do not sell your data. We never have, we never will.

We use a small number of service providers ("sub-processors") to operate the site:

  • Resend (email delivery): receives your name and email to send you the report. Located in the EU.
  • Supabase (data storage): stores your responses. Located in the EU.
  • Cloudflare (security & captcha): processes your IP address to prevent bot abuse.

Each of these providers has signed data processing agreements with us and operates under GDPR-compliant terms.

6. Where it's stored

Your data is stored within the European Union. We don't transfer personal data outside the EU.

7. Your rights

Under GDPR, you have the right to:

  • Access the data we hold about you
  • Correct any inaccurate data
  • Have your data deleted ("right to erasure")
  • Withdraw your consent at any time
  • Receive a copy of your data in a portable format
  • Object to specific uses of your data
  • File a complaint with the data protection authority in your country

To exercise any of these rights, email us at info@spinnaker.pt. We respond within 30 days.

8. Cookies & tracking

This site uses minimal cookies:

  • Essential cookies for the site to function (these don't track you)
  • A Cloudflare cookie for bot prevention (set when you complete the captcha)

We do not use advertising cookies, third-party analytics that profile users, or cross-site tracking.

9. Changes to this policy

We may update this policy. When we do, we'll update the "Last updated" date at the top. Material changes will be communicated to you by email if we have your address.

10. How to contact us

For any privacy questions, requests, or concerns:

Spinnaker Consulting Lda
Email: info@spinnaker.pt

If you're unsatisfied with our response, you can contact the Comissão Nacional de Proteção de Dados (CNPD), Portugal's data protection authority, at www.cnpd.pt.

← Back to home