Privacy Policy

Last updated 5 May 2026

This privacy notice for Casus Consulting LLC and its affiliates (collectively, “Casus,” “we,” “us,” or “our“) describes how and why we collect, store, use, and share your information when you use our services (“Services“), including when you:

  • Visit our website at casusconsulting.com or any website of ours that links to this notice
  • Submit information through forms or interactive tools on our website
  • Engage with us for regulatory consulting, authorized representative, responsible person, regulatory importer, or related services
  • Contact us by email or phone

Casus Consulting LLC is the data controller responsible for the personal information described in this notice.

Questions or concerns? Please contact us using the details in Section 13. If you do not agree with this notice, please do not use our Services.

SUMMARY OF KEY POINTS

  • We collect personal information you provide directly (such as name, email, company, and job title) and certain technical data automatically when you visit our website.
  • We do not sell your personal information.
  • We do not intentionally collect or process sensitive personal information such as health data, financial account credentials, or government ID numbers.
  • We use your information to provide our services, communicate with you, and improve our website.
  • We use third-party tools including Jotform, Mailchimp, Google Ads, Google Analytics, and LinkedIn, which may collect or process data as described below.
  • Depending on where you are located, you may have rights regarding your personal data under GDPR, UK GDPR, the Swiss nFADP, Texas TDPSA, California CCPA, or other applicable law.

1. WHAT INFORMATION DO WE COLLECT?

Information you provide to us

We collect personal information that you voluntarily provide when you contact us, request information about our services, complete forms on our website, or engage us as a client. This may include:

  • Name, job title, and company name
  • Email address, phone number, and mailing address
  • Billing and payment information
  • Information submitted through our service intake forms, such as company and product details necessary to perform the requested regulatory services, and which is handled in accordance with our client confidentiality agreements
  • Any other information you choose to provide in correspondence with us

All personal information you provide to us must be true, complete, and accurate, and you must notify us of any changes.

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from anyone under 16.

Information collected automatically

When you visit our website, we automatically collect certain technical information that does not directly identify you, including your IP address, browser type, device type, operating system, referring URLs, and pages visited. This information is used for website security, performance monitoring, and analytics.

We also use cookies and similar tracking technologies. See Section 5 for more detail.

Information collected through third-party tools

We use the following third-party platforms that may collect or process personal information on our behalf:

  • Jotform – used for client onboarding, service intake, shipment notifications, vigilance reporting, and related forms
  • Mailchimp – used to manage our newsletter and regulatory update mailing list
  • Google Ads and LinkedIn – used for advertising; these platforms may collect data about your interactions with our ads
  • Google Analytics – used to analyze website traffic and usage patterns

We do not sell your personal information or share it with third parties for their own marketing purposes. We do not receive personal information from unaffiliated third parties for the purpose of targeting or profiling you. However, our use of Google Ads and LinkedIn for advertising may constitute “sharing” of limited data such as cookie identifiers under California law. Where required by law, you may opt out of such sharing by managing your advertising preferences as described in Section 5.

2. HOW DO WE USE YOUR INFORMATION?

We use the personal information we collect for the following purposes:

  • To provide our services – We use your information to deliver regulatory consulting, authorized representative, responsible person, regulatory importer, and related services to our clients.
  • To communicate with you – We use your information to respond to inquiries, send service-related updates, and provide administrative information such as changes to our terms or policies.
  • To process invoices and payments – We use billing and invoicing information to invoice you and process payments for our services.
  • To send regulatory updates and newsletters – With your consent, we may send you regulatory news, updates, and marketing communications. You can unsubscribe at any time.
  • To request feedback – We may contact you to request feedback about your experience with our services in order to improve what we offer.
  • To improve our website – We use automatically collected technical data and analytics to monitor website performance, understand how visitors use our site, and make improvements.
  • To run advertising campaigns – We use data collected through Google Ads and LinkedIn to deliver and measure the effectiveness of our advertising.
  • To comply with legal obligations – We may process your information as required by applicable law, regulation, or legal process.
  • To protect our legitimate interests – We may process your information to detect fraud, ensure website security, and protect the rights and safety of Casus and its clients.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

If you are located in the EU or UK, the GDPR and UK GDPR require us to explain the legal bases we rely on to process your personal information:

  • Consent – Where you have given us permission to use your information for a specific purpose, such as subscribing to our newsletter. You may withdraw your consent at any time by contacting us using the details in Section 13. Please note that withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.
  • Performance of a contract – Where processing is necessary to fulfill our contractual obligations to you, including delivering our services.
  • Legitimate interests – Where processing is reasonably necessary to achieve our legitimate business interests, such as maintaining website security, improving our services, and conducting marketing activities, provided those interests are not overridden by your rights and freedoms.
  • Legal obligations – Where processing is necessary to comply with applicable law or regulation.

If you believe we are processing your personal information unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority. EEA residents can find their relevant national supervisory authority on the EDPB website, and UK residents can contact the ICO.

If you are located in Switzerland, we process your information in accordance with the Swiss Federal Act on Data Protection (nFADP). The contact details for the Swiss data protection authority (FDPIC) are available at the FDPIC website.

If you are located in Canada, we process your information with your express or implied consent, or as otherwise permitted under applicable Canadian privacy law.

If you are located in the US, we process your information in accordance with applicable state privacy laws, including the Texas Data Privacy and Security Act (TDPSA) and the California Consumer Privacy Act (CCPA), as described further in Section 11.

If you are located in a country not listed above, we process your personal information in accordance with this privacy notice and will comply with applicable local data protection laws to the extent required.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We do not sell your personal information. We may share your information in the following limited circumstances:

  • Service providers – We share information with third-party vendors and service providers who perform services on our behalf, such as website hosting, analytics, payment processing, email marketing, and CRM tools. These providers are only permitted to use your information to perform services for us.
  • Affiliates – We may share information with our affiliated entities for the purpose of delivering our services. All affiliates are required to honor this privacy notice.
  • Legal requirements – We may disclose your information where required by law, regulation, court order, or governmental authority, or where necessary to protect the legal rights of Casus or others.
  • Business transfers – In the event of a merger, acquisition, or sale of all or part of our business, your information may be transferred as part of that transaction. We will notify you of any such change via a prominent notice on our website.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We use cookies and similar tracking technologies (such as web beacons and pixels) to operate our website, understand how visitors use it, and deliver relevant advertising.

We use the following types of cookies:

  • Strictly necessary cookies — Required for the website to function and cannot be switched off. These do not store any personally identifiable information.
  • Analytics cookies — Used to understand how visitors interact with our website, including pages visited and time spent on site. We use Google Analytics for this purpose.
  • Marketing cookies — Used to deliver relevant advertising through platforms such as Google Ads and LinkedIn. These cookies track your interactions with our ads across websites.

You can set your browser to refuse some or all cookies, or to alert you when cookies are being set. Please note that disabling certain cookies may affect the functionality of our website. You may also manage your advertising preferences directly through Google and LinkedIn. When you first visit our website, you will be prompted to accept or manage your cookie preferences through our cookie consent banner.

6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

Our primary servers are located in the United States. If you are accessing our website or services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or in the countries where our affiliated entities or service providers operate, including but not limited to the United Kingdom, the Netherlands, Switzerland, and Ireland.

We also work with consultants and service providers in other countries from time to time. All consultants are required to sign agreements containing confidentiality and data privacy obligations. Where we transfer personal information originating from the EEA, UK, or Switzerland to countries that may not have equivalent data protection laws, we take appropriate safeguards to protect your information in accordance with applicable data protection law. We rely on our third-party service providers’ and consultants’ own data transfer safeguards where applicable. If you would like more information about the safeguards we have in place, please contact us using the details in Section 13.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We retain your personal information for as long as necessary to fulfill the purposes outlined in this privacy notice, unless a longer retention period is required or permitted by law. For client records, this may include retention periods of up to 10-15 years or more after a device is last placed on the market, as required by applicable medical device and IVD regulations. For other personal information, we retain data for as long as we have a legitimate business purpose to do so.

When personal information is no longer needed, we will delete or anonymize it. If immediate deletion is not possible (for example, because information is stored in backup archives), we will securely isolate it from further processing until deletion is possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include secure document storage, access controls, and confidentiality obligations for all staff and consultants who handle personal information.

However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. While we implement reasonable safeguards to protect your personal information, we cannot guarantee the security of information transmitted to or from our website. You access our services and transmit information to us at your own risk.

If you have reason to believe that your interaction with us is no longer secure, please contact us immediately using the details in Section 13.

9. WHAT ARE YOUR PRIVACY RIGHTS?

Depending on where you are located, you may have certain rights regarding your personal information under applicable data protection law. These may include the right to:

  • Access – Request a copy of the personal information we hold about you.
  • Rectification – Request that we correct inaccurate or incomplete personal information.
  • Erasure – Request that we delete your personal information, subject to our legal retention obligations.
  • Restriction – Request that we limit the way we use your personal information.
  • Portability – Request a copy of your personal information in a structured, commonly used, machine-readable format.
  • Object – Object to our processing of your personal information where we rely on legitimate interests as our legal basis.
  • Withdraw consent – Where we process your information based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Unsubscribe – You may opt out of our marketing and newsletter communications at any time by clicking the unsubscribe link in any email we send, or by contacting us directly.
  • Lodge a complaint – If you believe we are processing your personal information unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority. Please see Section 3 for details on how to contact the relevant authority in your region.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals. No action is required on your part regarding this.

To exercise any of these rights, please contact us using the details in Section 13. We will respond to your request in accordance with applicable data protection law.

Please note that some of these rights are not absolute and may be subject to exceptions under applicable law. For example, we may need to retain certain information to comply with our legal obligations or to establish, exercise, or defend legal claims.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Some web browsers and mobile operating systems include a Do-Not-Track (“DNT”) feature that you can activate to signal your preference not to have your online browsing activity monitored or tracked. At this time, no uniform technology standard for recognizing and implementing DNT signals has been finalized, and we do not currently respond to DNT browser signals.

If a standard for online tracking is adopted that we are required to follow in the future, we will update this privacy notice accordingly.

11. US PRIVACY RIGHTS

Texas residents may have certain rights under the Texas Data Privacy and Security Act (TDPSA), including the right to access, correct, delete, and obtain a copy of your personal information, and to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, please contact us using the details in Section 13.

California residents have certain rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, please contact us using the details in Section 13.

For further information on the applicable laws and relevant authorities referenced in this section, please see Section 3.

12. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this privacy notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated version will be indicated by a revised “Last Updated” date at the top of this notice and will be effective as soon as it is accessible.

We encourage you to review this privacy notice periodically to stay informed about how we are protecting your information.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at [email protected] or by post to:

Casus Consulting LLC, 3800 North Lamar Blvd., Suite 200, Austin, TX 78756, United States