Privacy Policy

February 2024 V4.1

StoryTeq is part of the ITG Group, and data privacy and the associated privacy policy for all StoryTeq software comply with the ITG Group Privacy Policy.

ITG takes data protection very seriously and considers data privacy and security across all its services and countries of operation.
This privacy notice explains how and why we collect, hold, and use personal data to ensure we fully comply with international data protection legislation and best practice.

ITG collects, holds, and uses limited personal data on some of its clients’ employees for the following reasons:

• to enable logging in to our technology (typically name, email address and contact phone number);

• for occasional communications, such as invitations to ITG events and important business or service delivery news (again, this would typically be name, email address and phone number);

• communications (such as emails) that are exchanged between client employees and ITG employees.

Any data ITG holds for its clients is done so in line with ITG data protection policy, separate data processing agreements and any applicable international legislation.

Privacy Statement | US, EU, and UK Individuals

US Individuals:

This privacy statement is intended to comply with state data privacy legislation including, but not limited to the California Consumer Privacy Act (CCPA), Nevada Senate Bill 220, Vermont’s Protection of Personal Information: Data Brokers Statute, Colorado Privacy Act and the Virginia Consumer Data Protection Act.

ITG complies with all international data protection legislation applicable for the individual’s data it holds. All considerations and requirements are documented in the ITG data protection policy and managed by the ITG Group Data Protection Officer (DPO).

EU/UK individuals:

This Privacy Statement is intended to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union 27 April 2016 (the General Data Protection Regulation or GDPR),
and the UK equivalent (the UK GDPR), and provide appropriate protection and care with respect to the treatment of information in accordance with the GDPR.

If you have any questions regarding legislative compliance or ITG adherence, please contact the ITG Group DPO at DataProtection@TeamITG.com.

What Information we collect, hold, and process, and why?

We only collect, hold, and process the data types mentioned above in line with applicable legislation.
In the UK and EU, we process data that fully complies with the six lawful reasons to process personal data set out in Article 6 of the GDPR, which are given below:

• Consent: you have given clear consent for us to process your personal data for a specific purpose;

• Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract;

• Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations);

• Vital interests: the processing is necessary to protect someone’s life;

• Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;

• Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

UK and EU citizens’ data will be stored and processed within the UK or EU. Any US citizens’ data will be treated and processed as per the state applicable laws.

All client employees on whom we hold data will be made fully aware of how and why the data we hold on them will be used at the time we collect the data (such as when they register to use our technology). All ‘opt in’ consent will be shown in a clearly visible location.
Only data types that are required for the stated function will be collected.

How and why is my information shared?

We only use your data in the manner and for the purposes stated on collection. It will only be shared with approved third parties who need to access it to carry out their duties in line with the services ITG offers to its clients.

We may also share personal data with the following external bodies when required to, in line with the applicable data protection legislation:

• regulators and government authorities, such as HMRC or the police, if we are required to do so by law;

• our insurers, legal advisers, or other third parties who need access to your data for managing, investigating, or defending claims or complaints;

• a potential purchaser of ITG or one of ITG’s subsidiaries or parent companies that carry out work for you. This would only apply to clients who have agreed to be contacted for references or information;

• organisations (such as third-party service providers) that process your data on our behalf. They are not allowed to use your data for any other purpose than stated on collection and are fully compliant with the ITG ISO 27001 due diligence and third-party management program. You will be informed of any use of your personal data and the legal reason for its use. We take the security and confidentiality of your information very seriously.

• Third party data privacy terms to reference within the system for use on API clients are YouTube API Services: https://developers.google.com/youtube/terms/api-services-terms-of-service and Google privacy policy: https://security.google.com/settings/security/permissions

International Transfer

ITG, as a global business, considers the location of all data subjects and the required data protection measures. Data storage will always be ideally located in the same location (under data protection legislation) as the location of the data subject, and any data transfer of information between locations is protected in line with the applicable legislation.

If we transfer EU/EEA personal data to recipients outside the EU/EEA, we use adequacy decisions, data transfer agreements, Standard Contractual Clauses (SCC), UK IDTA, or other EU-approved mechanisms for such transfers. This includes any developments in the US Data Privacy Framework and safeguards and controls this is able to offer.
ITG ensures all of its third parties agree to the Privacy Principles and all data subjects are made aware of such transfers.

Any US data transfers will also be done in line with state legislation and transparency requirements of ITG policy.

For further information, please contact the ITG Group DPO at DataProtection@teamITG.com.

Data retention

Personal data is stored for various lengths of time depending on the nature and purpose for which it was collected.
We store personal data in line with any applicable statutory minimum periods and then review it periodically (usually annually) to ensure it is still necessary to be retained for the purpose for which it was collected. Where there is a statutory maximum length that data can be retained, we will delete on expiration. Any data stored on behalf of our clients is stored in line with separate agreements and applicable data protection legislation.

All data retention periods can be found in the ITG Data Handling Policy. This can be accessed internally or on request by emailing DataProtection@teamITG.com.

What are your Data Subject Rights?

ITG respects the rights of all data subjects in line with applicable data protection legislation and will put in place processes that allow data subjects to exercise these rights.

EU/EEA personal data will have the following rights:

• you have the right to obtain your personal data from us, apart from in exceptional circumstances (for example, if the information would hinder the prevention, detection, or investigation of a crime);

• where we provide it, the first copy will be free of charge, but we reserve the right to charge a small fee for additional requests to cover administration;

• you have the right to require us to rectify any inaccurate personal data we hold concerning you

• taking into account the purposes of the processing, you may also have the right to have incomplete personal data completed by means of providing a supplementary statement or further information;

• you have the right to require us to erase your personal data on certain limited grounds (including where they are no longer necessary for the purpose for which they were collected or where you withdraw your consent and there are no other legal grounds for processing).

• where we process personal data either on the basis of consent or contractual necessity, and where you provided the personal data to us and we processed it by automated means, you have the right to require us to give you your data in a commonly used electronic format;

• you have the right to object to our processing of your personal data when processed on the grounds of our legitimate interests, although we do not always have to honour your objection, we can refuse to cease processing where we have a compelling legitimate ground that outweighs your interests, or if we need the data to bring or defend a legal claim.

You have the right to require us to restrict the processing of your personal data on certain grounds, including where:

• you contest the accuracy of the personal data and want us to restrict processing of your personal data while we verify its accuracy;

• the processing is unlawful, but you request a restriction of the processing rather than erasure;

• we (as controller) no longer need the data for the purposes of the processing, but you have told us you require us to retain that personal data for you to establish, exercise or defend legal claims;

• you have objected to us processing your personal data on the grounds of legitimate interests and want us to restrict processing your personal data while we consider your objection.

  US personal data will have the rights associated to the state in which the data subject resides. Current rights, mainly associated to California, Colorado, and Virginia:

  • right to access

  • right to correct

  • right to delete

  • right to portability

  • right to opt out of all or specific processing

  • age-based opt-in right

  • right to opt in for sensitive data processing

  • right not to be subject to fully automated decision

If you would like to exercise any of these rights or have any questions about how ITG handles and assesses data subjects’ rights in a specific location, please contact DataProtection@teamITG.com.

Data Security

ITG is an ISO 27001:2022 certified company and fully complies with Article 5(1) of the GDPR and US state security requirements. We ensure all our information security management systems is kept up to business best practice in cyber security and all associated risks are assessed and minimised.

Cookies

We use cookies on our website for a variety of reasons which you can learn about below.
The cookies we use do not store personally identifiable information nor can they harm your computer. We want our site to be informative, personal, and as user- friendly as possible, and cookies helps us to achieve that goal.

By using our website or systems, you agree to the use of cookies as set out in this policy. We appreciate that some users may prefer individual control over their visit to our website and can adjust their system settings accordingly.

You can read all about this in section 8.3 below, titled “What are your choices regarding cookies?”

All users of our website will be presented with a banner asking them to accept cookies.

What are cookies?

Cookies are small text files that hold a certain amount of data that our website can send to your browser. It may then be stored on your computer’s hard drive and can be accessed by our web server. This cookie data can then be retrieved and can allow us to customise our web pages and services accordingly. It’s important to clarify that cookies do not collect any personal data stored on your hard drive or computer.
To find out more about cookies, visit http://www.allaboutcookies.org .

How we use cookies

Our website uses 4 main types of cookies that are defined by a third-party cookie management service. This service allows our website users to make an informed decision on what cookies they allow.

The four main types of cookies used are:
Necessary – Necessary cookies help make a website usable by enabling basic functions, such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Preferences – Preference cookies enable a website
to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Statistics – Statistic cookies help website owners
to understand how visitors interact with websites by collecting and reporting information anonymously. Marketing – Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third- party advertisers.

A more detailed breakdown of the actual cookies used can be located in the details section of the cookies banner, displayed when you visit our website.

What are your choices regarding cookies?

We want our website users to be as informed as possible and will present a banner that allows a user to choose what type of cookies are collected and used.
If you’d like to delete cookies, or would like to instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. Please note, however, that if you delete cookies or refuse to accept them, you may not be able to use the features we offer, you will not be able to log in securely and may not be able to store your preferences.

This may affect your ability to use the site and some of our pages may not display properly.
ITG also complies with IAB TCF V2.2 for the cookie banners and assocoiated rights protection mechanisms used on its web pages.

Where can I find more information about cookies?

You can learn more about cookies by visiting the following third-party websites:

All About Cookies:

http://www.allaboutcookies.org

Network Advertising Initiative:

http://www.networkadvertising.org

Or you can contact the data protection team within ITG, who will be happy to assist: DataProtection@Teamitg.com

Updating the privacy policy and keeping you informed

We strive for continuous improvement to our services, processes, and protection of data subject rights. We will, therefore, update this privacy notice from time to time.

If we hold your data, we will make sure you are informed of any changes.

Our Data Protection Officer will make sure your information is kept safe throughout the ITG Group and ensure all parties are made aware of the relevant legislation.

Information and complaints

All complaints, questions or concerns, and appropriate resolutions relating to the practices around handling personal information will be logged. ITG is registered as a data controller with the UK Information Commissioners Office (ICO).

Any complaints of this nature should be made to the ITG Group DPO at DataProtection@teamITG.com.

You also have the right to lodge a complaint with a supervisory authority if we cannot resolve your complaint.