Privacy Policy

1. Introduction

Story Works (“we,” “our,” or “us”) is committed to protecting your privacy and personal data. This privacy policy explains how we collect, use, share, and protect your personal information when you visit our website or use our services, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Story Works is the data controller for the personal data we process. We are based in the European Union and take data protection seriously.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

• Contact Information: Name, email address, phone number, company name, job title
• Communication Data: Messages, inquiries, and correspondence sent to us
• Technical Data: IP address, browser type, device information, operating system
• Usage Data: How you interact with our website, pages visited, time spent
• Marketing Data: Your preferences for receiving marketing communications
• Professional Data: Information about your business needs and consulting requirements

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for marketing communications
• Contract: To perform our consulting services and fulfill our contractual obligations
• Legitimate Interests: To improve our services, conduct business operations, and communicate with you
• Legal Obligation: To comply with applicable laws and regulations

4. How We Use Your Data

We use your personal data for the following purposes:

• Providing consulting services and responding to your inquiries
• Communicating with you about our services and your projects
• Sending marketing communications (with your consent)
• Improving our website and services
• Complying with legal obligations
• Analyzing website usage and performance
• Preventing fraud and ensuring security

5. Data Sharing and Transfers

We may share your personal data with:

• Service Providers: Third-party companies that help us provide our services (e.g., email providers, analytics tools)
• Legal Authorities: When required by law or to protect our rights
• Business Partners: With your consent, for collaborative projects

When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Contact inquiries: 3 years from last contact
• Client data: 7 years after project completion (for legal and tax purposes)
• Marketing data: Until you withdraw consent or 2 years of inactivity
• Website analytics: 14 months maximum

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (“right to be forgotten”)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at privacy@story-works.co. We will respond within one month of receiving your request.

8. Cookies and Tracking

Our website uses cookies and similar technologies to improve your experience. We use:

• Essential Cookies: Necessary for website functionality
• Analytics Cookies: To understand how you use our website
• Marketing Cookies: To provide personalized content (with your consent)

You can manage cookie preferences through your browser settings. However, disabling certain cookies may affect website functionality.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Staff training on data protection
• Incident response procedures

10. Children’s Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information.

11. Changes to This Policy

We may update this privacy policy periodically to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the “Last Updated” date. For significant changes, we may provide additional notice via email.

12. Contact Information

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with your local data protection authority.

13. International Transfers

When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules
• Certification schemes and codes of conduct