Tegus, Inc., and its affiliates, including but not limited to Tegus Limited (hereinafter referred to as, "Tegus,” "our", “us” or "we") respects your privacy, and we have created this data privacy notice to inform you about how we collect, use, disclose and otherwise process personal data that you and others provide to us in compliance with applicable privacy laws, including, but not limited to, the California Consumer Privacy Act (CCPA), California Privacy Rights Act 2020 (CPRA), and the EU General Data Protection Regulation (GDPR).
Tegus delivers a range of products and services through our websites (each a “Site” and together the "Sites") to help our customers make informed investment decisions. These products and services include, but are not limited to, one-on-one consulting services (“Calls”) between our customers and industry experts (“Experts”) and access to certain content on our platforms (together the “Services”). This Notice: (a) describes the types of information we may collect from you or that you may provide to us when you visit our Sites, including www.tegus.com, or otherwise use the Services, including accessing our Tegus Functions app, or email, text, and other electronic messages between you and the Sites, and (b) describes our practices for collecting, using, maintaining, protecting, and disclosing that information.
This Notice supplements any other privacy related notices and policies we may provide to you, and is not intended to override them. If you do not agree with this Privacy Notice in general or any part of it, please do not use our Services or provide your personal data to us. We may make changes to this Notice from time to time and will update the last revised date, post the updated version on our Sites and take any other steps necessary to comply with applicable law. Your continued use of the Sites is deemed to be acceptance of those changes, so please check this Notice periodically for updates.
The Services may include links to other third party websites and other third-party websites may maintain links to the Services. This Privacy Notice applies only to the Tegus Sites and not to third-party websites accessible from the Sites or that you use to access the Services, each of which may have privacy policies materially different from this Privacy Notice. If you visit other third-party websites, Tegus is not responsible for the privacy practices or content of those sites.
Tegus is the Data Controller, unless stated otherwise, of personal data relating to various classes of Data Subjects, in this instance, "you", "your".
The categories of personal data we collect depend on how you interact with us and our Services. We collect personal data that you provide to us directly, personal data we collect through automatic data collection activities, and personal data from other sources, such as third-party services and organizations.
Tegus only collects and processes necessary personal data. The types of personal data Tegus may collect, includes, but is not limited to:
There are circumstances where we may process personal data, including personal data about and on behalf of our Services, customers, and end-users. This Privacy Notice does not apply when we act as a Data Processor handling personal data on the instruction of Data Controllers.
You may provide us with your personal data such as contact information, including first name, middle name and last name, date of birth, email address, contact details, occupation, job title, employment history, nationality and tax reference number.
We may also collect your bank account details including account name, account number, information necessary to make payments to you for your service as an Expert.
We may collect personal data about you from other sources including:
Any personal data that we receive from outside sources will be treated in accordance with this Privacy Notice. We are not responsible or liable for the accuracy of the personal data provided to us by third parties and are not responsible for their policies or practices.
Any processing of personal data is only lawful where it has a “legal basis.” Article 6 of the GDPR sets out what these potential legal bases are, namely: consent, performance of a contract, legal obligation, vital interests, public task, and legitimate interests.
For all Data Subjects, Tegus has legal obligations to disclose and share personal data in the following circumstances:
The legal bases on which we are processing your personal data are listed below:
Should we become aware of any reason to cease processing your personal data, and that reason overrides our legitimate interests, then we will not process it unless we have received your consent or are otherwise required to or permitted by law.
We have implemented measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure. In order to do this, Tegus has implemented an Information Security Program based on a risk-based framework defined by the ISO 27001, which specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. Additionally, Tegus has achieved SOC 2 Type II certification. Tegus’ information security policies and procedures have been developed to provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. Tegus’ policies for information security are reviewed at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy, and effectiveness.
Our ISP framework takes a risk-based approach to information security. The organization performs annual assessments and management risks to an acceptable level. Although Tegus leverages cloud computing services such as Amazon Web Services (AWS), Salesforce, Google, etc., access to sensitive information is controlled and maintained by Tegus in accordance with our defined Access Control Policy. Access reviews are performed regularly to ensure access remains appropriate.
Our principals include:
To ensure availability of Tegus services, we have a defined Incident Management Program and Business Continuity Program. Tegus has implemented a change management program to ensure that information security is designed and implemented within the development lifecycle of information systems.
Unfortunately, no system nor the transmission of personal data via the internet is 100% secure. Although we take measures to protect your personal data, we cannot guarantee the security of your personal data that you provide to us. Any transmission of personal data is at your own risk. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
The personal data and other information that we collect from you will be transferred to, stored, and processed to processors located both within and outside of the EEA (referred to in the GDPR as ‘third countries’) and in the United States where our servers are located and our central database is operated. The data protection laws of the United States may not be equivalent or as comprehensive as the data protection laws as those in your country. Consequently, your personal data may be processed outside your jurisdiction, including in countries and jurisdictions that are not subject to an adequacy decision by the European Commission that may not provide for the same level of data protection as your jurisdiction.
To ensure that countries to which we transfer your personal data provide appropriate level of protection for your fundamental rights, we will govern the relationship by a Data Processing Agreement (DPA), and adopt Standard Contractual Clauses (SCCs) where necessary, and make sure that a Transfer Impact Assessment (TIA) is carried out, if required.
We may disclose personal data that we collect, or you provide to us, as described in this Privacy Notice to the following groups:
As mentioned in this notice, Tegus uses third party data processors. You may request a list of all third party data processors used by Tegus by sending an email request to firstname.lastname@example.org.
Once collected, your personal data is retained for as long as needed to perform the Services or engage you as an Expert as permitted by applicable law, and as necessary to comply with our legal obligations, resolve disputes or enforce our agreements. In some cases, a retention period will apply once the initial purpose has ceased e.g. payroll files are required to be kept for the current year plus 6 years, (7 years total).
We may also anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes. In this case, we may use this personal data indefinitely without further notice to you however you will not be identifiable in this instance.
Tegus also uses web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content, recording if emails have been forwarded and verifying system and server integrity).
If you are an EU resident, under European data protection laws you have rights including:
If you are a resident of California, under CCPA & CPRA you have rights including:
If you are a resident of Nevada, under Nevada Law SB220 you have the following:
If you are a resident of a non-EU country and would like further information in relation to your legal rights under applicable law or would like to exercise them, you may contact us at the contact listed under Section 11 below. We will consider all requests and provide our response within the time period stated by applicable law and as otherwise required by applicable law.
Regardless of your residency, you can object to Tegus marketing communications at any time by opting-out using the unsubscribe/ opt-out function displayed in our communications to you. You may also opt out by emailing email@example.com. Please note that regardless of your request, Tegus may still use and share certain information as permitted by this notice or required by applicable law. You may not opt out of certain transactional emails with Tegus such as those confirming your requests or updates regarding our privacy notice or other terms.
Our Services are not intended for children under 13 years of age (or 16 years of age for individuals in the EEA/UK) and we do not seek or knowingly collect any personal data from children. No child may provide any personal data to our Services or through the use of the Services.
If you wish to exercise any of your rights or have any questions regarding this notice, please do so by emailing your request to firstname.lastname@example.org and we will respond as soon as possible.
If you are an EEA or UK resident and you are not satisfied with the statements in this Notice, please get in touch with our Data Privacy Team via the above email. Additionally, you may file a claim with the data protection supervisory authority in the UK or in the EEA country in which you live or work.