Catalyst has put in place adequate business compliance processes and procedures, implemented technical and organisational data security measures and ensured the organisation has an appropriate legal basis for all data processing activities. All staff have received training in GDPR awareness and are required to respect the personal data and privacy of others. Staff are also aware of any security measures in place and have been trained to ensure appropriate precautions are taken with regard to protecting personal data.
Data Protection Principles
When Catalyst collects and uses your personal information, we ensure we look after it properly and use it in accordance with our privacy principles set out below:
1. Personal information you provide is processed fairly, lawfully and in a transparent manner
2. Personal information you provide is collected for a specific purpose and is not processed in a way that is incompatible with the purpose which Catalyst collected it
3. Your personal information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
4. Your personal information is kept accurate and, where necessary, kept up to date
5. Your personal information is kept no longer than is necessary for the purposes for which the personal information is processed
6. We will take appropriate steps to keep your personal information secure
7. Your personal information is processed in accordance with your rights
8. We will only transfer your personal information to another country or an international organisation outside the European Economic Area where we have taken the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards
Data collected for tracking and analysis insights.
When you request information from our website or send information to our website, some information may be sent to third parties. A full and current list of these third parties can be obtained by using the 'view source' function in your web browser. These third parties include:
- For analysing our web site usage over time we use Matomo site analytics which is hosted and managed by Catalyst.
- We use Twitter analytics to follow behaviours and conversion rates.
- We use Linkedin tags to track and analyse the impact of Linkedin campaigns we run.
Where your web browser sends information to third parties as part of accessing this website or submitting information to this website, Catalyst does not accept responsibility for those third parties.
Collection of Personal Information
Before Catalyst stores your personal information, You will receive a detailed privacy notice outlining (amongst other things): what information Catalyst has, what that information will be used for and how long Catalyst will retain the information for.
From Whom Catalyst Collects Personal Information
Catalyst may collect Personal Information about:
• Catalyst’s clients;
• Members of Catalyst’s staff;
• Visitors to Catalyst’s Premises or websites.
What Personal Information Catalyst Collects
The Personal Information that Catalyst collects may include Your name, email address, physical address, telephone number, Image, billing information, Client Information and any other information supplied by You to Catalyst in the course of Your interaction with Us.
Special Category Data
Catalyst will not collect any sensitive personal data without first obtaining your explicit consent to do so, or unless required to do so by law.
How Catalyst Collects Personal Data
Catalyst may collect Personal Information about You in the following ways:
• When You provide information directly to us, whether in person, over the phone, via email or the postal system, via SMS message or other means of communication;
• When You use Our services;
• When Personal Information is supplied to us by a third-party;
• When you visit Our website we may collect your Client Information via a Data
Collection Tool; and
• When you visit Our Premises we may collect Your Image (and in exceptional cases
where necessary for security purposes, sound recordings) via CCTV cameras.
Why Catalyst Collects Personal Information
Catalyst collects Personal Information for the purposes of:
• Providing services to You;
• Administering Our business; and
• Ensuring the physical and digital security of You, Our clients, visitors, staff and Our
Handling of Personal Information
How Catalyst Uses Personal Information
Catalyst uses Personal Information to effect the above purposes.
The circumstances in which Catalyst may disclose Personal Information include:
• Where You consent to the disclosure;
• Where the disclosure is required to effect the above purposes; or
• Where the disclosure is required by law.
Catalyst stores Personal Information:
• In Our IT or physical infrastructure for as long as is reasonably necessary to effect the
above purposes; and
• In the case of CCTV Images or sound recordings, in Our IT infrastructure for no longer
than three (3) months (except where necessary).
Personal Information may be subject to the following security measures:
• User authentication and authorisation;
• Network and at-rest encryption;
• Patching and vulnerability management; and
• Physical security protocols.
How Personal Information Can Be Accessed and Corrected
You may access and submit corrections to Your Personal Information by contacting Us directly by any means set out in Data Protection Officer.
What Happens in the Event of a Privacy Breach
In the event of a Privacy Breach, Catalyst will:
• Notify the affected individuals and organisations, including (if appropriate) law enforcement organisations;
• Attempt to mitigate the extent and consequences of the breach;
• Attempt to remedy the situation, as appropriate in the circumstances; and
• Review the breach and Catalyst’s processes and procedures with a view to minimising
the risk of a similar breach occurring in the future.
Catalyst is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. All staff have received training in security procedures and an appropriate level of data security will be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and be encrypted when transported offsite.
Before Catalyst stores your personal data, you will receive a privacy notice which outlines all of your rights regarding privacy under the GDPR. Alternatively, you can find out more about your rights on the ICO website.
Most important is the right to access your personal information. Any data subjects wishing to access their personal data can put in a request to Catalyst’s Data Protection Officer. Catalyst will respond to any privacy requests as soon as possible and unless there are overriding legal obligations preventing Catalyst from fulfilling that request, will deliver the results of a request for information within 30 days.
Data Protection Officer
The Data Protection Officer
Catalyst IT Europe,
Lower Ground Floor,
Olivier House, 18 Marine Parade,
Brighton, East Sussex
This policy was last updated 01st February, 2021. Catalyst may amend this Policy from time to time in order to keep it up to date or to comply with legal requirements. When appropriate you will be notified of these changes via email. However, you should check this page regularly to ensure you are happy with any changes to this Policy.