Catalyst has put in place adequate business compliance processes and procedures, implemented technical and organisational data security measures and ensured the organisation has an appropriate legal basis for all data processing activities. All staff have received training in GDPR awareness and are required to respect the personal data and privacy of others. Staff are also aware of any security measures in place and have been trained to ensure appropriate precautions are taken with regard to protecting personal data.
Notwithstanding any existing data processing agreements your organisaton has with Catalyst, Catalyst are acting as a controller for your own personal data as described below. If you have any data requests or enquiries regarding your personal data under GDPR, you can contact us on privacycatalyst-eu.net.
Data Protection Principles
When Catalyst collects and uses your personal information, we ensure we look after it properly and use it in accordance with our privacy principles set out below:
- Personal information you provide is processed fairly, lawfully and in a transparent manner
- Personal information you provide is collected for a specific purpose and is not processed in a way that is incompatible with the purpose for which Catalyst collected it
- Your personal information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
- Your personal information is kept accurate and, where necessary, kept up to date
- Your personal information is kept no longer than is necessary for the purposes for which the personal information is processed
- We will take appropriate steps to keep your personal information secure
- Your personal information is processed in accordance with your rights
- We will only transfer your personal information to another country or an international organisation outside the European Economic Area where we have taken the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards.
- Catalyst does not sell your personal information and we also do not permit the selling ofcustomer data by any companies who provide a service to us
Data collected for tracking and analysis insights.
When you request information from our website or send information to our website, some information may be sent to third parties. A full and current list of these third parties can be obtained by using the 'view source' function in your web browser. These third parties include:
- For analysing our web site usage over time we use Matomo site analytics which is hosted and managed by Catalyst. We also use Google analytics.
- We use Twitter analytics to follow behaviours and conversion rates.
- We use Linkedin tags to track and analyse the impact of Linkedin campaigns we run.
Where your web browser sends information to third parties as part of accessing this website or submitting information to this website, Catalyst does not accept responsibility for those third parties.
Collection of Personal Information
Before Catalyst stores your personal information, You will receive a copy of this privacy notice outlining (amongst other things): what information Catalyst has, what that information will be used for and how long Catalyst will retain the information for.
What Personal Information Catalyst Collects
The Personal Information that Catalyst collects may include Your name, email address, physical address, telephone number, Image, billing information, Client Information and any other information supplied by You to Catalyst in the course of Your interaction with Us, usually through a contractual agreement between your organisation and Catalyst, or it may be provided directly to Catalyst via an email, phone or in person conversation. Your personal data will not be collected from any other sources.
Special Category Data
Catalyst will not collect any sensitive personal data without first obtaining your explicit consent to do so, or unless required to do so by law.
Catalyst have no need to process special categories of personal data and will not be entering data of this kind into any of our systems, as it is against our policy to do so. Special categories of data include (but are not limited to) information related to criminal convictions, race, ethnicity, political opinions, and health. Please note that if Catalyst finds you have entered data of this nature into the contents of an email or in our Work Management Request System database, it may be removed in the interests of reducing any risks to your rights and freedoms. Catalyst employees will receive a separate privacy notice as part of their employment contract.
From Whom Catalyst Collects Personal Information
We collect data from direct interactions with us, whether you are visiting our website, using our services, subscribing to our publications or marketing or otherwise interact with us over email, post or telephone.
Catalyst may collect Personal Information about:
- Catalyst’s clients as well as any members of our client's staff who we interact with;
- Members of Catalyst’s staff;
- Third parties who provide services to Catalyst, as well as any members of staff who we interact with;
- Visitors to Catalyst’s website and premises;
- Any other individuals who we interact with from time to time.
How Catalyst Collects Personal Data
Catalyst may collect Personal Information about You in the following ways:
- When You provide information directly to us, whether in person, over the phone, via email or the postal system, via SMS message or other means of communication;
- When You use Our services;
- When Personal Information is supplied to us by a third-party;
- When you visit Our website we may collect your Client Information via a Data Collection Tool; and
- When you visit Our Premises we may collect Your Image (and in exceptional cases where necessary for security purposes, sound recordings) via CCTV cameras.
Why Catalyst Collects Personal Information
Catalyst collects Personal Information for the purposes of:
- Providing services to You;
- Processing and delivering services to You, including managing any payments, fees and charges;
- Carrying our marketing in respect of our business, including email marketing;
- Administering Our business, as well as obtaining feedback on our business;
- Ensuring our website is protected (including troubleshooting, testing, system maintenance, support and reporting and hosting our data); and
- Ensuring the physical and digital security of You, Our clients, visitors, staff and Our Premises.
When we are carrying out marketing we will rely upon legitimate interests in marketing to you. You can, at any time, opt-out of receiving marketing from us by following any opt-out links on any of our marketing messages sent to you or by contacting us at any time. Where you opt-out of marketing messages, this will not apply to any personal data provided and processed as a result of the provision of services.
If you have not entered into a legal agreement with Catalyst and there are no ovverriding legal requirements for Catalyst to be processing your personal data, then your personal information is being processed based on your consent. You are able to withdraw your consent at any time.
The purpose of processing your data is for Catalyst to provide our services to you upon your request.
We use MailerLite to manage our email marketing subscriber list and to send emails to our subscribers. MailerLite is a third-party provider, which may process your data using industry-standard technologies to help us monitor and improve our newsletter.
You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of each newsletter.
Handling of Personal Information
How Catalyst Uses Personal Information
Catalyst uses Personal Information to effect the above purposes.
The circumstances in which Catalyst may disclose Personal Information include:
• Where You consent to the disclosure;
• Where the disclosure is required to effect the above purposes; or
• Where the disclosure is required by law.
Catalyst stores Personal Information:
• In Our IT or physical infrastructure for as long as is reasonably necessary to effect the
above purposes; and
• In the case of CCTV Images or sound recordings, in Our IT infrastructure for no longer
than three (3) months (except where necessary).
All contacts associated with your organisation will be reviewed at the end of each contract to ensure your contact details are current and up to date. When these reviews happen, Catalyst will communicate either with you directly or with the key contact for your organisation, in order to ensure it is still necessary for Catalyst to be processing your data.
Personal Information may be subject to the following security measures:
• User authentication and authorisation;
• Network and at-rest encryption;
• Patching and vulnerability management; and
• Physical security protocols.
If you have an account in our Work Request Management System (WRMS) then your contact details will be stored as part of your user account on WRMS, which is physically located in Catalyst's New Zealand office - New Zealand is recognised as a country which provides an adequate level of protection and as such is covered under the GDPR.
Your details will also be stored on Catalyst's internal systems which are located in Catalyst's offices in New Zealand and the UK.
In order to provide 24/7 support, our Australian office might occasionally access our internal systems. Appropriate safeguards are in place to protect your personal data.
How Personal Information Can Be Accessed and Corrected
You may access and submit corrections to Your Personal Information by contacting Us directly by any means set out in Data Protection Officer.
What Happens in the Event of a Privacy Breach
In the event of a Privacy Breach, Catalyst will:
• Notify the affected individuals and organisations, including (if appropriate) law enforcement organisations;
• Attempt to mitigate the extent and consequences of the breach;
• Attempt to remedy the situation, as appropriate in the circumstances; and
• Review the breach and Catalyst’s processes and procedures with a view to minimising
the risk of a similar breach occurring in the future.
Catalyst is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. All staff have received training in security procedures and an appropriate level of data security will be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and be encrypted when transported offsite.
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
• If you want us to establish the data's accuracy.
• Where our use of the data is unlawful but you do not want us to erase it.
• Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
• You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this Will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Most important is the right to access your personal information. Any data subjects wishing to access their personal data can put in a request to Catalyst’s Data Protection Officer. Catalyst will respond to any privacy requests as soon as possible and unless there are overriding legal obligations preventing Catalyst from fulfilling that request, will deliver the results of a request for information within 30 days.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Data Protection Officer
The Data Protection Officer
Catalyst IT Europe,
36 Frederick Place,
Brighton BN1 4EA, United Kingdom
This policy was last updated 6 September 2023. Catalyst may amend this Policy from time to time in order to keep it up to date or to comply with legal requirements. When appropriate you will be notified of these changes via email. However, you should check this page regularly to ensure you are happy with any changes to this Policy.