Privacy & cookies

We the Catalysts CIC (trading as Catalyst) is a Community Interest Company, whose registered company number is 15519453.

Catalyst is a unique ecosystem of nonprofits, digital support partners and funders working to shape liberatory tech for just and regenerative futures. In order to do this we partner with people and organisations in our network (referred to as “partners”). We enter into legal agreements such as service contracts and data sharing agreements with our partners to ensure we can share relevant information with them and deliver better outcomes for our network and for communities.

This privacy policy explains the personal data we collect, who we may share it with and your rights as a data subject.

We take your privacy seriously and are committed to protecting your personal information. We aim to be clear and open about our data and security practices.

Processing your data

Personal data that we collect

Contact data

• Email address – when you communicate through email
• Email address – when you sign up to our newsletter
• Personal information – when you enquire through our forms
• Contact data – when shared with us, may include your address, email address and telephone numbers.

Analytics and tracking data

• Technical data – this may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site
• Usage data – this may include information about how you use our website, products and services (see our section ‘About cookies’)
• Google Signals Google Analytics -  this collects visitation information and associates it with Google information from accounts of signed-in users who have consented to this association for ads personalisation. It may include end user location, cross-device tracking, audiences and insights, search history, YouTube history and data from sites that partner with Google – and is used to provide aggregated and anonymised insights into your users’ cross-device behaviours. Please consider that this data is only collected if you have agreed to personalised advertisement in your Google Account. The retained information is always exclusively summarised and anonymous data, and never any data on individual persons. You can access or delete this data in your Google Account.

Marketing and communications data

• this may include your preferences in receiving marketing communications from us and our third parties and your communication preferences

Marketing and website cookies

We also collect information on your website usage through cookies, if your browser accepts them. 

A "cookie" is a file stored on your computer's web browser. The main purpose of a cookie is to track usage, tailor web pages and remember login information.

Cookies don't give us access to your computer, and the information we collect through cookies doesn't include personal information.

You can accept or decline the use of cookies through functionality built into your web browser. If you want to learn more about cookies, or how to control or delete them, please visit www.aboutcookies.org.uk for detailed guidance.

We process information relating to:

• employees
• job applicants
• customers and clients
• suppliers
• complainants (via our External Complaints procedure)
• professional advisers and consultants
• website visitors

Unless we obtain your permission, information that is identifiable as relating to you (i.e. it has not been edited to make it anonymous) is not sold to other organisations for commercial or other purposes. We may share data with our partners who sign data protection or data sharing agreements with us in order to deliver, monitor, evaluate and report the outcomes of our services. More information on this is available under “Transferring information to third parties”.

Why we collect and process your personal information

We will only collect and process your personal information in accordance with data protection laws. Our legal bases for processing your personal information are as follows:

Consent

We will usually only collect and process your personal information if you have given your consent for us to do so, for example, we will only send you certain marketing emails and process any information about you if we have your consent.

Legitimate Interests

We may use and process some of your personal information where we have sensible and legitimate business grounds for doing so. Under European privacy laws there is a concept of “legitimate interests” as a justification for processing your personal information.

Legitimate interest could exist for example where there is a relevant and appropriate relationship between you and Catalyst in situations such as where you are our supplier, client or benefiting from one of our services. Similarly, it may arise in the event that we have awarded funding to you or your organisation and need to process your personal data in the public interest or for the prevention of crime.

Catalyst’s legitimate interest may also include processing your personal data to authenticate you and give you access to our online services.

You have a right to object to our use of your personal information for these legitimate interests including where we may use your personal information to create a profile to inform customer demographics. If you raise an objection, we will stop processing your personal information unless very exceptional circumstances apply, in which case we will let you know why we are continuing to process your personal information.

Performance of a contract

The processing may be necessary for a contract that we hold with you. For example, if we have a service contract with you there may be data that is required such as bank details in order to enter into that contract. We may require you to share data with us as part of the contracting terms.

This may also include processing your personal data through third-party websites or hosting platforms to deliver services to you, in which case you would be notified of such processing.

How we store your data

Catalyst and our partners use third-party vendors and hosting partners to provide services such as online meetings, newsletter signup and mailing lists. Data is transferred to or mirrored on servers within the United Kingdom, the European Economic Area (EEA) and outside the EEA in certain instances (for example, when using the website design platform Webflow). Catalyst authorised partners and service providers reserve the right to transfer or mirror data to servers outside the EEA.

Catalyst collaborators will apply all reasonable measures to ensure that data held on our servers is secure but cannot guarantee that security measures will not be breached.

How we manage your data

As a Data Controller, Catalyst decides how and why the data we collect is used. When working with partners, we use data sharing agreements that set clear expectations on how and when partners can use our data.

Any third party vendors that we use to process your data must be GDPR compliant and Catalyst will hold a Data Protection Agreement with those third parties.

How long we keep your information

We do not keep your information for longer than necessary. We keep financial information for up to seven years due to legal and contractual requirements, and we delete all other personal information from our customer relationship management system if we have had no contact with you for three years.

Transferring information to third parties

To meet our obligations and provide you with our services, we may need to process your personal data via third parties. Personal data will only be transferred to, or processed by, third-party companies where such companies are necessary for the fulfilment of services you have consented to, our contractual obligations or a legitimate interest.

We will not transfer personal data to a country or territory outside the European Economic Area (EEA) unless the transfer is made to a country or territory recognised by the EU as having an adequate level of Data Security, or is made with the consent of the Data Subject, or is made to satisfy the legitimate Interest of Catalyst in regard to its contractual arrangements with our partnering organisations.

If it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of service, or as otherwise required by law.

If we transfer information about you as a result of Catalyst being acquired by or merged with another organisation, the partnering organisation will notify you before information about you is transferred and becomes subject to a different privacy policy.

Your rights

Data protection regulations give you clear rights over how your data is used by us. You can find out more detail about your rights by visiting the Information Commissioner’s Office website’s section on individual rights.

You have the right to request we remove all identifiable information we store on you. To do so, please email hello@thecatalyst.org.uk.

Your right to complain

If you are concerned about the way Catalyst are processing your personal data, you have the right to complain. You may contact us by emailing us at hello@thecatalyst.org.uk with the subject line "Privacy Concern". We will respond within 30 days at the latest.

Or you may complain to the regulator of information rights in the UK the Information Commissioner’s Office (ICO). You can find more details on their website.

Resolving complaints

If you have concerns about the way Catalyst is handling your User Personal Information, please let us know immediately. 

You may also contact our Data Protection Officer directly. Our Data Protection Officer is Megan Gray (megan@wearecast.org.uk).

Changes to this policy

Catalyst may periodically update this policy. We will notify you about significant changes in the way we treat personal information by placing a prominent notice on this site.

Questions

Any questions about this Privacy Policy should be sent to hello@thecatalyst.org.uk.

This policy was last reviewed on 8 March 2024.