Katalysys Privacy Notice
Last updated: 15th November 2024
Registered name: Katalysys Ltd
Katalysys Ltd (“Katalysys”, “we” or “us”), is registered in England and Wales with number 06595394 as a private limited company. Katalysys is dedicated to protecting the confidentiality and privacy of information entrusted to us in accordance with the UK Data Protection Act 2018 including its applied General Data Protection Regulation (GDPR) provisions (DPA 2018).
This privacy notice tells you what to expect us to do with your personal information.
2) What information we collect, use, and why?
3) Lawful bases and data protection rights
4) Where we get personal information from?
5) How long we keep information?
6) Who we share information with?
7) Sharing information outside the UK
1) Contact details
Post: 25 Old Broad Street, Tower 42 – Signature Regus, London, EC2N 1HN
Email: info@katalysys.com
2) What information we collect, use, and why?
We collect or use the following information to provide and improve our products and services for clients, for information updates or marketing purposes, comply with legal requirements, or dealing with queries, complaints or claims.
· Personal data: Here is a list of personal data we commonly collect to conduct our business activities.
Contact details (e.g., name, company name, job title, work and mobile telephone numbers, work and personal email and postal address).
Professional details (e.g., job and career history, educational background, professional memberships, and published articles).
Usage data (including information about how you interact with and use our website, products and services)
Account access information about accessing specific account on our cloud software application or third-party systems, and correspondence.
Website information: website and app user journey information and website user information (e.g., IP addresses, geographical location, marketing preference)
· Special Categories of Personal Data: We do not collect special categories of personal data about individuals other than our own employees. Such processing would only be undertaken as necessary for Katalysys to exercise its rights and obligations as an employer (including for occupational health purposes), protect the vital interests of individuals, establish or defend legal claims or with the explicit consent of the individual(s) concerned. Examples of special categories of personal data we may obtain, or otherwise hold, include:
o Personal identification documents that may reveal race, religion or ethnic origin, biometric data of private individuals, beneficial owners of corporate entities, or applicants.
o Expense receipts submitted for individual tax
o Adverse information about potential or existing Employees and applicants that may reveal criminal convictions or offences information.
o Health data (e.g., Covid test results) where the processing is necessary to assess, monitor and control spread of infectious diseases and to provide a safe environment for our employees, clients, and suppliers.
3) Lawful bases and data protection rights
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
· Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
· Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
· Your right to erasure - You have the right to ask us to delete your personal information. You can read more about this right here.
· Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
· Your right to object to processing - You have the right to object to the processing of your personal data. You can read more about this right here.
· Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
· Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.
If you make a request, we must respond to you without undue delay and in any event within one month.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Our lawful bases for the collection and use of your data
Our lawful bases for collecting or using personal information to provide and improve products and services for clients, for information updates or marketing purposes, to comply with legal requirements and for dealing with queries, complaints or claims are:
· Contract – we have to collect or use the information so we can enter into or carry out a contract with you, your employer or our client(s) with whom you might have a separate agreement/contract. All your data protection rights may apply except the right to object.
· Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
· Legitimate interests – we’re collecting or using your information because it benefits you, our organization, our clients or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable, and balanced. These may include:
Delivering services to our clients – To deliver the services our clients have engaged us to provide including information on new products and services.
Direct marketing – To conduct and analyse our marketing activities. To deliver timely market insights and speciality knowledge including tailor-made online experience we believe is welcomed by our business clients, subscribers and individuals who have interacted with us.
Monitor our IT systems - Prevent fraud or criminal activity and protect our IT systems.
Corporate responsibility - Comply with our corporate and corporate social responsibility commitments.
· Vital Interests – We may process personal data to protect the vital interests of the individual or another natural person.
· Public Interest – We may process personal data in order to perform a specific task in the public interest.
· Legal obligations – We may process personal data in order to meet our legal and regulatory obligations or mandates.
4) Where we get personal information from?
· Directly. We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us with their business card, complete our online forms, subscribe to our newsletters, register for webinars, attend meetings or events we host, visit our offices or for recruitment purposes. We may also obtain personal data directly when, for example, we are establishing a business relationship, performing services through a contract, or through our cloud software applications.
· Indirectly. We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients:
o Public sources -- Personal data may be obtained from public registers (such as Companies House, Financial Conduct Authority Register), news articles, and internet searches.
o Professional and Social networking sites -- If you register or login to our websites using social media (e.g., LinkedIn, Google) to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want shared with us.
o Business clients - Our business clients may engage us to perform services which involves sharing personal data they control as part of that engagement. For example, we will review account balance data as part of a review exercise. Our services may also include processing personal data under our clients’ control on our cloud software applications, which may be governed by different privacy terms, policies, and notices.
o Recruitment services - We may obtain personal data about candidates from an employment agency, and other parties including former employers, and credit reference agencies.
5) How long we keep information?
We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations, and professional obligations to which we are subject. Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these purposes, we retain such personal data for seven years.
6) Who we share information with?
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:
Parties that support us as we provide our services (e.g., providers of telecommunication systems, IT system support, archiving services and cloud-based software services).
Professional advisers, including accountants, lawyers, auditors, and insurers.
A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of our business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it.
Parties that support as with anti-money laundering and client conflicts.
Law enforcement or other government and regulatory agencies (e.g., HMRC) or to other third parties as required by, and in accordance with, applicable law or regulation.
Health government bodies and external service providers (health, facilities, estate management) to assess, monitor and control the spread of infectious diseases.
Payment, marketing, and recruitment services providers.
Katalysys will not transfer the personal information you provide to any third parties for their own direct marketing use.
7) Sharing information outside the UK
We store personal data on servers located in the UK or European Economic Area (EEA) countries that has a UK data bridge (also known as Adequacy Regulations).
In some instances, where we have a specific business reason (e.g., Google Analytics for our website www.katalysys.com), we may transfer personal information to United States of America (USA) under the UK Extension of the EU-US Data Privacy Framework pursuant to Article 45 of UK GDPR.
We may transfer personal data to reputable third-party organisations (e.g., Microsoft Ireland Operations Ltd, Amazon Web Services EMEA SARL- UK Branch, Google Ireland Ltd, Salesforce UK Limited, Adobe Systems Software Ireland Ltd, Squarespace Ireland Limited) situated inside UK, EEA or USA, when we have a business reason to engage these organisations. Each third-party organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.
When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.
8) What about personal data security?
We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration, or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.
We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect personal data – especially for special category data. You can read more about special category data right here.
If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Our websites may contain links to other sites that are not governed by this Privacy Notice. Please review the destination websites’ privacy notices before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.
9) Do we use cookies?
Our websites may use cookies. Where cookies are used, a statement will be sent to your browser explaining the use of cookies. To learn more, please refer to our (Cookies Notice).
10) How to complain?
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113