Privacy notice

Introduction
Catalyst Innovation is a limited company registered in England and provides hosting, software development and consulting services to its clients. This document outlines how we collect, store, use and share any personal data we have on our contacts, clients and data our clients may provide us access to. The scope of the document covers data we collect or process on our website, via digital or physical communication or what we have access to during our day-to-day provision of service. Catalyst Innovation Ltd is the processor of client data and data controller for enquiries, billing and data pertaining to the direct operation of the company.

Mr A Helberg represent the company with regards to data matters -

Tel: +442071993700

Email:info@catalystinnovation.co.uk.

Information we collect, how we use it and what legal basis we have to do so and how long we hold onto the data

Our website
What: We don't collect or store any user identifiable data on our website - not even cookies. You can contact us via the contact form which will send us an email and the transaction is an encrypted communication over a secure channel https and TLS.

How we use it: We will use the data you provide in the contact form to respond to your query and may store our correspondence and information you provide for reference.

Legal basis: The grounds for contact form data is legitimate interest as you (The subject) requested contact from the company.

Retention: We will either convert your query into a client request, which is then subject to the day-to-day operational retention policy, or it will be retained indefinitely if assessed to be of legitimate interest and not place a subjects rights at risk. If personal information is deemed to be at risk it will be deleted on conclusion of business or at request of the sender at the time.

Billing
What: We collect and store billing information (name, address, email and telephone numbers) on our clients - though all of our business is business-to-business we do on occasion deal with individuals like sole traders, but only deal with adults as representatives of a business concern.

How we use it: We will use the data only for record keeping purposes as is required by law.

Legal basis: The grounds for billing data is legal obligation.

Retention: We retain billing information for 6 to 8 years.

Client day-to-day operational data
What: We may have access to personal information our clients provide us to fulfil our duties and contractual obligations. In this context we behave solely as a "Processor" under direct instruction from our client (The Data Controller). In this regard we cannot disclose or entertain any queries on data matters. We encourage our clients to agree to our standard service contract which ties us to confidentiality and best practice clauses and in doing so protects the rights of data subjects of our clients.

How we use it: This data is processed only as per the explicit instruction of the controller.

Legal basis: The grounds for day-to-day operational data is by contract.

Retention: As processor we are required to retain the data as specified by the controller of the data. On termination of services with our client our service agreement dictate that the data be handed back securely to the client and destroyed on our systems.

Sharing personal data
We will not share any of the data we collect or store on our clients and contacts with anyone unless you (the subject) ask us to do so formally in writing or if we are compelled to do so by court interdict. Data processed or handled on behalf of clients are subject to our contractual confidentiality obligations which may be superseded by legal interdict which may force us to comply.

How and where your personal data are stored, transit or processed

All data we store and process takes place in the European Union.

We use 3rd party services (SendGrid and Intermedia) to deliver email which means information sent via contact forms and email in general will leave the EU in transit to the USA. We also use a 3rd party software for billing and accounting (Intuit Quick books) which means this data could be stored outside the EU. All providers used are based in the US and participate in Privacy Shield (https://www.privacyshield.gov/welcome)

We use broad strong encryption of data either on the storage medium or at the file level when data is at rest within our infrastructure. We will not send your data over insecure channels and will use encrypted channels to transit data in and out of our systems.

Your rights in relation to personal data

You have the following personal data rights (This only applies to data we control and data we only process will be referred to the controller):

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (billing records must be retained for a certain time period)
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Further details of these rights can be seen at the Information Commissioner's website. (https://ico.org.uk/)

How to contact us?

You can contact us by emailing info@catalystinnovation.co.uk or calling us on +442071993700.