Catalyst Business Advice Ltd is committed to protecting your personal information and being transparent about what information we hold about you. Using personal information allows us to develop a better understanding of our customers and provide you with relevant and timely information about the work that we do. The purpose of this policy is to give you an explanation about how we collect and use the information we collect from you directly and from third parties.
We will use the information that we collect about you in accordance with all the applicable laws concerning the protection of personal information. They are the General Data Protection Regulation 2016 and the Privacy and Electronic Communications Regulations 2003. This policy explains:
- The information we may collect about you
- How we may use that information
- In what situations we may disclose your details to third parties
- Information about how we keep your personal information secure, how we maintain it for you and your rights to be able to access or amend it.
This Privacy Statement is effective from May 2018.
WHO WE ARE
Catalyst Business Advice Ltd is a private limited company registered in Scotland (company number SC157317).
OUR COMMITMENT TO YOU
- To provide clear, honest and open information about how we use your data
- To give you the choice about how we use your data
- To use your data appropriately and in a way that would be reasonably expected by you
- To only share your data with other organisations where you have given your consent for us to do so, or where we need to do so to fulfil our contract with you
- To be accountable and responsible and to take active steps to protect your data from harm
- To ensure our staff and associates understand these principles and their responsibilities in delivering them
You have the following rights related to your personal data:
- The right to request a copy of the personal information about you that we hold
- The right to withdraw consent at any time. Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
- The right to request that inaccuracies be corrected
- The right to request us to stop processing your personal data
- The right to lodge a complaint with supervisory bodies such as the Information Commissioner’s Office
- The right to erasure of personal data where you consider that we no longer require the information for the purposes for which it was obtained
- The right to restriction of processing. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don’t want us to delete the data. Where this right is exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
- The right to object to how we may use your information. You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
WHAT INFORMATION WE COLLECT
Catalyst Business Advice Ltd is the data controller for any data we hold about you. We collect various types of information and in a number of ways, for example in order to:
- deliver services and meet legal responsibilities
- verify identity where this is required
- communication by post, email or telephone
- understand needs and how they may be met
- maintain records
- process financial transactions
- prevent and detect crime, fraud or corruption
INFORMATION YOU GIVE US
We will store personal information you give us, such as your name, your email address, postal address and telephone number, when you register on our website, make contact with us regarding potentially working together, or when we deliver services to you. When working with a company the data we collect may be collected in respect of the people we have had contact with within that company. We will also store a record of your purchases, including what you have purchased, the value of the purchase, and when the purchase was made.
INFORMATION ABOUT YOUR INTERACTIONS WITH US
It is not our normal practice to issue mailings, except occasionally to people who have chosen to link with us on LinkedIn. When we send you a mailing, we store a record of this, and in the case of emails, we keep a track of which ones you have been sent. In this way, we can make sure we are sending you the most relevant information. We also use social media to broadcast messages and updates about events and news. On occasion we may reply to comments or questions you make to us on social media platforms. You may also see postings from us on social media such as Facebook, LinkedIn and Twitter where we post articles and views from time to time. Depending on your settings or the privacy policies of social media services like LinkedIn, Facebook or Twitter, you might give third parties permission to access information from those accounts or services.
SENSITIVE PERSONAL DATA
Data protection law recognises that some categories of personal information are more sensitive, such as medical information, race, religious beliefs and political opinions. We do not usually collect this type of information about our customers unless there is a clear reason to do so. For example, we might collect sensitive information about participants via information provided freely by the participants themselves in our workshops or coaching sessions, or when we check if venues are accessible for clients. Any such information is only collected where necessary, is subject to enhanced security measures, is used only for the purposes agreed, and is erased when no longer necessary. Where we need to process any sensitive data that specifically relates to you as an individual, we will obtain your specific consent for this.
Catalyst Business Advice Ltd may process your data using one of three legal bases.
Performance of a contract: When you make a purchase from us you are entering into a contract with us. We need to process and store your data to perform this contact. For example, we may need to contact you by email or telephone to arrange your attendance at a workshop or a meeting.
Legitimate interest: We collect and process your personal for purposes that are in our legitimate business interests. However, we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below situations where we may use this basis for processing.
Explicit consent: For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
Catalyst Business Advice Ltd wishes to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this, we use the data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.
We use our legitimate business interests as the legal basis for communications by post, email and telephone. You may object to receiving these at any time using the contact details at the end of this policy.
If you opt out of receiving future communications, we will only ever contact you in future if we need to get in touch to fulfil any contractual obligations (as above).
OTHER PROCESSING ACTIVITIES
In addition to direct marketing, Catalyst Business Advice Ltd also processes personal information in the following ways that are within our legitimate business interests:
- To ensure that the content and timing of communications that we sent you are as relevant to you as possible.
- To improve our online services by analysing how you use our website and the content and ads you interact with.
- To invite you to events we hold.
- To ensure we don’t send unwanted communications to people who have opted out.
- To collate and respond to customer comments.
- To log any customer incidents that resulted in an incident report form being created and contact if required.
- To keep registration lists for participants in our workshops.
In all of the above cases, we will always consider the impact of any communication on your fundamental rights and freedoms. You always have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy.
We will not share any personal details with any other third parties without your agreement, unless required in order to fulfill our contract with you, or allowed by law. There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
- When it is necessary for them to be able to provide you with products or services that you have requested
- To our own service providers, who may process data on our behalf and on our instruction as the data controller. These providers include our Insights Discovery profile providers/ processors. These providers are bound by Insights’ policies and procedures to ensure that your data is secure at all times and cannot be accessed or used for any other purpose. We also require that these third parties comply strictly with our instructions and with current data protection laws.
- Where we are under a duty to disclose your personal information to comply with any legal obligation, for example, to the police, regulatory bodies or legal advisors.
Cookies are small text files that are automatically placed onto your device when you visit our website. This means that a website will remember you and enable online transactions. We use “cookies” to help us make our site – and the way you might use it – a better experience for you. It also helps us understand how you use our website, where we can make improvements and how best to tell our audiences about events they might be interested in.
DEBIT AND CREDIT CARD TRANSACTIONS
We do not currently use credit or debit cards in receiving payments from clients. Payments from clients are usually received via BACS or cheque payment. We therefore may have sight of your bank, bank sort code and bank account number when receiving payment, however we do not store this information.
MAINTAINING YOUR PERSONAL INFORMATION
We will retain your data for as long as is legally or practically necessary for our business. We will store all the data related to you in connection with services we have provided to you (services are usually supplied to an organisation rather than an individual) under a single, unique customer record where possible. You may use the contact details at the end of this policy if you wish to ask us what data we currently hold on you. Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests. Once the necessity to keep your information is past, for example our supplier-customer relationship is over, then we will delete the personal data we hold on you. This ensures that your data is not held indefinitely on our systems.
Catalyst Business Advice Ltd takes information security very seriously. Your data is always held securely. We put in place appropriate safeguards (both in terms of the technologies we use and the policies and procedures we publish) to keep your data as secure as possible. For example, access to customer information is strictly controlled and can only be accessed by people who need it in order to do their job. Certain data, for example sensitive information, is additionally controlled and is only made visible to members of staff who have a reason to work with it. We will ensure that any third parties we use as data processors on our behalf do the same.
It is highly unlikely that we will ever transfer your data outside of the European Economic Area. Where personal data must be transferred outside of the European Economic Area, we will ensure that adequate security measures are in place.
If you have any queries about this policy, how your data is used, or if you wish to be removed from any communications or data processing activities, please contact the Data Protection Officer Keith Wilson:
By mail: Catalyst Business Advice Ltd, 25 Brandy Riggs, Cairneyhill, Dunfermline KY12 8UU
By email: firstname.lastname@example.org
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Information Commissioner’s Office
Cheshire SK9 5AF
Telephone – 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns
Trading as Pearl Onion Training, also as Pearl Onion Training & Consulting