[Latest update: Oct 07, 2022]
Scope of this Policy
This Policy covers both our online and offline data collection activities, including Personal Data that we collect through our various channels such as websites, apps, third party social networks and offline events. Please note that we might aggregate personal data from different sources (website, offline events) and across different devices.
If you do not provide necessary Personal Data to us (we will indicate to you when this is the case, for example, by making this information clear in our registration forms), we may not be able to provide you with our services.
Sources of Personal Data collected
This policy applies to Personal Data that we collect from or about you, through the methods described below, from the following sources:
CatalystPay websites (www.catalystpay.com).
Consumer-directed websites operated by or for CatalystPay Ltd, including sites that we operate under our own domains/URLs and mini-sites that we run on third party social networks such as LinkedIn (“Websites”).
CatalystPay mobile sites.
Consumer-directed mobile sites operated by or for CatalystPay Ltd.
E-mail, text, and other electronic messages.
Interactions with electronic communications between you and CatalystPay Ltd.
Offline application forms.
Printed or digital registration and similar forms that we collect in soft copies via email.
Data from other sources.
Third party social networks (e.g. such as LinkedIn, Google), market research (if feedback not provided on an anonymous basis), third party data aggregators and public sources.
Types of Personal Data collected.
Depending on how you interact with CatalystPay (online, offline, over the phone, etc.), we may collect different types of personal information from you, as described below.
Personal contact information.
This may include any information you provide to us that would allow us to contact you, such as your full name, address, e-mail address or phone number.
Account login information.
Any information required to grant you access to your specific account profile. Examples include your login username/email address, password in unrecoverable form, and/or security question and answer.
Any information that describes your demographic characteristics. Examples include your date of birth, age or age range, gender, geographic location (e.g. address, city, postcode/zip code, country).
Information from computer/mobile device.
Any information about the computer system or other technological device that you use to access our websites, such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access our website via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, geo-location, and other similar mobile device data.
Websites/communication usage information.
As you navigate through and interact with our websites or newsletters, we use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is captured using automated technologies such as cookies and web beacons and is also collected through the use of third-party tracking for analytics and marketing purposes. You have the right to object to the use of such technologies.
Market research & consumer feedback.
Any information that you voluntarily share with us about your experience of using our services.
Any content that you create and then voluntarily share with us on third party social networks, including the use of third-party social network apps such as LinkedIn. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, we collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, and third-party social networking.
Third party social network information.
Any information that you share publicly on a third-party social network or information that is part of your profile on a third-party social network (such as LinkedIn) and that you allow the third-party social network to share with us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share. We receive your third-party social network profile information (or parts of it) every time you download or interact with a CatalystPay web application on a third-party social network such as LinkedIn, or every time you interact with us through a third-party social network. To learn more about how your information from a third-party social network is obtained by CatalystPay, or to opt-out of sharing such social network information, please visit the website of the relevant third-party social network.
Payment and Financial information.
Any information that we need in order to provide our services to you, such as your bank account details (account holder name, account number / IBAN, etc.). In any case, we or our payment processing provider(s) handle payment and financial information in a manner compliant with applicable laws, regulations and security standards such as PCI DSS.
Sensitive Personal Data.
We do not seek to collect or otherwise process sensitive personal data in the ordinary course of our business. Where it becomes necessary to process your sensitive personal data for any reason, we rely on your prior express consent for any processing which is voluntary (e.g. for marketing purposes). If we process your sensitive personal data for other purposes, we rely on the following legal bases: (i) detection and prevention of crime (including the prevention of fraud); and (ii) compliance with applicable law (e.g. to comply with our diversity reporting).
Mode and place of processing the Data
Methods of processing
CatalystPay takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to CatalystPay, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of CatalystPay (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by CatalystPay. The updated list of these parties may be requested from CatalystPay at any time.
Legal basis of processing
CatalystPay may process Personal Data relating to its customers and partners if one of the following applies:
In any case, CatalystPay will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Place of processing
The Data is processed at CatalystPay's operating offices and in any other places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by CatalystPay to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with CatalystPay using the information provided in the contact section.
In principle, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. However, as we are subject to regulatory requirements to retain information for specified minimum periods, we will not retain your personal information for longer than is necessary.
CatalystPay may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, CatalystPay may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.
Purpose of processing
The following paragraphs describe the various purposes for which we collect and use your Personal Data, and the different types of Personal Data that are collected for each purpose. Please note that not all of the uses below will be relevant to every individual.
What we use your personal date for
Our legitimate interests
Consumer service. We use your Personal Data for consumer service purposes, including responding to your enquiries. This typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. order status, technical issue, product question/complaint, general question, etc.).
Contests, marketing and other promotions. With your consent (where required), We use your Personal Data to provide you with information about services (e.g. marketing communications or campaigns or promotions). This can be done via means such as email, ads, SMS, phone calls and postal mailings to the extent permitted by applicable laws. Some of our campaigns and promotions are run on third party websites and/or social networks. This use of your Personal Data is voluntary, which means that you can oppose (or withdraw your consent in certain countries) to the processing of your Personal Data for this purpose.
Third party social networks: We use your Personal Data when you interact with third party social networking features, such as “Like” functions, to serve you with advertisements and engage with you on third party social networks. You can learn more about how these features work, the profile data that We obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third party social networks.
Service fulfilment. We use your Personal Data to process your application, inform you about its status, correct addresses and conduct identity verification and other fraud detection activities. This involves the use of certain Personal Data and financial information.
Other general purposes (e.g. internal or market research, analytic, security). In accordance with applicable laws, we use your Personal Data for other general business purposes, such as maintaining your account, conducting internal or market research and measuring the effectiveness of advertising campaigns. We also use your Personal Data for management and operation of our communications, IT and security systems.
Legal reasons or merger/acquisition. In the event that CatalystPay or its assets are acquired by, or merged with, another company including through bankruptcy, we will share your Personal Data with any of our legal successors. We will also disclose your Personal Data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement or the terms of our Website.
Individuals may exercise certain rights regarding their Personal Data processed by CatalystPay. In particular, you have the right to do the following:
Details about the right to object to processing
Where Personal Data is processed for the purposes of the legitimate interests pursued by CatalystPay, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether CatalystPay is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to CatalystPay through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by CatalystPay as early as possible and always within one month.
Cookies, Log Files and Web beacons
We collect information in the form of log files that record website activity and gather statistics about your browsing habits. These entries are generated automatically, and help Us to troubleshoot errors, improve performance and maintain the security of our websites.
Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to Us. The information collected via web beacons will include information such as IP address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, which links you click on in the email, etc.). We will use web beacons on our Websites or include them in e-mails that We send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalization.
Additional information about Data collection and processing
The User's Personal Data may be used for legal purposes by CatalystPay in Court or in the stages leading to possible legal action arising from improper use of CatalystPay or the related Services.
The User declares to be aware that CatalystPay may be required to reveal personal data upon request of public authorities.
Additional information about User's Personal Data
System logs and maintenance
For operation and maintenance purposes, CatalystPay and any third-party services may collect files that record interaction with CatalystPay (System logs) use other Personal Data (such as the IP Address) for this purpose.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from CatalystPay at any time. Please see the contact information at the beginning of this document.
How “Do Not Track” requests are handled
CatalystPay does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
Should the changes affect processing activities performed on the basis of the User’s consent, CatalystPay shall collect new consent from the User, where required.
Owner and Data Controller
CatalystPay Limited, NI664786,
Office 11b 56 University Street, Belfast, BT7 1HB
Owner contact email: firstname.lastname@example.org
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through CatalystPay Sites (or third-party services employed by CatalystPay), which can include: the IP addresses or domain names of the computers utilized by the Users who use CatalystPay Sites, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using or visiting CatalystPay Sites who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of CatalystPay Sites. The Data Controller, unless otherwise specified, is CatalystPay Limited.
Catalystpay.com (or this Website)
The service provided by CatalystPay as described in the relative terms (if available) and on this website/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Small piece of data stored in the User's device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation) as transposed within the national framework of the United Kingdom by the means of the European Union Withdrawal Act 2018.