This Privacy Notice applies to all of the following: 1) Catalyst’s website, which is located at catalyst.org (including subdomains thereof), as well as all applications based on Catalyst’s website that are operated by Catalyst Inc. (“we,” “us” or “our”) (each of such website and applications, a “Website”); 2) any social media accounts administered by us including those located on Facebook, Instagram, LinkedIn, Twitter, and YouTube, 3) any other website containing a Catalyst-specific subdomain, product, service, or community, including those hosted by third parties, that contains a link to this Privacy Notice (each of such social media accounts and other websites, a “Catalyst-Affiliated Site”), and 4) electronic communications between you and us from the Site (as defined below). This Privacy Notice applies to each Website and each Catalyst-Affiliated Site and Catalyst online surveys, each of which is referred to herein as the “Site”.
This Privacy Notice describes the types of information we may collect, or others may collect on our behalf, from you or that you may provide when you visit the Site and our practices for collecting, using, maintaining, protecting, and disclosing such information.
If you have questions about this Privacy Notice or our privacy practices, you may contact us at the email address, mailing address or telephone number:
120 Wall Street, 15th Floor
New York, NY 10005
You have the right to make a complaint at any time to the applicable supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
For the purposes of the EU General Data Protection Regulation (GDPR), for information collected through the Site, the controller of your Personal Information (as defined below) is Catalyst Inc., 120 Wall Street, 15th Floor, New York, NY 10005, unless indicated otherwise.
Information That Is Collected About You and How It Is Collected
When you visit or use the Site, we may collect, or third parties may collect on our behalf, information that identifies you or can be used to contact you – such as your name, job title, street address, country of residence, email address, telephone and facsimile numbers, gender, age, race or ethnicity, sexual orientation, personal interests, employer or other organization with which you are affiliated, usage data, and, in some cases, credit card information or information contained in your User Contributions (as defined below) (“Personal Information”). Generally, this information is provided by you, except to the extent that other users of the Site share such information on the Site. You may provide such information to us when, for example, you register on the Site, sign up for our email updates, or donate to Catalyst Inc. through the Site, or when you post comments, videos, or other content to the Site. We may also collect such information if others provide it to us, including by their postings to the Site.
We may also collect information that your browser sends whenever you visit our Site or when you access the Site by or through a mobile device. This usage data may include information such as your computer’s Internet Protocol address (IP address), browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. When you access the Site with a mobile device, this usage data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
We also collect, use, and share aggregated data such as statistical or demographic data. Aggregated data could be derived from your Personal Information but is not considered Personal Information as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data with other users to calculate the percentage of users accessing a specific website feature. We may use and share aggregated data for any purpose. However, if we combine or connect aggregated data with your Personal Information such that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this Privacy Notice.
Special Categories of Personal Information
We will only collect special categories of personal data about you as defined by applicable law (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation) with your express prior consent. For example, if you choose to respond to a survey question requesting this information we will obtain your consent to process that data. We do not collect any information about criminal convictions and offences.
Cookies and Tracking Data
We may also use web beacons, cookies or other tracking technologies to collect information about your usage of the Site, such as your browser information, the frequency of your visits, information about how you arrived at and navigate through the Site, and other similar data. Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site. Examples of cookies we use:
- Session Cookies. We use Session Cookies to operate our Site.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
- Third-Party Cookies. We use certain third-party cookies as identified in the How We Use and Share Your Information section below.
How We Use and Share Your Information
Personal Information. We use Personal Information for our organizational purposes, such as to provide and improve the Site and communicate with you about the Site or about Catalyst. If you make a donation to Catalyst, we may publish your name on the Site, other Sites or in Catalyst materials, unless you request otherwise when making your donation or by contacting us at the contact information provided above. Additionally, we may share Personal Information with our affiliates; other businesses and individuals performing functions on our behalf (such as credit-card processing, market-research assistance and, for individuals who have registered on the Site, validation of your affiliation with a Catalyst supporter organization (a “Supporter Organization”)); governmental authorities (only in accordance with subpoenas, court orders, or other legal processes (such disclosure may be done without notice to you); Supporter Organizations that request a list of the names of their employees who have registered on the Site; for co-promotion purposes; unaffiliated business partners with whom Catalyst has a written agreement; and, if you consent, for other purposes.
Usage Information. We may also use information we collect about your usage of the Site to improve the Site, to analyze Site usage (such as identifying the areas of the Site that are the most popular or features that are the most frequently used), to recognize you when you return to the Site, to customize the Site according to your individual use or preferences, and for other similar purposes. We may share Usage Information with our affiliates; other businesses and individuals performing functions on our behalf (such as credit-card processing, market-research assistance and, for individuals who have registered on the Site, validation of your affiliation with a Catalyst supporter organization (a “Supporter Organization”)); governmental authorities (only in accordance with subpoenas, court orders, or other legal processes (such disclosure may be done without notice to you); Supporter Organizations that request a list of the names of their employees who have registered on the Site; for co-promotion purposes; unaffiliated business partners with whom Catalyst has a written agreement; and, if you consent, for other purposes. We may also combine usage information that is not personally identifiable with other users’ usage information and provide such information to Supporter Organizations on an aggregated and anonymized basis. Depending on the number of users registered, the amount of user activity on the Site, and other factors, however, a Supporter Organization might be able to combine such aggregate information with other information to identify individual users’ activities on the Site, in which case the information will be treated as personal information for the purposes of this Privacy Notice.
Non-Personal Information Collected Generally. We may use any non-personal information you provide through the Site, or that we collect about your usage of the Site, in connection with any other Site, projects and purposes. Additionally, we may incorporate (in a non-personally identifiable fashion) information you provide to us through the Site into materials or content that we create and distribute (such as reports and marketing materials). We will not use your name in such materials without your consent.
Information Collected from a Community Site. If you participate in an online community on the Site, we may collect information about your usage of the Site, such as the status of your activities on the Site, comments, postings or views of other users, and your interactions with other users of the Site. We may use the information collected from the online community in a personally identifiable manner to display to other users of the Site your profile information, your email address, the activities you have completed, your comments, postings or views with respect to other users’ activities, and/or your interactions with other users. Therefore, to the extent that some of the information collected from an online community on the Site constitutes Personal Information, such information is subject to the terms of the section on Personal Information above.
Service Providers. When we share your Personal Information with selected partners and service providers to help us provide you, or the company you work for, products or services, or to fulfill your requests, or with your consent, we take into account their data handling processes and we require that all third-party service providers respect the security of your Personal Information and treat it in accordance with applicable law. We do not allow our third-party service providers to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes and in accordance with our instructions. Current categories of service providers with whom we share Personal Information include:
Business Transaction or Reorganization. If we decide to sell, buy, merge or otherwise reorganize businesses in some countries, such a transaction may involve the disclosure of Personal Information to prospective or actual purchasers, or the receipt of such information from sellers. It is our practice to require appropriate protection for Personal Information in these types of transactions.
Required Disclosure. Please be aware that in certain circumstances, Personal Information may be subject to disclosure to government agencies pursuant to judicial proceeding, court order, or legal process. We may also share your Personal Information to protect the rights or property of Catalyst, our business partners, suppliers or clients, and others when we have reasonable grounds to believe that such rights or property have been or could be affected.
Legal Basis for Processing of Personal Information under the General Data Protection Regulation (GDPR)
If you are from the European Economic Area (EEA) or the UK, our legal basis for collecting and using the Personal Information described in this Privacy Notice depends on the Personal Information we collect and the specific context in which we collect it.
We may process your Personal Information because:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests and it is not overridden by your rights
- For payment processing purposes
- To comply with the law
Generally, we do not rely on consent as a legal basis for processing your Personal Information although we will get your consent before sending third party direct marketing communications to you via email or text message or before collecting special categories of personal data. You have the right to withdraw consent to marketing at any time by contacting us.
Purpose for which we will use your Personal Information: We have set out below, in a table format, a description of all the ways we plan to use your Personal Information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your Personal Information for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Information where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new user on the Catalyst website||Identifying data; contact information||Performance of a contract with you|
|To process and complete your service request||Identifying data; contact information; financial information; transactional correspondence; marketing correspondence||(a) Performance of a contract with you;|
(b) Necessary for our legitimate interests (to recover debts due to us; direct marketing)
|To manage our relationship with you, including: (a) notifying you about changes to our terms or Privacy Notice, (b) asking you to leave a review||Identifying data; contact information; marketing correspondence||(a) Performance of a contract with you;|
(b) Necessary for our legitimate interests (to keep our records updated; direct marketing);
(c) Necessary to comply with a legal obligation
|To administer and protect our business and the Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Identifying data; contact information; usage data; aggregate data||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise);|
(b) Necessary to comply with a legal obligation
|To deliver relevant Site content to you and measure or understand the effectiveness of the content we serve to you||Identifying data; contact information; marketing correspondence; usage data; transactional correspondence; aggregate data||Necessary for our legitimate interests (to study how clients use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, research, marketing, client and Supporter relationships and experiences||Usage data; aggregate data||Necessary for our legitimate interests (to define types of clients for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||Identifying data; contact information; marketing correspondence; usage data; transactional correspondence; aggregate data||Necessary for our legitimate interests (to develop our products/services and grow our business)|
|To ask you to participate in a survey, record survey responses, and use your responses to guide Catalyst programming and/or create Catalyst research and publications||Identifying data; contact information; marketing correspondence; survey responses; aggregate data; special categories of data such as race and ethnicity (with prior consent)||Necessary for our legitimate interests (to develop our products/services/research, inform our programming strategy, and grow our business)|
Consent (for special categories of data)
|To conduct research focus groups and interviews and identify possible initiatives||Usage data; aggregate data||Necessary for our legitimate interests (to define types of clients for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy, to help Catalyst and its Supporter Organizations create more inclusive workplaces for their employees)|
|To provide you and our Supporter Organizations with usage information||Usage data; User registration numbers by company, anonymized survey responses by company, and attendee lists for events, which could include identifying information.|
|Necessary for our legitimate interests (to study how clients use our products/services/research, to develop them, inform our programming strategy, and grow our business)|
We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Transfer of Information
We will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice and not transfer your Personal Information to an organization or a country unless there are adequate controls in place including the security of your data and other Personal Information (which may include Privacy Shield certification, an EU adequacy decision, or standard contractual clauses, approved by the European Commission) or we have your consent.
Visibility of User Contributions
The Site may contain features (such as user profiles, chat rooms, forums, message boards, and the ability to post comments regarding other Site content) that may allow you and others to post, submit, publish, display or transmit content or materials (including Personal Information) on, to or through the Site, such as text, photographs and videos (together, “User Contributions”), to certain groups of users or to the public. Unless the Site specifically states that a type of User Contribution is accessible only to certain users of the Site, you should assume that User Contributions may be visible to the public and may become searchable on the internet. We cannot ensure the security of any such information or that users who have access to such information will not disclose it to others or make it public. Please exercise caution when deciding to disclose Personal Information.
Your Personal Information Rights
You may request that any information in your user profiles be updated, modified or deleted by e-mailing or writing to Catalyst at the contact information provided above, and we will endeavor to comply with your request. Additionally, from time to time we may seek to confirm that users who have registered on the Site as being affiliated with a Supporter Organization are still affiliated with that organization, and absent such confirmation, we may delete any accounts, User Contributions or other content associated with such users. However, when we delete, modify or update information in our databases or on the Site, some information may remain on our back-up media and records. Note that to the extent that we delete, modify or update such information, it may remain on the servers or in the databases of third parties to the extent that such information has been provided to them in accordance with this Privacy Notice. You also have the right to opt out of direct marketing. You may have additional rights pursuant to your local law applicable to the processing.
EEA and UK Data Privacy Rights
For example, if you are in the European Economic Area (EEA) or the UK, you have certain data privacy rights. Catalyst aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. If you wish to be informed about what Personal Information we hold about you and if you want it to be removed from our systems, please contact us. In certain circumstances, you have the following data privacy rights:
- The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your Personal Information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Information to the extent the processing is based on our legitimate interest.
- The right of restriction. You have the right to request that we restrict the processing of your Personal Information.
- The right to data portability. You have the right to be provided with a copy of the Personal Information we have on you in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where Catalyst relied on your consent to process your Personal Information.
Please note that we may ask you to verify your identity before responding to such requests. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one (1) month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
You have the right to complain to a Data Protection Authority (as defined by EU law) about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Nevada Data Privacy Rights
Nevada residents may opt out of the sale of their covered information, as those terms are defined in Nevada law, by submitting such request to our designated email address: firstname.lastname@example.org. Please note that Catalyst does not sell your covered information as defined by Nevada law.
Our Policy on “Do Not Track” Signals and Third-Party Website Tracking under the California Online Protection Act (CalOPPA)
We do not support “Do Not Track”. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
We do not engage in the collection of Personal Information over time across third-party websites, and we do not permit third parties to gather information passively on our website for behavioral advertising purposes.
Your California Privacy Rights
Under California law, a California resident with whom Catalyst has an established relationship has the right to request certain information with respect to the types of Personal Information Catalyst has shared with third parties for their direct marketing purposes (if any), and the identities of those third parties, within the immediately preceding calendar year, subject to certain exceptions. In response to a written request, the law allows Catalyst to provide a cost-free means to opt-out of such sharing.
Since Catalyst does not provide your Personal Information to third parties for their direct marketing purposes, it is not necessary for us to establish this procedure; however, if you do not want Catalyst to use your Personal Information to provide information about our programs, please follow the cost-free opt-out procedures in this policy.
Security of Personal Information
Except as your Personal Information is made visible to other users or otherwise disclosed pursuant to this Privacy Notice, the Site incorporates reasonable safeguards to protect the security and privacy of the Personal Information that you provide, and we use reasonable precautions to protect such information from loss or misuse. Information transmitted over the Internet, however, may not be secure, and when you provide information to us through the Site, you do so at your own risk.
Except as provided herein, this Privacy Notice does not apply to the collection and use of any information gathered by or through any third-party websites, including any websites to which this Site links, any websites used to collect and process your donations (such as PayPal) or any websites that provide social media integration with the Site. We encourage you to review the privacy policies of third-party websites to understand their policies that apply to their collection and use of information.
We will not retain Personal Information longer than necessary to fulfill the purposes for which it is processed, including the security of our processing complying with legal and regulatory obligations (e.g. audit, accounting and statutory retention terms), handling disputes, and for the establishment, exercise or defense of legal claims where we do business. To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Our Site is not directed at or intended for anyone under the age of 18. We do not knowingly collect Personal Information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children without verification of parental consent, we take steps to remove that information from our servers.
Changes to Our Privacy Notice