CatalystXL Processes Personal Data in the Service Data under the instructions of the relevant Customer or as required by applicable law, as described in the CatalystXL Terms of Service at https://catalystxl.com/terms/ or the alternative agreement (if applicable) signed by CatalystXL and that Customer for the Service Offerings. For any Organization on the Platform, the relevant Customer is the one that CatalystXL authorizes to control the administrator account. Specifically, that Customer is the Controller for all information submitted by any User to that Organization. The foregoing is true even when those Users happen to be employees of another Customer, as each Customer is a Controller of only its own Organization.
CatalystXL may disclose any Service Data, including certain deleted Service Data, or data previously received from deactivated Users, to the relevant Customer, and CatalystXL provides the Customer with certain tools for modifying, deleting or taking other steps with Service Data. Accordingly, Users and other individuals should contact the relevant Customer with any requests relating to Personal Data about them that may appear in that Customer’s Service Data. If CatalystXL receives a request from a User to exercise rights in Service Data, we will refer the User’s request to the relevant Customer and cooperate with that Customer’s handling of the request, subject to any special contractual arrangement with that Customer. For requests from Customer account administrators relating to their own Personal Data, CatalystXL may handle the request directly.
3. Types of Personal Data We Collect
Because we designed the Platform to be content- and data-agnostic, our Customers are empowered to provide us with any kind of Personal Data in the Service Data.
In addition to Service Data, we collect contact details, professional details such as title and name of company, information about the browsers and devices individuals use to interact with us, information about an individual’s interactions with CatalystXL or our partners, and payment information.
We obtain much of this data directly from the relevant individuals, including in some cases with the technology described in the “Cookies and Automated Data Collection” section further below. We also obtain Personal Data directly from our current or prospective Customers and from other third-party sources such as resellers, distributors, list vendors and marketing companies, as well as from publicly available sources such as prospective Customer websites and third-party sites like LinkedIn.
4. How We Use Personal Data
CatalystXL uses Personal Data as follows:
5. Disclosures of Personal Data
We share Personal Data as follows:
For those purposes, we may share information with our Affiliates and other entities that help us with any of the above, such as our sub processors or our CRM system provider, our payment processor, and the marketing and analytics companies described in Section 7 below.
6. Legal Bases for Processing Personal Data
The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to use or disclose your Personal Data. To the extent those laws apply, our legal grounds for Processing Personal Data are as follows:
7. Cookies and Automated Data Collection
This information includes unique browser identifiers, unique device identifiers such as the Apple Advertising Identifier or Android Advertising ID, IP address, browser and operating system information, geolocation, other device information, Internet connection information, as well as details about individuals’ interactions with our apps, websites and emails. Such details include, for example, the URL of the third-party website from which you came, the pages that you visit on our websites, and the links you click on in our websites.
The cookies and other technologies described here fall into four basic categories:
You may be able to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent. Some browsers offer similar settings for HTML5 local storage, and Flash storage can be managed as described here.
8. Personal Data Rights and Choices (Including Direct Marketing Opt-Out)
All Users can:
Controls related to cookies and other automated data collection are described in the “Cookies and Automated Data Collection” section above. Anybody can unsubscribe from marketing emails by clicking the unsubscribe link they contain.
Residents of the European Economic Area, the UK and many other jurisdictions have certain legal rights to do the following with Personal Data we control:
For example, those individuals have a right to opt out of CatalystXL’s Processing of their Personal Data for direct marketing purposes.
Residents of the European Economic Area, the UK and Switzerland also have certain rights under the Privacy Shield, as described in the “International Data Transfers” section below.
To exercise any rights relating to Service Data, Users should contact the relevant administrator for the Organization associated with the Service Data, not CatalystXL. If you are a Customer account administrator or Customer account owner and require assistance with this process, such as if you want to make a request with respect to your own User data, you may contact us as described below.
Many of the rights described above are subject to significant limitations and exceptions under applicable law. For example, objections to the Processing of Personal Data, and withdrawals of consent, typically will not have retroactive effect.
Every individual also has a right to lodge a complaint with the relevant supervisory authority.
To provide security for Service Data within the Platform, we maintain physical, organizational and technical safeguards, which are subject to periodic changes. Customers’ use of available safeguards will impact the level of protection available for the Service Data. Communications with CatalystXL through other methods such as email or phone are not subject to those protections. Third-party software and services integrated into our Service Offerings, such Google Drive, Box, Dropbox anor, are handled by such third parties subject to their own privacy and security procedures, which we do not control.
We use different safeguards to help secure the other Personal Data we handle.
No security method is perfect, and we cannot guarantee that any data will remain secure.
10. Data Retention
11. International Data Transfers
CatalystXL complies with legal requirements for cross-border data protection, including through the use of European Commission-approved Standard Contractual Clauses and contract language required by the Privacy Shield, which is described below.
The following statements apply to all EEA, UK and Swiss Personal data that is received by CatalystXL in the United States pursuant to the Privacy Shield:
Our Privacy Shield certification is available at https://www.privacyshield.gov/list. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov. When CatalystXL receives Personal Data under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on CatalystXL’s behalf, CatalystXL has certain responsibility under the Privacy Shield if both (i) the agent Processes the information in a manner inconsistent with the Privacy Shield, and (ii) CatalystXL is responsible for the event giving rise to the damage.
Covered European residents should direct any questions, concerns or complaints regarding CatalystXL’s compliance with the Privacy Shield to CatalystXL as described at the bottom of this Policy. CatalystXL will attempt to answer your questions and satisfy your concerns in a timely and complete manner as soon as possible. If, after discussing the matter with CatalystXL, your issue or complaint is not resolved, CatalystXL has agreed to participate in the Privacy Shield independent dispute resolution mechanisms listed below, free of charge to you. Please contact CatalystXL first.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Please note that CatalystXL’s Customers may transfer Personal Data to CatalystXL on the basis of other legal mechanisms approved by the European Commission and other relevant authorities for cross-border data transfers, such as Standard Contractual Clauses. To exercise any legal right to see copies of the data transfer mechanism documents that CatalystXL uses to transfer data to third parties, please contact us. Our Service Offerings allow our Customers and Users to make international data transfers to third parties, such as to other Users, or to providers of integrations, for which they are solely responsible.
12. Notification of Changes
13. Contact Information
Attention: Legal and Compliance
707 North Wells St, Unit 1104
Chicago, IL 60654
14. Additional Privacy Details for California Residents
CCPA categories of California personal information we collect:
CCPA description of uses of California personal information:
The extent to which our service providers engage in the uses and disclosures described above varies from provider to provider.
CCPA “sale” of California personal information
California Privacy Rights
If you are a California resident, California law may permit you to request that we:
Certain information is exempt from such requests under applicable law. You also may have the right to receive information about the financial incentives that we offer to you (if any). You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights.
To request to exercise any of these rights, please email requests to firstname.lastname@example.org
LAST UPDATED June 18, 2020.