Privacy Policy

Last Updated: October 2025

Introduction

Catalyst Group is committed to protecting your privacy and ensuring the security of your personal data. This privacy policy explains how we collect, use, store, and protect information when you use our website or engage our consulting services.

This policy applies to all personal data processed by Catalyst Group in connection with our business operations, website usage, and client engagements. By using our services, you consent to the data practices described in this policy.

1. Information We Collect

Personal Information You Provide

  • Contact Information: Name, email address, phone number, organization name, and job title when submitted through contact forms or consultation requests
  • Communication Data: Contents of messages, inquiries, and correspondence sent through our website or direct communication channels
  • Professional Information: Business information relevant to consulting engagements including organizational challenges, strategic priorities, and project requirements

Information Collected Automatically

  • Usage Data: IP address, browser type and version, time zone setting, pages visited, time spent on pages, referring website addresses
  • Device Information: Operating system, screen resolution, device type, and unique device identifiers
  • Cookie Data: Information collected through cookies and similar tracking technologies as detailed in our Cookie Policy

2. How We Use Your Information

Service Delivery and Communication

  • Respond to your inquiries and provide requested information about our consulting services
  • Schedule and conduct consultation meetings to discuss your business challenges
  • Deliver consulting services according to engagement agreements
  • Send service-related communications including project updates and deliverables

Business Operations

  • Process and manage client relationships throughout engagement lifecycles
  • Maintain records for business administration and legal compliance
  • Conduct internal analysis to improve service quality and operational efficiency
  • Comply with legal obligations including tax reporting and regulatory requirements

Marketing Communications (With Consent)

  • Send newsletters, insights, and thought leadership content about consulting topics
  • Notify you about new services, events, or publications that may interest you
  • Conduct market research to better understand client needs and preferences

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you explicitly agree to receive marketing communications or use optional website features
  • Contract Performance: To fulfill our obligations under consulting service agreements
  • Legitimate Interests: For business operations, service improvement, and fraud prevention where balanced against your privacy rights
  • Legal Compliance: To meet regulatory requirements including financial reporting, tax obligations, and data protection laws

4. Data Sharing and Disclosure

Third-Party Service Providers

We may share your information with trusted third-party service providers who assist our business operations:

  • Website Hosting and Analytics: Providers maintaining our website infrastructure and analyzing visitor behavior
  • Communication Services: Email service providers for business correspondence and marketing communications
  • Professional Services: Legal advisors, auditors, and other professional consultants bound by confidentiality obligations

All third-party providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose personal information when required by law, legal process, or to protect our rights, property, and safety or that of others.

5. Data Security Measures

We implement comprehensive security measures to protect your personal data:

  • Encryption: Data transmitted through our website uses SSL/TLS encryption protocols
  • Access Controls: Role-based access restrictions ensuring only authorized personnel access personal data
  • Secure Storage: Personal information stored on secure servers with regular security assessments
  • Employee Training: Staff receive regular data protection and security awareness training
  • Breach Procedures: Established protocols for detecting, responding to, and reporting security incidents within 72 hours when required

6. Data Retention Periods

We retain personal data only as long as necessary for legitimate business purposes:

  • Contact Form Submissions: Retained for 3 years unless earlier deletion requested
  • Client Engagement Records: Maintained for 5 years following engagement completion for business continuity
  • Financial Records: Kept for 7 years to comply with Singapore tax and accounting regulations
  • Marketing Communications: Retained until consent is withdrawn or subscription cancelled

Upon expiration of retention periods, data is securely deleted or anonymized according to established protocols.

7. Your Privacy Rights

You have the following rights regarding your personal data:

Access and Portability

  • Request access to personal data we hold about you
  • Receive a copy of your data in commonly used electronic format
  • Transfer your data to another service provider where technically feasible

Correction and Deletion

  • Correct inaccurate or incomplete personal information
  • Request deletion of your personal data subject to legal retention requirements
  • Object to processing based on legitimate interests

Consent Management

  • Withdraw consent for marketing communications at any time
  • Opt out of non-essential cookie usage through preference settings
  • Restrict certain types of data processing

To exercise these rights, contact us at [email protected] or +65 6295 8147. We will respond within 30 days of receiving your request.

8. International Data Transfers

Our primary operations and data storage are based in Singapore. When data transfers to other jurisdictions are necessary for business purposes, we ensure adequate protection through:

  • Standard contractual clauses approved by relevant data protection authorities
  • Transfers only to jurisdictions with adequate data protection frameworks
  • Additional safeguards including encryption and access restrictions

9. Children's Privacy

Our services are intended for business purposes and not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately for deletion.

10. Policy Updates

We may update this privacy policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated through:

  • Prominent notice on our website
  • Email notification to registered users
  • Updated "Last Modified" date at the top of this policy

Continued use of our services following policy updates constitutes acceptance of the revised terms.

11. Contact Information

For questions about this privacy policy or our data practices, contact us:

Catalyst Group

9 Straits View, Singapore 018937

Phone: +65 6295 8147

Email: [email protected]

12. Supervisory Authority

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the Personal Data Protection Commission of Singapore or the relevant data protection authority in your jurisdiction.