The Privacy Act 2020 requires us to keep secure all personal information we collect, and to communicate what we do with the personal information we need to conduct our business. 

This policy sets out how The Catalyst Group collects, stores, uses and shares any personal information we hold. We are committed to respecting the privacy of our staff and contractors, and clients. 

Here’s what guides us when we handle personal information: 

• We only collect personal information from our clients where this is necessary to carry out our business service functions. We only collect personal information from our staff or contractors for the purposes of having a legal arrangement (e.g. Employment Contract or Contract for Service). 

• We may also collect personal information directly from people or from other people or agencies, and we may generate personal information about people when we carry out our business service functions. 

• We store all our data (including personal information) on a secure Microsoft cloud platform, and we use Microsoft Office 365 applications. We protect our data with all reasonable technical and process controls. 

• We can be asked for a copy of the personal information we hold at any time. 

• We will only use and share personal information where necessary to carry out the functions for which we collected it (or if required by law). 

Third-party provider privacy policies 

We may use some third-party providers to manage some of our business and client services, such as provision of newsletters, billing and e-learning.   

These may include: 

• Mailchimp - MailChimp's privacy policy 

• Xero - Xero's privacy policy 

• Microsoft 365 - Microsoft’s privacy policy 

What do we do with personal information?  

• For staff and contractors, we only store personal information for use in the event that there might be a need (e.g. a legal matter). 

• For clients, we will only use the personal information provided to us for the purposes of delivering our services or carrying out our lawful functions. 

• We do not generally share personal information with third parties (other than third parties which we have listed above who are providing services to us). 

Storage and security 

We use third party providers to store and process our data. We store most of the personal information we collect and generate on Microsoft cloud servers. 

We take all reasonable steps to ensure the personal information we collect is protected against loss, unauthorised access and disclosure or any other misuse. 

Commercial sensitivity 

We are very conscious of commercial sensitivity when working with our clients. Specific company information may be required to conduct the services we offer clients, but our staff will work with clients supplying information to minimise the potential for the ability of disclosed information to be misused. Where appropriate, we will advise clients to redact information that may identify companies, projects or markets that they do not wish disclosed.  

Privacy rights and how to contact us 

We give you options to control the ways we use your information (such as opting out of receiving any newsletters). The Privacy Act 2020 gives you the right to request access to any personal information we hold about you and ask for it to be corrected if you think it is wrong. Contact us if you have any questions about this.  

Policy Last updated:  March 2025