Privacy Policy
Catalyst Collective Redress Services B.V. Last update: January 2024
This privacy policy contains important information; it describes how we, Catalyst Collective Redress Services B.V. ("Catalyst"), process your personal data when you ("user" or "you") visit our website(s) or otherwise interact with us.
Do you have questions? Please contact us using the information at the bottom of this policy.
1 About us
1.1 Catalyst ("we", "us", "our") is a Dutch private limited company that focuses on organizing, administering, and supporting collective mass damage claims filed by third parties. Catalyst does not provide legal assistance.
1.2 This privacy policy explains how we collect, use, store, share, transfer, or otherwise process personal data.
2 Applicability
This privacy policy applies to the processing activities to which the General Data Protection Regulation ("GDPR") and relevant national (implementation) legislation apply.
3 Responsibility
3.1 Catalyst is the data controller for the processing described in this privacy policy.
3.2 We process personal data only in accordance with relevant privacy legislation and as described in this privacy policy.
4 How do we collect personal data?
4.1 We process IP addresses and related data when you visit our website(s), based on our legitimate interests, namely to ensure that the websites function properly and that we can keep these websites consistently available.
4.2 We also process personal data when you contact us. In that case, we process - to the extent you share it with us - your name and contact details. We always process your email address and the content of your message(s). We may also store information about how your message(s) are followed up.
4.4 We currently only use functional cookies. Functional cookies are necessary for the proper functioning of a website. Catalyst does not currently use analytical cookies. Should this change in the future, we will inform you through a cookie policy.
5 Processing purposes and legal basis
5.1 It depends on the processing activity which personal data we process, on which basis personal data are processed, and for which purposes we do this. See below for an overview.
Activities | Categories of personal data | Grounds for processing and purposes for processing |
Visiting our websites | P address, User agent, URL preceding our website(s), URL that led you to our website(s), Date and time of your visit, Browser language settings, Country code, Cookies (see article 6) | We collect your personal data based on our legitimate interests, namely to improve our (online) services and to enable the hosting of our website(s). We process your personal data for the following purposes: (i) improving our website, (ii) for consistent service, (i) for increasing protection and security of your personal data. |
Contact | Your name and email address. Your phone number. The content of your request. Information about the follow-up of our contact with you. | We collect your personal data if you submit a contact request. We then use this data to contact you. We examine your data to establish your identity for security purposes, to offer our services and products, and to provide the correct service. We process your personal data for the following purposes: (i) following up on your questions, ii) to inform you about products or services that may be relevant to you, (iii) verifying your identity to ensure that you are who you say you are, and (iv) increasing the protection and security of your personal data. |
Other general processing | Other information necessary for achieving the predetermined purposes | We collect your personal data to the extent necessary to comply with a legal obligation applicable to us or to the extent necessary for our legitimate interests, namely conducting our normal business activities and protecting our interests in a dispute. In conducting research to support the claim, it is conceivable that personal data will be processed. We process your personal data for the following purposes: (i) following up on requests from authorities, (ii) conducting criminal investigations, conducting legal proceedings, and enforcing judgments, (iii) protecting the rights of third parties, (iv) conducting investigations, and (v) other circumstances as set out in relevant legislation. |
5.2 If we further process your personal data beyond the purposes for which they were obtained, we will inform you of this in a timely manner.
6. Cookies
Depending on the website you visit, we use the following cookies.
Website | Name cookie | Purpose of the cookie | Is this a third-party cookie or are data shared with third parties? | Duration of the cookie? | Consent required? | |
Functional cookie | www.catalyst-crs.com | pll_language | remembers language selection | No | 1 year | No |
6.2 It is possible to set your cookie preferences for all websites via the browser settings. It varies per browser which preferences you can set. For more information, please visit: www.aboutcookies.org/how-to-control-cookies/.
6.3 Please note that the functionality of the website you visit may be impaired if you refuse certain cookies.
7. Sharing with third parties or outside the EEA
7.1 We only share personal data with third parties when this is necessary for the provision of our services. In that case, we share personal data with the following parties:
Activities | Recipients | Location |
Visiting our website(s) | Processors engaged by us or by our processors, such as hosting providers like WPEngine. |
The processing of personal data takes place in the EU in this context.
|
Customer service or communication with you | Processors engaged by us or by our processors, such as hosting providers, like Google Workspace. |
The email servers of Catalyst for customer service are hosted via Catalyst Collective Redress Services B.V. through Google Cloud. To safeguard the protection of your personal data, it has been chosen to store your personal data only within the EU.
Information about the hosting of our websites can be found in the first row of this table. |
7.2 We only make your personal data public in line with the following conditions and to the extent that generally accepted security measures have been taken in this context:
- At your request;
- To the extent necessary under applicable law to us;
-
To the extent necessary in the context of a legal proceeding in which we are a party.
7.3 We make as much use as possible of parties located within the European Economic Area (EEA) for the processing of personal data, or select the option for personal data to be stored or otherwise processed within the EEA. The email servers of Catalyst are hosted via Catalyst Collective Redress Services B.V. through Google Cloud. More information about their standards can be found at https://cloud.google.com/privacy/gdpr.
7.4 To the extent that Catalyst processes personal data outside the EEA or has them processed, the following applies. Transfers outside the EEA are permitted based on an adequacy decision. This is a decision by the European Commission which states that the level of data protection in the receiving country is of a comparable level to the GDPR. This link contains an overview of countries with an adequacy decision. In other cases, we use the so-called Standard Contractual Clauses as established by the European Commission. More information about transfers outside the EEA and a copy of the measures taken by us can be requested from us.
7.5 If the activities of Catalyst are continued in the future by another organization, your data may be transferred to this organization provided Catalyst informs you in advance. You then have the opportunity to object to such a transfer.
8. Security
8.1 To protect your personal data against loss, misuse, and/or unauthorized alterations, we take adequate technical and organizational measures. We also impose these requirements on our processors. In addition, we only give access to personal data to persons to the extent necessary for the provision of our services. These persons are also bound by a confidentiality obligation based on an (employment) agreement or by law.
9. Retention periods
9.1 In general, we do not store your personal data longer than necessary for the purposes for which they are processed or as long as legal terms require retention.
We apply the following retention periods for the processing below:
Activities | Retention period |
Visiting our website(s) | 7 days |
Customer service or communication with you | 6 months after handling communication |
Other general processing | Depending on the processing |
10. Your rights
10.1 With regard to our processing activities, you have the following rights.
- To the extent our processing activities are based on your consent, you have the right to withdraw your consent at any time.
- You have the right to access the personal data that we process from you. This right allows you to receive a copy of the personal data that we process from you. We will also provide you with additional information about our processing activities.
- You have the right to rectify inaccurate data immediately. This allows incorrect personal data processed by us to be adjusted or supplemented.
- You have the right to be 'forgotten'. The right to be forgotten applies if (i) the personal data are no longer necessary, (ii) you have withdrawn your consent, (iii) you have objected to the processing of your personal data, (iv) we process personal data unlawfully, (v) personal data must be deleted under Union law or the law of the Member States, or (vi) we have collected your personal data in the context of information society services. To the extent that the processing of personal data is necessary (i) for the exercise of our right to freedom of expression and information, (ii) for compliance with a legal task of general interest or a task in the exercise of public authority, (iii) for reasons of public interest in the field of public health, (iv) for archiving in the general interest, and/or (v) for the establishment, exercise or substantiation of a legal claim, we may refuse the right to deletion.
- When our processing activities are based on our legitimate interests, you have the right to object. If your personal data is processed for direct marketing purposes, your request will be honored in any case. In other cases, we will also stop processing your personal data, unless there are compelling legitimate grounds for processing your personal data that outweigh your interests.
- You have the right to restrict processing if (i) you have contested the accuracy of the personal data, (ii) we process your personal data unlawfully and you do not want them to be deleted, (iii) we no longer need your personal data but you need them for the establishment, exercise or substantiation of a legal claim, and/or (iv) you have objected to the processing of your personal data. If we honor your request, your personal data will only be stored by us. We will not process your personal data in any other way, unless you have given permission, it is necessary for the establishment, exercise or substantiation of a legal claim, it is necessary for the protection of the rights of third parties, or for significant reasons of general interest.
- If If our processing activities are based on your consent or on the execution of an agreement and are carried out via automated processes, you have the right to obtain your personal data in a structured, common and machine-readable form and to transfer them to another controller.
- You You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not use automated decision-making.
- In addition to the above rights, you also have the right to lodge a complaint with the relevant data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority). However, we prefer to resolve complaints together with you. Therefore, we ask you to contact us first at info@catalyst-crs.com.
10.2 You can exercise any of the above rights by contacting us. You can exercise these rights free of charge, unless your requests are manifestly unfounded or excessive. In such cases, we ask for a reasonable fee or refuse to comply.
10.3 We may ask for additional information to verify your identity before we respond to your request.
10.4 We will provide information about the follow-up of your request as soon as possible and in any case within one month of receiving your request. Depending on the complexity of the requests and the number of requests, this period may be extended by another two months if necessary. We will inform you about this within one month of receiving the request.
11 Contact
In case of questions, you can contact us at info@catalyst-crs.com.
12 Miscellaneous
12.1 We are entitled at all times to delete your personal data. We do not owe you any compensation in that case.
12.2 In the event that provisions in this privacy policy are in conflict with the law, these conflicting provisions will, to the extent legally permissible, be replaced by provisions that have the same intention. In that case, the remaining provisions will remain fully applicable.
12.3 We have the right to amend this privacy policy. If necessary, we will inform you about this. The current version is always available on our website(s). This current version was last updated in January 2024.
13 Definitions
13.1 The following definitions apply to this privacy policy:
Relevant privacy legislation: | General Data Protection Regulation ("GDPR") and relevant national (implementation) legislation. |
Privacy policy: | This current privacy policy. |
Catalyst Collective Redress Services B.V. | Catalyst Collective Redress Services B.V. Tivolistraat 50, 5017 HR Tilburg Nederland CoC number: 68266685 |
Website(s) | www.catalyst-crs.com |
13.2 Other terms as defined in relevant privacy legislation, such as 'personal data', '(joint) controller', 'processor', 'data subject' and 'processing', have the same meaning as in relevant privacy legislation.