Catalyst Repository Systems, Inc. ("Catalyst") and its affiliate TotalDiscovery LLC ("TotalDiscovery") provide e-discovery software for litigation support, compliance, and document management.
During the course of providing services, we receive a wide variety of data, some of which includes personal information. In addition, we sometimes receive personal information from individuals who visit our website, seek materials from us, or attend our educational programs.
We are committed to protecting personal data, whether required by law, agreement or otherwise. We will not under any circumstances sell, rent or barter any information we receive from clients, users or visitors for any reason.
- Data received from clients
- Data collected from users of our platforms
- Data collected from visitors to our websites
- How we treat data that is regulated under the GDPR (the EU’s General Data Protection Regulations).
Data received from Clients
Data we receive from clients belongs to the client. Decisions regarding what information gets processed and hosted, and who is allowed to access it, are made by the client. This includes any personal information we host on our platform. For that reason, we treat all client data as confidential and will not disclose it to third parties for any reason unless directed by the client or required to by law, subpoena or other legal process. Should we receive a legal demand for data, we will contact the client for directions unless prohibited from doing so by law or court order. We grant access to client data to our employees and contractors in order to deliver services requested by a client. All such employees and/or contractors are bound by confidentiality agreements.
Data collected from Users
Users of our platform are authorized by our clients. We collect data from users when they register, interact with the platform, or otherwise communicate with us. We treat this information as confidential and will not use for any purpose other than providing our services, support, and communications with that user.
Data collected from Visitors
Catalyst collects information from visitors to our website and from third parties so that we may communicate with you about relevant products, services and related information. Communication includes email, telephone, direct mail, social media or other communication formats subject to ensuring that such communications are provided to you in compliance with applicable law.
We do not sell, give, or trade the personal information or statistics we store to any third parties for data-mining or marketing purposes. At any time, you may unsubscribe from our promotional communications by simply clicking on the unsubscribe link included in every email or newsletter we send, or by contacting us at email@example.com. After you unsubscribe, we will not send you further emails, but we may continue to contact you to the extent necessary for the purposes of any products, services or other specific information you have requested.
Why We Collect Your Information
Catalyst may index and use your personal data, as reasonably necessary and in accordance with your consent to:
- Send you content downloads or subscriptions requested via the website.
- Send you general marketing communications.
- Send you email notifications which you have specifically requested.
- Send you our newsletter and other marketing communications (relating to our business which we think may be of interest to you, such as online event invitations).
- Respond to inquiries you have made relating to our products and services (including but not limited to a request for a meeting or product demonstration).
- Improve your browsing experience on our website.
How We Collect Information: Catalyst Website
- Web forms: We use web forms to collect basic personal data that will enable us to communicate with you. You are the sole source of information provided to us on our website. Our website may collect any or all of the following: name (first, last), business email address, business phone number, job title, company name, and mailing address.
- Chat: We use a vendor to provide chat services on our website (www.catalystsecure.com). The chat service allows us to collect the information you provide and to route information to the proper persons to respond to your requests. The third-party provider will not store your information (i.e., IP address) unless you choose to use the chat service on our website. In such case, our third-party provider has committed to protecting the confidentiality of any data provided through chat and to not use that data for any other purpose than relaying it to us for response. Please visit: https://www.drift.com/privacy-policy/ for more information.
How We Collect Information: Third Party Sources
Catalyst also receives information about you from third-party sources, including public and private databases, lead generation services, third-party event organizers, marketing partners with whom we do business, and social media sites.
Data Subject to GDPR Regulations
We are committed to handling data coming from EU countries in accordance with the Privacy Shield framework. That program authorizes Catalyst and TotalDiscovery to store and host EU personal data with appropriate procedures for data subjects to request a copy of, or modifications to, personal data.
- Catalyst’s Privacy Shield registration
- Catalyst Privacy Shield policy
- TotalDiscovery’s Privacy Shield registration
- TotalDiscovery Privacy Shield policy
Data Controller and Data Processor
- Our clients act as data controllers under the GDPR. A data controller determines the purposes for which and the means by which personal data is processed.
- For our clients, Catalyst and TotalDiscovery act as data processors. A data processor processes personal data only on behalf of the controller.
- For our users and visitors, Catalyst and TotalDiscovery act as data controllers. Our client determines what data to store in the Catalyst or TotalDiscovery platform, who can sees that data, and the ultimate disposition of that data. Our clients must obtain permission or have other legitimate bases to collect and process information in accordance with the GDPR. As a data processor, our responsibility is to provide services and keep the data we maintain secure in accordance with client instructions.
- We regularly review our policies, processes, and procedures to ensure that they are addressing our obligations to GDPR as a data processor. In general, we employ what we believe are reasonable efforts to maintain the accuracy and integrity of personal data received from our clients or its agents and, at the client’s direction will endeavor to update or correct it as appropriate.
- We have implemented physical and technical safeguards to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. For example, electronically stored personal data is stored on a secure network with firewall protection, and access to our systems requires user authentication via password or other means. Data is transmitted in encrypted form.
Right to Access, Change or Delete Personal Data
- For data provided by our clients, Subject Access Requests (SARs) should be routed through the client. We will take directions from our client, acting as data controller, with regard to making personal data available to a data subject. If we receive a SAR for access to personal data, then, unless otherwise required under law or contract, we will forward the request to the client for instructions.
- When Catalyst or TotalDiscovery is the data controller for users of our platform, users are authorized by our clients. As such, we will treat data collected about users as equivalent to client provided data. We will look to the data controller for guidance. When Catalyst or TotalDiscovery is the data controller for visitors to our websites, you may contact firstname.lastname@example.org for help with SAR requests.
Should there be a dispute between the client and the data subject over the right to correct, edit, amend, block, erase or otherwise change their personal data, we will seek guidance from the client or other appropriate authority before taking any action.
Questions and Compliance
Owner: Legal Department
$Date: 2019-01-15 12:32:22 -0700 (Tue, 15 Jan 2019) $
$Revision: 473348 $