Privacy Policy

1. Introduction

Catalyst Group ("we", "our", "us") is committed to protecting the privacy of individuals who visit our website and engage with our consulting services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you have questions about our data practices, please contact us at [email protected].

2. Data Controller Information

The data controller responsible for your personal data is:

3. Personal Data We Collect

We collect personal data that you voluntarily provide to us when you interact with our website or services. This may include:

3.1 Information You Provide

When you submit enquiries, request consultations, or engage our services, we may collect your name, email address, phone number, business name, job title, and any other information you choose to share in correspondence with us.

3.2 Automatically Collected Information

When you visit our website, we may automatically collect certain technical information including your IP address, browser type, operating system, referring URLs, pages viewed, and the dates and times of your visits.

3.3 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience and analyse website usage. For detailed information about our cookie practices, please refer to our Cookie Policy.

4. How We Use Your Personal Data

We process your personal data for the following purposes:

4.1 Service Delivery

To respond to your enquiries, provide consultations, deliver our consulting services, and communicate with you about your engagement with us.

4.2 Business Operations

To manage our client relationships, process payments, maintain records, and fulfil our contractual obligations.

4.3 Communications

To send you information about our services, industry insights, or updates that may be relevant to your business interests. You may opt out of marketing communications at any time.

4.4 Website Improvement

To analyse how visitors use our website, improve site functionality, and enhance user experience.

4.5 Legal Compliance

To comply with applicable laws, regulations, and legal processes, and to protect our rights and interests.

5. Legal Basis for Processing

Under the PDPA, we process your personal data based on one or more of the following legal grounds:

Consent: Where you have given clear consent for us to process your personal data for specific purposes.

Contractual Necessity: Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.

Legal Obligation: Where processing is necessary to comply with legal requirements.

Legitimate Interests: Where processing is necessary for our legitimate business interests, provided such interests do not override your fundamental rights and freedoms.

6. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

6.1 Service Providers

We may engage trusted third-party service providers to assist with website hosting, email services, analytics, and other business operations. These providers are contractually obligated to protect your data and use it only for the services they provide to us.

6.2 Legal Requirements

We may disclose your personal data if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of business assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and the choices you may have regarding your information.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security practices include:

Secure server infrastructure and encrypted data transmission

Access controls limiting data access to authorised personnel

Regular security assessments and updates

Staff training on data protection practices

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining reasonable safeguards.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the purpose of processing:

Client engagement records are retained for seven years after the conclusion of services for legal and professional compliance purposes.

Website analytics data is typically retained for twenty-six months.

Marketing preferences are retained until you withdraw consent or request deletion.

9. Your Rights

Under the PDPA and applicable data protection laws, you have certain rights regarding your personal data:

Right of Access: You may request a copy of the personal data we hold about you.

Right to Correction: You may request that we correct inaccurate or incomplete personal data.

Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.

Right to Object: You may object to processing of your personal data for direct marketing purposes.

Right to Erasure: In certain circumstances, you may request that we delete your personal data.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the timeframes required by applicable law.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

11. Children's Privacy

Our services are directed at businesses and professionals, and we do not knowingly collect personal data from individuals under the age of eighteen. If we become aware that we have collected personal data from a minor without appropriate consent, we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

13. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

14. Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Personal Data Protection Department (JPDP) of Malaysia: