Privacy Policy
Privacy Policy
We appreciate your interest in our website. Protecting your personal data is very important to us. Below, we inform you about the nature, scope, and purpose of collecting and processing personal data when you visit our website.
1. Contact
The controller within the meaning of Article 4(7) of the GDPR is:
Catalyst Consulting UG
c/o Dominik Dreyer
Schwedter Straße 43a,
10435 Berlin, Germany
Mobile: +49 151 276 444 53
E-Mail: data.protection@catalystsearch.io
Commercial Register:: Berlin Charlottenburg
Represented by: Dominik Dreyer
Our competent supervisory authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
Phone: +49 (0) 30 13889 0
Fax: +49 (0) 30 215 5050
Email: mailbox@datenschutz-berlin.de
Website: www.datenschutz-berlin.de
2. Types of Data Processed
● Master data (e.g., names, addresses)
● Contact data (e.g., email, phone numbers)
● Content data (e.g., text entries, photographs, videos, contract data)
● Usage data (e.g., websites visited, content accessed, access times)
● Meta/communication data (e.g., device information, IP addresses)
● Applicant data (e.g., CVs, photos, professional qualifications)
3. Categories of Data Subjects Data subjects include visitors and users of our website, in particular potential clients, individuals interested in our services, potential and actual candidates, employees, and third parties (“users”). Clients who engage us for service delivery (“clients”) are also considered data subjects.
4. Purposes of Processing We process users’ personal data for the following purposes:
● Provision of our online offering, its functions and content
● Identification of candidates for open positions on behalf of our clients
● Responding to contact requests and user communication
● Security measures
● Reach measurement/marketing
5. Cookies Our website uses cookies, including third-party cookies. Cookies are small text files stored on users’ devices.
● Session cookies are deleted once the browser is closed.
● Persistent cookies remain stored even after closing the browser. If you do not wish to allow cookies, your browser can be set to notify you about cookies and allow you to block them selectively. Cookies are only used with your consent unless otherwise stated. The legal basis is Art. 6(1)(a) GDPR. Consent can be revoked at any time with future effect.
6. Scope of Data Processing
6.1 Provision of Services We process customer and user data in connection with our contractual services, including strategic consulting, campaign planning, data analysis, and coaching. This includes master, contact, content, contractual, usage, technical communication, and applicant data. The purpose is to provide our services, including candidate sourcing and pre-selection for open roles. This is based on our legitimate interest under Art. 6(1)(f) GDPR. Once a user expresses interest in a job (e.g., via ad click or written message), further data processing for pre-selection is based on Art. 88(1) GDPR in conjunction with § 26(1) BDSG. If the candidate provides special categories of personal data, this is voluntary and based on explicit consent per Art. 88 GDPR, § 26(2)–(3) BDSG. Forwarding candidate data to clients occurs only after obtaining explicit consent (Art. 6(1)(a) GDPR, § 26(2) BDSG). The provision of data is necessary for our recruitment services. Without it, we cannot recommend the candidate (Art. 13(2)(e) GDPR).
6.2 Statistical Analysis We use anonymized or aggregated data from service use to improve our offerings, based on legitimate interest (Art. 6(1)(f) GDPR). With consent (Art. 6(1)(a) GDPR), we may also analyze customer/user profiles to optimize user experience. Data is not shared unless anonymized.
6.3 Contact Requests If you contact us, we process your data to respond to your request (Art. 6(1)(b) GDPR) or based on our legitimate interest (Art. 6(1)(f) GDPR). Data may be stored in a CRM system.
7. Disclosure of Data to Processors and Third Parties If, in the course of processing, we disclose data to other individuals or companies (processors or third parties), transmit data to them, or otherwise grant them access, this will only occur based on the user’s consent, a legal obligation, or a legitimate interest (e.g., when using technical service providers to provide our online services). An example would be the transmission of data to payment service providers in accordance with Art. 6(1)(b) GDPR as necessary for fulfilling a contract.
If we engage third parties to process data on the basis of a so-called data processing agreement, this is done under Art. 28 GDPR. This does not apply to services that are based on another legal basis explicitly referenced in this privacy notice.
When transferring data to service providers, we and our service providers strictly adhere to the requirements of the GDPR. Before any data is shared, we ensure that our service providers have implemented adequate technical and organizational measures to protect your personal
data appropriately. The scope of data shared is always limited to the minimum necessary to fulfill the specific processing purpose.
Disclosures to government institutions and authorities are only made where we are legally required to do so or are subject to a court or administrative order. In such cases, the transfer of your data is based on Art. 6(1)(c) GDPR as it is required to fulfill a legal obligation.
8. Integration of Third-Party Services and Content We integrate content or service offerings from third parties into our online platform to enrich the user experience (e.g., videos or software). This always requires that the providers of such content obtain the users’ IP addresses to deliver content to the browser. Without the IP address, the content cannot be displayed.
We make every effort to only use content whose providers use IP addresses solely for content delivery.
Specifically, we use the following third-party services:
8.1 Google Fonts We use Google Fonts, a service provided by Google. When fonts are loaded via Google Fonts, information such as your IP address may be transmitted to Google and stored, possibly on servers outside the EU, such as in the USA.
Details on data protection at Google, including data type, scope, and purpose of processing, can be found here: https://www.google.com/intl/en/policies/privacy/
The transfer to Google is based on Art. 45 GDPR. For more information, see Section 13.7 above. We use Google Fonts to improve our website’s layout and visual presentation. The legal basis is Art. 6(1)(f) GDPR—our legitimate interest being the enhancement of our website’s design and user-friendliness.
9. Security Measures In accordance with Art. 32 GDPR, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures consider the state of the art, implementation costs, nature, scope, context, and purpose of processing, as well as the likelihood and severity of the risk to individuals’ rights and freedoms.
Our measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and logical access, data input, transmission, availability, and separation.
We also maintain processes that support the enforcement of data subject rights, secure deletion of data, and timely responses to data breaches. Furthermore, we ensure that data protection principles are integrated into our software development and technology choices as required under Art. 25 GDPR (data protection by design and by default).
All processing takes place within the EU unless otherwise stated in this privacy policy.
10. Deletion of Data In line with Art. 17 and 18 GDPR, data we process will be deleted or restricted once it is no longer required for its intended purpose, provided no statutory retention obligations or other legitimate reasons under Art. 17(3) GDPR apply.
Where data is not deleted due to legal obligations, it will be restricted from further processing. This particularly applies to data that must be retained for commercial or tax purposes.
According to German law, storage obligations may apply:
● 10 years under §§ 147(1) AO and 257(1) Nos. 1 and 4, (4) HGB (e.g., accounting records, business reports, etc.)
● 6 years under § 257(1) Nos. 2 and 3, (4) HGB (e.g., business correspondence)
After these periods, data will be deleted unless other overriding interests exist.
11. Your Rights If your personal data is processed based on legitimate interests (Art. 6(1)(f) GDPR) or public interest (Art. 6(1)(e) GDPR), you have the right to object at any time pursuant to Art. 21 GDPR, provided that your objection is based on your particular situation.
To exercise your right to object, simply send an email to: data.protection@catalystsearch.io. We may only continue processing your data if we can demonstrate compelling legitimate grounds, or where the data is needed for legal claims or compliance.
You also have the right to:
● Withdraw consent at any time (Art. 7(3) GDPR)
● Request information about whether we process your data and receive a copy of that data (Art. 15 GDPR)
● Request rectification of inaccurate data or completion of incomplete data (Art. 16 GDPR)
● Request deletion of your data where the legal basis no longer applies (Art. 17 GDPR)
● Restrict processing under certain conditions (Art. 18 GDPR)
● Receive your data in a structured, commonly used format or have it transmitted to another controller (Art. 20 GDPR)
● Lodge a complaint with a data protection authority (Art. 77 GDPR)
Last updated: April 30, 2025
We appreciate your interest in our website. Protecting your personal data is very important to us. Below, we inform you about the nature, scope, and purpose of collecting and processing personal data when you visit our website.
1. Contact
The controller within the meaning of Article 4(7) of the GDPR is:
Catalyst Consulting UG
c/o Dominik Dreyer
Schwedter Straße 43a,
10435 Berlin, Germany
Mobile: +49 151 276 444 53
E-Mail: data.protection@catalystsearch.io
Commercial Register:: Berlin Charlottenburg
Represented by: Dominik Dreyer
Our competent supervisory authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
Phone: +49 (0) 30 13889 0
Fax: +49 (0) 30 215 5050
Email: mailbox@datenschutz-berlin.de
Website: www.datenschutz-berlin.de
2. Types of Data Processed
● Master data (e.g., names, addresses)
● Contact data (e.g., email, phone numbers)
● Content data (e.g., text entries, photographs, videos, contract data)
● Usage data (e.g., websites visited, content accessed, access times)
● Meta/communication data (e.g., device information, IP addresses)
● Applicant data (e.g., CVs, photos, professional qualifications)
3. Categories of Data Subjects Data subjects include visitors and users of our website, in particular potential clients, individuals interested in our services, potential and actual candidates, employees, and third parties (“users”). Clients who engage us for service delivery (“clients”) are also considered data subjects.
4. Purposes of Processing We process users’ personal data for the following purposes:
● Provision of our online offering, its functions and content
● Identification of candidates for open positions on behalf of our clients
● Responding to contact requests and user communication
● Security measures
● Reach measurement/marketing
5. Cookies Our website uses cookies, including third-party cookies. Cookies are small text files stored on users’ devices.
● Session cookies are deleted once the browser is closed.
● Persistent cookies remain stored even after closing the browser. If you do not wish to allow cookies, your browser can be set to notify you about cookies and allow you to block them selectively. Cookies are only used with your consent unless otherwise stated. The legal basis is Art. 6(1)(a) GDPR. Consent can be revoked at any time with future effect.
6. Scope of Data Processing
6.1 Provision of Services We process customer and user data in connection with our contractual services, including strategic consulting, campaign planning, data analysis, and coaching. This includes master, contact, content, contractual, usage, technical communication, and applicant data. The purpose is to provide our services, including candidate sourcing and pre-selection for open roles. This is based on our legitimate interest under Art. 6(1)(f) GDPR. Once a user expresses interest in a job (e.g., via ad click or written message), further data processing for pre-selection is based on Art. 88(1) GDPR in conjunction with § 26(1) BDSG. If the candidate provides special categories of personal data, this is voluntary and based on explicit consent per Art. 88 GDPR, § 26(2)–(3) BDSG. Forwarding candidate data to clients occurs only after obtaining explicit consent (Art. 6(1)(a) GDPR, § 26(2) BDSG). The provision of data is necessary for our recruitment services. Without it, we cannot recommend the candidate (Art. 13(2)(e) GDPR).
6.2 Statistical Analysis We use anonymized or aggregated data from service use to improve our offerings, based on legitimate interest (Art. 6(1)(f) GDPR). With consent (Art. 6(1)(a) GDPR), we may also analyze customer/user profiles to optimize user experience. Data is not shared unless anonymized.
6.3 Contact Requests If you contact us, we process your data to respond to your request (Art. 6(1)(b) GDPR) or based on our legitimate interest (Art. 6(1)(f) GDPR). Data may be stored in a CRM system.
7. Disclosure of Data to Processors and Third Parties If, in the course of processing, we disclose data to other individuals or companies (processors or third parties), transmit data to them, or otherwise grant them access, this will only occur based on the user’s consent, a legal obligation, or a legitimate interest (e.g., when using technical service providers to provide our online services). An example would be the transmission of data to payment service providers in accordance with Art. 6(1)(b) GDPR as necessary for fulfilling a contract.
If we engage third parties to process data on the basis of a so-called data processing agreement, this is done under Art. 28 GDPR. This does not apply to services that are based on another legal basis explicitly referenced in this privacy notice.
When transferring data to service providers, we and our service providers strictly adhere to the requirements of the GDPR. Before any data is shared, we ensure that our service providers have implemented adequate technical and organizational measures to protect your personal
data appropriately. The scope of data shared is always limited to the minimum necessary to fulfill the specific processing purpose.
Disclosures to government institutions and authorities are only made where we are legally required to do so or are subject to a court or administrative order. In such cases, the transfer of your data is based on Art. 6(1)(c) GDPR as it is required to fulfill a legal obligation.
8. Integration of Third-Party Services and Content We integrate content or service offerings from third parties into our online platform to enrich the user experience (e.g., videos or software). This always requires that the providers of such content obtain the users’ IP addresses to deliver content to the browser. Without the IP address, the content cannot be displayed.
We make every effort to only use content whose providers use IP addresses solely for content delivery.
Specifically, we use the following third-party services:
8.1 Google Fonts We use Google Fonts, a service provided by Google. When fonts are loaded via Google Fonts, information such as your IP address may be transmitted to Google and stored, possibly on servers outside the EU, such as in the USA.
Details on data protection at Google, including data type, scope, and purpose of processing, can be found here: https://www.google.com/intl/en/policies/privacy/
The transfer to Google is based on Art. 45 GDPR. For more information, see Section 13.7 above. We use Google Fonts to improve our website’s layout and visual presentation. The legal basis is Art. 6(1)(f) GDPR—our legitimate interest being the enhancement of our website’s design and user-friendliness.
9. Security Measures In accordance with Art. 32 GDPR, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures consider the state of the art, implementation costs, nature, scope, context, and purpose of processing, as well as the likelihood and severity of the risk to individuals’ rights and freedoms.
Our measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and logical access, data input, transmission, availability, and separation.
We also maintain processes that support the enforcement of data subject rights, secure deletion of data, and timely responses to data breaches. Furthermore, we ensure that data protection principles are integrated into our software development and technology choices as required under Art. 25 GDPR (data protection by design and by default).
All processing takes place within the EU unless otherwise stated in this privacy policy.
10. Deletion of Data In line with Art. 17 and 18 GDPR, data we process will be deleted or restricted once it is no longer required for its intended purpose, provided no statutory retention obligations or other legitimate reasons under Art. 17(3) GDPR apply.
Where data is not deleted due to legal obligations, it will be restricted from further processing. This particularly applies to data that must be retained for commercial or tax purposes.
According to German law, storage obligations may apply:
● 10 years under §§ 147(1) AO and 257(1) Nos. 1 and 4, (4) HGB (e.g., accounting records, business reports, etc.)
● 6 years under § 257(1) Nos. 2 and 3, (4) HGB (e.g., business correspondence)
After these periods, data will be deleted unless other overriding interests exist.
11. Your Rights If your personal data is processed based on legitimate interests (Art. 6(1)(f) GDPR) or public interest (Art. 6(1)(e) GDPR), you have the right to object at any time pursuant to Art. 21 GDPR, provided that your objection is based on your particular situation.
To exercise your right to object, simply send an email to: data.protection@catalystsearch.io. We may only continue processing your data if we can demonstrate compelling legitimate grounds, or where the data is needed for legal claims or compliance.
You also have the right to:
● Withdraw consent at any time (Art. 7(3) GDPR)
● Request information about whether we process your data and receive a copy of that data (Art. 15 GDPR)
● Request rectification of inaccurate data or completion of incomplete data (Art. 16 GDPR)
● Request deletion of your data where the legal basis no longer applies (Art. 17 GDPR)
● Restrict processing under certain conditions (Art. 18 GDPR)
● Receive your data in a structured, commonly used format or have it transmitted to another controller (Art. 20 GDPR)
● Lodge a complaint with a data protection authority (Art. 77 GDPR)
Last updated: April 30, 2025