Legal

Privacy Policy

Plain English. What we collect, why we collect it, and how we keep it safe.

Last updated: 22 April 2026

Catalyst12 Ltd ("we", "us", "our") is the data controller for this website catalyst12.co.uk. We take your privacy seriously. This policy explains what data we collect, why we collect it, and your rights under UK GDPR.

1. Who we are

Catalyst12 Ltd, Manchester, United Kingdom.
Contact: privacy@catalyst12.co.uk

2. What we collect

a) Information you give us

  • Contact form / newsletter signup: name, email, company, role and anything else you choose to tell us.
  • Diagnostic quiz responses: your answers are processed in your browser. Only submitted to us if you choose to send them.
  • Discovery call bookings: handled by Calendly on our behalf. Name, email and any scheduling information.

b) Information we collect automatically

  • Analytics data: via Google Analytics 4 (GA4), only if you accept analytics cookies. Includes pages viewed, device type, approximate location (country / city) and referral source.
  • Server logs: IP address, user agent and request path, retained for up to 30 days for security and debugging. Legitimate interest basis.

3. Why we collect it

  • To reply to enquiries and deliver our services (contract / legitimate interest).
  • To send you The Operator Letter newsletter, if you opted in (consent).
  • To understand how the site is used and improve it (consent, via GA4).
  • To keep the site secure (legitimate interest).

4. Cookies

We only set non-essential cookies after you accept them via the cookie banner.

Essential cookies

  • catalyst12_consent: stores your cookie choices. Expires after 12 months.

Analytics cookies (only loaded after "Accept")

  • _ga, _ga_*: Google Analytics 4. Counts visits, measures engagement. Expires after 2 years.

Third-party embeds

  • Calendly: when the booking widget loads, Calendly sets its own cookies. See calendly.com/privacy.
  • HubSpot: when you subscribe to the newsletter, HubSpot processes your email on our behalf. See hubspot.com/privacy.

You can change your choice anytime by clicking below, or in the footer.

5. Processors we use

  • Cloudflare (hosting and CDN) - US / EU / UK.
  • Google Analytics 4 (analytics) - US / EU. Data anonymised; IP truncation on.
  • HubSpot (newsletter / CRM) - US / EU, subject to SCCs.
  • Calendly (meeting scheduling) - US, subject to SCCs.

Any international transfers are covered by UK-approved Standard Contractual Clauses.

6. How long we keep it

  • Enquiries: up to 3 years after last contact, then deleted.
  • Newsletter subscribers: until you unsubscribe.
  • Analytics: 14 months (GA4 default).
  • Server logs: 30 days.

7. Your rights

Under UK GDPR you have the right to:

  • Access the data we hold on you.
  • Correct anything that's wrong.
  • Delete your data ("right to be forgotten").
  • Restrict or object to processing.
  • Port your data to another provider.
  • Withdraw consent at any time (where consent is the basis).
  • Complain to the ICO if you think we've got it wrong: ico.org.uk.

Email privacy@catalyst12.co.uk and we will respond within 30 days.

8. Security

The site is hosted on Cloudflare with HTTPS enforced. We do not store passwords or payment data on this site. Any data you send via forms is transmitted encrypted in transit.

9. Changes to this policy

If we update this policy we will change the "Last updated" date at the top. Material changes will be flagged on the homepage for 30 days.

10. Contact

Questions, complaints, data requests: privacy@catalyst12.co.uk

← Back to site