Privacy Policy

1. Who We Are

Catalyst Enablement Group Pty Ltd

Melbourne, Australia

Email: info@catalystenablement.com.au

Phone: 0404 345 591

‍

2. Information We Collect

We collect and process the following categories of personal information:

• Identity and contact data: Full name, email address, job title, department, team, manager name, phone number and organisation name.
• Assessment data: Your responses to self-assessment questions and, where applicable, assessment ratings submitted by colleagues about you through the Known By Name platform.
• Reviewer data: When you are invited to provide feedback on a colleague through the Platform, we collect your name, email address, your relationship to the person being assessed, your assessment ratings and any written comments you provide. We also collect your IP address and browser information at the time of submission for security and fraud prevention purposes (specifically, to verify reviewer identity and mitigate the risk of impersonation). Your contact details are typically provided to us by the person being assessed or by their organisation’s administrator.
• Account data: Password (stored as a one-way cryptographic hash — we cannot read your password), account creation date and last login time.
• Usage data: Page visits, feature interactions and session information collected via server logs. We do not use third-party analytics tracking scripts on the Platform.
• Website visitor data: When you visit our website (catalystenablement.com.au), we collect standard server log data including IP address, browser type, pages visited and referring URLs. When you submit information through our contact forms, consultation requests, newsletter signups or resource downloads, we collect the information you provide (such as your name, email address, organisation and message content).
• Workshop and program data: Registration details, attendance records, feedback survey responses and any information shared during facilitated workshops, coaching sessions or AI-powered practice simulations delivered as part of any program of work.
• Session recording data: Where workshops, coaching sessions or other program activities are conducted via video conferencing, sessions may be recorded with your prior notice and consent. Recordings may include video, audio and shared screen content. Chat messages submitted during recorded sessions may also be captured as part of the recording.
• CRM and outreach data: Professional contact information obtained from publicly available sources or provided directly by you, stored in our customer relationship management system for business development purposes.
• Communications: Any messages you send us via email or support channels.

We do not collect sensitive information (as defined in the Privacy Act 1988) such as health data, racial or ethnic origin, political opinions or biometric data.

‍

3. How We Use Your Information

We use your personal information to:

• Provide and operate the Platform and deliver your assessment results.
• Manage your account and authenticate your identity.
• Match reviewer responses to the relevant assessment cycle to generate aggregated feedback reports for the person being assessed.
• Generate personalised reports and development recommendations (see Section 6 — AI-Assisted Processing).
• Send transactional emails (account setup, invitation links, assessment reminders).
• Send notification emails (assessment progress updates, report availability). You may unsubscribe from notification emails at any time.
• Deliver and administer workshops, coaching sessions, AI-powered practice simulations and other learning programs.
• Record virtual sessions where prior notice and consent have been provided, for quality assurance, participant reference, or program delivery purposes.
• Respond to your enquiries, consultation requests and support questions submitted through our website or other channels.
• Manage client relationships, including sending relevant business communications about our services.
• Improve the reliability and performance of the Platform, our website and our services.
• Comply with legal obligations.

4. Legal Basis for Processing

We rely on the following legal bases to process your personal information:

• Contractual necessity: Processing required to provide the Platform or services to you or to your employer organisation. This includes the processing of reviewer data, which is collected and processed as part of the assessment service contracted between Catalyst Enablement Group and the sponsoring organisation.
• Legitimate interests: Improving our services, fraud prevention, security monitoring, identity verification (including for reviewers), and managing business relationships — where these interests are not overridden by your rights.
• Legal obligation: Where we are required to process data to comply with applicable law.
• Consent: Where you have given us explicit consent, such as for optional communications or the recording of virtual sessions. You may withdraw consent at any time.

Reviewers: Your assessment responses are processed under contractual necessity (the agreement between Catalyst Enablement Group and the sponsoring organisation) and legitimate interests of the employer. When you begin a review on the Known By Name platform, you will be asked to acknowledge that you have read this Privacy Policy. This acknowledgement confirms you have been notified about how your data is processed, as required under APP 5.

‍

5. Sharing Your Information

We do not sell, rent or trade your personal information. We may share information in the following limited circumstances:

• With your organisation: Assessment results may be shared with your employer organisation where this forms part of the agreed program of work. Not all engagements include organisational-level reporting. Our facilitators and platform administrators manage access to reports and assessment data on behalf of Catalyst Enablement Group.
• Infrastructure and service providers: We use the following third-party providers to operate our services. Each acts as a data processor under appropriate agreements: Cloudflare, Inc. — Hosting, content delivery and database services (Cloudflare Workers, D1, KV). Resend, Inc. — Transactional and notification email delivery. WorkOS, Inc. — Authentication and single sign-on (Google, Microsoft). Webflow, Inc. — Website hosting and content management. HubSpot, Inc. — Customer relationship management and business communications.
• AI processing providers: We use third-party AI providers as tools to support the generation of assessment reports, development recommendations and AI-powered practice simulations. Current providers include Anthropic, PBC (Claude), OpenAI, Inc. and Google LLC (Gemini). We evaluate providers on an ongoing basis and may use additional or alternative providers. All AI providers are bound by data processing agreements that prohibit the use of customer data for model training. See Section 6 for further details on how AI is used.
• Video conferencing providers: Where virtual sessions are recorded, the recording is processed by the video conferencing platform used for that session (e.g. Zoom Video Communications, Inc. or Microsoft Corporation). Recordings are stored securely and access is restricted to authorised personnel.
• Qualified subcontractors: We may engage qualified subcontractors to deliver services on our behalf. All subcontractors are bound by equivalent confidentiality and data protection obligations.
• Legal requirements: We may disclose data if required by law, court order or government authority.

6. AI-Assisted Processing

Our qualified practitioners lead the delivery of all assessment reports, development recommendations and learning programs. We use artificial intelligence as an assistive tool within this process. AI may generate first drafts of reports, session outlines and development content, and provide supporting analysis, but every output is reviewed, edited and finalised by our practitioners before it reaches you. AI does not make decisions, form conclusions or release outputs independently. Our team retains full control over the quality, accuracy and appropriateness of everything we deliver.

Certain learning programs also incorporate AI-powered practice simulations and role-play exercises, where AI provides real-time responses during facilitated practice sessions.

When using AI processing:

• Only aggregated assessment scores, the participant’s first name and their role context are sent to AI providers. Individual reviewer identities are never disclosed to any AI provider or included in any AI-generated output.
• Data is processed via secure API connections and is not used to train AI models. We select providers whose data processing terms explicitly prohibit the use of customer data for model training.
• All AI-generated draft content, including reports, session outlines and supporting analysis, is reviewed, edited and finalised by a qualified practitioner before being released to you or used in program delivery. The practitioner applies professional judgement and may substantially revise, supplement or override AI-generated content.
• Participant inputs during AI practice simulations are processed in real time to generate feedback and coaching responses. Session transcripts and related data are retained as part of the participant’s account and follow the same retention schedule described in Section 7 (archive at 6 months of inactivity, anonymise at 12 months).
• No automated decisions with legal or similarly significant effects are made solely by AI. AI output is advisory and informational only.

For further detail on our approach to responsible AI use, please refer to our AI Use & Ethics Statement, available on our website.

‍

7. Data Retention

Platform accounts

We apply the following automated data-retention schedule to individual user accounts on the Known By Name platform:

• 6 months of inactivity — Archive: Accounts that have not been accessed for six months are automatically archived. Archived users cannot log in but their data remains intact. An administrator can restore an archived account at any time.
• 12 months of inactivity — Anonymise: Accounts inactive for twelve months are permanently anonymised. All personal identifiers (name, email, phone, position, company and manager details) are removed and replaced with non-reversible placeholders. Assessment response data is retained in anonymised form for benchmarking purposes. This action cannot be undone.
• Reviewer data: Reviewer response data is linked to the assessment cycle of the person being assessed and follows the same retention schedule as that person’s account. Reviewer identifying information (name and email address) is anonymised on the same schedule as the associated account. Once anonymised, assessment responses are retained only in aggregate form for benchmarking purposes — specifically, to calculate organisational and industry score distributions that help contextualise individual results. Anonymisation is permanent and cannot be reversed. Reviewers may request deletion of their data independently of the assessment subject’s retention schedule (see Section 9).
• Deletion on request: You may request complete deletion of your data at any time by emailing us. Deletion requests are processed within 30 days.

Administrators may exempt specific accounts from automatic archival and anonymisation where there is a legitimate business need to retain access.

Session recordings

Recordings of virtual workshops, coaching sessions or other program activities are retained for a maximum of 12 months following the session date, or for the duration of the client engagement (whichever is longer), unless a different retention period is agreed in writing. Recordings are deleted once the retention period expires.

Non-platform data

For personal information collected outside the Platform (website enquiries, contact form submissions, CRM records, workshop registrations, email communications), we retain data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. We periodically review and delete records that are no longer needed.

‍

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information, as required by APP 11, including:

• Encryption of data in transit (HTTPS/TLS) and at rest.
• Password hashing using industry-standard algorithms (passwords are never stored in plaintext).
• Access controls restricting data to authorised personnel only.
• Audit logging of administrative and authentication events.
• Rate limiting and brute-force protection on authentication endpoints.
• Regular security reviews.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

‍

9. Your Rights

Under the Australian Privacy Principles and, where applicable, the GDPR, you have the following rights regarding your personal information:

• Access (APP 12): Request a copy of the personal data we hold about you.
• Correction (APP 13): Request that we correct inaccurate or incomplete data.
• Deletion: Request that we delete your personal data (subject to legal retention obligations).
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Unsubscribe: Opt out of notification emails at any time via the unsubscribe link in any email.

Assessment subjects

Assessment ratings submitted by reviewers are provided in aggregated form only. Individual reviewer responses are not disclosed to the person being assessed, in order to protect the confidentiality of the review process.

Reviewers

If you have submitted a review on the Known By Name platform, you may contact us to request access to, correction of, or deletion of the response data you provided. Please note that deletion of your responses may affect the integrity of the assessment report for the person you reviewed. Where a report has already been generated and released, we may not be able to retrospectively remove your contribution from the aggregated scores, but we will delete your identifying information and raw response data.

To exercise any of these rights, please contact us at info@catalystenablement.com.au. We will respond within 30 days.

‍

10. Complaints

If you believe we have breached the Australian Privacy Principles or are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner

Website: oaic.gov.au/privacy/privacy-complaints

Phone: 1300 363 992

For individuals in the UK or EEA, you may also lodge a complaint with your local data protection supervisory authority.

‍

11. Cookies

The Platform uses only essential session cookies required for authentication and security (e.g. session tokens, CSRF protection). We do not use advertising cookies, cross-site tracking or third-party analytics cookies on the Platform. Our marketing website (catalystenablement.com.au) does not use third-party analytics tracking scripts or advertising cookies.

‍

12. Cross-Border Disclosure (APP 8)

We are based in Australia. Your personal data may be disclosed to the following overseas recipients as part of operating our services:

• United States: Cloudflare (hosting), Resend (email), WorkOS (authentication), Anthropic, OpenAI and Google (AI processing), HubSpot (CRM) and Webflow (website hosting).

Where virtual sessions are recorded using a third-party video conferencing platform, recordings may be processed or stored in the jurisdiction where that provider operates.

We take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs. Each provider operates under contractual terms that require them to protect data to a standard comparable to the APPs.

‍

13. Children’s Privacy

Our services are intended for use by adults in professional workplace settings. We do not knowingly collect personal information from anyone under the age of 16.

‍

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a prominent notice on the Platform. The “last updated” date at the top of this page reflects when the policy was most recently revised.