Privacy & Terms

How we collect, use, and protect your data, plus the terms that govern using Catalitium.

Version 2.0 • Last updated: April 2026 • Catalitium, Madrid (Spain)

Changelog

v2.0 (April 2026): Swiss nDSG section added; GDPR Art. 13 retention table; Controller Identity block; CMP references corrected; contact email unified; DSR link added.
v1.0 (November 2025): Initial policy publication.

Privacy Policy (EU/UK/CH-first)

How Catalitium processes personal data for candidates, employers, and visitors.

Controller Identity

Trading name:: Catalitium
Operating location:: Madrid, Spain
Legal status:: Pre-incorporation sole trader. Company registration in progress.
Lead supervisory authority:: AEPD — Agencia Española de Protección de Datos
Primary contact:: catalitium@outlook.com

This page will be updated with full company registration details (CIF/NIF) upon incorporation. Until then, Catalitium operates as a sole trader under Spanish law.

Controller & Contacts

Controller: Catalitium, Chamartin Madrid, Spain.
Privacy email: catalitium@outlook.com. Single point of contact (DSA/notice): catalitium@outlook.com.

What we collect

Identifiers & contact: name, email, phone, region, account IDs.
Candidate data: CV/resume, work/education history, skills, links, preferences, messages.
Employer contact & billing: role, company, team members, invoicing details.
Usage & device: IP address, browser/device, page interactions, searches (aggregated).
Support & safety: reports/flags and verification data where needed.

We do not intentionally collect special categories of data. Please avoid including sensitive data in your CV or job posts.

Sources

Directly from you, from your use of our services (logs), from employers you interact with, and from lawful public sources (e.g., professional profiles).

Purposes & Legal Bases (GDPR)

Provide services & accounts (Art. 6(1)(b)).
Matching & recommendations (Art. 6(1)(b)/(f)).
Safety & abuse prevention (Art. 6(1)(f)).
Analytics & improvement using aggregated, non-cookie metrics (Art. 6(1)(f)).
Marketing with your consent or legitimate interests as permitted (Art. 6(1)(a)/(f)); opt-out anytime.
Legal obligations (Art. 6(1)(c)) and defending claims (Art. 6(1)(f)).

Cookies & Consent

We use cookies and similar technologies to operate the site, measure performance, and serve relevant advertising. Your consent is requested via our cookie consent banner before any non-essential cookies are set. You can change or withdraw your consent at any time using the link in our footer. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

Google AdSense disclosure: Google, as a third-party vendor, uses cookies to serve ads on our site. Google’s use of advertising cookies enables it to serve ads to users based on their visit to our site and other sites on the Internet. You may opt out of personalised advertising by visiting Google Ads Settings, or by opting out of a third-party vendor’s use of cookies via the NAI opt-out page.

The full declaration of cookies set on this site is shown in the table above, updated automatically by our consent platform. You can also inspect cookies at any time via your browser’s developer tools.

Disclosures

Service providers (processors): hosting, storage, emails, support, analytics (bound by contract).
Employers/recruiters: when you apply or explicitly direct us to share your profile.
Affiliates & corporate transactions: as needed, with safeguards.
Legal: to comply with law or protect rights, safety, and security.

We do not sell personal data or share it for cross-context behavioral advertising.

International transfers

If personal data leaves the EEA/UK/CH, we rely on Standard Contractual Clauses and, where necessary, supplementary measures. You can request details at catalitium@outlook.com.

Retention (Art. 13 GDPR)

We keep personal data only as long as necessary for the stated purpose or as required by law, then delete or anonymise it.

Purpose	Legal Basis	Data Type	Retention Period	Deletion Method
Account & profile	Contract (Art. 6(1)(b))	Name, email, CV, preferences	Life of account + 30 days after deletion request	Secure deletion / anonymisation
Job applications	Contract / Legitimate interest (Art. 6(1)(b)/(f))	CV, cover letter, messages	24 months after last activity	Secure deletion
Invoicing & billing	Legal obligation (Art. 6(1)(c))	Name, address, payment reference	7 years (Spanish tax law)	Archival then secure deletion
Analytics (aggregated)	Legitimate interest (Art. 6(1)(f))	Anonymised usage metrics	26 months (Google Analytics default)	Auto-expiry via Google Analytics
Subscription / marketing emails	Consent (Art. 6(1)(a))	Email address, opt-in record	Until unsubscribe + 3 years (proof of consent)	Suppression list retained; data deleted
Server & security logs	Legitimate interest (Art. 6(1)(f))	IP address, user-agent, timestamps	90 days	Automatic log rotation / deletion

Security

Encryption in transit, access controls, least-privilege, logging, backups, and staff training. No system is perfect: use strong passwords and protect your devices.

Your rights (EEA/UK/CH)

You may request access, rectification, erasure, restriction, portability, and object to processing; you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. Email catalitium@outlook.com. You can also lodge a complaint with the AEPD (Spain) or your local authority.

To submit a formal Data Subject Request (DSR), use our contact form and include your request type (access, erasure, portability, etc.). We respond within 30 days.

Terms & Conditions

These terms govern your use of Catalitium services and content.

Acceptance & Eligibility

By using Catalitium, you agree to these Terms. You must be 16+ (or older where local law requires). If you’re using Catalitium for a company, you’re binding that company to these Terms.

License & Ownership

We grant a personal, revocable, non-exclusive, non-transferable license to use the site for lawful purposes. All site content is owned by Catalitium or its licensors. No scraping, harvesting, reverse engineering, or resale without written permission. Do not frame or mirror our pages without consent. Standard search engine indexing is permitted.

User Content

If you post or submit content (jobs, profiles, messages), you grant Catalitium a worldwide, royalty-free license to host, reproduce, and display it to operate, improve, and promote the services. You are responsible for your content and affirm you have the rights to post it and that it’s lawful, accurate, and non-infringing. We may remove content at our discretion.

Employers & Recruiters

Use employer tools only for legitimate hiring. Follow all applicable laws (anti-discrimination, labor, data protection). Paid features may carry additional terms. Unless a separate written agreement states otherwise, Catalitium is not your agent and does not guarantee job applicants or outcomes.

Important Disclaimers

We aggregate jobs and compensation signals from multiple sources; details can change and may be approximate.
Catalitium is not the employer for third-party listings. Verify all details with the employer.
Salary insights are estimates, not offers or guarantees.

Prohibited Conduct

Automated crawling or scraping without written consent.
Uploading malware, spam, or unlawful content; impersonation; harvesting personal data.
Interfering with security or access controls.

No Professional Advice

We do not provide legal, tax, immigration, or financial advice. Any information is general only; seek your own professional advice.

Warranty Disclaimer

The services are provided “as is” and “as available,” without warranties of any kind (including accuracy, non-infringement, merchantability, fitness for a particular purpose, or availability).

Liability Cap

To the maximum extent permitted by law, Catalitium and its affiliates will not be liable for indirect, incidental, consequential, special, or punitive damages, or lost profits, data, goodwill, or revenue. Our aggregate liability for all claims in any 12-month period will not exceed the greater of EUR 100 or the amounts you paid to us for the service giving rise to the claim. Nothing excludes liability that cannot be excluded by law.

Indemnity

You agree to defend, indemnify, and hold harmless Catalitium from claims arising out of your content, your use of the services, or your breach of these Terms or law.

Termination

We may suspend or terminate access for violation of these Terms or law, or to protect the service or users. Provisions that should survive termination do survive (ownership, disclaimers, limits, dispute resolution).

Governing Law & Venue (Spain)

These Terms are governed by Spanish law. Exclusive venue is in the courts of Madrid, Spain, except where mandatory consumer protections allow proceedings in your country of residence. EU consumers may also use the EU Online Dispute Resolution platform.

Changes

We may update these Terms and will post the “Last updated” date above. Continued use after changes means acceptance.

Data Processing Addendum (DPA)

Applies where Catalitium processes personal data on behalf of an Employer Customer (the “Controller”).

1. Scope & Parties

This DPA forms part of the agreement between the Controller and Catalitium (“Processor”). It governs Processor’s handling of personal data on behalf of Controller in connection with employer tools (e.g., applicant intake, job distribution, messaging).

2. Processing Details

Subject matter: Candidate and hiring-related data processed to provide the services.
Duration: For the term of the underlying agreement and up to 90 days thereafter for secure wind-down unless law requires longer retention.
Nature & purpose: Collection, storage, transmission, filtering, matching, communication, analytics, and support.
Data types: Identifiers, contact details, CV/resume, work/education history, role preferences, screening responses, communications metadata, and logs.
Data subjects: Candidates, hiring team members, and authorized users.

3. Processor Obligations

Process personal data only on documented instructions from Controller, including with respect to transfers.
Ensure personnel are bound by confidentiality obligations.
Implement appropriate technical and organizational measures (see Security below).
Assist Controller with data subject requests, security, DPIAs, and consultations, considering the nature of processing.
Delete or return personal data at termination, unless law requires storage.
Maintain records of processing activities as required by law.

4. Sub-processors

Controller authorizes Processor to use sub-processors for hosting, storage, communications, support, and related functions. Processor will maintain a current list upon request from catalitium@outlook.com, and will notify Controller of material changes, giving a right to object on reasonable grounds within 10 days.

5. International Transfers

Where personal data is transferred outside the EEA/UK/CH, the parties incorporate the EU Standard Contractual Clauses (Commission Decision (EU) 2021/914, Module 2) and, where applicable, the UK Addendum. Supplementary measures will be applied as necessary to ensure an essentially equivalent level of protection.

6. Security Measures

Encryption in transit; encryption or equivalent safeguards for data at rest.
Access controls, MFA for privileged access, least-privilege, and role-based permissions.
Segregation of environments, secure SDLC, vulnerability management, and logging/monitoring.
Backups and disaster recovery procedures, periodic testing.
Personnel security awareness and confidentiality obligations.

7. Incident Management

Processor will notify Controller without undue delay (and in any event where feasible within 72 hours) upon becoming aware of a personal data breach affecting Controller’s data, providing details and cooperation.

8. Audits

Upon reasonable prior written notice up to once per 12-month period (or after a material incident), Processor will make available relevant information and allow audits by Controller or an independent auditor under confidentiality. Audits shall minimize disruption and protect Processor’s and other customers’ data. Controller bears audit costs.

9. Liability & Precedence

Each party remains responsible for its own compliance and for damages caused by its breach of this DPA. Liability caps and exclusions in the main agreement apply to this DPA to the extent permitted by law. In case of conflict between this DPA and the main agreement on data protection issues, this DPA prevails.

Swiss nDSG Supplement

Additional disclosures required under Switzerland's Federal Act on Data Protection (nDSG / revDSG), effective 1 September 2023.

Supervisory Authority

For data subjects in Switzerland, the competent supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC / PFPDT), Feldeggweg 1, CH-3003 Berne, Switzerland. You have the right to lodge a complaint with the FDPIC if you believe your data rights have been violated.

Data Subject Rights under nDSG (Art. 25–27)

Right of access (Art. 25): You may request confirmation of whether we process your personal data and obtain a copy.
Right to rectification: You may request correction of inaccurate data.
Right to erasure / restriction (Art. 25): You may request deletion or restriction of processing where the legal basis no longer applies.
Right to data portability: Where processing is automated and based on consent or contract, you may request your data in a structured, machine-readable format.
Right to object (Art. 27): You may object to processing based on legitimate interests; we will cease unless we can demonstrate compelling legitimate grounds.

To exercise these rights, email catalitium@outlook.com. We respond within 30 days.

Representative in Switzerland

Catalitium operates from Spain (EEA). We do not currently maintain a designated local representative in Switzerland under Art. 14 nDSG. Where Swiss-resident users' data is processed on a large scale, we will appoint a representative and update this section accordingly. For all enquiries in the meantime, contact us directly at catalitium@outlook.com.

Data Protection Impact Assessments (DPIA)

Where processing is likely to result in a high risk to the rights and freedoms of natural persons (including Swiss residents), Catalitium carries out a Data Protection Impact Assessment prior to initiating such processing. DPIAs are reviewed annually or when processing activities materially change.

Disclaimer

Read this before you rely on job listings, salary insights, or AI-assisted features.

No Guarantee of Outcomes

Listings and insights are informational only. We don’t guarantee job availability, compensation, benefits, visas, or hiring outcomes. Always verify details with the employer.

AI-Assisted Outputs

Summaries and recommendations may be partially automated and can contain errors. Review originals and use independent judgment.

Third-Party Sites

We are not responsible for third-party sites, tools, or content. Your dealings with them are solely between you and those parties.

Notices & Contact

Legal & Terms: catalitium@outlook.com
Privacy & Data Rights: catalitium@outlook.com
DSA/Notice & Takedown: catalitium@outlook.com

To report alleged IP infringement, email catalitium@outlook.com with (i) the work/right claimed infringed, (ii) the URL of the material, (iii) your contact details, and (iv) a good-faith statement of lack of authorization. We act expeditiously and may suspend repeat infringers.