The Catalead Associates

Data Privacy Policy

Updated: January 2026

The Catalead Associates Ltd is committed to protecting the privacy, confidentiality, and security of personal data entrusted to us. This Policy explains how we collect, use, process, store, disclose, retain, and safeguard personal information across our website, leadership assessments, training programs, consultancy engagements, coaching services, events, research activities, and related digital platforms.

1. Introduction

  1. The Catalead Associates Ltd (hereinafter referred to as “The Catalead”, “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of personal data entrusted to us.
  2. This Privacy Policy sets out how we collect, process, store, disclose, retain, and safeguard personal information obtained through our website, leadership assessments, training programs, consultancy engagements, coaching services, events, research activities, and related digital platforms.
  3. This Policy reflects our commitment to lawful, fair, transparent, and accountable data processing in accordance with Kenyan data protection laws and recognized international data-protection standards.
  4. By accessing or using our services, you acknowledge and consent to the practices described in this Privacy Policy.

2. Applicable Legal and Regulatory Framework

The Catalead processes personal data in compliance with the following frameworks, as applicable:

2.1 Kenyan Law

  1. Kenya Data Protection Act, 2019
  2. Regulations, directives, and guidance issued by the Office of the Data Protection Commissioner (ODPC)

2.2 International Data Protection Standards

Where services involve cross-border participants, international partners, or global digital platforms, The Catalead aligns its practices with internationally accepted principles, including:

  1. General Data Protection Regulation (GDPR) principles (EU/UK), where applicable
  2. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
  3. ISO/IEC 27001 information-security best-practice principles (as guidance)

3. Scope of This Policy

This Privacy Policy applies to:

  1. Website visitors
  2. Assessment participants (including 360-degree assessments)
  3. Training and coaching clients
  4. Consultancy clients
  5. Event and workshop participants
  6. Institutional and organizational partners
  7. Training, coaching, and consultancy facilitators

4. Categories of Personal Data Collected

4.1 Identification and Contact Information

  1. Full name
  2. Gender and marital status
  3. Email address
  4. Telephone number
  5. Organization, role, and sector
  6. Country or region

4.2 Assessment and Program Data

  1. Assessment responses and ratings
  2. Factor scores, indices, diagnostics, and reports
  3. Participation records and timestamps
  4. Qualitative feedback and reflections
  5. Individual or group photo, video, and audio materials

4.3 Technical and Usage Data

  1. IP address
  2. Browser and device information
  3. Cookies, session logs, and usage analytics

5. Purposes of Data Processing

Personal data is collected and processed strictly for legitimate professional purposes, including to:

  1. Deliver leadership assessments, diagnostics, and reports
  2. Administer leadership training, coaching, and consultancy services
  3. Communicate reports, program materials, and service updates
  4. Improve tools, methodologies, and user experience
  5. Conduct anonymized research, benchmarking, and longitudinal leadership analysis
  6. Meet legal, regulatory, and operational obligations

The Catalead does not sell, rent, or trade personal data.

6. Lawful Basis for Processing

Personal data is processed on one or more of the following lawful bases, as recognized under Kenyan and applicable international data-protection regimes:

  1. Explicit consent of the data subject
  2. Performance of a contract or provision of requested services
  3. Compliance with legal or regulatory obligations
  4. Legitimate interests related to leadership development, organizational effectiveness, and research, provided such interests do not override the rights and freedoms of data subjects

7. Confidentiality, Anonymity, and Ethical Use

  1. Individual assessment responses are treated as strictly confidential.
  2. Multi-rater and 360-degree assessments are anonymized by design.
  3. Reports shared with organizations are aggregated or disclosed only where contractually agreed and clearly communicated to participants.
  4. Assessment data is not intended for disciplinary, punitive, or employment-termination decisions unless explicitly agreed in writing.

8. Data Sharing and Disclosure

8.1 Personal data may be shared only:

  1. With vetted service providers (e.g., hosting, email delivery, analytics) under confidentiality and data-protection obligations
  2. With commissioning organizations, only where disclosure is contractually agreed and disclosed to participants
  3. Where required by law, court order, or lawful authority

8.2

All third parties are required to maintain appropriate data-protection and security safeguards.

9. Cross-Border Data Transfers

Where personal data is transferred outside Kenya, The Catalead ensures that appropriate safeguards are in place to protect such data, including contractual protections and adherence to recognized international data-protection standards, in accordance with the Kenya Data Protection Act and applicable international frameworks.

10. Data Security Measures

10.1 The Catalead implements reasonable technical and organizational safeguards, including:

  1. Secure hosting environments
  2. Role-based and password-protected access controls
  3. Restricted administrative privileges
  4. Secure storage and transmission of files and reports

10.2

While no system can guarantee absolute security, we continuously maintain and review safeguards to reduce risk.

11. Data Retention

  1. Personal data is retained only for as long as necessary to fulfil the purposes outlined in this Policy.
  2. Assessment and program data may be retained for longitudinal leadership development, benchmarking, or research in anonymized or aggregated form.
  3. Data is securely deleted or anonymized when no longer required.

12. Data Subject Rights

12.1 In accordance with the Kenya Data Protection Act and applicable international standards, data subjects have the right to:

  1. Access their personal data
  2. Request correction of inaccurate or incomplete information
  3. Request deletion or restriction of processing
  4. Withdraw consent where processing is consent-based
  5. Object to certain processing activities

12.2

Requests may be submitted using the contact details below.

13. Cookies and Tracking Technologies

Cookies and similar technologies may be used to enhance website functionality and analytics. Users may disable cookies through browser settings, subject to potential limitations in functionality.

14. Children’s Data

  1. The Catalead’s services are intended for professionals and adults. We do not knowingly collect personal data from individuals under the age of 18.
  2. Where data for underage persons need to be collected, it shall be with the consent of the parent or guardian of the child.

15. Policy Updates

This Privacy Policy may be updated periodically. Any changes will be published on our website with a revised effective date.

16. Data Protection Contact

For questions, requests, or concerns regarding this Privacy Policy or the processing of personal data, please contact:

Email: admin@thecatalead.com

Organization: The Catalead Associates Ltd

Website: www.thecatalead.com

© The Catalead Associates Ltd. All rights reserved.