Data Processing Agreement 

Cat Media Data Processing Statement


This Data Processing Statement outlines the practices employed by Cat Media Ltd ("Cat Media," "we", "us", "our") when acting as a data processor for our clients, who are the data controllers. This statement applies when we process personal data on behalf of our clients, which may involve extracting data from various client-controlled tools and platforms, including HubSpot, Microsoft, Google, ZoomInfo, and others.

If you have additional questions or require more information about our Data Processing Statement, do not hesitate to contact us.


  • Data Controller: The entity which determines the purposes and means of the processing of personal data.
  • Data Processor: Cat Media Ltd, which processes personal data on behalf of the data controller.
  • Personal Data: Any information relating to an identified or identifiable natural person.


A "processor" is an individual or organization that processes personal data on behalf of a controller. Cat Media Ltd acts as a designated processor, handling data processing activities as instructed by our clients, who are the data controllers. In these circumstances, we do not determine the purposes for which or the manner in which personal data is processed. This role is strictly limited to managing data in accordance with the directions provided by our clients and in compliance with our agreement. Our responsibilities and activities as processors are governed by specified instructions from our clients, adhering to legal standards set forth in data protection laws such as the UK-GDPR and the EU GDPR. 

1. Data Collection

We process personal data as directed by our clients and strictly for the purpose of providing agreed services, which may include CRM management, data analytics, marketing support, and other related services. The specific types of data processed and the processing activities involved are individual service agreements with each client.

When we process personal data to provide our services. These activities include:

  • Formatting and Importing Lists into CRM: To manage customer relationships effectively.
  • Data Deduplication: To ensure the accuracy and uniqueness of data.
  • Support Services: To assist our customers with their queries and service-related issues.
  • AI Algorithm Usage: Leveraging advanced AI-powered tools by Microsoft Azure Cognitive Services for analytics and service improvement.

How do we collect your data?

We receive personal data directly from our clients, who are responsible for obtaining the data in compliance with applicable data protection laws. Cat Media is granted access to records that may identify individuals by name, email address, and company and include other personal data, all of which are to be treated as confidential. For instance, as HubSpot Solution Partners, our services might include accessing and extracting data via exports, API calls, or webhooks from our clients’ HubSpot accounts under the client's explicit instructions throughout the duration of the contracted work. We do not use or process the data for any purpose other than fulfilling our contractual obligations as explicitly defined by our client.

2. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Consent: We may process data if consent has been provided.
  • Contractual Necessity: Processing is necessary for the performance of a contract or to enter into a contract.
  • Legal Obligation: Processing is necessary to comply with our legal obligations.
  • Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless these interests are overridden by the rights and freedoms of the data subjects.

The personal data extracted is used exclusively for the purposes specified by our clients, which typically include CRM management, marketing campaigns, customer support, and data analytics services. All processing activities are performed based on documented instructions from our clients and are aligned with the specific service agreements in place.

Cat Media will process the personal data solely based on documented instructions from our customers, including any data transfer instructions to a third country or international organization unless compelled by domestic law. If such a situation arises, we will inform our clients of the legal requirement before processing, unless prohibited by law, for important grounds of public interest.

Cat Media will ensure that all personnel authorised to process personal data are committed to confidentiality or are under statutory obligations of confidentiality.

3. Data Storage and Security

How do we store your data?

Extracted data is stored temporarily in our secure systems when necessary for processing, after which it is either returned to the client or securely deleted, as per contractual agreements.

Cat Media Ltd securely stores your data at:

  • HubSpot CRM software HubSpot, Inc., HubSpot Ireland Limited, and the HubSpot affiliates listed in Annex 4 to the Data Processing Agreement) Visit HubSpot's Privacy Policy to learn more. HubSpot CRM is used for longer-term data storage for ongoing customer relationship management.
  • Microsoft Business Cloud, Office 365, inclusive of OneDrive and SharePoint, in accordance with Microsoft GDPR compliance. Visit Microsoft's Privacy Policy to learn more. Personal data is temporarily stored on SharePoint when applicable, utilising strong encryption protocols to ensure data security.
  • Microsoft Azure Cloud, in accordance with an extensive range of national, regional, and industry-specific legislative requirements and security standards, the Microsoft Azure Cloud Platform maintains strict compliance with such regulations, including, inter alia, SOC 2, ISO 27001, and multiple additional standards.

We aim to process and store your personal data in the European Union (EU) or in the United Kingdom (UK), but this isn’t always possible; thus, we may occasionally process, store, and transfer your personal data to service providers located in a country outside of the EU/UK. Whenever we transfer personal data out of the EU/UK, we ensure a similar degree of protection is afforded to it by ensuring one of the following safeguards is implemented:  

•    We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data and
•    Where we use certain service providers, we may use specific contracts such as standard contractual clauses approved for use in the  EU/UK which give personal data the same protection it has in the UK. For example, the use of Article 46 UK and EU GDPR safeguard mechanisms to transfer personal data to “third countries” endorsed by the UK Government or European Commission.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EU/UK.

Data Security

Cat Media guarantees that appropriate security measures, as required by Article 32 of the UK-GDPR and EU-GDPR, are in place to meet the regulations and protect the rights of data subjects.

Our security measures include:

  • We implement robust security measures, including encryption, access control, and secure data transfer protocols to protect data against unauthorised access, alteration, or destruction.
  • Regular security assessments and audits are conducted to ensure the ongoing effectiveness of our security practices.
  • Implementation of data anonymization techniques where feasible.
  • Comprehensive training for all employees on data protection.
  • Continuous monitoring and incident response plans are in place to address potential data breaches swiftly and effectively.

Learn more about Cat Media's Data Security. 

4. Sub-processors and Third-party Sharing

In addition to our primary partners, HubSpot and Microsoft, we might share data with selected third parties that help us provide and improve our services. Where sub-processors are used, they are subject to the same data protection obligations as Cat Media, and we remain responsible for their compliance. These partnerships are governed by strict data processing agreements that align with our data security standards and privacy commitments.  

Cat Media will inform clients of any intended changes concerning the addition or replacement of processors and provide an opportunity to object to such changes. We do not share the data with any third parties unless specified and authorised by the client in writing.

Full details of these third-party partnerships are available upon request.

5. Data Subject Rights 

As a data processor, we assist our clients in fulfilling their obligations to respond to requests for exercising data subject rights under data protection laws. This includes rights of access, correction, deletion, and data portability.

Requests from data subjects to exercise their rights should be directed to the data controller. However, we will support our clients in responding to such requests as specified in our service agreements.

6. Data Retention and Deletion

How long will we retain your data?

Cat Media retains personal data only for as long as necessary to fulfil the purposes for which it was collected or as specified by the client, as well as to comply with our legal obligations. For instance, contact information collected for marketing purposes is retained for a maximum of three years unless further engagement justifies extended retention.

Secure Deletion

We follow strict protocols to securely delete personal data when it is no longer needed. Data is permanently erased using industry-standard methods that ensure it cannot be reconstructed or retrieved. Upon completion of the processing or at the client's instruction, all personal data is securely deleted from our systems, and confirmation of deletion is provided to the client when required.

Clients can request the deletion of their data as per data protection rights. Data is also deleted in accordance with Cat Media’s data retention policy once it is no longer necessary for the purposes for which it was collected.

Clients can request data deletion by contacting our Data Protection Officer via

7. Compliance and Auditing

We ensure that all data processing practices comply with UK-GDPR, EU GDPR, and other relevant data protection regulations and continuously monitor and update our data processing practices to adhere to changes in data protection laws and best practices.

Cat Media will make available all information necessary to demonstrate compliance with the obligations laid out in this statement and allow for and contribute to audits by the client or an auditor mandated by the client. Cat Media will immediately inform clients if, in its opinion, an instruction infringes upon this Regulation or other domestic laws relating to data protection.

Changes to our Data Processing Statement

Cat Media keeps its Data Processing Statement under regular review and places any updates on this web page. This statement was last updated on 1 May 2024.

How to contact us

For further information about our data processing practices, or if you have any questions regarding this statement, please contact our Data Protection Officer at

Email us at:

Call us: (+353) 1 263 0390.

Or write to us by post: 111 The Academy Building, Park West Business Park, D12FF83, Dublin, Ireland.

How to contact the appropriate authority

Should you wish to report a complaint or if you feel that Cat Media has not addressed your concern adequately, you may contact the Information Commissioner's Office.


Ready to Grow Your Business?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam laoreet sapien sed efficitur elementum.