Privacy Policy

This Privacy Policy explains how MCO Global Ltd collects, uses, and protects personal data when you use mcoglobal.com. We have written it to comply with the UK GDPR, the EU GDPR, and equivalent global standards.

1. Controller

The controller responsible for personal data processed through this Service is:

MCO Global Ltd
International House, 12 Constance Street
London E16 2DQ, United Kingdom
Company number 13761978
Email: privacy@mcoglobal.com

MCO Global Ltd has not appointed a Data Protection Officer because it is not legally required to do so. Privacy enquiries are handled directly by the contact above.

2. Personal data we collect

Information you provide directly

• Account data: name, email address, password (stored hashed), country of residence at signup.
• Payment data: processed by our payment providers (Stripe, PayPal). We do not store full card numbers on our servers; we receive a transaction reference and last-four digits only.
• Communication data: messages you send to support, survey responses, comments.

Information collected automatically

• Usage data: pages viewed, time on page, click events, referring URL, browser type, operating system, approximate location (city/country derived from IP).
• Technical data: IP address, device identifiers, log files, cookie identifiers.

3. Legal bases for processing (UK / EU)

We process personal data on the following legal bases under the UK GDPR and EU GDPR:

• Contract (Art. 6(1)(b)): to provide the Service to you as a member or registered user.
• Legitimate interest (Art. 6(1)(f)): to operate, secure, and improve the Service; to communicate with users about their accounts; to prevent fraud and abuse.
• Consent (Art. 6(1)(a)): for non-essential cookies, marketing emails, and any optional features that require consent.
• Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and other legal requirements.

4. How we use your data

• To provide the Service and process subscriptions
• To send transactional emails (account confirmation, billing, password reset)
• To send research updates and educational content where you have subscribed to such communications
• To respond to support requests
• To analyse Service usage and improve the product
• To protect against fraud and unauthorised access
• To comply with legal obligations

5. Data sharing

We do not sell personal data. We share data only with the following categories of recipient:

• Payment processors: Stripe (Stripe Payments Europe Ltd, Ireland) and PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg) for processing memberships and refunds.
• Email infrastructure: our transactional and marketing email providers for sending confirmation, billing, and content emails.
• Hosting and infrastructure: our website and database hosts.
• Professional advisers: our solicitors, accountants, and auditors, under confidentiality.
• Authorities: when required by law, court order, or to protect legal rights.

Analytics: we do not currently use any third-party analytics services (such as Google Analytics, Plausible, Fathom, or similar) on this site. We do not run a Meta Pixel, TikTok Pixel, or any other advertising tracking. If we introduce analytics in the future, this Policy will be updated and, where required, your prior consent will be obtained through the cookie banner before any non-essential tracking is activated.

6. International transfers

Some of our service providers are located outside the United Kingdom and European Economic Area. Where personal data is transferred to such jurisdictions, we rely on appropriate safeguards under Article 46 of the UK / EU GDPR, including the European Commission's Standard Contractual Clauses or the UK International Data Transfer Addendum, supplemented where necessary by additional technical and organisational measures.

7. Retention

We keep personal data only as long as necessary for the purposes set out above:

• Account data: for the duration of your account, plus up to 3 years after closure for legal and audit purposes.
• Billing records: for the statutory retention period required by tax law (typically 6 to 10 years in the UK).
• Marketing communications: until you unsubscribe, plus a short suppression period to ensure we honour your opt-out.
• Analytics data: we do not currently collect analytics data. Should we introduce analytics in the future, retention periods will be specified in this Policy at that point.
• Support messages: 3 years after the last interaction.

8. Your rights

Under the UK GDPR and EU GDPR you have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your data, subject to legal retention requirements.
• Restriction — ask us to limit processing while we verify a request.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest, including direct marketing.
• Withdraw consent — withdraw consent at any time where consent is the legal basis (this does not affect prior lawful processing).
• Complaint — lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or the data protection authority in your EU country of residence.

To exercise any of these rights, email privacy@mcoglobal.com. We will respond within one month. We may ask you to verify your identity before fulfilling the request.

9. California residents (CCPA / CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

• The right to know what personal information we collect about you and how we use it.
• The right to delete personal information we hold about you, subject to certain exceptions.
• The right to correct inaccurate personal information.
• The right to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA.
• The right to limit the use and disclosure of sensitive personal information.
• The right to be free from retaliation for exercising any of these rights.

To exercise your California rights, email privacy@mcoglobal.com.

10. Cookies and similar technologies

We use only technically necessary cookies and similar storage technologies to operate the Service and remember basic preferences (for example, that you have already dismissed the cookie notice). We do not currently run any analytics, advertising, or third-party tracking cookies of our own.

Embedded third-party content (for example Patreon for membership management or YouTube for video) may set its own cookies when actively loaded. For full information on which cookies are used and how to manage them, see our Cookie Policy.

11. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Security

We use industry-standard technical and organisational measures to protect personal data, including encryption in transit (TLS), encryption at rest for sensitive fields, access controls, logging, and regular review of security practices. No system is perfectly secure; we cannot guarantee absolute security but we take it seriously.

13. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified by email to registered users and posted on this page at least 14 days before they take effect. The "last updated" date below indicates when this Policy was last revised.

14. Contact

For privacy questions, requests, or complaints, contact:

MCO Global Ltd
Privacy Team
International House, 12 Constance Street
London E16 2DQ, United Kingdom
privacy@mcoglobal.com

Last updated: May 2026