Privacy Policy

Last updated: January 12 2026

 

Summary

 

• Scope and commitment: This policy explains how MCP Consultancies (“we”, “our” or “us”) collects, uses, stores and discloses personal data when you interact with our website and services.
• Regulatory framework: We are based in Grenada but serve a global client base. We process data in accordance with applicable laws, including the EU General Data Protection Regulation (GDPR), United Kingdom data protection law, California’s Consumer Privacy Act and Privacy Rights Act (CCPA/CPRA) and other relevant laws. The CPRA requires businesses to allow consumers to opt out of the sale or sharing of personal information via a clear “Do Not Sell or Share My Personal Information” mechanism. The CPRA/CCPA uses an opt‑out model rather than the strict opt‑in requirement under GDPR.
• Data collection: We collect both non‑identifying log data and identifying personal data (such as name, email, address, payment details). We limit collection of sensitive personal data and obtain explicit consent where required.
• Use of data: Data is used to provide services, maintain our website, communicate with you, improve marketing, and comply with our legal obligations.
• Rights and choices: You have the right to access, correct, delete, restrict or object to our use of your personal data. Under the CPRA/CCPA you can opt out of the sale or sharing of personal information and limit the use of sensitive personal information. We honour Global Privacy Control (GPC) signals and other browser‑based opt‑out mechanisms.
• Cookies and tracking: We use cookies and similar technologies for analytics, marketing and site functionality. You can manage your preferences via our cookie banner and can opt out of non‑essential cookies.
• International transfers: Personal data may be transferred to and processed in countries outside your jurisdiction. We use contractual safeguards (such as EU Standard Contractual Clauses) and other mechanisms to ensure adequate protection.
• Children’s privacy: We do not knowingly collect data from children. Parents or guardians should contact us if they believe a child under 13 (or 16 for EU residents) has provided personal data.

By using our services, you agree to the terms of this policy. You may contact us using the details at the end of this document for any questions or requests.

 

1. Information We Collect

 

1.1 Non‑identifying data

When you visit our website, our servers record standard information provided by your browser or device. This may include:

• Internet Protocol (IP) address, browser type and version, operating system and device type;
• the pages you visit, the date and time of each visit, and the referring page;
• technical data about your device (such as unique identifiers, device settings and approximate location).

This information is considered non‑identifying because it does not directly identify you. We use it to administer our website, analyse trends and improve our services.

 

1.2 Identifying personal data

We may ask you to provide personal data so we can deliver our services. Depending on your interactions with us, this may include:

• Contact details: name, email address, telephone number and mailing addresses;
• Professional information: business name and role;
• Account information: username, password or authentication credentials;
• Payment details: billing information and transaction details when purchasing our services;
• Marketing preferences: your consent choices and communication preferences;
• Social media profiles or other information you provide voluntarily.

We only request information that is necessary for the purposes described in this policy. We do not intentionally collect sensitive personal data (e.g., health or biometric data) or government‑issued identifiers. If we need to process sensitive data for a specific purpose, we will obtain your explicit consent and provide additional safeguards.

 

1.3 Information from third parties

We may receive information about you from third‑party services, such as analytics providers, advertising partners, social media platforms and payment processors. These third parties may collect information on our behalf when you use our site. We ensure they process data only in accordance with our instructions and applicable laws.

 

2. How We Collect Information

We collect personal data through:

• Direct interactions: you provide information when you fill out forms, sign up for newsletters, contact us, or purchase our services.
• Automated technologies: we and our partners use cookies, pixels, and similar technologies to collect technical and usage data when you browse our site (see Section 6).
• Third‑party integrations: our website integrates with third‑party platforms (e.g., Google Analytics, HubSpot, Meetricule, payment gateways) that may collect information on our behalf.

All data is collected by lawful means and with your knowledge. You can choose not to provide certain information; however, this may affect our ability to provide some services.

 

3. Legal Basis for Processing (GDPR & Other Laws)

Under the GDPR and similar laws, we must have a legal basis to process your personal data. We rely on the following bases:

• Consent: You have given clear consent for us to process your personal data for a specific purpose. For example, we obtain consent for marketing communications and non‑essential cookies.
• Contractual necessity: Processing is necessary to deliver the services you request or to enter into a contract with you.
• Legitimate interests: We have a legitimate interest in processing your data for purposes that do not override your rights and freedoms, such as improving our website or protecting our business from fraud. The CPRA/CCPA allows data collection under an opt‑out model; we provide mechanisms to opt out of the sale or sharing of data.
• Legal obligations: We process data to comply with our legal or regulatory obligations (e.g., accounting, tax, record‑keeping, responding to lawful requests).
• Vital interests and public tasks: In rare situations, we may process data to protect someone’s life or perform a public task.

   

   

  4. Use of Information

  We use personal data for the following purposes:

  1. Service delivery and administration: to provide our consulting and marketing services, process transactions, manage accounts and respond to inquiries.
  2. Communication: to send service‑related messages, updates, invoices, and security alerts. With your consent, we may send marketing communications about our services and industry insights. You can unsubscribe at any time.
  3. Analytics and performance: to analyse usage patterns and improve the functionality and performance of our site. We may combine non‑identifying information with personal data to understand how users interact with our services.
  4. Marketing and advertising: to personalise content and advertising on our site and other platforms. Where required by law (such as CPRA/CCPA), we provide an opt‑out for targeted advertising.
  5. Compliance and risk management: to comply with legal obligations, enforce our terms and policies, resolve disputes, and protect our rights and the rights of others.
  6. Emerging technologies: when we develop or deploy artificial‑intelligence‑enabled tools to assist with marketing analytics or optimisation, we will ensure compliance with the EU AI Act’s risk‑based requirements, including transparency, human oversight and data governance.

  We may anonymise or aggregate data so it no longer identifies individuals. We may use and share such information for any lawful purpose.

   

  5. Data Sharing and Disclosure

  We do not sell or rent your personal data to third parties. We only share data as described below:

  • Service providers: We engage trusted vendors (e.g., cloud hosting, analytics, payment processors, email service providers) to perform services on our behalf. They may access personal data only to the extent necessary and are bound by contracts to protect it.
  • Advertising and analytics partners: We partner with marketing platforms (e.g., Google Ads, Meta Platforms) that may collect information through cookies and similar technologies. Under the CPRA/CCPA, these partners may be considered “service providers” or “third parties.” We provide mechanisms to opt out of the sale or sharing of personal information and sensitive personal information.
  • Affiliates and consultants: We may share information with our affiliates or external consultants who assist us with service development, auditing or legal compliance. Access is limited to what is required and only for the duration needed.
  • Business transfers: If we merge, sell or transfer some or all of our assets, your data may be transferred. We will inform you and ensure any successor entity continues to honour this policy.
  • Legal and regulatory authorities: We may disclose data if required by law or in response to valid requests (e.g., court orders). We strive to limit requests that we believe are overly broad or unrelated to their stated purpose and will only share what is necessary. We may also disclose information to enforce our rights, protect your safety or the safety of others, or investigate fraud or misconduct.

     

    6. Cookies, Tracking Technologies and Opt‑Outs

     

    6.1 Use of cookies and similar technologies

    We use cookies, pixels, scripts and similar technologies to:

    • recognise returning visitors;
    • remember your preferences and settings;
    • analyse site performance and usage patterns;
    • deliver personalised content and advertising.

    Some cookies are necessary for the operation of our site (“strictly necessary” cookies). Others are used for analytics and marketing. When you first visit our site, a banner will prompt you to manage your cookie preferences. You can choose to accept all cookies, reject non‑essential cookies, or customise your choices. You can also change your preferences at any time via the “Cookie Preferences” link on our site.

     

    6.2 Do Not Sell or Share and GPC signals

    The CPRA/CCPA requires us to offer consumers a clear option to opt out of the sale or sharing of personal information. We provide a “Do Not Sell or Share My Personal Information” link and a “Limit the Use of My Sensitive Personal Information” mechanism in our cookie banner and privacy settings.

    Starting in 2025, the CPRA mandates that businesses honour Global Privacy Control (GPC) signals, which automatically communicate a consumer’s opt‑out choice via their browser. We detect and respect GPC signals, applying opt‑out preferences across all advertising and analytics activities without requiring additional action from you.

    We do not use dark patterns or manipulative designs to discourage you from exercising your choices; regulators have increased enforcement against confusing opt‑out interfaces.

     

    7. International Data Transfers

    We are based in Grenada but may transfer, store and process your personal data in other countries (e.g., where our service providers are located). These countries may have different data protection laws than your jurisdiction.

    When transferring personal data, we implement appropriate safeguards, such as:

    • Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner to protect data transferred outside the European Economic Area or UK;
    • Data processing agreements requiring recipients to protect personal data according to applicable laws;
    • Technical and organisational measures (encryption, pseudonymisation, access controls, security audits).

    We will ensure any international transfers comply with relevant laws, including the EU Data Act’s requirements for data portability and safeguards for intellectual property.

     

    8. Data Retention and Security

     

    8.1 Retention

    We retain personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law. When data is no longer needed, we will delete or anonymise it. If you request deletion of your data, we will honour your request unless retention is required by law.

     

    8.2 Security measures

    We employ technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration or destruction. These measures include encryption, access controls, secure coding practices, regular security assessments, staff training and incident response plans. While we strive to use commercially acceptable means to protect your personal data, no method of transmission or storage is completely secure. We comply with applicable cybersecurity regulations, such as the EU Digital Operational Resilience Act (DORA) and NIS2 Directive, which emphasise incident reporting, resilience testing and third‑party risk management.

     

    9. Your Rights

    Depending on your location and the laws that apply, you may have the following rights:

    1. Right of access: Obtain confirmation of whether we process your personal data and request a copy.
    2. Right to rectification: Correct inaccurate or incomplete personal data.
    3. Right to erasure: Request deletion of your personal data when it is no longer necessary or where we have no legal basis to continue processing it.
    4. Right to restriction: Ask us to temporarily restrict processing if you contest the accuracy of your data, believe processing is unlawful, or need the data for legal claims.
    5. Right to object: Object to processing based on our legitimate interests or for direct marketing; we will stop processing unless we have compelling legitimate grounds. Under the CPRA/CCPA, you can opt out of the sale or sharing of personal information and limit the use of sensitive personal information.
    6. Right to data portability: Receive your personal data in a structured, commonly used and machine‑readable format and transmit it to another controller. This right extends to data covered by the EU Data Act.
    7. Right to withdraw consent: Withdraw consent at any time where processing is based on consent; this will not affect prior lawful processing.
    8. Rights related to automated decision‑making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal or similarly significant effects on you. If we use AI systems in our services, we will provide meaningful information about the logic involved and the significance of the processing.

    To exercise any of these rights, please contact us using the details in Section 11. We will respond in accordance with applicable laws. If you are not satisfied with our response, you may lodge a complaint with your local data protection authority.

     

    10. Children’s Privacy

    Our services are not directed to children under the age of 13 (or 16 in the European Economic Area and UK). We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us so we can delete the information. For services targeted to minors, we comply with the U.S. Children’s Online Privacy Protection Act (COPPA) and relevant international regulations.

     

    11. Contact Us

    If you have any questions, concerns or requests regarding this policy or our data practices, please contact our Data Controller:

    MCP Consultancies
    Attn: Marcus Purcell
    Email: mpurcell@mcpconsultancies.com

    We will endeavour to respond to your request promptly and in any event within the time limits prescribed by applicable law.

     

    12. Changes to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, technologies or legal requirements. When we do, we will revise the “Last updated” date at the top of the policy and, if the changes are significant, provide a notice on our website or via email to registered users. Your continued use of our services after any changes indicates your acceptance of the updated policy.

    If we make changes that materially affect previously collected personal data, we will obtain your consent as required by law.