M3CA
Legal

Privacy Policy

Last updated 1 May 2026. Plain English version below the formal copy.

M3CA Ltd ("M3CA", "we", "us") is the data controller for personal information you provide when you use M3CATalent. This policy explains what we collect, why we collect it, how we use it, who we share it with, and how you can exercise your rights under the UK GDPR and the Data Protection Act 2018.

1. What we collect

  • Account information: name, email, phone, password hash, profile photo.
  • Verification documents: ID document images, right to work proof, professional qualifications.
  • Booking history, ratings, messages, and any media you upload to a job thread.
  • Payment metadata from our payment processor. We never store full card numbers.
  • Device telemetry: IP, browser, OS, approximate location, crash logs.

2. How we use it

We use your data to operate the service, verify identity and right to work, match talent with employers, process payments, prevent fraud, comply with legal obligations, and improve the product. We do not sell your data to third parties.

3. Lawful basis

We process your data under contract (to deliver the service), legitimate interest (to keep the platform safe), legal obligation (for tax, AML, employment law), and consent (for optional marketing emails).

4. Sharing

We share data with trusted processors only: payment providers (PayPal), email delivery, error monitoring, analytics, and identity verification partners. Our subprocessor register is available on request.

5. International transfers

Data is stored in the UK and EU. Where transfers happen outside the UK, we use Standard Contractual Clauses and assess each receiving country in line with ICO guidance.

6. Your rights

You have the right to access, correct, delete, port and object to processing of your personal data, and to lodge a complaint with the Information Commissioner's Office. Email info@m3ca.com to exercise any right. We respond within 30 days.

7. Retention

We keep account data while your account is active and for 7 years after closure to satisfy tax, AML and dispute resolution requirements. We then delete or anonymise the records.

8. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES 256). Access is least privilege and audited. We run regular penetration tests and publish a coordinated disclosure policy at info@m3ca.com.

9. Contact

Data Protection Officer, M3CA Ltd, Mayfair, London. Email info@m3ca.com. Our ICO registration is ZA987654.