Last updated: 10 Sep, 2025
Markcon Ltd (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you visit our website www.markcon.org or use our services.
1. Who We Are
Markcon Ltd is a company registered in the United Kingdom, providing consultancy and training services. Our registered address is 125 Aviation House, Kingsway, Holborn, WC2B 6NH, London, United Kingdom (CRN- 09054006).
Markcon is also a registered business in the Kingdom of Saudi Arabia with the CR 7033801676.
2. Information We Collect
We collect personal data to provide our services efficiently and securely. This may include:
Personal Information: Name, email address, job title, place of work, and business address.
Payment Information: When you make a purchase, we collect information through our payment processor, Stripe, which includes your name, card number, CVC, and expiry date.
Website Usage Data: We collect information using Google Analytics 4 (GA4), Google Tag Manager (GTM), and cookies, including IP addresses, browser types, and user behaviour on our site.
3. How We Collect Data
Forms and Submissions: Personal data is collected via Forms or directly when users submit enquiries or request information. Data collected includes your name and email.
Email Marketing: When you subscribe to our newsletter or updates, your name and email are stored in Mailchimp.
Memberships and Subscriptions: We collect data such as name, email, and billing information (business address) during sign-up.
Webinars and Workshops: We collect data such as name, email, billing information, job title, and work address during product purchases.
Invoicing: For invoicing via PayPal, we collect name, email, business, and business address.
4. How We Use Your Information
We use the personal data we collect to:
Manage course enrolments, webinar/workshop registrations, and product sales.
Process payments and provide training services, including issuing certificates of course completion.
Send newsletters and marketing communications (with your consent).
Improve our website and services by analysing usage data collected through GA4 and GTM.
5. Legal Basis for Processing
We process your personal data based on the following legal grounds:
Consent: For email marketing and newsletter subscriptions.
Contractual Necessity: For processing payments, and course completion data.
Legitimate Interest: For improving our website, analysing user behaviour, and managing lead generation.
6. Automated Profiling
Automated profiling refers to any automated processing of personal data to evaluate certain personal aspects, such as analysing user behaviour for targeted marketing or advertising. In our case, we do not use any automated profiling techniques. Any data collected via tools like GA4 and GTM is anonymised and used for analytical purposes only.
7. Third-Party Service Providers
We may share your data with third-party service providers to assist in operating our website and services:
Payment Processor: PayPal for handling payment transactions.
Email Marketing: Mailchimp for sending newsletters and updates.
Webinars and Workshops: We occasionally use third-party trainers to deliver webinars and workshops, and their access to your data is limited to what is necessary for those sessions.
Lead generation: Social Media for lead generation and marketing campaigns.
8. Data Retention
We retain personal data for as long as necessary to provide our services or as required by law. Specifically:
User Data: Retained until users request deletion or opt-out.
Course and Event Data: Retained to verify course completion and attendance at webinars/workshops.
Billing Data: Retained for a minimum of 6 years in compliance with tax and accounting obligations. After this period, users may request deletion.
9. Your Rights
You have the right to:
Access: Request access to your personal data.
Correction: Update or correct any inaccuracies in your personal data via your member login.
Deletion: Request that we delete your personal data, subject to legal obligations (e.g., retention for tax purposes). Requests can be made to our Designated Policy Officer by emailing info@markcon.org.
Complaints If you have concerns about how we collect or use your personal data, you may contact us at [info@markcon.org].
If you are based in the United Kingdom, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.
If you are based in Saudi Arabia, you may file a complaint with the Saudi Data & Artificial Intelligence Authority (SDAIA) in accordance with the PDPL.
We encourage you to contact us first, so we can resolve your concerns directly.
10. Data Security
We take data security seriously. We use secure servers, firewalls, and other security measures to protect your personal information. Access to your data is restricted to authorised personnel who have secure login credentials, and all access is tracked to ensure accountability.
11. Data Breach Notification
In the unlikely event of a data breach, we will promptly notify affected users and relevant regulatory authorities, in compliance with UK GDPR requirements. We will provide details on the nature of the breach, what data has been affected, and any actions users should take.
12. International Data Transfers
We do not transfer personal data outside of the United Kingdom or European Union. All personal data is stored securely within these regions.
13. Cookies and Tracking Technologies
We use cookies to enhance your experience on our website. These cookies help us analyse site traffic and user activity through GA4 and GTM. You can adjust your browser settings to refuse cookies, though this may impact your ability to use certain features of our website.
14. Children’s Data
We are committed to protecting the privacy of children and young people. Our services may be used by individuals aged 12–17, and we may collect and process their personal data when they use our services or participate in our programmes.
Parental Involvement: For younger users, we encourage parents and guardians to be involved in their children’s online activities and to contact us if they have any concerns.
Types of Data Collected: We may collect personal information such as name, email address, school or organisation details, and participation records necessary to deliver our services.
How Data Is Used: Children’s data is only used to provide our services, manage enrolments, issue certificates, and ensure the safety and integrity of our programmes. We do not use children’s data for profiling or targeted advertising.
Your Rights: Children and their parents/guardians have the same rights under data protection law as adults, including the right to access, correct, or request deletion of personal data.
Complaints: If you are concerned about how we process children’s data, you may contact us at info@markcon.org. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or the PDPL depending on your location.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices. When we make significant changes, we will notify you via email or a notice on our website.
16. Governing Law
This Privacy Policy and the use of our Website are governed by and interpreted in accordance with the laws of England and Wales. You agree to submit to the non-exclusive jurisdiction of the courts of England and Wales.
17. Contact Us
If you have any questions about this Privacy Policy or your personal data, please contact us at info@markcon.org
SAFEGUARDING POLICY
*1. Purpose and Scope
This Safeguarding Policy sets out how Markcon protects the personal data of children and young people (aged 12–17) in line with the UK GDPR, the Data Protection Act 2018, and the ICO’s Children’s Code/ PDPL Children’s Code. It applies to all staff, contractors, and third parties handling children’s data through our services, websites, and programmes.
2. Our Commitment
To collect and use children’s data lawfully, fairly, and transparently.
To always act in the best interests of the child when designing or delivering services.
To avoid using children’s data for purposes that may be inappropriate, harmful, or beyond what is necessary.
To ensure children and their parents/guardians are informed of their rights in a clear and accessible way.
3. Data Collection Principles
Data minimisation: Only the information necessary to deliver our services (e.g., name, age, contact details, enrolment records) will be collected.
Age-appropriate transparency: Privacy notices will be written in simple, accessible language that children can understand.
Consent and lawful basis: Where required, consent will be sought from the child or their parent/guardian, depending on the child’s age and the nature of the data processing.
Parental engagement: Parents and guardians are encouraged to monitor their children’s involvement and may request access to their children’s personal data.
4. Use of Children’s Data
Children’s personal data will only be used to:
Deliver and administer our services, workshops, or programmes.
Communicate necessary information regarding participation.
Provide certificates, learning records, or progress updates.
Improve our services in ways that do not involve profiling or targeted marketing.
Children’s data will not be used for profiling, behavioural tracking, or targeted advertising.
5. Data Sharing
We do not share children’s data with third parties unless it is strictly necessary to deliver our services (e.g., training providers, secure payment systems).
Any third party with access to children’s data must comply with strict contractual and data protection obligations.
We never sell children’s personal data.
6. Data Security and Retention
Children’s data will be stored securely with appropriate technical and organisational safeguards (encryption, access controls, monitoring).
Access is restricted to authorised personnel only.
Data will be retained only as long as necessary for service delivery or legal obligations, and securely deleted thereafter.
7. Children’s Rights
Children (and their parents/guardians) have the right to:
Access their personal data.
Request correction or deletion of inaccurate or unnecessary data.
Withdraw consent (where processing is based on consent).
Object to processing where applicable.
File a complaint with the ICO if their rights are not respected.
8. Safeguarding Responsibilities
All staff working with children’s data must complete data protection and safeguarding training.
Concerns about misuse, inappropriate access, or potential risks to children’s privacy must be reported immediately to management.
Markcon will conduct regular risk assessments to identify and mitigate risks specific to children’s data.
9. Contact
If you have questions or concerns about this Safeguarding Policy or how we handle children’s data, please contact us at: Email: info@markcon.org Post: Markcon Ltd, 125 Aviation House, Kingsway, Holborn, WC2B 6NH, London, UK.