Privacy Policy | MCAL Global Skip to main content
Legal & Privacy

Privacy Policy

MindMap IT Solution Private Limited  |  Effective: 14 February 2023  |  Last Updated: 1 April 2026

We are committed to protecting your personal data. This policy explains what we collect, why we collect it, and how you can exercise your rights.

Home / Privacy Policy

Table of Contents

  1. Who We Are
  2. Data We Collect
  3. How We Collect Data
  4. Why We Use Your Data
  5. Sharing & Disclosure
  6. Cookies & Tracking
  7. Data Retention
  8. Security
  9. International Transfers
  10. Your Rights
  11. Children's Privacy
  12. Third-Party Links
  13. Changes to This Policy
  14. Contact & Grievance Officer

1. Who We Are

This Privacy Policy applies to the website https://mcal.in/ and all related services, programmes, and communications operated by:

MindMap IT Solution Private Limited
Trading as MCAL Global
Office No. 3060, Marvel Fuego, Hadapsar, Pune – 411028
Maharashtra, India
CIN: Available upon request  |  Email: info@mcal.in

When this policy says "MCAL Global," "we," "us," or "our," it refers to MindMap IT Solution Private Limited and its authorised personnel. When it says "you" or "your," it refers to anyone who visits our website, enquires about our programmes, enrolls as a student, or interacts with us in any other capacity.

This policy complies with the Information Technology (Amendment) Act 2008, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, and, where applicable, the EU General Data Protection Regulation (GDPR) and the UK GDPR.

2. Data We Collect

2.1 Information You Provide Directly

CategoryExamplesWhen Collected
Identity Data First name, last name Enquiry forms, enrolment, contact form
Contact Data Email address, phone/mobile number, city Enquiry forms, enrolment, contact form
Programme Interest Course or programme selected Lead capture form, contact form
Professional Background Current role, industry, years of experience Enrolment or assessment forms
Communications Messages sent to us via forms or email Contact form, email
Payment Data Transaction references (we do not store card numbers) Fee payment via payment gateway

2.2 Information Collected Automatically

When you visit our website, we and our service providers may automatically collect:

  • IP address and approximate geographic location (city/country level)
  • Browser type, version, and language settings
  • Operating system and device type
  • Pages visited, time spent, click paths, and referral source
  • Date and time of each visit
  • Unique device identifiers

2.3 Sensitive Personal Data

We do not intentionally collect sensitive personal data such as financial information beyond transaction references, passwords, biometrics, health data, racial or ethnic origin, religious beliefs, or political opinions. If such data is ever needed for a specific programme requirement, we will seek your explicit consent in advance.

3. How We Collect Data

  • Directly from you — through website forms (lead capture, contact, enrolment), phone calls, WhatsApp, and email.
  • Automated technologies — cookies, web beacons, server logs, and similar tracking tools placed on your device when you visit our site.
  • Third-party sources — analytics platforms (Google Analytics), advertising platforms (Google Ads, Meta), and social media platforms when you interact with our content or ads.
  • Referrals — alumni or partner organisations that refer you to our programmes.

4. Why We Use Your Data

We process your personal data only where we have a lawful basis to do so. The table below outlines our purposes and legal bases:

PurposeLegal Basis
Responding to your enquiries and providing programme information Legitimate interest / Your consent
Enrolling you in and delivering a programme you have purchased Contract performance
Processing payments and issuing invoices or receipts Contract performance / Legal obligation
Sending you programme-related updates, schedule changes, or support Contract performance
Sending marketing emails, WhatsApp messages, or SMS about courses and offers Your consent (you may opt out at any time)
Improving our website, content, and user experience via analytics Legitimate interest
Displaying targeted advertisements on third-party platforms Your consent (via cookie acceptance)
Complying with applicable laws and regulatory requirements Legal obligation
Protecting against fraud, spam, or misuse of our services Legitimate interest
Conducting internal business analysis and reporting Legitimate interest
Marketing opt-out: You may unsubscribe from marketing communications at any time by clicking the "Unsubscribe" link in any email we send, replying "STOP" to an SMS, or contacting us at info@mcal.in. Opting out of marketing does not affect communications required to deliver a programme you are enrolled in.

5. Sharing & Disclosure

We do not sell or rent your personal data to any third party. We may share your data only in the following circumstances:

5.1 Service Providers (Data Processors)

We use trusted third-party service providers who process data on our behalf and are contractually bound to protect it:

  • Cloud & Email hosting — for website operation and email delivery
  • Payment gateways — for secure fee processing (e.g., Razorpay)
  • Analytics — Google Analytics (anonymised, aggregated data)
  • CRM & Marketing automation — for managing leads and sending communications
  • Video conferencing — for online live sessions (e.g., Zoom, Microsoft Teams)

5.2 Business Partners & Affiliates

We may share your information with our affiliated entities or programme partners (e.g., IIBA-endorsed training partners) strictly for the purpose of programme delivery.

5.3 Legal Requirements

We may disclose your data if required by law, court order, or a governmental authority, or to protect the rights, property, or safety of MCAL Global, our students, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business assets, your data may be transferred as part of that transaction. You will be notified of any such change via email or a prominent notice on our website.

5.5 With Your Consent

We may share your data with other parties where you have given us explicit consent to do so (for example, publishing a testimonial or alumni story).

6. Cookies & Tracking Technologies

Cookies are small text files placed on your device to help us deliver a better experience. We use the following categories:

Cookie TypePurposeDuration
Strictly Necessary Enable core site functions (security, session management). Cannot be disabled. Session
Functional / Preference Remember your choices (e.g., language, form prefill) for a smoother experience. Up to 1 year
Analytics / Performance Collect anonymised data via Google Analytics on how visitors use the site — helps us improve content and navigation. Up to 2 years
Marketing / Targeting Track visits across sites to show relevant ads on Google, Meta, and LinkedIn. Set only with your consent. Up to 90 days

Managing Cookies

You can control or delete cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information, visit allaboutcookies.org.

Google Analytics Opt-Out

You may opt out of Google Analytics data collection by installing the Google Analytics Opt-out Browser Add-on.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law.

Data CategoryRetention Period
Enquiry / Lead data (not converted to enrolment) 24 months from date of enquiry
Student enrolment and programme records 7 years from programme completion (for certification and audit purposes)
Payment and invoicing records 8 years (statutory financial record-keeping requirement)
Marketing communications (opted-in contacts) Until you opt out or withdraw consent
Website usage / analytics data 26 months (Google Analytics default)
Support correspondence 3 years from last interaction

When data is no longer required, we securely delete or anonymise it so it can no longer be associated with you.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. Our measures include:

  • HTTPS encryption across our entire website
  • Access controls — only authorised personnel can access personal data
  • Secure payment processing via PCI-DSS-compliant payment gateways
  • Regular security reviews and software updates
  • Staff training on data protection obligations

While we take every reasonable precaution, no method of internet transmission or electronic storage is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities as required by law.

9. International Data Transfers

MCAL Global serves students across India, the UAE, the UK, Australia, the USA, Canada, and other countries. Some of our third-party service providers (e.g., Google, Zoom) may process your data outside India.

When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Contracts incorporating Standard Contractual Clauses (SCCs) approved by the relevant authority
  • Transfers only to countries or organisations that provide an adequate level of data protection
  • Your explicit consent where required

If you are located in the EEA, UK, or Australia, you may contact us to request information about the specific safeguards in place for any international transfer of your data.

10. Your Rights

Depending on your location and applicable law, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your data (subject to legal retention obligations).

Right to Restrict Processing

Ask us to limit how we use your data in certain circumstances.

Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Withdraw Consent

Withdraw consent at any time where processing is based on consent.

Automated Decisions

Not be subject to solely automated decisions with significant legal effect.

To exercise any of these rights, contact our Grievance Officer at info@mcal.in. We will respond within 30 days. We may need to verify your identity before processing your request. There is no charge for most requests, but we may charge a reasonable fee or decline requests that are manifestly unfounded or excessive.

If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK or your EU national supervisory authority).

11. Children's Privacy

Our services are designed for working professionals and are not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.

If you believe a minor has provided us with personal data, please contact us at info@mcal.in.

12. Third-Party Links & Platforms

Our website may contain links to external websites, social media platforms (LinkedIn, YouTube, Instagram), and partner organisations. This Privacy Policy applies only to https://mcal.in/. We are not responsible for the privacy practices of any third-party websites. We encourage you to read the privacy policies of any external sites you visit.

Our social media pages on LinkedIn, YouTube, Facebook, and Instagram are governed by the privacy policies of those respective platforms.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Post a prominent notice on our website home page
  • Where appropriate, notify you by email

We encourage you to review this policy periodically. Your continued use of our services after any changes constitutes acceptance of the updated policy.

14. Contact & Grievance Officer

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact our designated Grievance Officer:

Grievance Officer — MCAL Global
MindMap IT Solution Private Limited
Office No. 3060, Marvel Fuego, Hadapsar, Pune – 411028, Maharashtra, India

info@mcal.in
+91 97505 95595
Response time: within 30 days of receipt

If you are not satisfied with our response, you may escalate your grievance to the appropriate supervisory authority in your country:

  • India: Adjudicating Officer under the IT Act, or the proposed Data Protection Board under the DPDP Act 2023
  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • EU: Your national Data Protection Authority
  • Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au