Privacy Policy

This amended policy comes into effect from 25thMay 2018.


  1. Background

    MASH Virtual Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, (“Our Site”) and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

    Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of this Privacy Policy is deemed to occur upon your first use of Our Site. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.

  2. Information About Us

    MASH Virtual Ltd., also referred to as MV is a company registered in England, under Company Registration Number 10471819 with its principle place of business located at 133 Whitechapel High Street, London E1 7QA. You can contact our Data Protection Officer by email at security@mashvirtual.com.

  3. Definitions and Interpretation

    In this Policy the following terms shall have the following meanings:

    1. ‘user(s)’, we are referring to anyone who visits our digital platform and/or subscribes to services or other information services we offer.

    2. ‘policy’, we are referring to this Privacy Policy.

    3. ‘terms of use’ or ‘user terms’ or ‘terms and conditions’ we are referring to the rules and regulations for using all digital platform(s) owned by MV unless separate Privacy Policy and Terms of Use are provided.

    4. digital platform or DP’ is the platform through which MV provides its services and information. The MV’s DP, includes but not limited to; Websites, Mobile apps, MV’s Social Media platform, SaaS developed by MV, Games.

    5. ‘browser’, it includes various Internet browsers including, but not limited to Internet Explorer, Google Chrome, Firefox and Safari.

    6. ‘operating system’, it includes Operating Systems for Desktop and Laptop computers including but not limited to Windows, MacOS and Operating System for Mobile, Handheld and Streaming devices including but not limited to Android and iOS.

    7. ‘cookie’, means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in Part 14 below;

  4. What Does This Policy Cover?

    1. This Privacy Policy applies only to your use of Our Site. This policy explains how we collect your Personal Information (PI), how we store, how we use it, how we share data and what controls you have over our use of it when you engage our services and tell you about your privacy rights and how the law protects you under the EU General Data Protection Regulation (GDPR).

    2. MV is committed to safeguard the privacy of the users of services provided by MV via its digital platform(s), including but not limited to websites, mobile apps, games, saas, customised development or other platforms, collectively referred to as ‘digital platform(s)’.

    3. We suggest that registration on our digital platforms is done by individuals who are aged 13 years or above. However, if a child below the age of 13 registers on our digital platform, we recommend that it is done with the permission of their parent or guardian. It is the responsibility of the parent or guardians to monitor their child’s use of our digital platform.

    4. This policy is applicable where MV acts the data controller with respect to the personal information collected via our digital platform and where MV sets out how it handles your personal information.

    5. We place a great importance on the security of all information associated with our users, customers, clients and contractors. We have security measures in place to protect against the loss, misuse and alteration of your PI under our control. Your PI is anonymised or destroyed securely when no longer required by us. We retain the information you provide to us including but not limited to your contact to enable us to verify various transactions and customer details and to retain adequate records for legal, statutory and accounting purposes. This information is held on secure servers in controlled facilities. Our digital platforms use a process called Secure Sockets Layer (SSL) technology. SSL locks all critical information passed from you to us in an encrypted envelope, making it extremely difficult for this information to be intercepted. The transfer of information across any media may involve a certain degree of risk, and the internet is no exception. As a result, while we take reasonable steps to protect users' PI, we cannot ensure or warrant the security of any information transmitted to us or from our digital platforms. You should be careful and responsible whenever you are online.

    6. MV may amend the Privacy Policy on one or more occasions by posting a revised statement on its digital platform. You should check the digital platform periodically to review such changes. We will notify you of any significant changes to this policy via Email, Notifications or by other means of communication using the contact details registered on our digital platform.

  5. What is Personal Data?

    1. Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

    2. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

    3. It is your responsibility to protect your username, passwords and other secure information you may need to access your PI on our digital platform and you are solely responsible for keeping your passwords and/or account information secure and should take all reasonable steps to do so. Please do not share them with anyone and keep changing them frequently. You undertake to treat your password and other confidential information in relation to the use on the digital platform confidential and we disclaim any liability arising from your failure to safeguard your confidential information. If you feel your PI has been compromised, you must immediately get in touch with us at ‘security@mashvirtual.com’.

    4. We may host your data on secure servers that could be owned by MV, provide by third party hosting service providers that are managed by us or managed by the third-party service provider. The PI that we store and transmit is protected by security and access controls, including usernames, passwords authentication, two-factor authentication. We also use data encryption where necessary. Our server locations may vary from time to time, but we will maintain the standard security protocols for management, storage and transmission of PI.

  6. What Are My Rights?

    Under the GDPR, you have the following rights, which [we] OR [I] will always work to uphold:

    1. The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.

    2. The right to access the personal data we hold about you.

    3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.

    4. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.

    5. The right to restrict (i.e. prevent) the processing of your personal data.

    6. The right to object to us using your personal data for a particular purpose or purposes.

    7. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.

    8. Rights relating to automated decision-making and profiling.

    Further information about your rights can be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

    If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

  7. What Data Do We Collect?

    We collect the following information:

    1. Personal Information (PI) that includes but not limited to; Name, Mobile number, Phone number, Email ID, Mailing address, Billing address, Date of birth, Employment details, National identification document details (including but not limited to Passport, Drivers licence, Birth certificate, Tax Identification Number, Country specific national identification number), Username, Profile pictures and Pictures you upload, Gender, Interests & hobbies, Educational details, Payment processing information required to purchase our services.

    2. Usage Information (UI) that includes Cookies, IP address, time zones, User location (Geo location), Device type (including but not limited to Desktop, Laptop, Mobile, Tablets, Steaming), Browser (including but not limited to Internet Explorer, Safari, Chrome, Firefox), Operating system (including but not limited to Windows, MacOS, Android, iOS), Device ID, Digital platform navigation (including but not limited to Paths, Page views, Duration & Frequency, Referral link, Usage pattern), Services you use and the manner in which you use (including but not limited to content accessed, time spent, search, posts, follows, share, upload or tag), Digital platforms you visit immediately before and after you visit our digital platform, Metadata, logs files, error logs, which advertisements you saw or showed interest in, which pop up or push notifications you might have seen or responded, Subscriptions, Purchases, Renewal, Survey responses, Ratings, Comments & Reviews, Information search and Comparison patterns, Web analytics data, Enquiry information.

    3. Third Party Information (TP) that includes PI and other information that we collect from third parties including but not limited to; Financial transactions, Social media, Login, Demographic data, Fraud detection information, Partner programmes (including but not limited to advertising, usage, purchases, subscriptions)

    4. We also collect information when you:

      1. visit our digital platform.

      2. register on the digital platform.

      3. use, buy or subscribe to services.

      4. subscribe to updates, notifications, newsletters.

      5. participate in events (including but not limited to conference, exhibition, presentations, focus groups sessions, interactive sessions, workshops, seminars, road shows), competition, surveys.

      6. provide ratings, reviews, provide feedback and send communication.

      7. are part of primary or secondary research and surveys that we conduct.

      8. provided information to our Service Provider(s) (PI) with whom you may have shared data.

      9. give consent in any way on our digital platform.

      10. interact with us over social media platforms.

      11. interact our representatives over phone, by email or face to face.

      12. apply for job (full time, part time or contractual) with us.

      13. use our digital platform using cookies, web beacons, and log information.

  8. How Do You Use My Personal Data?

    1. Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used by us or third parties to whom we disclose and share the information for some or all of the following purposes:

      1. to create and maintain your profile you have created with us.

      2. to track your activities on our digital platform(s)

      3. to enhance the overall quality of the digital platform, the user experience and services and to monitor the digital platform for any potential fraudulent activities, hacking attempts and compliance with the terms of use.

      4. to provide targeted and focussed services and information.

      5. to fulfil our contractual obligations as part of the services we offer.

      6. to verify your identity when you register on our digital platform and to verify any financial transaction in relations to any purchases or payments you make.

      7. to respond to enquiries, comments, feedback, support requests, general and specific facilitation, dispute resolution

      8. to provide personalised general communications, advertisements you see, and marketing communications linked to your consent.

      9. to update you with news, information, changes in services, new features, new services, focussed and interest linked information by way of notifications, newsletters or other methods as we deem appropriate.

      10. to run Data analytics and Technical analytics, Statistical analytics, that will form part of our research activities, improvement activities, reporting activities, future development activities.

      11. for the purpose of risk management, fraud management and malpractices.

      12. for training, service improvement, administrative management, performance management.

      13. for services improvement and developing / introducing new services.

      14. for recruitment and related purposes.

      15. for providing consent linked marketing and sales information, customised services and advertising

      16. for purposes as required by the law and responding to requests from the appropriate government, statutory authorities, court of law, law enforcement agencies and conducting investigations.

      17. to publish your profile information as per your consent and registration acceptance.

      18. to enforce our terms of use.

    2. We may need to share and disclose your PI, UI and TP with organisations, third party providers, institutions, individuals also referred to as ‘SP’ (including but not limited to related companies such as subsidiaries and/or holding company , contractors and sub-contractors, clients, business associates, advertisers, hosting providers, partner programme members, third party service providers, fulfilment partners, payment processing companies, fraud prevention and screening companies, credit and risk management companies, identification and verification companies, mailing house, advertising and social media platforms, search engines, analytics services providers, data processors, technical support providers, recruitment agencies, customer relationship management providers, marketing and advertising service provider, professional advisors, lawyers, chartered accounts, regulators, government and statutory authorities, purchaser or intended purchaser of our businesses including assets including their advisors, court of law, statutory authorities and third party to enforce or defend our rights) who will act as the data controller and may share their privacy policy (which will govern their deliveries) with you to fulfil our obligations who we believe in good faith that sharing information is necessary to:

      1. comply with legal requirements (including but not limited to arbitration, mediation, litigation, investigation, administrative proceedings, government request, court orders).

      2. protect the interest, safety and rights of our digital platform(s).

      3. provide services to you.

      4. provide special offers and customised communication and marketing information.

      5. operate our digital platform legally.

      6. perform the services on our behalf.

      7. fulfil the contractual requirements that we have with our SP(s).

      8. provide services to us and to fulfil their obligations under an agreement we have with such SP(s).

    3. In addition to the above, we may use or disclose your PI:

      1. Where you have given your consent to use or disclose

      2. Where we reasonably believe that the use of discloser is necessary to mitigate, prevent or reduce the risk or threat to health and safety of an individual or public at large

      3. Where we reasonably believe that unlawful or non-compliant activity has been or is being or may be engaged in and the use or disclosure of your PI is a necessary part of our investigation or in reporting the matter to the relevant authorities or the ICANN (Internet Corporation for Assigned Names and Numbers).

      4. Where we reasonably believe that it is necessary to share your PI to operators of registration database ‘whois’ services and the users of such services if required for the legitimate interests pursued by the controller or by a third party.

      5. To escrow service providers and / or backup storage providers to ensure business continuity.

      6. To ensure data accuracy and to prevent unlawful use of our services, we may use third-party verification service providers to check the PI you have provided. To assess our business operations, we may also provide access to your PI to our auditors.

    4. We do not permit our third-party service and all others as listed under clause 7.2 to use your PI for their own purposes and only permit them to process your PI for specific purposes as detailed in this Privacy Policy and in accordance with our agreements with them and instructions.

    5. If you make your personal information available to other people, we cannot control or accept responsibility for the way they will use or manage that data. There are lots of ways that you can find yourself providing information to other people, like when you post a public message on a forum thread, share information via social media, or make contact with another user (such as a third-party Author) whether via our digital platform or directly via email or other messaging tools. Before making your information publicly available or sharing your information with anyone else, think carefully. If sharing information to another user via our digital platform, ask them how they will handle your information. If you are sharing information via another digital platform, check the privacy policy for that digital platform to understand its information management practices as this privacy policy will not apply.

  9. How Long Will You Keep My Personal Data?

    We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods and the following factors will be used to determine how long it is kept:

    1. We retain your PI for as long as is necessary to provide services to you and others, to fulfil our obligation under purchase of services that you may have done, to comply with all legal obligations, to comply with all reporting, statutory and regulatory requirements, to fulfil our other contractual obligations with our associates and third parties.

    2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. However, the table below will provide how long we hold some of your information collected by us:

      User type Duration we retain the data
      Users of services (paid or free use), Clients and Customers Duration of contract / subscription + 6 years.
      Registered users who are not clients or customers and have not purchased any service(s) ever or have not used any service(s) provided by MV including free services. 1 year from the date the user deactivates his/her account.
      Visitors 1 year from the date of last visit.
      Employees, Service providers, Associates, Resellers, Advertisers, Third party providers Duration of the contract + 6 years.
    3. In cases where PI, UI and TP is used by us in an anonymous manner for the purpose of research & analysis and preparation of reports we may use the information indefinitely without further notice to you.

    4. In case it is not possible to specify in advance the duration for which we will hold your PI, UI and TP, MV will retain all such data for a period not exceeding 6 years from the date of ending of any contract / subscription.

    5. For avoidance of doubt, your ratings, reviews, comments, feedback and other information provided on our digital platform will be retained for a period of 6 years from the date you withdraw yourself from our digital platform and request for deleting your PI.

    6. Notwithstanding any of the above, we may retain your PI, UI and TP where it is necessary to retain your data for legal compliance purposes, statutory compliance purposes, investigation purposes or to honour a direction by a court of law.

  10. How and Where Do you Store or Transfer My Personal Data?

    We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR as follows.

  11. Do You Share My Personal Data?

    1. To be able to fulfil our obligations to our users when interacting on our digital platform and providing them high quality services, we will be required to transfer your PI internationally. Such international sharing could mean sharing information:

      1. to our offices (including the office of our subsidiary companies, associate companies, holding companies, group companies).

      2. to our hosting providers

      3. to our suppliers, contractors and all other listed under clause 3.2

      4. to the world at large when you consent to make your PI public through our digital platform as we cannot prevent the use (or misuse) of such PI by others.

    2. If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.

  12. Change of purpose: We will seek your consent prior to using your PI in a manner for which we have not sought consent from you in advance. You will have the right to refuse such consent in which case we may not be able to provide certain information, details, offers or services that may be linked to the consent from you.

  13. How Can I Access My Personal Data?

    If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

    All subject access requests should be made in writing and sent to the email or postal our addresses. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

    We will respond to your subject access request within one month and, in any case, not more than six weeks of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

  14. How Do You Use Cookies?

    1. Just like many other digital platform operators, we also use standard technology called ‘cookies’ on our digital platform. A cookie is a file containing information that is stored on a web browser on your device’s storage. Cookies are mostly used to improve your access and use of the digital platform and services. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. MV and its SP(s) may use cookies, web beacons and other similar technologies for storing information when you access the digital platform. Cookies and similar technologies on our Digital Properties allow us to track your browsing behaviour, links clicked, items purchased, your device type, and to collect various data, including analytics, about how you use and interact with our services. Most web browsers automatically accept cookies, but you may set your browser to block cookies (consult the instructions for your particular browser on how to do this). Please note that if you decide to block cookies, this may interfere with your ability to use certain functionalities of the Digital Properties and/or the services.

      In general, we use the following types of cookie:

      1. Strictly Necessary Cookies: These are cookies that are required for the operation of our Digital Platform

      2. Analytical / Performance Cookies: These allow us to recognise and count the number of visitors and see how visitors move around our Digital Platform when they are using it. This helps us to improve the way our Digital Platform works, for example, by ensuring that users can find what they are looking for easily.

      3. Functionality Cookies: These are used to improve the functional performance of the Digital Platform and make it easier for you to use.

      4. Targeting Cookies: These cookies record your visit to our Digital Platform and your browsing habits, such as the pages you have visited and the links you have followed. They are used to deliver advertising which is more relevant to your interests and also may be used to limit the number of times that you see an advertisement. They may be placed by us or by advertising networks with our permission. Please note, these cookies do not contain any of your personal information.

    2. We use cookies for the purposes but not limited to:

      1. authentication purposes: we use cookies to identify you when you visit our digital platform and as you navigate

      2. status purposes: we use cookies to help us determine, if you are logged into our digital platform

      3. personalisation purposes: we use cookies to store information about your preferences and to personalise the digital platform experience.

      4. security purposes: we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our digital platform and services

      5. advertising purposes: we use cookies to help us to display advertisements and other promotional information that may be relevant to you

      6. analysis purposes: we use cookies to help us to analyse the use and performance of our website and services

      7. consent purposes: we use cookies to store your preferences in relation to the use of cookies

    3. By continuing to use our Digital Platform without choosing to delete / block cookies, you agree that we can place these types of cookies on your device. You can manage cookies by activating the setting on your internet browser that allows you to refuse the setting of all or some cookies. Please note, if you refuse cookies this may mean that you can’t use some of the additional features of our website and may not be able to access certain parts of the website.

    4. Cookies used by our SP(s)

      1. Our service providers use cookies and those cookies may be stored on your computer when you visit our digital platform.

      2. We may use Google Analytics to analyse the use of our digital platform. Google Analytics gathers information about digital platform use by means of cookies. The information gathered relating to our digital platform is used to create reports about the use of our digital platform. Google's privacy policy is available at: https://www.google.com/policies/privacy/

      3. We may use Google AdWords, a web analytics and search engine advertising campaign management service. Google AdWords uses cookies, web beacons, and other means to help us analyse how users use the site. You may find Google's Privacy Policy at http://www.google.com/intl/en/privacypolicy.html.

      4. We may publish Google AdSense interest-based advertisements on our digital platform. These are tailored by Google to reflect your interests. To determine your interests, Google will track your behaviour on our digital platform and on other digital platform across the web using cookies. You can view, delete or add interest categories associated with your browser by visiting: https://adssettings.google.com. You can also opt out of the AdSense partner network cookie using those settings or using the Network Advertising Initiative's multi-cookie opt-out mechanism at: http://optout.networkadvertising.org. However, these opt-out mechanisms themselves use cookies, and if you clear the cookies from your browser your opt-out will not be maintained. To ensure that an opt-out is maintained in respect of a particular browser, you may wish to consider using the Google browser plug-ins available at: https://support.google.com/ads/answer/7395996.

  15. Changes to this Privacy Policy

    1. We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

    2. Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.