Privacy Policy

  • Home
  • Privacy Policy

Last updated: 25/06/2025

Quick Summary

• We collect your booking, billing, and payment data only to provide our services.
• We never store credit card details — all payments go through Stripe, PayPal, or Revolut, or are accepted in cash.
• Your IP is anonymized using salted hashing and cannot identify you.
• We comply with privacy laws worldwide, including GDPR, UK GDPR, CCPA, LGPD, PIPL, DPDPA, POPIA, APPI, and others.
• You may access, correct, or delete your data at any time by contacting info@rmncc.com.

1. Introduction

This Privacy Policy explains how RM NCC, operated by MPA Global Ltd, collects, uses, and protects your data in accordance with applicable privacy and data protection laws worldwide.

2. Data Controller

MPA Global Ltd
20 Wenlock Road, London, England, N1 7GU
Company No. 144452225
Email: info@rmncc.com

3. Data We Collect

When you use our services, we collect the following categories of data:
Identification: first name, last name, email address, phone number
Billing Information: billing name, company, address, city, postal code, country
Booking Details: pickup and drop-off addresses, travel date and time, number of passengers, luggage details, requested vehicles, and special requirements (e.g., child or booster seats)
Payment Metadata: transaction identifiers, payment platform used (Stripe, PayPal, Revolut, or cash), payment status, currency, total price, and customer email
System Data: language, booking URL, request key, and booking timestamps
Analytics: anonymized hashed IP addresses (non-reversible), session identifiers, device and browser details, referrer information, and navigation patterns

4. Use of Data

Your data is processed for the following purposes:
• Managing and confirming bookings
• Assigning drivers and coordinating services
• Issuing invoices and processing payments
• Providing customer support
• Meeting legal and tax obligations
• Fraud detection and prevention
• Improving service quality and platform performance

5. Legal Basis

We process your data on the following legal bases:
• Your consent
• Performance of a contract
• Compliance with legal obligations
• Our legitimate interests in providing and improving services

6. Data Retention

• Booking and billing data are stored for up to 7 years to comply with tax and accounting laws.
• Payment metadata is stored for up to 7 years for financial auditing and compliance purposes.
• Anonymized statistical data (including hashed IPs) is stored for up to 24 months for analytics and service optimization.
• After these retention periods, data is securely deleted or anonymized.

7. Third-Party Services

We use trusted third-party providers such as Stripe, PayPal, and Revolut for payment processing. Where applicable, payments may also be made in cash. All providers are GDPR and PCI-DSS compliant and process payment data securely on our behalf.

8. Cookies

Our platform does not use cookies for tracking, analytics, or advertising purposes. Only strictly necessary session technologies are applied to ensure the proper functioning of the booking system. No marketing, profiling, or third-party cookies are stored on your device.

9. Your Privacy Rights

Depending on your location, you may have the right to:
• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your data (“right to be forgotten”)
• Restrict or object to processing in certain circumstances
• Request data portability
• Withdraw consent at any time (where processing is based on consent)
• File a complaint with your supervisory authority

10. Security

We use secure technologies including HTTPS encryption, internal access controls, and strong authentication to protect your data. Sensitive identifiers are hashed, pseudonymized, or anonymized whenever possible.

11. Payment Information

We do not store your credit card numbers, CVV codes, or other sensitive payment details. All financial transactions are processed securely through Stripe, PayPal, or Revolut, or collected in cash where applicable. We only retain non-sensitive payment data such as transaction identifiers, payment platform, payment status, total price, and associated email address for invoicing, dispute resolution, and support.

12. Statistics and Analytics

For internal analytics, we store a hashed version of your full IP address using a session-based salt. This salt is generated at the start of the session and deleted at the end of the session, making it technically impossible to reconstruct the original IP address. As such, the stored data is fully anonymized and cannot identify you.

In addition, we collect session identifiers, device and browser details, referrer information, and navigation patterns. This data is used only for statistical analysis, fraud prevention, and improving our services. We do not share analytics data with third parties and do not use Google Analytics or similar external services.

If you prefer not to have your anonymized analytics data included in our statistics, you may opt out at any time by contacting us at info@rmncc.com. Your request will be respected immediately.

13. International & Global Compliance

This Privacy Policy applies worldwide and is designed to comply with all major privacy and data protection laws globally—including but not limited to:

  • EU’s General Data Protection Regulation (GDPR)
  • UK GDPR & Data Protection Act 2018
  • US federal and state laws (e.g., California CCPA/CPRA, Virginia VCDPA, Colorado CPA, HIPAA, COPPA)
  • Australia’s Privacy Act 1988 & Australian Privacy Principles (APPs)
  • Brazil’s Lei Geral de Proteção de Dados (LGPD)
  • Russia’s Federal Law on Personal Data (No. 152-FZ)
  • China’s Personal Information Protection Law (PIPL)
  • India’s Digital Personal Data Protection Act 2023
  • South Africa’s Protection of Personal Information Act (POPIA)
  • Japan’s Act on Protection of Personal Information (APPI)
  • Singapore, Thailand, and Philippines Personal Data Protection Acts (PDPA)
  • Switzerland’s Federal Act on Data Protection (FADP)
  • African Union’s Malabo Convention
  • And all other applicable privacy and data protection regulations worldwide

We adapt our practices to meet the legal requirements of your jurisdiction, including data localization, explicit consent, data subject rights, breach notification, and accountability measures as required.

If you wish to exercise your privacy rights or file a complaint, please contact us at info@rmncc.com. We will respond in accordance with the regulations relevant to your country.

14. Changes

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Please revisit this page periodically to stay informed.

15. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any case within the timeframes required by applicable law. The notification will describe the nature of the breach, the likely consequences, and the measures we are taking to mitigate any adverse effects.