Last Updated: 24 June 2024
Data Controller: Merkaba Solutions Limited (Company No. [INSERT])
Registered Office: 128 City Road, London, EC1V 2NX, UNITED KINGDOM
Email: info@mkbdrive.com
GDPR Representative (EU): [Name/Address in EEA if required under Article 27]

1. Scope & Compliance

This policy applies to all personal data processed for EU/EEA users under Regulation (EU) 2016/679 (GDPR). For UK users, we comply with the UK GDPR and Data Protection Act 2018.

2. Data Collection & Purposes

Categories of Personal Data

Data Type Processing Purpose Legal Basis (Article 6)
Account credentials User authentication Contractual necessity (1b)
Payment details Subscription processing Legal obligation (1c)
IP addresses Security monitoring Legitimate interest (1f)
Uploaded files Cloud storage service delivery Contractual necessity (1b)
Cookies* Analytics & functionality Consent (1a)

*See our Cookies Policy for details

3. Data Subject Rights

You may exercise these rights free of charge:

Right How to Request Our Response Time
Access (Article 15) Email info@mkbdrive.com with “SAR” 30 calendar days
Rectification (16) Update in account settings or email us 14 days
Erasure (17) Submit deletion request via email 30 days**
Portability (20) Request in writing 30 days
Objection (21) Opt-out links or email request 14 days

**Some data may be retained where lawful (e.g., financial records for 7 years under UK tax law).

4. International Data Transfers

We ensure GDPR-compliant safeguards when transferring data outside the EU/EEA:

  • UK-EU Transfers: Rely on UK Adequacy Regulations
  • Other Transfers: Implement Standard Contractual Clauses (SCCs) with our US-based subprocessors (AWS, Stripe)

5. Security Measures

We implement:

  • Technical: End-to-end encryption for file transfers, regular penetration testing
  • Organizational: Staff GDPR training, strict access controls
  • Breach Protocol: Notification to supervisory authorities within 72 hours of awareness

6. Third-Party Processors

We use these GDPR-compliant processors:

Processor Service Location Safeguards
AWS Cloud hosting EU (London) EU Standard Contractual Clauses
Stripe Payments US PCI-DSS + SCCs
Zendesk Customer support EU Data Processing Agreement

7. Data Retention

Data Category Retention Period Reason
Account data 3 years post-account closure Contractual necessity
Financial records 7 years HMRC compliance
Deleted files 30 days from deletion Backup recovery window
Marketing data Until consent withdrawal PECR compliance

8. Contact & Complaints

Data Protection Officer:
Email: dpo@mkbdrive.com
Post: FAO DPO, Merkaba Solutions Ltd, 128 City Road, London EC1V 2NX

Supervisory Authorities:

  • EU: [Your lead DPA name/contact]
  • UK: Information Commissioner’s Office (ico.org.uk)

9. Policy Updates

Material changes will be:

  • Communicated via email 30 days in advance
  • Highlighted on our website with version history

GDPR Privacy Policy – MKBdrive.com

Hot Line +44 1 633 603050
E-mail Address info@mkbdrive.com
Our Location 128 City Road London

Copyright © 2021 MKBdrive.com All Rights Reserved.