Privacy Policy

M&A Institute Privacy Policy

Effective Date: May 17, 2025

At M&A Institute, we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy outlines how we collect, use, store, and share your information when you interact with our website, mnainstitute.com, and use our online M&A training services.

1. Who We Are

M&A Institute operates the website: mnainstitute.com. We are a UK-based provider of professional online M&A training and advisory services.

 

2. What Personal Data We Collect and Why We Collect It

We collect data to provide and improve our services, process transactions, and ensure a secure and personalized learning experience.

• Account Registration & Course Enrollment:

  • Data Collected: When you register for an account or enroll in an online M&A course, we collect information such as your name, email address, billing address, payment details, and professional information (e.g., company, job title) if provided.
  • Purpose: To create and manage your user account, process course registrations and payments, deliver course content, and provide customer support.
  • Legal Basis (GDPR): Performance of a contract with you, and legitimate interests (e.g., fraud prevention).

• Comments:

  • Data Collected: When you leave comments on our site, we collect the data shown in the comments form (name, email, comment text), your IP address, and browser user agent string. An anonymised string (hash) from your email may be provided to the Gravatar service.
  • Purpose: To publish your comments, assist in spam detection, and display your profile picture (if using Gravatar).
  • Legal Basis (GDPR): Legitimate interests (e.g., spam prevention, community interaction).

• Contact Forms & Inquiries:

  • Data Collected: Information you provide when contacting us through forms or email (e.g., name, email, message content).
  • Purpose: To respond to your inquiries and provide support.
  • Legal Basis (GDPR): Legitimate interests (e.g., customer service), and performance of a contract if related to a service inquiry.

• Media:

  • Data Collected: If you upload images (e.g., for profile pictures or course assignments), please be aware that embedded location data (EXIF GPS) can be extracted by others.
  • Purpose: To facilitate user interaction and course submissions.
  • Recommendation: Avoid uploading images with embedded location data.

• Usage Data & Analytics:

  • Data Collected: We may collect non-personally identifiable information about your interactions with our website, such as pages visited, time spent, browser type, and device information. We use analytics services (e.g., Google Analytics) to understand website usage.
  • Purpose: To analyze website performance, improve user experience, and optimize our online M&A training delivery.
  • Legal Basis (GDPR): Legitimate interests (e.g., website improvement).

 

3. Cookies

We use cookies to enhance your experience, remember your preferences, and facilitate site functionality.

• Functional Cookies:
  • If you leave a comment, you may opt-in to save your name, email, and website in cookies for convenience (lasts one year).
  • When you visit our login page, a temporary cookie checks if your browser accepts cookies (no personal data, discarded on browser close).
  • Upon logging in, cookies save your login information (two days) and screen display choices (one year). “Remember Me” extends login persistence to two weeks. Login cookies are removed upon logout.
  • If you edit or publish an article, a cookie indicating the post ID is saved (expires after 1 day).
• Analytical & Performance Cookies: Used by third-party services (like Google Analytics) to track website usage.
• Purpose: To improve user convenience, enable login features, and track website performance.
• Legal Basis (GDPR): Consent (for non-essential cookies), and legitimate interests (for essential functional cookies).

 

4. Embedded Content from Other Websites

Articles on this site may include embedded content (e.g., videos from YouTube, content from other sites). Embedded content behaves exactly as if you visited the other website directly.

These external websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, especially if you have an account and are logged in to their site. We are not responsible for the privacy practices of external sites.

 

5. Who We Share Your Data With

We only share your data as necessary to provide our services, comply with legal obligations, or protect our rights.

• Payment Processors: Payment details are shared securely with trusted third-party payment processors (e.g., Stripe, PayPal) to complete your online M&A course purchases. We do not store full payment card details on our servers.
• Service Providers: We may share data with third-party service providers (e.g., hosting providers, email delivery services, analytics providers) who assist us in operating our website and delivering our services. These providers are obligated to protect your data.
• Spam Detection: Visitor comments may be checked by an automated spam detection service.
• Legal Compliance: We may disclose your data if required by law or in response to valid requests by public authorities.
• Password Reset: If you request a password reset, your IP address will be included in the reset email.

 

6. How Long We Retain Your Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

• Comments: If you leave a comment, the comment and its metadata are retained indefinitely. This helps us recognize and approve any follow-up comments automatically.
• Registered Users: For users who register on our website, we store the personal information provided in their user profile. This data is retained as long as your account is active.
• Transaction Data: Financial transaction records are retained for a period required by tax and accounting laws (e.g., 6 years in the UK).

 

7. What Rights You Have Over Your Data (GDPR Compliance)

As a data subject in the UK/EU, you have the following rights regarding your personal data:

• Right to Access: You can request an exported file of the personal data we hold about you, including any data you’ve provided to us.
• Right to Rectification: You can request that we correct any inaccurate or incomplete data we hold about you. Most registered users can see, edit, or delete their personal information within their user profile at any time (though they cannot alter their username). Website administrators can also view and edit that information.
• Right to Erasure (‘Right to be Forgotten’): You can request that we erase any personal data we hold about you. This excludes data we are required to keep for administrative, legal, or security reasons.
• Right to Restrict Processing: You can request that we limit the way we use your data.
• Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
• Right to Object: You can object to our processing of your data in certain circumstances.
• Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.

 

8. Where Your Data Is Sent

Visitor comments may be checked via an automated spam detection service. Other data may be processed by our third-party service providers (e.g., hosting, analytics, payment processors) which may involve international data transfers. We ensure that such transfers comply with GDPR requirements (e.g., by using Standard Contractual Clauses or ensuring the recipient country has adequate data protection laws).

 

9. Updates to This Privacy Policy

M&A Institute may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any changes will be posted on this page with a revised effective date. We encourage you to frequently check this page to stay informed about how we are protecting your information.