Privacy Policy

Your data choices

We also honour Global Privacy Control (GPC) by declining non-essential cookies automatically.

1) Who we are (Controller & DPO)

This Site (mcr.ae) is operated for and on behalf of Gary McRae by The Clarity Practice Pte. Ltd. (“TCP”, “we”, “us”, or “our”) in Singapore. We comply with the Singapore Personal Data Protection Act 2012 (“PDPA”).

• Controller: The Clarity Practice Pte. Ltd. (Singapore)
• Site: mcr.ae
• Data Protection Officer (DPO): Gary McRae
• Contact: gary@mcr.ae

2) What personal data we collect

• Contact data (name, email, company, role) when you submit forms or book meetings.
• Usage/analytics data (pages viewed, interactions, device/browser, referrer, approximate geo) via cookies and pixels.
• Communications (messages you send us and our responses).
• Technical logs (IP address, request metadata) for security and troubleshooting.

3) How we use personal data

• To respond to enquiries, schedule meetings, and provide services you request.
• To operate, secure, and improve the Site and our services.
• To understand engagement and measure performance (aggregated analytics).
• To send updates or marketing with your consent (you can opt out anytime).
• To comply with legal and regulatory obligations.

4) Our legal bases

We rely on: (a) consent (e.g., cookies/marketing), (b) legitimate interests (e.g., Site security and improvement), and (c) legal obligations.

5) Cookies & similar technologies

We use cookies and similar technologies for core functionality, analytics, and (if enabled) marketing. Your consent is obtained via our cookie banner and can be changed at any time using the button above.

The banner’s “cookie details” view provides the most current list of client-side cookies operating on this Site.

6) Third-party services (processors)

We work with reputable providers to host, operate, and measure the Site. These may change from time to time. We use contractual and security controls and transfer safeguards where data is processed outside Singapore. Current categories and examples include:

• Hosting & CDN: Netlify (site hosting & delivery).
• Analytics: Google Analytics via gtag (only if you consent).
• Marketing & forms: HubSpot (forms, CRM, tracking with consent).
• Media delivery: Cloudinary (image hosting/optimisation).
• Collaboration/ops: GitHub and related build tooling (no direct visitor tracking).

We provide a representative list and reserve the right to update it.

7) How we share data

We do not sell personal data. We may share with the processors listed above, our professional advisers, or authorities where required by law.

8) Retention

We retain personal data only as long as necessary for the purposes described or as required by law, after which it is securely deleted or anonymised.

9) Security

We implement technical and organisational measures appropriate to the risk, including encryption in transit, least-privilege access, logging, and supplier security reviews.

10) International transfers

Where personal data is transferred outside Singapore, we ensure comparable protection under PDPA using contractual clauses and other safeguards.

11) Your rights

Under PDPA you may request access or correction, withdraw consent, and make complaints. To exercise your rights:

• Email our DPO at gary@mcr.ae
• Use our privacy portal: Data Rights Request (access / correction / deletion)

12) Direct marketing

If you subscribe to updates, you can opt out using the “unsubscribe” link or by contacting us at gary@mcr.ae.

13) Contact & DPO

Data Protection Officer: Gary McRae
Email: gary@mcr.ae