1. Who we are
The data controller for personal data processed through this website and related enquiry channels is McFly World, operating from the business address shown in the site footer. For privacy requests, use the contact details in Section 12.
2. Data we collect
Depending on how you interact with us, we may process:
- Identity & contact: name, email address, phone number, organisation or property name, and similar fields you enter on our contact or quote forms.
- Enquiry content: service interest, location in Goa, visit preferences, timeline, budget band, message text, and any other information you choose to provide.
- Optional location data: if you use the live-location feature on our form, we may store coordinates and/or a formatted address you confirm, solely to plan on-site work you requested.
- Technical data: IP address, browser type, device characteristics, approximate region from IP, timestamps, and server logs generated when you load pages — used for security, debugging, and aggregate analytics.
- Session & security tokens: cookies or similar storage required to maintain your browsing session, protect forms (e.g. CSRF), and administer any authenticated areas.
- Anti-abuse signals: if we enable Google reCAPTCHA on forms, Google may receive technical data about your interaction to assess whether the submission is legitimate.
- Order or payment data: if you purchase goods or services through channels we operate online, we process billing-related data only as needed to fulfil the transaction and meet legal/tax obligations.
We do not require you to provide sensitive categories of data (such as health or biometric data). Please do not send such information unless we explicitly request it for a defined purpose.
3. Why we use data (purposes)
We use personal data to:
- Respond to enquiries and provide quotes, scheduling, and customer support by the channel you select (email, phone, WhatsApp, or in person).
- Perform contracts — deliver goods and services, issue invoices, and manage warranties or service follow-up.
- Operate and secure the website — prevent spam, fraud, and abuse; enforce rate limits; investigate incidents.
- Comply with law — including accounting, tax, and regulatory obligations applicable in India.
- Legitimate business interests — such as improving our website, understanding aggregate demand by region or service line, and training staff, where not overridden by your rights.
Where Indian law requires a specific ground (for example under the Digital Personal Data Protection Act, 2023, and rules issued thereunder), we process data only on permitted bases such as consent where required, performance of services you request, compliance with law, or legitimate uses as defined by applicable regulations.
4. Cookies & similar technologies
Strictly necessary: we use cookies or equivalent storage for core site functions — session continuity, security, and form protection (including CSRF). These are not optional if you want the site to work as designed.
Optional analytics (with your consent): if you choose “Accept analytics” on our cookie banner, we place a first-party visitor identifier (cookie and related storage) to log pages you view, time on page, approximate location derived from IP, device type, catalogue filter searches you type, and — when you submit a contact or product quote form — to associate your email and phone with that visit for follow-up in context. We also set a short plain-text cookie (mcfly_analytics_consent) so our server can match your form submission to the same visitor ID when needed. If you choose “Essential only”, we do not run this analytics layer; your form submissions are still processed, but we will not link them to a tracked visit record.
We do not use third-party advertising cookies on this policy’s effective date. You can change your mind by clearing site data for our domain in your browser (the banner will appear again when no choice is stored) or by contacting us. You can also control cookies through browser settings; blocking strictly necessary cookies may prevent some features from working.
5. Third-party services
We rely on reputable processors who handle data on our instructions or under their own terms as independent controllers where noted:
- Hosting & infrastructure — our website and database are operated on servers managed by our hosting provider; they may process technical and content data as needed to host the service.
- Google (Maps / Places) — if the quote form loads Google Maps JavaScript, Google may process IP address and interaction data under Google’s Privacy Policy.
- Google reCAPTCHA — if enabled, submissions are subject to Google’s terms for abuse prevention.
- WhatsApp / Meta — when you choose to message us on WhatsApp, your messages are processed by Meta’s platforms under their policies; we receive the content you send us there.
- Email delivery — transactional or notification email may pass through our mail provider.
We do not sell your personal data to data brokers.
6. Retention
We retain personal data only as long as necessary for the purposes above, including:
- Enquiries and leads — typically for the period needed to complete the sales or service cycle and internal follow-up, unless a longer period is required for disputes, legal claims, or tax/audit requirements.
- Customer and transaction records — as required under applicable Indian law for accounting and taxation.
- Server logs — rotated or deleted on a rolling basis consistent with security needs.
When data is no longer needed, we delete or anonymise it where feasible.
7. Security
We implement appropriate technical and organisational measures suited to the nature of our operations — including access controls, encrypted transport (HTTPS) for the public site, secure hosting practices, and staff awareness. No method of transmission or storage is completely secure; we encourage strong passwords on your own accounts and caution when sharing confidential information.
8. Your rights
Under applicable Indian law (including the Digital Personal Data Protection Act, 2023, as and when provisions relevant to you take full effect), you may have rights to access, correction, updating, or erasure of your personal data, to withdraw consent where processing is consent-based, and to lodge a complaint with the Data Protection Board of India or other competent authority as prescribed.
To exercise rights or raise concerns, contact us using Section 12. We may need to verify your identity before acting on sensitive requests. We will respond within timelines required by law when applicable.
9. Children
Our website and services are directed at adults and businesses. We do not knowingly collect personal data from children under 18 without verifiable parental consent. If you believe a child has provided us data, contact us and we will take steps to delete it where appropriate.
10. International transfers
Primary processing occurs in India. Some subprocessors (e.g. global cloud or communication providers) may process data in other countries. Where such transfers occur, we rely on contractual safeguards or mechanisms permitted under applicable Indian law.
11. Changes
We may update this Privacy Policy to reflect legal, technical, or business changes. The “Effective date” at the top will change when we publish a revision. Continued use of the website after updates constitutes notice of the revised policy where the law allows; where consent is required for new processing, we will obtain it separately.
12. Contact
For privacy questions, access requests, or complaints:
- Email: hello@mcflyworld.store
- Web form: Contact / quote
- Postal: Shop No. 21, Upper Ground Floor, Building A, Prabhu's Sky Panoramic, Dabolim, Ijorshi, Goa 403801
This policy is provided for transparency. It is not legal advice. Align operational practices and this text with counsel familiar with the Digital Personal Data Protection Act, 2023, and sector rules that apply to your business.