Privacy Policy
Effective date: 1 January 2026 · Last updated: 1 May 2026
Marlcedon Ltd ("Marlcedon", "we", "our") is a global hiring and operations infrastructure company. This Privacy Policy explains how we collect, use, share, and protect personal information from visitors to our website, candidates in our talent network, and contacts at client and prospective-client organisations.
We comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA / CPRA) where applicable, the Nigerian Data Protection Act 2023, and equivalent laws in the jurisdictions where we operate. Marlcedon is registered as a data controller under the relevant authorities and maintains ISO 27001 and SOC 2 Type II certified information security controls.
1. Information we collect
We collect only the personal information necessary to deliver our services, evaluate candidates, manage commercial relationships, comply with our legal obligations, and improve our website. Categories include:
- Account & contact data: name, email, phone, role, employer, country.
- Talent application data: CV, work history, skills, references, assessment responses, portfolio links, availability, salary expectations, right-to-work status, and identity verification documents where required.
- Client inquiry data: company name, role specification, team size, hiring timeline, budget context, requirements text.
- Engagement data: signed agreements, statements of work, performance reviews, time-tracking data, and continuity-bond artifacts where relevant to a placement.
- Communications: emails, support requests, AI-concierge transcripts, meeting notes you share with us.
- Technical data: IP address, browser, device type, pages viewed, referring URL, language, timezone, and consent state for cookies.
- Compliance & background data: where you become a placed operator, we may collect and store the records required by your local employer of record, tax authority, and our SOC 2 audit obligations.
2. How we use it (legal bases)
- Performance of contract: matching candidates to roles, executing placements, paying operators.
- Legitimate interests: improving our service, vetting candidates, securing our systems, measuring website performance (analytics).
- Consent: marketing emails, optional cookies, sensitive data where applicable (revocable any time).
- Legal obligation: tax, anti-money-laundering, employer-of-record statutory recordkeeping, lawful requests from regulators.
3. How we share it
We never sell personal information. We share it only with:
- Clients who are evaluating you for a role you have applied to or been put forward for.
- Sub-processors who provide infrastructure (cloud hosting, identity, background checks, payroll, employer of record). A current list is available on request to our DPO.
- Authorities where required by law, lawful regulatory process, or to defend legal claims.
All sub-processors are bound by data-processing agreements with confidentiality, security, and onward-transfer restrictions equivalent to GDPR Article 28.
4. International transfers
Marlcedon operates across the United States, United Kingdom, European Union, and Africa. Where we transfer personal data across borders, we use the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and supplementary technical measures (encryption in transit and at rest, access logging, least-privilege controls).
5. How long we keep it
- Talent application data: 24 months after your last activity, then deleted or anonymised, unless you remain in active matching.
- Client inquiry data: 36 months after the last commercial touchpoint.
- Engagement records: for the duration of the engagement plus 7 years, as required by tax and employer-of-record law.
- Website analytics: aggregated and anonymised after 14 months.
6. Your rights
Depending on where you live, you have the right to access, correct, delete, restrict, export, or object to our processing of your personal information, and to withdraw consent. To exercise any of these, email privacy@marlcedon.com. We will respond within 30 days. You also have the right to complain to your local supervisory authority.
7. Security
Marlcedon maintains an ISO 27001-aligned information security management system and a SOC 2 Type II report covering security, availability, and confidentiality. Controls include encryption in transit (TLS 1.2+) and at rest (AES-256), single sign-on with MFA for staff, least-privilege role-based access, continuous logging, third-party penetration testing, and an incident response process with defined breach-notification timelines under GDPR Article 33.
8. Cookies
We use a small number of essential cookies to run the site, plus optional analytics and marketing cookies that are off by default. You control these through the cookie banner and can change your preferences at any time by clearing site data. See the Terms of Service for details on permitted use.
9. Children
Marlcedon's services are not directed at individuals under 18 and we do not knowingly collect personal data from minors.
10. Changes
We will post material changes to this Policy on this page with an updated effective date. For substantive changes we will provide notice by email where we have your contact information.
11. Contact
Data Protection Officer: privacy@marlcedon.com
Postal address available on request.