Privacy policy

Version 2.0

Effective Date: 1st March 2026

Markingo Portal LLC (“Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, process, store, and share personal information when you access or use the GlobCred platform, website, mobile applications, and related digital services (collectively, the “Platform”) and the services provided through it (collectively, the “Services”).

GlobCred is a brand and product of Markingo Portal LLC. All intellectual property on the Platform, including the name, logo, and designs, are owned by Markingo Portal LLC and are protected under applicable intellectual property laws. Trademark registration may be sought or is intended in relevant jurisdictions.

GlobCred is a global mobility technology platform that supports students throughout their international study journey. We do not provide loans, financial advice, or remittance services directly. All financial products and services are offered by licensed third-party institutions, which make independent decisions regarding such services.

For the purposes of applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (“DPDP Act”), Markingo Portal LLC acts as the Data Fiduciary responsible for processing personal data described in this Policy.

Data Controller and Contact Details: Markingo Portal LLC is the Data Fiduciary and controller responsible for the collection, use, processing, and protection of personal information collected through the Platform. Registered Office Address: UAE Office: Office No. OFF 504-830, Warba Centre, Al Murqabat, Dubai, United Arab Emirates.

Email: [email protected] / Contact Number: + 91 7092304363

Data Protection Officer (DPO): The DPO is responsible for monitoring compliance with data protection obligations, advising on privacy requirements, and acting as a point of contact for individuals and supervisory authorities where required. Markingo Portal LLC has appointed a Data Protection Officer (DPO) to oversee compliance with applicable data protection laws and to handle privacy-related matters. Postal Address: Office No. OFF504-830, Warba Centre, Al Murqabat, Dubai, United Arab Emirates.

The DPO can be contacted for any questions relating to the processing of personal data or this Privacy Policy at: Email: [email protected] / Contact +91 9769474846

  1. Acceptance of This Policy and Consent

    By accessing or using the Platform or Services, or by taking any affirmative action such as clicking “Accept,” you confirm that you have read and understood this Privacy Policy and provide your free, informed, specific, and unambiguous consent to the collection, use, processing, storage, and sharing of your personal information as described in this Policy. Your consent also indicates agreement to GlobCred’s Terms and Conditions and Website Terms of Use. You may withdraw your consent at any time; however, withdrawal may limit or discontinue certain Services that rely on processing your personal data.

    • a) Consent Audit Trail: GlobCred maintains records of your consent and any withdrawal requests to ensure compliance with applicable laws, including documentation of your consent where required.
    • b) Optional Data Fields: Some information (e.g., gender, marital status) is optional. You may choose not to provide optional data without affecting your access to core Services.
    • c) International Users: Users accessing the Platform from outside India may have additional rights under local laws such as the European Union’s GDPR, the California Consumer Privacy Act (CCPA), or other applicable regulations. Withdrawal or modification of consent may be subject to those laws.
  2. Information We Collect
    • a) General Statement: We collect personal information only as necessary to provide Services, comply with legal obligations, maintain security, and improve your experience.
    • b) Information Provided by You: We may collect the following information directly from you: Name, email, ID, educational background, intended study location, passport or government issued ID, academic certificates, financial information (for facilitation), communication details, and billing/payment information where applicable.
    • c) Information from Third Parties: We may receive personal information from third-party sources such as identity verification and KYC providers, financial eligibility or risk assessment partners, academic institutions, partner organizations, and credit information agencies (only with your consent).
    • d) Information Obtained from Third Parties: In some cases, GlobCred receives personal information from third-party sources rather than directly from users. These may include educational institutions, recruitment partners, authorised counsellors, financial institutions, identity verification providers, credit reference agencies, mailing list providers, and partner organisations involved in admissions or financing processes. The types of information received may include identity and contact details, academic records, application status, financial eligibility information, and verification or assessment data relevant to service delivery. Where personal data is not collected directly from the user, GlobCred will provide the required privacy information under applicable law (including Article 14 GDPR principles where applicable) within a reasonable period, and in any event no later than one month of obtaining the data, or at the time of first communication or disclosure to another recipient, whichever occurs earlier.
    • e) Statutory or Contractual Requirement and Consequences: Certain categories of personal information are required either by law or as a contractual requirement for accessing and using the Services on the Platform. This may include identity and KYC information, academic records, financial details, and other documentation necessary for admissions processing, regulatory compliance, fraud prevention, and facilitation of partner services such as educational financing. Where the provision of personal data is required by law or is necessary to enter into or perform a contract with us, failure to provide such information may result in the inability to create an account, complete verification, or access specific Services or features of the Platform. Where information is optional, users will be informed at the point of collection, and non-provision will not affect access to core Services, except where the information is required for the specific feature requested.
    • f) Automatically Collected Information: We may automatically collect: IP address, device information, browser type, operating system, access timestamps, pages viewed, and diagnostic or performance data.
  3. Cookies and Similar Technologies

    Cookies and similar tracking technologies are used to enable essential platform functionality, improve user experience, remember user preferences, analyse platform usage, and support security and performance monitoring. Cookies may be classified as:

    • Strictly necessary cookies: required for the Platform to function and cannot be disabled
    • Functional cookies: used to remember preferences and enhance user experience
    • Analytics cookies: used to understand usage patterns and improve Services
    • Marketing cookies (if applicable): used to deliver relevant communications or measure campaign effectiveness

    Where cookies are not strictly necessary, they will only be used with the user’s prior informed consent, in accordance with applicable laws including PECR and GDPR. Users may manage or withdraw their cookie preferences at any time through the cookie consent tool available on the Platform or via browser settings. For more detailed information on the cookies used, their purpose, and retention periods, users should refer to the Cookie Policy (if maintained separately). Cookies and similar technologies are used to operate the Platform, improve performance, and analyse usage. Strictly necessary cookies are required for the Platform to function and do not require consent. All other cookies, including analytics and advertising cookies, are non-essential and are only used where the user has given prior consent. We provide a cookie consent banner allowing users to Accept all, Reject all, or Manage preferences, including granular control over cookie categories. Non-essential cookies are not set until consent is provided. Users can change or withdraw their consent at any time through the cookie settings tool.

    For more details on cookies used, users may refer to the Cookie Policy.

  4. Inferred Information: We may derive insights such as eligibility indicators or application progress, which are used solely to improve service delivery and user experience.
  5. Sensitive Personal Data: Financial information, government-issued IDs, and academic certificates are classified as sensitive personal data and are subject to enhanced security and protection measures.
  6. Minors: The Platform and Services are intended for individuals aged 18 years or older. We do not knowingly provide Services directly to children under the age of 18. In limited cases where a user under 18 may be involved in an application process (for example, dependent or guardian-supported educational applications), personal data will only be processed with verifiable consent from a parent or legal guardian, where required under applicable law. We take additional care to ensure that any processing of minors’ data is fair, transparent, and limited to what is necessary for providing the requested Services. When we become aware that personal data has been collected from a minor without appropriate consent, we will take steps to delete such information promptly. Information relating to minors is presented in clear and accessible language, and we encourage parents or guardians to contact us at [email protected] for any concerns regarding children’s data processing.
  7. How We Use Your Information: We process personal data only for specific, lawful, and necessary purposes connected to the operation of the Platform and the delivery of Services. These include:
    • Verifying identity and supporting documentation
    • Facilitating admissions, applications, and partner-supported services
    • Assessing eligibility and preventing fraud or misuse
    • Communicating important updates and responding to user queries
    • Complying with applicable legal, regulatory, and contractual obligations
    • Maintaining platform security, integrity, and performance
    • Improving and optimising our Services and user experience
  8. Lawful Basis for Processing: GlobCred processes personal information only where there is a valid legal basis to do so under applicable data protection laws. Depending on the nature of the processing activity, personal data may be processed on one or more of the following grounds:
    • Consent: Where users voluntarily provide information or expressly consent to specific processing activities, including sharing information with partner institutions.
    • Performance of Contract: Where processing is necessary to provide Services requested by the user, including application facilitation, verification, onboarding, and customer support.
    • Legal and Regulatory Obligations: Where processing is required to comply with applicable laws, regulatory requirements, fraud prevention obligations, AML/KYC requirements, or lawful requests from authorities.
    Activity Data Used Purpose Lawful Basis Legitimate Interests (if used)
    Account creation Name, email, login details Create and manage account Contract (Art. 6(1)(b))
    KYC / verification ID, passport, financial data Identity verification, fraud prevention, compliance Legal obligation + Contract Fraud prevention, security
    Programme matching Education history, scores, preferences Recommend universities/programmes Legitimate interests (Art. 6(1)(f)) Relevant recommendations
    Financial facilitation Academic + financial documents Connect to financial partners Contract + Legitimate interests Access to funding options
    Visa support Passport, academic records Application and visa assistance Contract / Legal obligation Application processing support
    Customer support Contact details, communication logs Respond to queries Contract + Legitimate interests Service improvement
    Marketing Email, usage data Updates and offers Consent User engagement
    Security & fraud prevention Device data, IP, logs Security and fraud detection Legitimate interests Platform protection
  9. Legitimate Interests: GlobCred may process personal information where necessary for its legitimate business interests, including maintaining platform security, preventing fraud or misuse, improving platform functionality and user experience, conducting internal analytics, managing operational risks, supporting customer service, enforcing legal rights, and ensuring efficient administration of the Services, provided such interests are not overridden by the rights and freedoms of users.
  10. Sharing of Personal Information: We may share personal data with trusted third parties strictly on a need-to-know basis and subject to appropriate confidentiality, security, and contractual safeguards. These include:
    1. 1. Cloud hosting, infrastructure, storage, and cybersecurity providers
    2. 2. Analytics, performance monitoring, CRM, communication, and customer support service providers (including chatbot tools)
    3. 3. Identity verification, KYC, AML, and fraud prevention service providers
    4. 4. Payment processing service providers
    5. 5. Partner universities, educational institutions, and admission partners
    6. 6. Visa processing, immigration support, and documentation assistance agencies
    7. 7. Licensed banks, NBFCs, and financial institutions providing education financing services
    8. 8. Professional advisors such as auditors, legal consultants, and compliance partners
    9. 9. Prospective employers, where applicable and only with user consent.
  11. Vendor Oversight: All third-party financial partners are vetted for regulatory compliance and security standards and are contractually required to adhere to confidentiality and lawful use obligations.
  12. Independent Controllers: Certain financial partners operate as independent controllers with their own privacy policies. GlobCred is not responsible for independent processing or retention practices of these partners.
  13. Regulatory Compliance: Personal information may also be disclosed when required by law, court order, or regulatory directive.
  14. Cross-Border Data Transfers: Personal information may be transferred to and processed in countries outside India, and where applicable, outside the UK/EEA, including by overseas universities, financial institutions, cloud service providers, and other service partners involved in delivering the Services. Such transfers are carried out only where necessary for purposes such as facilitating international applications, identity verification, admissions processing, customer support, and operational infrastructure. Where international transfers occur, GlobCred ensures appropriate safeguards are implemented in accordance with applicable data protection laws, including Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), adequacy decisions (where applicable), and other contractual and technical security measures to ensure protection of personal data. Some recipients of personal data may be located outside the United Kingdom or other jurisdictions, including universities and service providers. Where we carry out a restricted international transfer, we ensure appropriate safeguards are in place in accordance with applicable data protection laws. These may include adequacy decisions (where available) or the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs), supplemented by additional technical and organisational security measures where required. Copies of the relevant transfer safeguards or further information about international data transfers may be requested by contacting us at [email protected]
  15. Data Security & Breach Notification: GlobCred implements reasonable technical and organizational measures, including encryption, access controls, monitoring, and logging, to protect personal information against unauthorized access, loss, misuse, or disclosure.

    Breach Notification: In case of a data breach affecting personal information, GlobCred will notify affected users and relevant authorities without undue delay and in accordance with regulatory timelines.

  16. Data Retention: Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including providing Services, complying with legal and regulatory obligations, resolving disputes, and enforcing agreements. Retention periods are determined based on the following criteria:
    • the duration of the user’s relationship with GlobCred and active use of the Platform
    • legal, tax, accounting, or regulatory retention requirements
    • requirements under financial services, KYC/AML, and fraud prevention laws
    • the need to establish, exercise, or defend legal claims
    • operational and audit requirements for service integrity and security.

    Once personal data is no longer required for these purposes, it is securely deleted, anonymised, or archived in accordance with applicable laws and internal retention policies.

    Category of Data Retention Period Basis / Justification
    Account data 6 years after last activity Legal, contractual, dispute resolution
    Identity / KYC data 6 years after account closure AML/KYC regulatory requirements
    Application / visa files As required by immigration law + up to 6 years Legal obligation and audit requirements
    Customer support data (emails/chats) 24 months Service quality and dispute handling
    Financial transaction records 6–7 years (as applicable) Tax, accounting, legal compliance
    Marketing data Until consent withdrawal or 24 months inactivity Consent-based processing
    Security logs / device data 12–24 months Fraud prevention and system security
  17. Your Rights: Depending on applicable data protection laws, you may exercise the following rights:
    • Access and obtain a copy of your personal data
    • Request correction of inaccurate or incomplete data
    • Request deletion or anonymisation of personal data
    • Withdraw consent where processing is based on consent
    • Object to or restrict certain types of processing
    • Contest automated decision-making outcomes (where applicable)
    • Exercise any other rights available under applicable laws including DPDP Act, GDPR, CCPA, or similar regulations

    How to Exercise Your Rights: You may exercise your rights by contacting us at: [email protected]. Upon receiving a request:

    • We will acknowledge it within a reasonable timeframe
    • We aim to respond within one month, in accordance with applicable data protection laws (extendable where permitted for complex requests)
    • We may request additional information to verify your identity before processing the request to ensure security and prevent unauthorised access

    You may exercise your rights by contacting us at [email protected]. Where available, you may also use the Platform’s contact form. We may request identity verification before processing your request. We will respond within one month of receipt of your request, unless an extension is permitted under applicable law for complex cases, in which case we will inform you. If you are not satisfied with our response, you may complain to the Information Commissioner’s Office (ICO) at https://www.ico.org.uk.

    Right to Lodge a Complaint

    If you believe your personal data has been processed in violation of applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. For users in the United Kingdom, this includes the: Information Commissioner’s Office (ICO) — https://ico.org.uk. Users may also lodge a complaint with their local data protection authority in their country of residence.

  18. Automated or Algorithmic Processing: Some processes on the Platform, including eligibility assessment, application matching, document screening, and service recommendations, may involve automated processing or profiling carried out by GlobCred or its authorised partners. Such processing is used to support functions such as assessing basic eligibility criteria, matching users with relevant institutions or financial partners, detecting fraud or risk indicators, and improving service recommendations. Where automated processing is used, it is based on pre-defined criteria and does not constitute solely automated decision-making that produces legal or similarly significant effects without human involvement. Users may request human review of any automated outcome where they believe it has significantly affected them. Where required under applicable law, users will be informed about the logic involved, the significance of such processing, and the potential consequences for them.

    Some processes on the Platform, including programme matching, eligibility screening, and recommendations, may involve automated tools and profiling. These tools are used to assess basic eligibility, match users with relevant opportunities, and improve service recommendations.

  19. Enforcement of Policy: We may take appropriate action where this Privacy Policy or applicable laws are violated. This may include:
    • Restricting or suspending access to the Platform
    • Delaying or refuse processing of requests where necessary for security or fraud prevention
    • Conducting internal investigations
    • Preserving relevant records for legal, regulatory, or compliance purposes

    Such actions will be taken only where reasonably necessary to protect the Platform, users, or compliance obligations, and in accordance with applicable law.

  20. Changes to This Privacy Policy: Updates will be posted on the Platform with the revised version number and effective date. Users will be notified via email for material changes. Continued use of the Platform indicates acceptance of the updated Policy. International Users: Updates comply with local privacy laws, including EU, UK, US, and other applicable jurisdictions.