Last updated: 24/06/2019
2. What is The Mirror Man?
References to “The Mirror Man” means the company.
3. When do we collect personal information?
We collect your personal information in a number of instances, including when you:
- Make an online purchase and check out as a guest (in which case we collect transaction-based data);
- Create an account with us;
- Book any kind of bespoke service with us;
- Visit any of our Website, and use your account to buy products and services, or redeem vouchers from The Mirror Man on the phone, on our market exhibitions or online;
- Purchase a product or service by phone but don’t have (or don’t use) an account;
- Engage with us on social media;
- Buy a product from us;
- Contact us by any means with questions about a product or to raise a complaint;
- Ask one of our colleagues to email you information about a product or service;
- Enter prize draws or competitions;
- Comment on or review our products and services. Any individual may access personal information related to them, including opinions. So if your comment or review includes information about the colleague who provided that service, it may be passed on to them if requested;
- Have given a third party permission to share the personal information they hold about you with us;
- Phone us, we sometimes record phone conversations for record or training purposes.
4. What personal information do we collect and why?
We do not store credit card details nor do we share customer details with any 3rd parties.
The personal information that we collect about you broadly falls into the following categories:
Information that you provide voluntarily
When you make a purchase online, or enter a prize draw/competition, you will be asked for some essential information including your title, first name, surname, postal address, email address, telephone, and if applicable, payment information. These are collected to help us:
- Process your online orders including sending order confirmation and delivery information via email or text message, or process payments due to us;
- Contact you about your product, your order or account where required;
- Deliver safe and secure shopping by helping to prevent and detect fraud – to do this, we may need to disclose information to assist legal processes;
- Understand your needs and listen to your feedback via market research/shopping analysis, customer polls and surveys;
- Send you marketing and promotional offers and to manage your marketing preferences if you elect to receive marketing and promotional offers from us;
- Speed up your form filling processes if you’ve registered online;
- Respond to any issues or queries via the customer service adviser teams;
- Conduct analytics to understand how our services are used and to improve your customer experience; and/or
- Notify you about changes to our service.
Information that we collect automatically
When you visit our Website, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.
Specifically, the information we collect automatically may include information like your IP address, device type, operating system, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.
Collecting this information enables us to better understand the visitors who come to our Website, where they come from, what content on our Website is of interest to them, what they have viewed or looked at and in some instances what they have purchased. We use this information for internal analytics purposes, to improve the quality and relevance of our Website to our visitors and users and to deliver personally tailored retail offers (both on the website and through triggered email, SMS and direct mail (but only where you have agreed to these channels)).
Some of this information may be collected using cookies, tracking pixels and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology” below.
Information that we obtain from third party sources
From time to time, we may receive personal information about you from third party sources, but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
If you have any questions about the third parties we obtain personal information from, please contact us using the contact details provided under the “How to contact us” heading below.
Enhancing our data
Where we have obtained your personal information from various sources (including personal information we have lawfully obtained from third parties or from other members of The Mirror Man) we may combine this information in certain circumstances in order to enhance our understanding of your requirements and preferences in relation to our products and services. This is necessary for the purposes of our legitimate interests to ensure that we provide you the most appropriate offers for products and services and to personalise your The Mirror Man experience.
We will use the personal information we hold about you (as well as pseudonymised or anonymised information generated from your personal information) to carry out analysis and research. We carry out all such analysis and research on the basis that it is necessary for the purposes of our legitimate interests in understanding our customers and ensuring that our products and services meet the needs of our customers. We undertake data analytics, whereby we combine information we hold on a large scale, in order to:
- Learn more about our customers and their preferences;
- To identify patterns and trends amongst our customers;
- Enhance user experience on our Website;
- Provide information, content and offerings tailored to our customers’ needs;
- For general research and statistical purposes;
- For aggregated reporting purposes within The Mirror Man;
- To help us develop new products and services;
- To monitor performance of our products and services;
- To be able to send you personalised marketing messages; and
- To display online advertisements to you.
5. Who do we share your personal information with?
We may disclose your personal information to the following categories of recipients:
- IT companies who support our Website, and other business systems;
- Operational companies such as delivery couriers;
- Direct marketing, loyalty reward companies or other third parties who help us manage electronic communications with you;
- Data insight and data analysis companies (to provide us with tools to analyse the data which we hold);
- Promotional partners (such as cashback or voucher sites);
- Customer review companies (so you can leave feedback and we can improve our service to you); and/or
- Competition or prize-draw partners.
- to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights or apply our Terms and Conditions, or (iii) to protect your vital interests or those of any other person;
- to any other person with your consent to the disclosure.
Where we share your personal information with third party service providers and partners we apply a policy to ensure your personal information is safe and in order to protect your privacy. Our policy requires:
- We provide only the information they need to perform their specific services.
- They may only use your data for the purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we stop using their services, any of your personal information held by them will either be deleted or rendered anonymous (subject to applicable law).
Third parties (such as Google, Bing, Yahoo Facebook, Instagram, Twitter, Pinterest, Snapchat, Tumblr) may serve cookies on your computer or mobile device to serve advertising through our Websites. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. This can be accomplished by them using cookies or web beacons to collect information about your visits to this and other sites in order to provide relevant advertisements about goods and services of potential interest to you. The information collected through this process does not enable us or them to identify your name, contact details or other personally identifying details unless you choose to provide these (based on your marketing consent or acceptance of cookies). Please see “Cookies and similar tracking technology” below for more information.
6. Legal basis for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only (i) where we need the personal information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
7. Cookies and similar tracking technology
8. How do we keep your personal information secure
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we use include:
- Encrypting your personal information. When you place an order or access your account information, your information will be sent through to us. A secure server encrypts all of the information you input before it is sent to us. This protects your confidential data, particularly your credit card details from unauthorised use;
- Keeping your information up-to-date and accurate. Please note that, to do this, we require you to tell us if any of your details such as your name or address change; and
- Having in place strict security procedures for the storage and disclosure of your information to prevent unauthorised access.
9. International data transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of the UK.
Our Website servers are located in the UK.
10. Data retention
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. For more information about the specific periods for which we retain your data, please contact us using the contact details provided under the “How to contact us” heading below.
11. Your data protection rights
You have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
- In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to contact us” heading below.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, see the section headed “contacting the regulator” below.
12. Contacting the regulator
If you feel that your personal information has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal information, you have the right to raise a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns (opens in a new window; please note we cannot be responsible for the content of external websites).
14. How to contact us
If you have any questions or concerns about our use of your personal information, please contact our Data Protection Officer at the following address
The data controller of your personal information will be The Mirror Man entity that you are dealing with.