Privacy Shield Privacy Policy

Last updated: August 15, 2018

 

 

This Privacy Shield Privacy Policy supplements the Mirror Technologies Inc (“Mirror”) Privacy Policy and addresses how we handle Personal Information that is collected in the European Economic Area (the “EEA”) and Switzerland and transferred to Mirror in the U.S.

Mirror complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (including Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Privacy Shield.  Mirror has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Mirror is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  In case of conflict between our Privacy Policy and this Privacy Shield Privacy Policy, this Privacy Shield Privacy Policy shall prevail.

 

1 HOW WE COLLECT PERSONAL INFORMATION

We collect and process Personal Information in different capacities.

  • As a data controller, we collect and process EEA and Swiss Personal Information directly from individuals via our websites, including www.mirror.me, or in connection with our Customer relationships.
  • As a data processor, we process and store EEA and Swiss Personal Information obtained from our Customers when providing the Mirror Service. In that context, we only process Personal Information on behalf of and at the instructions of our Customers, who are the data controllers.

 

2 NOTICE

We provide information in our Privacy Policy regarding our privacy practices.

When using our Service, Customers determine the categories of data they upload into our systems and the purposes for which the data is processed. Accordingly, Customers are responsible for providing notice to the individuals from whom they have collected Personal Information.

 

3 DATA INTEGRITY AND LIMITATION OF PURPOSE

We may use any Personal Information we obtain for the purposes indicated in our Privacy Policy or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes or as subsequently authorized by you. We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the intended purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete, and current. We will adhere to the Privacy Shield Principles for as long as we retain the Personal Information collected under the Privacy Shield.

When we process Personal Information in the context of our Services, we process and retain Personal Information only as necessary to provide our Services, or as required or permitted under applicable law.

 

4 DATA DISCLOSURES

We disclose Personal Information as described in our Privacy Policy. If we disclose it to a third party acting as a data controller or as an agent, we will comply with, and protect the Personal Information as provided in the Accountability for Onward Transfer Principle.

Mirror’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Mirror remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Mirror proves that it is not responsible for the event giving rise to the damage.

When we process Personal Information in the context of our Service, we disclose Personal Information as necessary to provide the Service and as authorized in our agreements with Customers.

As stated in our Privacy Policy, we may also share your Personal Information that we control or process in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

5 DATA SECURITY

We use reasonable and appropriate measures to protect your Personal Information from accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing, considering the risks involved in the processing and the nature of the Personal Information.

 

6 RIGHTS AND CHOICES

Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States.  Upon request, we will provide you with access to the personal information that we hold about you.  You may also may correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacy@mirror.me.  If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to privacy@mirror.me.

When we process Personal Information in the context of our Service, we only process and disclose the data as necessary to provide the Service. Our Customers control how the information they upload to the Service is disclosed and used, and how it can be modified. Accordingly, if you wish to request access, to limit use, or to limit disclosure of Personal Information uploaded to the Service by our Customer, please contact the Customer who submitted your data to our Service. If you provide us with the name of our Customer that is processing your Personal Information, we will refer your request to that Customer, and will support the Customer as needed in responding to your request.

 

7 RECOURSE AND ENFORCEMENT

In compliance with the Privacy Shield Principles, Mirror commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Mirror by email at privacy@mirror.me or via post at:

Mirror Technologies, Inc., Attn: Privacy Officer

315 W 36th St

New York, NY 10018

Mirror has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

 

8 UPDATES TO THE PRIVACY SHIELD PRIVACY POLICY

This Privacy Shield Privacy Policy may be changed from time to time, consistent with the requirements of the Privacy Shield. You can determine when this Privacy Shield Privacy Policy was last revised by referring to the “Last Updated” legend at the top of this page. Any changes to this Privacy Shield Privacy Policy will become effective when we post the revised version on our website.

 

9 CONTACT INFORMATION

If you have any questions, concerns or complaint regarding our privacy practices, or if you’d like to exercise your choices or rights, please contact us through one of the following methods:

  • By e-mail: privacy@mirror.me
  • By mail: Mirror Technologies Inc, 315 W 36th Street, ATTN: Privacy Officer, New York, NY 10018

 

 

*  *  *