Last updated: August 15, 2018
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Mirror is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
1 HOW WE COLLECT PERSONAL INFORMATION
We collect and process Personal Information in different capacities.
- As a data controller, we collect and process EEA and Swiss Personal Information directly from individuals via our websites, including www.mirror.me, or in connection with our Customer relationships.
- As a data processor, we process and store EEA and Swiss Personal Information obtained from our Customers when providing the Mirror Service. In that context, we only process Personal Information on behalf of and at the instructions of our Customers, who are the data controllers.
When using our Service, Customers determine the categories of data they upload into our systems and the purposes for which the data is processed. Accordingly, Customers are responsible for providing notice to the individuals from whom they have collected Personal Information.
3 DATA INTEGRITY AND LIMITATION OF PURPOSE
When we process Personal Information in the context of our Services, we process and retain Personal Information only as necessary to provide our Services, or as required or permitted under applicable law.
4 DATA DISCLOSURES
Mirror’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Mirror remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Mirror proves that it is not responsible for the event giving rise to the damage.
When we process Personal Information in the context of our Service, we disclose Personal Information as necessary to provide the Service and as authorized in our agreements with Customers.
5 DATA SECURITY
We use reasonable and appropriate measures to protect your Personal Information from accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing, considering the risks involved in the processing and the nature of the Personal Information.
6 RIGHTS AND CHOICES
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
When we process Personal Information in the context of our Service, we only process and disclose the data as necessary to provide the Service. Our Customers control how the information they upload to the Service is disclosed and used, and how it can be modified. Accordingly, if you wish to request access, to limit use, or to limit disclosure of Personal Information uploaded to the Service by our Customer, please contact the Customer who submitted your data to our Service. If you provide us with the name of our Customer that is processing your Personal Information, we will refer your request to that Customer, and will support the Customer as needed in responding to your request.
7 RECOURSE AND ENFORCEMENT
In compliance with the Privacy Shield Principles, Mirror commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Mirror by email at firstname.lastname@example.org or via post at:
Mirror Technologies, Inc., Attn: Privacy Officer
315 W 36th St
New York, NY 10018
Mirror has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
9 CONTACT INFORMATION
If you have any questions, concerns or complaint regarding our privacy practices, or if you’d like to exercise your choices or rights, please contact us through one of the following methods:
- By e-mail: email@example.com
- By mail: Mirror Technologies Inc, 315 W 36th Street, ATTN: Privacy Officer, New York, NY 10018
* * *