loading

Logo Miroma

01%

By clicking “ALLOW ALL”, you agree to the storing of cookies on your device to enhance site navigation and to analyse site usage. Read more here.

Allow all
Disable all

    close-popup
    bg-popup

    Signup to our newsletter and stay connected


    clear-icon

    clear-icon

    clear-icon

    clear-icon

    arrow-submit
    Logo Miroma Desktop
    Logo Miroma Mobile

    Menu Close

    Privacy Notice

    Last updated: September 2024

    PURPOSE OF THIS PRIVACY NOTICE

    This privacy notice (“Privacy Notice”) explains Miroma Group’s approach to any personal data we might collect from you (i) when you use our websites (“Sites”) and services (“Services”), (ii) during any other interactions with us, or (iii) which we might otherwise process when providing Services to our clients (including the personal data we collect, why we collected it and your rights in respect of our processing of your personal data).

    Please take a moment to read and understand this Privacy Notice. We may occasionally notify you of any significant changes that we make to this Privacy Notice, including to reflect any changes or proposed changes to our use of your personal data, but we encourage you to periodically review this Privacy Notice to keep up to date. 

    This Privacy Notice should also be read in conjunction with:

    • The Cookie Preferences feature that we make available through each of our Sites, together with the Our Use of Cookies section, which contains further information about the cookies and similar technologies (“Cookies”) that we use.
    • The relevant Terms of Service which govern your access to and use of the relevant Site(s) you have visited. 

    SCOPE OF THIS PRIVACY NOTICE

    This Privacy Notice:

    • Only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links on our Site to third party websites over which we have no control).
    • It is not intended to cover the processing of workplace personal data. If you are engaged as a worker for us, please see our Workplace Privacy Notice, which sets out further information about how we may process your personal data in connection with your employment and/or engagement.
    • Is intended to meet the requirements of privacy laws of the UK and the European Union, in particular the European Union’s General Data Protection Regulation (“EU GDPR”) and the Data Protection Act 2018 and the UK GDPR (as defined in the 2018 Act).

    ABOUT US 

    The Sites and Services are made available by a member of the Miroma Group. “Miroma Group”, “we”, “us” or “our” in this Privacy Notice refers to Miroma Holdings Limited and its affiliated agencies.

    For the purposes of this Privacy Notice and the GDPR, unless we state otherwise, the relevant entity listed below will be considered a data controller of your personal data in connection with use cases identified in this Privacy Notice. Please note that in many cases where we process data in relation to Services that we provide, we may carry out the activities referred to in this Privacy Notice in our capacity as a data processor acting on behalf of our clients. We have made this distinction clear in the Privacy Notice.

    The Miroma Group of companies consists of us and our network of affiliates including but not limited to:

    Controller
    Agency Press Limited (trading as “Sold Out”)
    Attentive Limited
    Buzz 16 Productions Limited
    Dewynters Limited
    Enhance Outdoor Limited
    Fold7 Limited
    Hyperactive London Limited
    Maker Lab Group UK Limited
    Miroma Founders Network Limited
    Miroma International Limited (trading as “Miroma Outcomes”)  
    Newman Displays Limited
    Silly Face Limited
    Story House PR Limited
    The Multiple Agency Limited
    The Overlap Limited
    Twelve A.M. Media Limited
    Wake The Bear Limited
    We Are Raven Limited

    TYPE OF PERSONAL DATA WE COLLECT AND PROCESS

    In providing our Sites and our Services, we may collect and process different types of personal data about you for different purposes. The types of personal data we collect depends on a number of factors, including who you are, how you use our Sites, and you or your organisation’s role in relation to the Services that we provide to our clients. It may include the following (as applicable):

    Identity Data

    First name; last name; job title; company name. 

    Contact Data 

    Physical address; email address; telephone/mobile phone number; social media handle.

    Applicant Data

    Date of birth; gender; country; nationality; information contained in a CV (including work experience and education); dietary requirements; any other personal data that you may provide in advance of/during your supply of services to us.

    Image Data

    Photos; video recordings.

    Transaction Data

    Details about payments made between you and us in connection with our Services or the services that you or your organisation provides, including bank account details and/or partial payment card details; your billing address; details of our Services or your services.

    Profile Data

    Interests and preferences that you communicate to us or that we observe about you in relation to the Services that we provide; information collected in connection with your participation in any promotions or competitions; feedback and survey responses; details of any communication between you and us, including the content of any email or telephone communications.

    Behavioural Data

    Data observed or collected in connection with your browsing activity on our Sites (or on online services that are used in connection with our Services) or your interaction with our emails or our social media pages; information about when your current or previous sessions on our Sites started; the referring website addresses that sent you to our Sites; details about any pages of our Sites that you viewed.

    Technical Data

    IP address; full web page URL; browser type; device type and operating system; geolocation, to ensure we are showing you the correct notices and information; any other unique numbers assigned to your device.

    Marketing and Communications Data 

    Marketing preferences; service communication preferences. 

    Public Data

    Information contained in articles that you have published or featured in or in presentations that you have participated in (or similar); information that you publish on social media (including LinkedIn), websites or blog posts about you (including your work history and credentials); information about your interests or affiliations or publicly stated positions on political, corporate and similar matters.

    For more information about the personal data we collect please refer to the How we use personal data section.

    HOW WE COLLECT PERSONAL DATA

    We may collect and receive personal data using different methods:

    Personal data you provide to us 

    You may give us your personal data directly, for example: when you obtain Services from us; when you contact or provide feedback to us or provide services to us; when you subscribe to receive our marketing communications; and in connection with our recruitment activities.

    Personal data we collect using Cookies and other similar technologies

    We collect certain Technical Data and Behavioural Data through our use of Cookies and other similar technologies. See the Site insight and analysis section for further information about how we use this personal data.

    To find out more about our use of Cookies, see the Our use of Cookies section of this Privacy Notice. You can also find out more and manage your preferences in relation to Cookies that we use on our Sites by scrolling to the bottom of this page and clicking the ‘cookie preferences’ link in our footer.

    Personal data received from third parties

    We may receive personal data about you from third parties. Such third parties may include analytics providers, data brokers, third party directories and third parties that provide technical services to us so that we can provide our Sites and our Services.

    Publicly available data

    From time to time, we may collect personal data about you (Identity Data, Contact Data, or Public Data) that is publicly available through third party sources (including open source data sets or media reports) or that you or a third party may otherwise make publicly available (for example through social media posts, speeches at events, or by publishing articles or other news stories).

    WHO WE COLLECT PERSONAL DATA ABOUT

    We collect and process personal data relating to the following people:

    Site visitors

    We will collect and process your personal data in connection with your use of our Sites.

    People who contact us with enquiries

    If you contact us with an enquiry through one of our Sites, submit a complaint or provide any feedback to us in our surveys and feedback forms, we will collect and process your personal data in connection with your interaction with us and our Sites.

    Client personnel

    We may collect and process your personal data in connection with the supply of Services to you and/or your organisation.

    Individuals we work with

    If you are an individual and you supply services and/or content to us and/or work with us to provide services to our clients (for example, where you are a freelancer, contractor, or sole trader, including where you are talent that features in content or a marketing campaign that we produce for our clients), we may collect or process your personal data in connection with the services and/or content that you provide to us and our clients.

    Partner and supplier personnel 

    If you (or your organisation) supply products or services to us or otherwise partner with us, we may collect and process your personal data in connection with our receipt of those products and services and/or partnership.

    Visitors to our offices, studios, production sites

    If you attend one of our physical offices or other locations from which we are working, we may process personal data that you volunteer in connection with your visit and any enquiries you make. For example, you may volunteer personal data when signing in as a guest, or when you register for and access our guest Wi-Fi network at our premises. CCTV footage may also be collected for security purposes.

    Event attendees

    If you attend one of our events, we will process personal data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other documents relating to the event.

    Job applicants

    If you apply for a job with us, whether through one of our Sites or otherwise, we will collect and process your personal data in connection with your application.

    Members of the public 

    We may process your data in connection with the provision of the Services to our clients.

    HOW WE USE PERSONAL DATA AND OUR LEGAL BASES FOR THESE USES

    We have set out below a description of the ways we use your personal data and which of the legal bases we rely on to do so.

    Purpose/activityOur legal basis for processing
    Operation and analysis of our Sites
    To provide our Sites to you When you browse our Sites, we collect and process Technical Data so that we can provide our Sites to you, including to ensure that we’re showing you the correct notices and information. It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest to use personal data in such a way to ensure that we provide access to our Sites in a secure and effective way and so we can make improvements to our Sites.  
    Site insight and analysis We and our third-party partners use cookies, web beacons, pixel tags and other similar technologies (which we generically refer to as “Cookies”) to collect data from the devices that you use to access our Sites or to open our emails. The data that is collected includes Behavioural Data and Technical Data.  We and our third-party partners use this data to analyse your interactions with our Sites and our emails, and to improve the effectiveness of our Sites and emails, including to: count users who have visited our Sites or opened an email, and to collect other types of aggregate information, including insights about visitor browsing habits; assess the effectiveness of our content, including to help us understand the type of marketing content that is most likely to appeal to our clients; learn what parts of our Site and which of our emails are of most interest, and to understand what kind of features and functionalities visitors to our Sites like to see;  to improve our Sites and our emails, including the content and the structure and navigation of our Sites; and track receipt of an email we send to you.  To find out more about our use of Cookies, see the Our use of Cookies section. You can also find out more information about Cookies that we use in connection with our Sites and manage your preferences by scrolling to the bottom of this page and clicking the ‘cookie preferences’ link in our footer.  Where your data is collected through the use of non-essential cookies, we rely on consent to collect your personal data and for the onward processing purpose.  In some limited circumstances, we may rely on another lawful basis when we use your personal data collected via the use of cookies. For example, where we use personal data collected through the use of analytics cookies to analyse how you interact with our emails, it is in our legitimate interest to use your personal data in such a way for the above purposes.  
    Marketing and engagement through social media  We may collect or process personal data (including certain Contact Data, Identity Data, Profile Data and Public Data) of persons that engage with us through our social media channels, such as YouTube, Twitter, LinkedIn or Instagram (including by commenting or posting on our social media pages or by otherwise communicating with us via social media). We do this to promote us and our Services and to generally engage with individuals through social media in connection with our business.  It is in our legitimate interests to process personal data in this way so that we can market us and our Services effectively.  
    Analysis of social media interactions  If you click on one of the social media links on our Sites or otherwise interact with our social media pages such as on Twitter, LinkedIn or Instagram (including interacting with any ‘like’ or similar embedded features on our Sites or social media accounts), we and the relevant social media platform may receive and share certain Technical Data and Behavioural Data relating to such interaction. Where we receive this information from social media platforms, we generally receive it in an aggregate and anonymous format which does not identify you.  We use this information to analyse your interactions with our social media channels, including to count visits and to assess the effectiveness of our social media content.  The relevant social media platform may also be a controller in respect of the personal data that is collected via your use of our social media pages and may use that personal data for additional purposes. For details of how the relevant social media platform uses your personal data, please see the privacy notice of the relevant social media platform.  It is in our legitimate interest to use personal data in the ways described above to ensure that we provide the Site in an effective way and to promote our Site via social media.  
    Providing our Services and receiving services from others
    Provision of client facing services We may, acting on our own behalf and on behalf of our clients, collect personal data about you (including the types of personal data we set out in the Types of personal data we collection and process section above) in connection with the provision of our Services.  To the extent this involves personal data, it is in our legitimate interest (or those of our clients) to process personal data in this way to enable us to provide our Services. Where we do this on behalf of our clients as a data processor, we do not require a legal basis for such processing.   Where your data is collected through the use of non-essential cookies, we rely on consent to collect your personal data and for the onward processing purpose. Please see the Our use of Cookies section below for further details.  
    Identifying, hiring and managing individuals that support the Services we provide to Clients As part of the Services that we provide to our clients, we may identify and engage individuals (including freelancers, contractors, sole traders, and talent to feature in content or a marketing campaign for our Clients). In doing so, we may collect and maintain in our database Identity Data, Contact Data, Applicant Data, Image Data, Profile Data, Transaction Data and Public Data.  We use this personal data in connection with our clients client’s marketing campaigns, including for the purpose of selecting and working with talent. We may obtain this information directly from individuals, from third party agencies, or from publicly available sources.   When creating content featuring you, we will process your Image Data, which may be associated with certain other personal data described above (where relevant to your appearance). For example, your Image Data may be published alongside your Identity Data.  It is in our legitimate interests (or those of our client) to process talent personal data in this way to enable us to provide our Services.   Where we process special category data in connection with this purpose that was collected from you directly, we will only do so with your explicit consent. Where we obtain this special category data from publicly available sources, we will rely on the fact that the individual made such information manifestly public. Where we do this on behalf of our clients as a data processor, we do not require a legal basis for such processing.  
    Receipt of services from third party suppliers If we have engaged you or your organisation to provide us or our clients with services (for example, IT support or financial advice), we may collect and process your personal data (including Contact Data, Identity Data and Public Data) in order to manage our or our clients’ relationship with you or your organisation, to receive services from you or your organisation and, where relevant, to provide our Services.   It is necessary for us to use personal data in this way to perform our obligations in accordance with any contract that we may have with you or your organisation, or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with you or your organisation and are able to provide our Services to others in an effective way.    Where we do this on behalf of our clients as a data processor, we do not require a legal basis for such processing.  
    Events
    Organising and hosting events From time to time, we may organise and host road shows and other industry events to promote our Services or on behalf of clients. For this purpose we may process data including Identity Data and Contact Data to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you. If you attend one of our events, we may use your personal data to record your attendance at the event and for related record-keeping purposes and, if relevant, we may collect and process any dietary or other requirements you may have. You may also feature in photographs taken at our events and such photographs may appear in publications we send to our clients and/or publish on our Site, in print or other media.  It is necessary for us to use personal data in this way to perform our obligations in accordance with any contract that we may have with the individual, or it is in our or our client’s legitimate interest to use personal data in such a way to ensure that we provide our services in an effective and efficient way.   If we specifically ask your permission to use your photographs, quotes, testimonials or other content, then our processing of such personal data will be based on consent.   Where we put on events solely at the specific request of our clients we do so in our capacity as our client’s data processor and therefore do not require a legal basis to process personal data.  
    Promotional and marketing activities
    To promote our Services to you If you or your organisation express an interest in our Services or we otherwise think that you may be interested in our Services, we may use your Identity Data, Contact Data, Profile Data and Public Data so that we can tell you about us and our Services and respond to your expression of interest.   It is in our legitimate interest to use your personal data to ensure that we respond to your expression of interest in an effective manner or to otherwise tailor the information that we provide to you.     
    To market us and our Services to you We will use your Identity Data, Contact Data and Marketing and Communications Data to send you marketing communications that promote us, our Services and our events by email or via third party encrypted platforms such as WhatsApp.  We will only send you email marketing if you consent to receive it (i.e. by signing up to our mailing list).  
    Recruitment
    Managing applications to work with us If individuals apply for a job with us or otherwise express an interest in working for us, we will collect Identity Data, Contact Data, Applicant Data, Public Data and any other information relevant to potential recruitment at a group company. We use such personal data for the following purposes: a) to assess the individual’s suitability for any position for which they applied (or future positions for which we think the individual may be suitable), including employment, summer placements or internships and also any business support or services role, whether such application has been received by us online, via email or by hard copy or in person application or through a third party recruitment agency; b) to take any steps necessary to enter into any contract of employment (or otherwise) with the individual; c) to comply with any regulatory or legal obligations in relation to any such application; and d) to review our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment related decisions are made entirely on merit.  Where we use personal data in connection with recruitment it will be in connection with us entering into a legal contract with individuals or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions for Miroma Group, or it is our legal obligation to use such personal data to comply with any legal obligations imposed upon us. We will not process any special category data except where we are able to do so under applicable legislation or with the individual’s explicit consent.  
    Business, Financial and Legal Administration
    Visiting our premises, studios or production sites If an individual visits any of our premises, studios and/or production sites we may collect personal data including Identity or Contact Data as part of our sign in process. We may also capture their image on our surveillance camera or CCTV.  If an individual registers as a guest user for free Wi-Fi access at any of our premises, we may collect personal data including Identity and Contact Data as part of the registration process. We may also process Behavioural and Technical Data in connection with any use of this free Wi-Fi service for monitoring and record-keeping purposes, including to identify the source of service requests, optimise and maintain performance of the Wi-Fi service, and investigate and prevent system abuse.   It is in our legitimate interests to process personal data in this way for security reasons.  Where we process personal data in connection with providing access to our free Wi-Fi service, it is in our legitimate interests to process personal data in this way to provide the service. Where we monitor use of our free Wi-Fi service to ensure proper use of the system, we process personal data for monitoring and record-keeping purposes based on guest user consent.  
    Business administration, finance, and legal compliance We may use personal data, including Identity Data, Contact Data, Transaction Data, Public Data, for the following business administration and legal compliance purposes: to facilitate the operation or effective management of our business; for financial, accounting and tax purposes; to comply with our legal obligations; to enforce or protect our legal rights; to deal with complaints; to protect the rights of third parties (including where health or security of an individual is endangered (e.g. a fire)); and in connection with a business transition or sale such as a merger, re-organisation, acquisition by another company, or sale of all or a portion of our assets.  Where we use personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we will rely on our obligation to comply with law (including any court order) to process such personal data.  

    We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with the individual’s explicit consent.

    IF YOU FAIL TO PROVIDE YOUR PERSONAL DATA

    Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application for employment with us. In this case, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.

    SHARING YOUR PERSONAL DATA

    We only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.

    We may share data (subject to the above) with Miroma Group companies to help direct your query to the right place and for internal administrative purposes. For more information about the group, please see here

    When processing your personal data, we may need to share it with third parties, as set out in the table below. This list is non-exhaustive and there may be circumstances where we need to share personal data with other third parties.

    Clients  We may share personal data with our clients for the purposes of providing them with Services.  
    Suppliers and partners  We may share personal data with various suppliers and/or partners that assist us in providing our Services and our work, including (for example) DSPs, event management companies and venues.  
    Third-party IT suppliers   We may share personal data with third parties who support us in providing our Sites and help provide, run, and manage our internal IT systems. Such third parties may also include, for example, providers of information technology, cloud-based software-as-a-service providers, identity management, website design, hosting, optimisation and management, data analysis, data back-up, security, and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them. We may also share your personal data with third-party service providers to assist us with insight analytics.   
    Payment providers and banks  We may share personal data with third parties who assist us with our invoicing and/or making/receiving payments.  
    Third-party email marketing and CRM providers   We may share personal data with a variety of third party email marketing providers who assist us in delivering our email marketing campaigns and managing our marketing database.  
    Recruitment agencies and related organisations  We may share personal data with external recruiters and third-party providers that undertake background checks on our behalf for recruitment purposes.  
    Auditors, lawyers, accountants and other professional advisers  We may share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in.  
    Law enforcement or other government and regulatory agencies and bodies  We may share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation.  
    Other third parties  Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.  

    DATA TRANSFERS OUTSIDE THE UK AND THE EEA

    We may transmit personal data to third parties (as listed in the Sharing your personal data section) that are located in countries that do not have data protection laws that protect personal data to the same standard as the UK GDPR and the EU GDPR. Such countries may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. 

    However, when transferring your personal data to such countries, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented: 

    • Adequacy decisions: we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government or the European Commission.
    • Standard Contractual Clauses: we may use specific contracts approved by the UK Government or the European Commission, which are referred to as “Standard Contractual Clauses” or “SCCs”. These contracts require third parties to give personal data the same protection it has in the UK and EU. To find out more about the SCCs we use, please see: Standard contractual clauses for international transfers | European Commission (europa.eu) or please contact us as set out in the How to contact us section.

    OBTAINING AND WITHDRAWING YOUR CONSENT

    Where our use of your personal data requires your consent, you can provide such consent at the time that we collect your personal data following the instructions provided, or by informing us using the contact details set out in the How to contact us section.

    Please note that if you specifically consent to additional uses of your personal data, we may use your personal data in a manner consistent with that consent.

    You can withdraw your consent using functionality that we make available to you (for example, by following an unsubscribe link found in one of our marketing emails) or by contacting us using the contact details set out in the How to contact us section.

    CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL DATA

    We are committed to keeping the personal data you provide to us secure and we have implemented information security policies, rules and technical measures to protect the personal data under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your personal data on our behalf) that have access to and are associated with the processing of personal data are obliged to respect the confidentiality of personal data.

    YOUR DATA PROTECTION RIGHTS

    Depending on where you reside and where relevant legislation applies, you may have certain rights in relation to the personal data we hold about you under certain circumstances:

    Your right of access 

    If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies.

    Your right to rectification 

    If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your personal data with so that you can contact them.

    Your right to erasure 

    You can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.

    Your right to restrict processing 

    You can ask us to “block” or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further. If we’ve shared your personal data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.

    Your right to data portability 

    You have the right, in certain circumstances, to obtain personal data you have provided to us (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party.

    Your right to object

    You can ask us to stop processing your personal data, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your personal data for direct marketing purposes.

    Your rights in relation to automated decision-making and profiling

    You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.

    Your right to withdraw consent

    If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. You can exercise your right of withdrawal by contacting us using our contact details in the How to contact us section or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email.

    Your right to lodge a complaint with the supervisory authority 

    If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please contact us using the contact details provided in the How to contact us section. 

    You also have a right to lodge a complaint with our supervisory authority, the UK Information Commissioner’s Office (“ICO”). Contact details for the ICO can be found on its website at https://ico.org.uk/make-a-complaint/.

    If you are in the EEA, you can also report any issues or concerns to a national supervisory authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EEA supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

    If you would like to exercise any of these rights, please contact us using the details set out in the How to contact us section. 

    Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.

    THIRD PARTY LINKS AND SERVICES

    This Privacy Notice only applies to personal data processed by us through your use of our Sites and/or in connection with our business operations. However, from time to time, our Sites may contain links to third-party websites and services. We have no control over these websites and services and this Privacy Notice does not apply to your interaction with the relevant third parties.

    When you use a link to go from our Sites to another website (even if you don’t leave our Site) or you request a service from a third party, your browsing and interactions on any other websites, or your dealings with any other third-party service provider, is subject to that website’s or third-party service provider’s own rules and policies. For example, our Sites may allow you to connect with us on social media platforms such as Instagram, Twitter and LinkedIn. When you click on the links we provide to such third-party platforms, you will be transferred from our Sites to the relevant third-party platform and the privacy notice (and other terms and conditions) of that platform will apply to you.

    We do not monitor, control or endorse the privacy practices of any third parties. We encourage you to become familiar with the privacy practices of every website you visit or third-party service provider that you use in connection with your interaction with us and to contact them if you have any questions about their respective privacy notices and practices.

    HOW LONG DO WE KEEP YOUR PERSONAL DATA?

    We retain personal data only for as long as is necessary for the purposes described in this Privacy Notice, after which it is deleted from our systems. In considering how long to keep it, we will take into account its relevance to our business and our legal and regulatory obligations. 

    If any personal data is only useful for a short period (e.g. for a specific event or marketing campaign or in relation to recruitment), we will delete it at the end of that period. Please note that if you are an unsuccessful candidate we may keep your information for a short period.

    If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list so that we know not to send you further marketing communications in the future.

    PERSONAL DATA OF MINORS 

    Our Sites are not intended for use by, or targeted at, minors (individuals under the age of 18) and we do not routinely collect personal data of minors. If we do collect personal data of minors (for example, in relation to a marketing campaign that features a child), we will comply with all applicable laws and regulations relating to the processing of personal data of minors. 

    If we discover that we are erroneously holding the personal data of a minor, we will delete that information as soon as possible. Please contact us using the contact details set out in the How to contact us section if you have reason to believe that a minor may have submitted personal data to us in error.

    HOW TO CONTACT US

    If you have any questions about this Privacy Notice or want to exercise Your data protection rights set out above in this Privacy Notice, you can contact us using the following methods:

    Email 

    Send us an email at: legal@miroma.com

    Post 

    Write to us at:   Miroma Group

                                 Attn: Privacy Counsel

                                 Elsley Court

                                 20 – 22 Great Titchfield Street

                                 London W1W 8BE 

    OUR USE OF COOKIES

    When you visit our Sites, we may collect certain information by automated means, such as cookies, web beacons, pixels, tags and similar technologies. 

    We use Cookies for some of the purposes described in this Privacy Notice, including the Site insight and analysis section.

    What are cookies and similar technologies?

    Cookies are very small text files or pieces of code, which often include a unique identifier. When you visit a website, the website will request to store this text file on your device in order to remember information about you, such as your language preference or login information.  Other information gathered through cookies may include the date and time of visits and how you are using the particular website.

    We also use similar technologies to cookies known as “web beacons”, “pixels” or “tags”. These technologies do a similar job to cookies, allowing website operators to count page views and understand how visitors interact with and respond to certain content on a webpage.

    We use “first party cookies” and “third party cookies” in connection with our Sites. First party cookies are cookies placed by us to collect information about you. Third party cookies are cookies placed by third party website operators. Information about you collected by those third-party cookies will be shared with the relevant third party. 

    You should be aware that applications you use to access our Sites, such as your website browser, may also place cookies on your device when visiting our Sites, or other websites. An example of this would be where you sign into Google Chrome using a Google Account. We do not have control over these third-party cookies, so you will need to manage these cookies in the settings of the relevant applications.  

    For more details on cookies and similar technologies, please visit All About Cookies.

    How long do cookies last?

    All cookies have expiration dates that determine how long they stay in your browser:

    Session Cookies – these are temporary cookies that are placed on your device during your browsing session and then expire (and are automatically erased) whenever you close your browser.

    Persistent Cookies – these are designed to last for a pre-defined period of time, which varies depending on the nature of the cookie. Persistent cookies stay in your browser until they reach their individual expiry date, or until you manually delete them (see section below). 

    Types of Cookie

    Our Sites use the following types of cookies: 

    Strictly Necessary Cookies 

    These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personal data.

    Functional Cookies 

    These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

    Performance Cookies 

    These cookies allow us to count visits and traffic sources so we can measure and improve the performance of Our Sites. They help us to know which pages are the most and least popular and see how visitors move around our Sites. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our Sites, and will not be able to monitor its performance.

    How do I refuse, block, or delete cookies?

    To find out further information about the Cookies that we use on our Sites and how you can manage your consent to our use of non-essential Cookies, please scroll to the bottom of this page and click the ‘cookie preferences’ link in our footer.

    Please note, you can also manage your Cookie preferences using functionality provided by your browser, but please be aware that in order to use some parts of our Site(s) you will need to allow certain Cookies. If you block or subsequently delete certain Cookies, some aspects of our Site(s) may not work properly and you may not be able to access all or part of our Site(s). For more information on cookie management and blocking or deleting cookies for a wide variety of browsers, visit All About Cookies.

    In addition, if you do not want to be tracked by Google Analytics, you can install the Google Analytics opt-out browser add-on (but this will only work on certain browsers). Please also be aware that, when you access our Site(s) via Google applications such as Google Chrome, Google may collect user information for the purpose of serving personalised advertising across your devices. These cookies are dropped for Google’s own purposes and as such we do not have any control over how or when they are dropped. You will need to opt out of receiving these cookies via your Google settings. For more information about how Google collects and uses your personal information see Google’s Privacy Notice. Please note that other browsers may use similar tools that are operated by other third parties.

    Linkedin Insight Tag

    1