Privacy Policy

Effective Date: March 2025

Who We Are
Mirros IOM Limited (“MIL”, “we”, “our”, “us”) operates an e-commerce store allowing customers to purchase items such as external gift cards, mobile top ups, cash vouchers and wearables (our “Services”).

MIL is part of the RTEKK Holdings Limited group (the “Group”), and the ‘Controller’ of personal information collected in provision of the Service. MIL is registered with the Isle of Man Information Commissioner and fully committed to the requirements of data protection legislation applicable to it, including the GDPR as it applies in the Isle of Man. MIL is a member of the Electronic Money Association, with its registered address at Park House, Isle of Man Business Park, Douglas, Isle of Man IM2 2QZ

Definitions

EEA – means the European Union Member States and Iceland, Liechtenstein and Norway. 

GDPR – means The European Data Protection Regulation, which is applicable as of May 25th, 2018, in all Member States of the European Union to harmonize Data Privacy laws across the European Union.

Introduction

This Privacy Notice describes the types of Personal Information we collect, the purposes for which we collect Personal Information, the other parties with whom we may share it, the measures we take to protect the security of the data and how long we retain data. It also tells you about your rights and choices with respect to your personal data, and how you can contact us about our privacy practices.

Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements. Specific privacy notices may apply to some of our products and Services. Please visit the webpage of the specific product or service to learn more about our privacy and information practices in relation to a product or service.

User Terms

We recognise that the core to Data Privacy is your right to be informed about how we collect and use your data; therefore, we encourage you to read this Privacy Policy carefully.

The Privacy Policy is a part of our Terms and Conditions and is incorporated therein by reference.

By using our Services, you agree to the terms of this Privacy Policy as may be amended by us from time to time.

1. Personal Information We May Collect

Information you give us:

we receive and store any personal information (including payment information) you provide to us including when you enquire for or use our Services; upload and/or store information with us when using the Services or purchasing products; and when you communicate with us through email, SMS, a website or portal, or the telephone or other electronic means, e.g. in the context of contacting us about your transactions. Such information may reference or relate to you or your customers and includes:

  • name including first name and family name
  • email address, shipping address
  • payment information
  • username
  • phone number
  • Card number, card expiry date, CVC/CVV details (card security code).
  • Usage Data: IP address, browser type, pages visited, time and date of visit, time spent on those pages.
  • any other information you provide in the context of using the Services.

We only collect personal information necessary to provide the Services or to enable the uses in section 2 below.

2. How We May Use Your Personal Information

We may use and share the personal information we collect for the following purposes:

  • To process transactions: manage orders, process payments, and deliver products. In this context we record and track details of transactions (except the payment element of the transaction) you carry out; notify you about important changes or developments to our website or our goods and Services and share your personal data with our affiliate, MIR Limited UK Ltd, which processes your payment for the transaction.
  • To communicate: send order updates, respond to enquiries, provide customer support.
  • To improve and develop our business, including without limitation to optimise our websites/portals, products, and Services.
  • To manage and enforce our rights, terms of use or any other contracts with you, including to manage any circumstances where transactions are disputed; manage, investigate, and resolve complaints.
  • To prevent and/or detect fraud, financial crime, manage risk and to better protect ourselves, our customers, and the integrity of the financial system. 
  • To prevent, detect and prosecute fraud and other crimes and abuses of the financial system, or to assist others in doing so, including non-compliance with any terms of business and which may involve the sharing of any relevant or necessary information we have collected or inferred with third parties for such purposes.
  • To send marketing messages, to provide you with the information on products and Services you have requested, or we think may be of interest to you; to obtain your views on our goods, Services and our website/s; in respect of marketing, market research and similar activities. If you no longer wish to receive marketing or promotional information, you can always opt out at any time.
  • To comply with all local laws and regulations.
  • To comply with requests from law enforcement and regulatory authorities, to establish, exercise or defend legal claims, or to protect your vital interests or those of other persons; for example, to help those authorities or other organisations in the fight against crime and terrorism; and
  • To comply with our terms of business.

3. Legal Basis for Processing

We will only process your personal information in compliance with the law. Such laws vary across different territories and further specific information is available on request. In general, we will either process:

  • because we have a contract with you, under our Terms and Conditions, for providing the Service you have requested;
  • with your consent, for example to send you marketing messages about products and Services in accordance with your interests and preferences, where such consent is required by law;
  • where we have a legitimate interest to process data, subject to such processing not overriding your own rights and freedoms in objecting to such processing. For example, to keep you informed about your use of the Services, improve, and develop the Services, conduct online advertising or other marketing activities, as well as manage and enforce any claim;
  • where we have a legal obligation to collect, use and/or disclose your personal information or otherwise needs your personal information to protect your vital interests or those of another person. For example, when necessary to comply with the rules imposed by our or other applicable regulators; or
  • exceptionally, we may share your information with a third party, when necessary, in the public interest, for example, when law enforcement agencies or other third parties with whom you may have had dealings request information to investigate a crime or otherwise a breach of third-party terms of business.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information for any specific processing activity, please contact us via the How to contact us section (see section 12) below.

4. How We Share Your Information

We do not disclose information which could identify you personally, to anyone except as described in this notice, as permitted, or required by law, and/or for the purposes described in this notice, including:

  • within the Group, to help us provide our Services and for our own internal customer relationship management, analytical and reporting purposes;
  • to recipients/senders of a payment in the context of the specific relevant transaction;
  • fraud prevention agencies as described above, including Action Fraud, Financial Fraud Action and the Financial Fraud Bureau and other organisations who assist us in managing fraud and business risk;
  • where we provide Services through third parties where we may be required to disclose your information (including any ‘know your customer’ and ‘source of wealth’ information) with such organisations to assist their own regulatory obligations or risk assessments;
  • third party service providers, including suppliers who assist us with the provision of our Services, including providing the e-commerce store platform, processing orders, fulfilling orders, processing payments, managing credit, security, sector and fraud risk, identity verification, and marketing, market research and survey activities carried out on our behalf. When we use these providers, we may process, store, and transfer your personal information in and to a foreign country, with different privacy laws;
  • to third parties who do not act under our instructions as a service provider (but will be subject to their own legal obligations to keep data secure), to facilitate provision of the Services. For example, crypto currencies and other financial instruments or transactions;
  • some information may be shared with our trusted financial service provider – Paynovate UK and Paynovate SA for the purpose of providing you with card Services. For information on Paynovate’s collection and use of data in accordance with the GDPR, please follow this link: https://www.paynovate.com/privacy-policy
  • to prevent and/or detect fraud, financial crime, manage risk and to better protect ourselves and our customers, it may be necessary to process and disclose sensitive personal information to third parties who help us in managing such risks, including identity verification;
  • where we are required or permitted to do so by law, we may be required to pass information about you to regulatory authorities and law enforcement bodies worldwide, or we may otherwise determine that it is appropriate or necessary to do so; and
  • your information may also be used for other purposes for which you give your specific permission.

Except as necessary for the performance of our Services and as described above/attached, we do not sell, rent, share or otherwise disclose personal information about customers to third parties for their own third-party marketing use without meeting any necessary legal obligations (e.g., consent, opt-out, or as otherwise permitted by law).

5. How Long We Retain Your Personal Information

We will retain your personal information for as long as needed or permitted dependant on the context and purpose for which it was collected, the type of information and in compliance with applicable local laws or regulations. 

This means when using our Services, we will retain your personal information as necessary for the provision of the Services and for any linked legitimate business purpose. We may also be legally required to retain information, for example under anti money laundering or bankruptcy laws or where required by law enforcement or similar government agencies.

We will retain personal information as evidence of our dealings with you regardless of whether there were any financial transactions, for audit and compliance practices, to manage any queries or disputes, including to defend or initiate any legal claims. We can also continue marketing and sending you direct marketing, subject to local laws and where you have not objected to such marketing.

We may also use data minimisation techniques to better protect your information, known as pseudonymisation. Once your information is no longer needed, we may anonymise or aggregate it with other information to make it unidentifiable, as an alternative to deletion.

FOR FURTHER INFORMATION ON OUR DATA RETENTION PERIODS PLEASE CONTACT:  DPO@vouchermap.com

6. Your Rights and Choices

Depending on your jurisdiction or country of residence, you may have one or more of the following rights:

  • Right to be informed: including by being provided with this notice
  • Right to access: request a copy of the information we hold about you
  • Right to erasure: request deletion of your information
  • Right to restriction: request we restrict the processing of your information
  • Right to rectification: request we rectify certain information we hold about you
  • Right to data portability: request we provide you or another organisation with an electronic copy of the information you provided to us
  • Right to object: request we stop processing your personal information
  • Right to opt-out of marketing: remove your information from our marketing database
  • Rights related to automated decision-making including profiling: see section “Automated Decision Making” below.

These rights may apply under several different regulations, for example, the GDPR, generally applicable to EEA residents.

Furthermore, such rights may be qualified or restricted. For example, we may not be obligated to grant your request as we may be required by law to continue its processing, or to manage a complaint. Similarly, we are unable to delete your information if you want to continue using our Services, or where such information is necessary to record our contractual dealings; it is required by law (for example, the retention of anti-fraud or “know your customer” identify and verification requirements); or for the purpose of defending or asserting legal rights and legal actions.

To the extent GDPR applies, when you give us consent to use your personal information, you can withdraw it any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. For example, you can stop any marketing communication we send you by clicking on the “unsubscribe” or “opt-out” link in the communications you receive, or according to the instructions we provide every time, but we will continue to send you operational or service messages in relation to your Services.

 

7. How We Protect Your Personal Information

We have implemented technical, physical, and organisational/administrative measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration, and disclosure.

The safety and security of your information is also dependent upon you. If we have given you (or if you have chosen) a password or access code for access to certain parts of our website/portal or mobile applications and similar, you are responsible for keeping this password and/or access code confidential. You must not share your password and/or access code with anyone. You must ensure there is no unauthorised use of your password.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site, unless you are communicating with us through a secure channel we have provided. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

8. Automated Decision Making

Automated decision making is not used for MIL transactions.

9. Children’s Privacy

The Services are not designated to users under the age of 18. If you are under 18, you should not use the Services nor provide any Personal Information to us.

We reserve the right to access and verify any Personal Information collected from you.

In the event we become aware a user under the age of 18 has shared any information, we will securely delete such information.

If you have any reason to believe a minor has shared any information with us, please contact us at DPO@vouchermap.com.

10. How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us at: complaints@vouchermap.com you also have the right to lodge a complaint with the regulatory authority regarding the processing of personal information or dissatisfaction with our handling of any request in relation to any data protection rights.  Please refer to the Information Commissioner webpage for more information Complaints to the Commissioner (inforights.im)

or in writing to:  

The Data Protection Officer, Mirros Limited, Park House, Isle of Man Business Park, Douglas, IM2 2QZ.

11. Updates or Amendments to this Policy

We may revise this Privacy Policy from time to time, at our sole discretion, and the most current version will be posted on our website (as reflected in the “Last Revised” heading). We encourage you to review this Privacy Policy regularly for any changes. In case of material changes we will notify you through our Services or by email.

Your continued use of the Services, following the notification of such amendments on our website, constitutes your acknowledgement and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.

12. How to contact us

If you have any general questions about the Services or the information we collect about you and how we use it, please contact us by sending an e-mail to DPO@vouchermap.com or in writing to:

The Data Protection Officer

Mirros Limited, Park House, Isle of Man Business Park, Douglas, Isle of Man IM2 2QZ