Last updated: 29 October 2025
Spoilt Mirror ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or use our services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
• Name and contact details (email address, phone number, postal address) • Project requirements and specifications • Communication preferences • Payment information (processed securely through third-party payment processors) • Any other information you voluntarily provide through our contact forms or correspondence
• Website usage data (pages visited, time spent, click patterns) • Device information (browser type, operating system, IP address) • Cookies and similar tracking technologies • Referral source information
• To provide and deliver our bespoke mirror and restoration services • To process orders, payments, and manage customer accounts • To communicate with you about your projects and provide customer support • To send you service-related communications (order confirmations, delivery updates) • To improve our website, services, and customer experience • To comply with legal obligations and protect our rights • To send marketing communications (only with your explicit consent)
• Contract performance: To fulfill our obligations under service agreements • Legitimate interests: To improve our services and website functionality • Consent: For marketing communications and non-essential cookies • Legal obligation: To comply with applicable laws and regulations
We implement appropriate technical and organizational measures to protect your personal data: • Secure data transmission using SSL/TLS encryption • Regular security assessments and updates • Access controls and staff training on data protection • Secure data storage with reputable hosting providers • Regular backups and disaster recovery procedures
We retain your personal data only for as long as necessary: • Customer data: 7 years after project completion (for warranty and legal purposes) • Marketing data: Until you withdraw consent or opt out • Website analytics: 26 months (Google Analytics default) • Legal obligations: As required by applicable law
We may share your data with trusted third-party service providers: • Hosting providers: For website hosting and data storage • Analytics services: Google Analytics for website performance insights • Payment processors: For secure payment processing • Email services: For customer communications • Delivery partners: For order fulfillment and shipping All third-party providers are required to maintain appropriate data protection standards and are prohibited from using your data for any purpose other than providing services to us.
• Right of access: Request copies of your personal data • Right to rectification: Correct inaccurate or incomplete data • Right to erasure: Request deletion of your data (subject to legal requirements) • Right to restrict processing: Limit how we use your data • Right to data portability: Receive your data in a structured format • Right to object: Object to processing based on legitimate interests • Right to withdraw consent: Withdraw consent for marketing communications To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month.
Our website uses cookies to enhance your browsing experience: • Essential cookies: Required for website functionality (no consent needed) • Analytics cookies: Help us understand website usage patterns and performance (with consent) • Marketing cookies: Used for targeted advertising and remarketing (with consent) • Functional cookies: Remember your preferences and settings (with consent) You can manage cookie preferences through your browser settings or our cookie consent banner.
Some of our service providers may be located outside the UK/EEA. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the relevant data protection authorities.
Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover we have collected personal information from a child under 16, we will delete such information promptly.
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. If the breach poses a high risk to your rights and freedoms, we will also notify you directly without undue delay, providing clear information about the breach and the steps we are taking to address it.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: Spoilt Mirror 35 Long Street, Tetbury, Gloucestershire, GL8 8AA, UK Mobile: 07766733139 Email: nathe@spoiltmirror.co.uk You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data in accordance with data protection law. Visit ico.org.uk for more information.