Privacy Policy

Last updated: April 25, 2026

mirrorma ("we", "us", "our"), a subsidiary of THE GOSS LIMITED, respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data, and applies to all our websites, applications, and services (collectively, the "Services").

1. Information We Collect

We may collect the following categories of personal data:

• Identity data: name, job title, company name
• Contact data: email address, phone number
• Technical data: IP address, browser type and version, operating system, pages visited and time spent, referring source
• Communications data: content of messages you submit via email, contact forms, or online booking systems
• Usage data: behavioural data on your interaction with our Services, including feature usage frequency and preference settings

2. How We Collect Data

We collect data through: direct provision by you (e.g., filling forms, booking consultations), automatic collection (e.g., cookies and similar technologies), and third-party sources (e.g., analytics tools and social platforms).

3. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve our automation services
• Process your enquiries and service requests
• Send service-related communications, including updates, security alerts, and technical notices
• Send marketing communications (with your consent), such as industry insights, product updates, and promotional information
• Analyse service usage to improve user experience and product features
• Detect, prevent, and address fraud, security issues, or technical problems
• Comply with legal obligations and regulatory requirements

4. Legal Basis

Under the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486), the legal bases for processing your personal data include: necessity for contract performance, your consent, compliance with legal obligations, and our legitimate business interests (where they do not override your rights).

5. Data Sharing

We do not sell your personal data. We may share your data with:

• Service providers: third parties that provide hosting, analytics, email delivery, and payment processing on our behalf
• Legal requirements: when required by law, regulation, legal process, or government authority
• Business transfers: in the event of a merger, acquisition, or asset sale, your data may be transferred as part of the transaction

6. International Data Transfers

Your data may be transferred to and processed in countries outside Hong Kong. We ensure such transfers comply with applicable data protection laws and implement appropriate safeguards, including standard contractual clauses and encrypted transmission.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. General communications data is retained for 2 years; contract-related data is retained for 7 years after contract termination (per Hong Kong legal requirements); marketing data is retained until you withdraw consent.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including SSL/TLS encrypted transmission, access controls, regular security audits, and employee data protection training. However, internet transmission is not completely secure, and we cannot guarantee absolute data security.

9. Cookie Policy

Our website uses cookies and similar technologies. Essential cookies are necessary for basic website functionality; analytics cookies help us understand usage; marketing cookies are used to deliver relevant advertisements. You can manage your cookie preferences through your browser settings.

10. Your Rights

Under the Hong Kong Personal Data (Privacy) Ordinance, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request cessation of use of your data for direct marketing
• Withdraw consent for marketing communications
• Request deletion of your data (to the extent permitted by law)

11. Children's Privacy

Our Services are not directed at individuals under 18. We do not knowingly collect personal data from children. If we discover that we have collected data from a child, we will delete it immediately.

12. Policy Updates

We may update this Privacy Policy from time to time. Significant changes will be notified via website announcement or email. Continued use of our Services after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer:

THE GOSS LIMITED
Email: [email protected]