Privacy, data protection and AI transparency
Miirage Limited (“Miirage”, “we”, “our” or “us”) is a UK-based holographic display and AI avatar technology company.
Contact: info@miirage.com
Address: Miirage Limited, Fergusson House, 124 City Road, London, EC1V 2NX
Website: https://www.miirage.com
For website visitors, sales enquiries, marketing contacts and general business communications, Miirage is normally the data controller. For some customer deployments of Miirage holographic displays, AI avatars or related software, Miirage may act as a processor, joint controller or independent controller depending on the customer agreement, deployment design and who decides the purposes and means of processing.
We have not appointed a formal Data Protection Officer. Privacy questions, rights requests and data protection complaints should be sent to info@miirage.com.
This policy is intended to support compliance with the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 and, where applicable, the EU GDPR and relevant European ePrivacy rules.
This policy applies to personal data we process when you:
If EU GDPR Article 27 or another local rule requires an EU representative for a particular activity, deployment or contract, the relevant representative details should be provided in the applicable order form, customer notice, deployment notice or related agreement.
Miirage products may be deployed by business customers in retail, events, advertising, corporate, museum, transport, hospitality or other public or private environments. In those situations, the customer, venue operator, media owner or deployment partner may decide why the technology is used, where it is placed, what content is shown, what signage is displayed and what personal data is collected.
Customer responsibility: Where a Miirage product is deployed by one of our business customers, that customer is normally responsible for venue signage, privacy notices, lawful basis assessments, DPIAs, permissions, consent mechanisms and local compliance steps unless a written agreement states otherwise.
Where Miirage acts as a processor, we process personal data only on documented instructions from the relevant customer and subject to appropriate contractual safeguards. Where Miirage acts as a controller or joint controller, we are responsible for the processing purposes we determine.
Name, email address, phone number, company name, job title, country, message content, demo request details, subscription preferences and any information you choose to send to us.
Contact details, order details, billing records, contract information, delivery and installation information, project notes, meeting records, call notes and support history.
IP address, browser type, device identifiers, operating system, pages visited, referral source, cookie identifiers, diagnostic logs, system status, error reports, firmware/software version, usage events and connectivity information.
Text inputs, voice inputs, transcripts, interaction logs, approved Q&A content, customer-provided knowledge base content, avatar configuration, language settings, support diagnostics and response feedback where enabled.
Where enabled and agreed, Miirage products may process audio, video, presence, dwell-time, touch, motion or engagement signals to provide interactive features, diagnostics or aggregated audience analytics.
Marketing preferences, email engagement, unsubscribe status, event attendance, campaign source and communication history.
We may collect personal data directly from you, automatically from your device or browser, from our customers or deployment partners, from publicly available business sources, from event organisers, from CRM providers, from analytics tools, or from suppliers involved in delivering a Miirage service.
We do not intentionally collect special category data through our website. Please do not send health, biometric, political, religious, financial, children’s or other sensitive personal data to us unless we have specifically requested it and there is a lawful basis for doing so.
Miirage products may include cameras, microphones, touchscreens, sensors and AI avatar functionality. The exact configuration depends on the product, customer agreement, venue, software settings and use case.
We only use personal data where we have a lawful basis under applicable data protection law. The exact lawful basis depends on the context, our role and the applicable agreement.
| Purpose | Examples | Typical lawful basis |
|---|---|---|
| Responding to enquiries | Contact forms, demo requests, sales conversations and follow-up emails. | Legitimate interests or steps before entering a contract. Consent where required. |
| Providing products and services | Orders, installation, licensing, customer support, remote diagnostics, AI avatar services and account management. | Contract, legitimate interests, legal obligation or processor instructions from a customer. |
| Operating and securing our website and systems | Security logs, fraud prevention, troubleshooting, hosting, performance monitoring and abuse prevention. | Legitimate interests, legal obligation or contract. |
| AI avatar operation and safety | Generating responses, applying safety controls, maintaining approved Q&A, investigating faults and improving reliability. | Contract, legitimate interests, consent where required, or processor instructions from a customer. |
| Audience analytics and interactive features | Presence detection, dwell-time reporting, touch or motion triggers, engagement measurement and system optimisation. | Legitimate interests, consent where required, contract or processor instructions from a customer. |
| Cookies and analytics | Essential site functions, cookie preferences, security, website measurement and analytics. | Consent, legitimate interests, or a PECR/ePrivacy exemption where available. |
| Marketing and communications | Newsletters, product updates, event invitations, case studies and relevant B2B communications. | Consent or legitimate interests, subject to PECR/ePrivacy rules and opt-out rights. |
| Legal, accounting and compliance | Tax records, dispute management, contractual records, insurance, regulatory obligations and legal claims. | Legal obligation, legitimate interests or contract. |
Where we rely on legitimate interests, those interests may include running and growing our business, responding to relevant B2B enquiries, providing secure and reliable products, preventing fraud and misuse, improving our website and services, managing customer relationships, protecting legal rights, and maintaining the performance and safety of Miirage technology.
We consider and balance these interests against individual rights, freedoms and reasonable expectations. You can object to processing based on legitimate interests where applicable by contacting info@miirage.com.
Our website uses cookies and similar technologies to provide essential functionality, maintain security, remember preferences, understand website performance and improve the user experience.
Essential cookies may be used where necessary to provide the website or requested functionality. Non-essential analytics, advertising, profiling or tracking technologies will only be used where we have the required consent, opt-out mechanism or legal exemption under applicable UK or European rules.
Where required, our cookie banner or preference tool should let you accept, reject or manage non-essential cookies. You can also manage cookies through your browser settings. For more details, please see our Cookie Policy.
We may send marketing communications about Miirage products, services, events, case studies and business updates where we have a lawful basis and the communication is permitted under applicable electronic marketing rules.
For individual subscribers, we generally rely on consent unless another lawful route applies. For business contacts, we may send relevant B2B communications where permitted, but we will respect objections and maintain suppression records where needed.
You can opt out of marketing at any time by using the unsubscribe link in our emails or by contacting info@miirage.com. We may still send service, security, billing, legal or operational communications where necessary.
We do not sell personal data. We may share personal data where necessary with:
Where a third party processes personal data for us, we expect it to process that data only for authorised purposes and with appropriate security and contractual safeguards.
Some of our service providers, customers or technology partners may process personal data outside the United Kingdom, European Economic Area or the country where you are located. Where this happens, we use appropriate safeguards where required, such as UK adequacy regulations, EU adequacy decisions, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, contractual protections, security controls or another lawful transfer mechanism.
You can contact us for more information about the safeguards that apply to relevant international transfers.
We keep personal data only for as long as necessary for the purposes described in this policy, including legal, accounting, reporting, security and dispute-resolution purposes. We may keep anonymised or aggregated information for longer where it no longer identifies individuals.
| Data type | Typical retention approach |
|---|---|
| Website enquiries and demo requests | Usually up to 24 months after the last meaningful interaction, unless a customer relationship, legal issue or legitimate business reason requires longer. |
| Customer, contract, order, invoice and accounting records | Usually up to 6 years after the end of the relevant contract, transaction or financial year, or longer where required by law or dispute management. |
| Marketing data | Until you unsubscribe, withdraw consent, object to marketing, or after a reasonable period of inactivity. We may keep suppression records to respect opt-outs. |
| Support tickets, maintenance records and technical diagnostics | Usually for the life of the customer relationship and then up to 6 years where needed for contractual, warranty, security or dispute purposes. |
| AI avatar interaction logs, transcripts and configuration data | As set out in the customer agreement, order form or support agreement. Where no specific period is agreed, we aim to keep identifiable interaction data only as long as needed for service operation, diagnostics, safety, security and support. |
| Audio/video recordings where expressly enabled | As set out in the customer agreement, deployment notice or consent mechanism. If no retention period is agreed, we aim to minimise retention and avoid keeping identifiable recordings longer than necessary. |
| Website analytics data | According to the settings of the analytics tool and cookie preferences, usually within a 14 to 26 month range unless configured differently. |
We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures may include access controls, secure hosting, encryption where appropriate, system monitoring, supplier checks, staff controls, backups and incident response procedures.
No website, network, AI system or internet transmission is completely secure. If we become aware of a personal data breach that requires notification, we will take steps required by applicable law.
Depending on the circumstances and applicable law, you may have the right to:
To exercise your rights, contact us at info@miirage.com. We may need to verify your identity before responding. Some rights are not absolute and may depend on our role, legal obligations, contractual duties and the nature of the data.
If you have a concern about how we use personal data, please contact us first at info@miirage.com so we can investigate and respond.
We will acknowledge eligible data protection complaints within 30 days and respond without undue delay in line with applicable requirements.
You also have the right to complain to the UK Information Commissioner’s Office. The ICO can be contacted at https://ico.org.uk. If EU GDPR applies, you may also be able to complain to a data protection supervisory authority in the relevant EU or EEA country.
Our website and B2B services are not directed at children under 16. We do not knowingly collect personal data from children through our website without appropriate consent or lawful basis.
Where Miirage technology is deployed in a public venue, event, museum, retail environment or other location where children may be present, the customer or venue operator is normally responsible for signage, supervision, notices, permissions and age-appropriate safeguards unless a written agreement states otherwise.
Customers using Miirage products in public or semi-public spaces should assess whether a data protection impact assessment, signage, layered privacy notice, consent mechanism, legitimate interests assessment, accessibility measure or local-law requirement is needed before deployment.
Customers must not configure or use Miirage technology for unlawful surveillance, unlawful biometric identification, unlawful emotion recognition, discriminatory profiling or unlawful monitoring of individuals.
Our website may contain links to external websites, social media platforms, booking tools, payment providers or customer websites. We are not responsible for the privacy practices, security or content of those third-party services. Please read their privacy policies before providing personal data to them.
We may update this Privacy Policy from time to time to reflect changes in our products, services, technology, suppliers, legal requirements or business operations. The latest version will be posted on this page.