top of page

Privacy Policy

Introduction

Mirour Media (ABN 12 345 678 901) is a sole trader social media marketing agency based in New South Wales, Australia. We are committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you interact with our website or use our services. We aim to be transparent about our practices and ensure you understand your rights. Importantly, Mirour Media does not sell, rent, or trade your personal information to third parties. If you have any questions or concerns about this policy or your data, please contact us using the details in the Contact Us section below.

 

Personal Information We Collect


We collect personal information that is reasonably necessary for our business functions and activities. The types of personal information we may collect include:

  • Contact Information: Name, email address, phone number, and business name (for example, when you fill out our website contact forms or communicate with us).
     

  • Inquiry and Signup Information: Information you provide through website contact forms, newsletter sign-up forms, or booking systems (e.g. when requesting our services or subscribing to updates). This typically includes your name and contact details, and may include information about your inquiry or project requirements.
     

  • Service Details: Information related to the services we provide you, such as details you share during client onboarding, project briefs, and any content or assets you provide for marketing campaigns.
     

  • Payment Information: If you engage our paid services, we may collect billing details or payment-related information. Financial data (e.g. credit card details) is not stored by Mirour Media directly; instead, it is handled securely by our third-party payment processor (e.g. Stripe).
     

  • Online Identifiers and Usage Data: When you visit our website, we may automatically collect certain information via cookies and analytics tools. This can include your IP address, browser type, device information, pages visited, and referring URLs. We also use tracking technologies (like the Meta Pixel and Google Analytics cookies) to gather data on how you interact with our site and ads. This usage data helps us analyze website traffic and measure marketing effectiveness. (See Cookies and Tracking Technologies below for details.)
     

We do not generally collect sensitive information (such as health, political, or religious information) as part of our standard services. We also do not actively collect information about anyone under 18, as our services are aimed at businesses and professionals.

 

How We Collect Personal Information


We collect personal information in a few primary ways:

  • Directly from You: Most information is provided directly by you. For instance, you may enter your details when contacting us via a form, signing up for our email newsletter, scheduling a consultation or service booking, or emailing us an inquiry. In providing your information, you consent to our collection and use of it for the purposes outlined in this policy.
     

  • Through Our Website: Our website may use forms and interactive features (such as scheduling or contact widgets) that ask you to submit information. We also use cookies and similar technologies to collect data about your interactions with our site (e.g. pages viewed, links clicked), as described in Cookies and Tracking Technologies.
     

  • Third-Party Integrations: In some cases, information is collected through third-party platforms we use. For example, if our booking system or client intake forms are powered by an external service (such as Dubsado), that service will collect the information on our behalf. Similarly, if you make a payment, your information is collected by our payment provider (Stripe) during the transaction process. These third-party tools are used to facilitate our services and are described in more detail below.
     

  • Social Media or Public Sources: If you engage with us via social media (e.g. sending us a message or comment on platforms like Facebook or Instagram), we may receive information such as your username and any contact details you provide there. We will handle such information in accordance with this Policy. We do not typically collect personal data from third-party data brokers or public databases, except as needed for advertising (for example, gathering audience insights on social platforms), and then only in compliance with applicable laws.
     

Where you provide us with personal information about someone else (for example, referring a friend or providing a team member’s details for a project), please ensure you have their consent to do so. If you prefer not to provide certain information, you are not obliged to; however, not providing requested info may affect our ability to offer you certain services or respond to your request.

 

How We Use Personal Information


Mirour Media uses the personal information collected for purposes necessary to operate our business and deliver our services. The main purposes include:

  • Service Delivery and Administration: To respond to your inquiries, provide quotes, and carry out our social media marketing services as requested. For example, if you contact us for a marketing campaign, we use your details to communicate with you, plan and deliver the service, and manage our business relationship. We also use your information to set up and manage your client account or project in our systems, and to send service-related communications (such as project updates, invoices, or reminders).
     

  • Client Onboarding: When you become a client, we use the information you’ve provided (via onboarding forms or interviews) to understand your needs and objectives. This allows us to tailor our services to your business (e.g. crafting a social media strategy or ad campaign that suits your target audience).
     

  • Payments and Transactions: To process payments for our services and manage billing. Your financial information is used securely via Stripe or Dubsado’s payment integration to charge for services or process refunds. We only use this data to complete the transactions you have authorized.
     

  • Communication and Updates: To communicate with you about our services. This includes sending administrative emails (about your project or account), as well as marketing communications if you have subscribed. For instance, if you sign up for our newsletter, we will use your email to send you our news or marketing tips. Each marketing email will include an option to unsubscribe or opt-out, and you can also contact us at any time to stop receiving promotional emails. We will not send you marketing communications if you have asked us not to.
     

  • Advertising and Remarketing: As part of our social media marketing efforts, we may use your information to deliver targeted ads. For example, we might use your email address to create a Custom Audience in Meta (Facebook/Instagram) Ads Manager so that you see relevant advertisements, or to exclude you from seeing certain ads (if you’re already a customer). When we upload customer email lists to advertising platforms like Meta, the data is hashed and used only for matching purposes in accordance with the platform’s privacy policies – it is not disclosed to other advertisers. We also use analytics data and cookies to retarget ads to website visitors (showing ads to you on other sites after you’ve visited our website) and to measure ad campaign performance.
     

  • Analytics and Improvement: We use data (often in aggregated or de-identified form) to understand how our website and services are used. Tools like Google Analytics help us see website traffic patterns and user interactions, allowing us to improve our site design and content. Internally, we might review client inquiries and feedback to improve our service offerings and customer experience.
     

  • Legal and Compliance: To comply with legal obligations or respond to lawful requests (for example, keeping transaction records for tax purposes, or providing information if required by court order or applicable law). We may also use or disclose information to enforce our agreements or protect our legal rights, or to prevent misuse of our services (such as fraud or security threats).
     

We will only use your personal information for the purposes for which we collected it (or related purposes you would reasonably expect) unless we obtain your consent, or as otherwise permitted by law. If we ever need to use your information for a new purpose not covered by this Policy, we will seek your consent or update this Policy accordingly.

 

Disclosure of Personal Information to Third Parties


We value your privacy and take care in disclosing personal information. We do not sell or share your personal data with third parties for their own marketing. However, we do share information with certain third-party service providers and partners who assist us in running our business or delivering services to you. We only share the information that is necessary for them to perform their functions, and we require that they handle the information securely and in accordance with applicable privacy laws. The key third parties we work with include:

  • Dubsado (CRM System): We use Dubsado as our client relationship management and business platform to handle inquiries, contact forms, scheduling, contracts, and invoicing. When you submit information via a form or booking on our website, that data may be collected and stored in Dubsado’s system. Dubsado is based in the United States, so personal information in our Dubsado account may be transferred to or stored on servers located outside Australia (see Overseas Disclosure below). Dubsado’s own Privacy Policy explains how they manage data.
     

  • Stripe (Payment Processing): If you pay for our services online, payments are processed by Stripe. Your name, card details, billing address, and other necessary information will be provided to Stripe to charge your card and complete the transaction. Stripe may store and process your personal and financial information on servers outside Australia. We do not keep your full credit card details on our servers; all such data is handled by Stripe. (You can refer to Stripe’s Privacy Policy for more details on their data handling.)
     

  • Meta (Facebook/Instagram) and Other Ad Platforms: We use Meta’s advertising services (such as Meta Ads Manager and the Facebook Pixel) to manage and run advertising campaigns. This means that some data (like your email for custom audiences, or cookie data from the Pixel) might be shared with Meta to help us target or measure our ads. For example, if you are a client, we might upload your email in a hashed form to Meta to exclude you from seeing our prospecting ads. Meta may process that data on servers overseas (e.g. in the USA or other locations). We also may utilize other advertising or analytics platforms (like Google Ads/Analytics, as noted below). These companies will receive certain data through our use of their tools (such as site usage information or hashed identifiers) but are not authorized to use the personal data we provide for their own unrelated purposes.
     

  • Google Analytics: We use Google Analytics on our website to collect information about visitor traffic and interactions. Google Analytics uses cookies and similar technologies to gather data about how users use our site. This information (including your IP address and browsing data) is transmitted to Google’s servers (which may be overseas) and aggregated for us. The data helps us analyze website usage and improve our content. Google may also use this data to place our ads on other websites you visit through its Google Ads network. You can opt-out of Google Analytics as described in Cookies and Tracking Technologies below.
     

  • Canva (Design Platform): We use Canva to create marketing graphics and content. Generally, Canva is used to design materials using information and assets you provide (such as your logo, brand images, or text). If any personal information (for example, a photo of an individual or personal details in text) is included in content we create for you, that content may be temporarily stored on Canva’s systems. Canva’s servers may be located in multiple regions, and while Canva is an Australian-based company, data you upload could be processed overseas depending on their infrastructure. We do not share your personal contact information with Canva, but content you ask us to work on using Canva’s service could reside on their platform.
     

  • Notion (Internal Collaboration Tool): We use Notion for internal project management and note-taking. We may record project details or client information in Notion to help us organize work. That could include your name, company name, project status, and notes on objectives or preferences. Notion’s data storage is cloud-based (likely in the U.S. or other countries). We use access controls and good practices to ensure any personal info in Notion is only accessible to our team and is used appropriately.
     

  • Email and Communication Providers: If we send emails to you (whether individual emails or bulk newsletter emails), we may use an email service provider to do so. (For example, if we use an email marketing service or even our own email hosting service, your email address and name will be stored in those systems.) These providers might have servers outside Australia. We only use reputable providers that offer security and privacy assurances.
     

Each of these third-party services only receives the information necessary for them to perform their role. We have agreements or terms in place with them to protect your data. If you’d like more details about the third-party providers we use or links to their privacy policies, please contact us.

Disclosure for Other Reasons: Apart from the service providers above, we will not disclose your personal information to other third parties unless one of the following applies:

  • You have consented to the disclosure;
     

  • The disclosure is directly related to the purpose for which the information was collected, and you would reasonably expect us to disclose it (for example, sharing your address with a courier to deliver materials to you);
     

  • It is required or authorized by law or regulatory obligation (for instance, to comply with a subpoena, or to cooperate with law enforcement investigations);
     

  • It is necessary to protect the rights, safety, or property of Mirour Media, our clients, or the public (such as preventing fraud or addressing security issues); or
     

  • In the unlikely event of a business transaction such as a merger or sale of the business, in which case we would ensure that any new owner is subject to the same privacy obligations.
     

In all cases, we strive to disclose the minimum amount of information needed and to do so in a manner consistent with the Privacy Act.

 

Cookies and Tracking Technologies


Our website uses cookies and similar tracking technologies to enhance your experience, for analytics, and for advertising purposes. A cookie is a small text file that a website saves on your browser when you visit. We use the following types of cookies and trackers on our site:

  • Strictly Necessary Cookies: These are essential for the website to function (e.g. to remember your preferences or maintain session state on a contact form).
     

  • Analytics Cookies: We use cookies from tools like Google Analytics to collect information about how visitors use our site – for example, which pages are visited, how long is spent on the site, and which marketing channels led you to us. This helps us improve our website and understand user interests. Google Analytics may set cookies and collect usage data and device identifiers. The information generated by these cookies (including IP addresses) may be transmitted to and stored by Google on servers outside Australia. We have enabled settings that anonymize IP addresses where possible.
     

  • Advertising and Retargeting Cookies/Pixels: We use marketing pixels and cookies (such as the Facebook/Meta Pixel and possibly others like LinkedIn or Google Ads cookies) that track your activity on our site. These trackers help us show you relevant ads on other platforms. For instance, the Meta Pixel may record that you visited our site or performed certain actions (like clicking a service page), which allows us to later show you an ad on Facebook or Instagram. Similarly, if we run Google Ads, Google’s cookie helps display our ads to you on websites you browse after visiting ours. These technologies also help us build custom audiences and deliver personalised advertising based on your interests.
     

User Consent and Control: When you first visit our site, you may see a cookies notification or banner. By continuing to use our site or by clicking “Accept” on the banner (if presented), you consent to our use of cookies as described in this Policy. We provide options for you to control cookies:

  • You can adjust your browser settings to refuse or delete cookies. Most browsers allow you to block third-party cookies (which are often used for advertising) or all cookies. Please note that if you disable cookies, some site features (like remembering your form inputs) may not work properly.
     

  • For Google Analytics, you can opt out by installing the Google Analytics Opt-out Browser Add-on, which prevents Analytics from collecting data in your browser.
     

  • For Meta (Facebook) ads, you can adjust your Facebook ad preferences to control how your data is used for ads. You can also use the Network Advertising Initiative opt-out page to opt out of many ad tracking cookies.
     

  • If we use a cookie consent tool on our site, you can use it to customize which types of cookies you accept. We will honor any choices you make via such a tool.
     

Even without a pop-up banner, by using our site after reading this Policy, we treat it as implied consent that we can place cookies as described (per Australian requirements, explicit opt-in for cookies is not mandatory for Australian users, but we still respect your choice to opt-out).

For more information on how we use cookies or how to opt out of specific tracking technologies, please contact us or refer to our cookies notice (if available on our website).

 

Data Storage and Security


Mirour Media takes reasonable steps to protect the personal information we hold from misuse, interference, loss, and from unauthorized access, modification, or disclosure (APP 11). We maintain physical, electronic, and managerial procedures to safeguard data, including:

  • Secure Storage: Personal information collected through our website and services is stored electronically on secure servers. Much of our data is stored in the cloud via the third-party providers mentioned above (Dubsado, Stripe, Notion, etc.), which employ their own security measures such as encryption and access controls. We choose reputable service providers known for robust security practices.
     

  • Access Controls: We limit access to personal information to those in our team who need it to perform their work. For example, only the owner or relevant staff of Mirour Media will have access to client records in Dubsado or content stored in Notion/Canva related to your project. All team members are bound by confidentiality obligations.
     

  • Encryption & Security Technologies: Where possible, we enable encryption (HTTPS/TLS) for data transmission. Our website is secured via SSL, meaning data you enter (like on contact forms) is encrypted in transit from your browser to our site. For payment information, Stripe uses encryption and security certified to PCI-DSS standards, so your card details are protected during transactions. We do not handle or store unencrypted credit card data on our site.
     

  • Data Retention Practices: We retain personal information only for as long as necessary to fulfill the purposes we collected it for, or as required by law. For example, we may keep client records and communications for a certain number of years for legal accountability and to service ongoing client relationships. Once personal information is no longer needed (and we are not legally required to keep it), we will take reasonable steps to destroy or de-identify it.
     

  • Regular Review: We periodically review our data security measures and update them in line with best practices and any emerging threats. If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law (Notifiable Data Breaches scheme).
     

While we strive to protect your information, no method of transmission or storage is 100% secure. Thus, we cannot guarantee absolute security of data. However, we will promptly investigate and address any security incident. We also encourage you to keep your own login credentials secure and to notify us immediately if you suspect any unauthorized access to your personal information in our care.

 

Overseas Disclosure of Personal Information


As a modern digital business, some of the personal information we collect may be stored or processed on servers located outside Australia. In particular, many of our third-party service providers are international companies or use cloud infrastructure in various countries. For example:

  • Dubsado and Stripe are headquartered in the United States, so information held in these systems (client contact details, invoices, payment info) may be stored in the USA.
     

  • Meta (Facebook/Instagram) and Google have data centers globally (including the US, and possibly in Singapore, Europe, etc.), so data used in their advertising and analytics platforms will likely be processed overseas.
     

  • Notion’s and Canva’s data may similarly be stored on servers in the United States or other jurisdictions outside Australia.
     

When we disclose your information to an overseas recipient (such as by storing it in an account with one of our cloud service providers), we will take reasonable steps to ensure the overseas entity protects the information in accordance with standards comparable to the Australian Privacy Principles. We do this by:

  • Selecting reputable service providers with strong privacy and security commitments. Many of them, like Stripe and Meta, have robust data protection measures and comply with frameworks or laws that offer similar protections (e.g. Stripe is known for high security in payments).
     

  • Reviewing the privacy policies and terms of our providers to ensure they are obligated to protect your data. If any provider were to handle data in a manner inconsistent with our requirements, we would cease using that provider or seek additional safeguards.
     

  • Where practicable, entering into agreements or data processing addendums that require providers to handle personal information in line with our instructions and Australian privacy law.
     

By providing us with your personal information, you consent to the possibility of overseas disclosure as outlined above. We understand that different countries have different privacy laws; however, our aim is to ensure your data receives continuous protection regardless of location. If you would like more information about where your data may be stored or the steps we take to safeguard it when it’s overseas, please contact us.

 

Accessing and Correcting Your Personal Information


We want to ensure that the personal information we hold about you is accurate, up-to-date, and complete. Under the Privacy Act and Australian Privacy Principle 12, you have the right to request access to the personal information we hold about you, and the right to request corrections if you believe any of that information is wrong or out-of-date.

  • Access Requests: You may request a copy of the personal data we have about you by contacting us (see Contact Us below). Please include enough information for us to verify your identity (we need to ensure we’re releasing data to the correct person) and to locate the information you’re interested in. We will respond to your request within a reasonable time frame (generally within 30 days). In some cases, we may charge a reasonable fee to cover the cost of providing the information if your request is extensive – but we’ll inform you of any fee in advance and get your confirmation.
     

    • Note: There are some circumstances allowed by law where we may refuse access, such as if giving you access would unreasonably impact someone else’s privacy, or if it would violate legal requirements. If we refuse access, we will provide you with a written explanation of the reasons (except where it’s unreasonable to do so) and inform you of available complaint mechanisms.
       

  • Correction Requests: If you believe any personal information we hold about you is inaccurate, incomplete, or not up-to-date, please let us know. You can contact us with the details of the correction needed. We will promptly investigate and, where appropriate, correct our records. If for some reason we cannot correct your information as requested (for example, if we disagree that the information is wrong), we will explain the reason and note your correction request on our records. You also have the right to request that we associate a statement with the information indicating that you contest its accuracy.
     

We will not charge you for making a request to access or correct your information (only possibly for the provision of copies as noted). We genuinely appreciate you helping us keep our records accurate. For any access or correction requests, the best way is to reach out via the contact details below.

 

Your Choices and Opt-Out Rights


We believe in giving you control over your personal information. In addition to the access and correction rights above, you have several choices regarding how your data is used:

  • Marketing Communications: If you have subscribed to our newsletter or agreed to receive marketing messages, you can opt out at any time. To do so, click the “unsubscribe” link in any promotional email, or contact us requesting to be removed from marketing lists. Once you opt out, we will stop sending you marketing communications. (Note: Even after you opt out of marketing, we may still send you important service or account-related communications, such as invoices or project updates, as these are not promotional.)
     

  • Targeted Advertising: As discussed, we may use your data for targeted ads on platforms like Facebook. If you prefer not to be included in custom audience advertising, please let us know. Upon request, we can exclude your information from being used in our ad targeting lists. Additionally, you can manage your ad preferences directly on those platforms (for example, adjusting Facebook/Instagram ad settings or using tools like the NAI opt-out for multiple ad networks). Keep in mind that even if you opt out of targeted advertising, you may still see our ads in a generic way or as part of a broad campaign.
     

  • Cookies: You have choices regarding cookies as described in Cookies and Tracking Technologies. You can refuse cookies or withdraw consent by adjusting your browser settings or using opt-out tools.
     

  • Anonymity/Pseudonymity: Where lawful and feasible, you have the option to engage with us without identifying yourself (for example, using a nickname or first name only in initial inquiries). However, for many of our services, we do require contact details to communicate and fulfill our contracts. We will inform you when information is optional.
     

If you have any questions about how to exercise these choices, please contact us. We are happy to assist in limiting or explaining the use of your data in certain ways, as long as it does not conflict with our legal obligations or the ability to provide you with requested services.

 

Contact Us (Privacy Inquiries and Complaints)


We welcome any questions, concerns, or feedback you have about your privacy or this Privacy Policy. For any privacy-related inquiries, including: requesting access or correction, opting out of communications, or making a complaint about how we have handled your personal information, please contact us at:

Email: privacy@mirourmedia.com (Attn: Privacy Officer)
Phone: [02 0000 0000] (placeholder)
Mail: [Mirour Media – Privacy Inquiry, 123 Business St, Sydney NSW 2000, Australia] (placeholder address)

Please include your name and contact details and clearly describe your request or concern. If you are contacting to request access or correction, specify the information you are seeking or the correction needed. If you are making a privacy complaint, please provide as much detail as possible about the issue so we can investigate it thoroughly.

How We Handle Complaints: We take privacy complaints seriously. Once we receive your complaint, we will: (1) acknowledge receipt of your complaint as soon as possible, (2) conduct an internal review into the issue, and (3) respond to you in writing, usually within 30 days, about the outcome and any steps we will take to address your concern. We will aim to resolve the matter in a fair and timely manner.

If you are not satisfied with our response to your privacy complaint, you have the right to escalate the matter. In Australia, you can contact the Office of the Australian Information Commissioner (OAIC). The OAIC can be reached through their website (oaic.gov.au) and can review certain privacy complaints. Generally, the OAIC will expect you to attempt to resolve the issue with us first before they investigate. We will provide you with information on how to contact the OAIC or any relevant external dispute resolution scheme in our response if we cannot adequately resolve your complaint.

 

Changes to this Privacy Policy


From time to time, we may update or amend this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. We reserve the right to modify this Policy at any time. When we do so, we will revise the “Last Updated” date at the top of this Policy. If the changes are significant, we may also provide a more prominent notice (such as a banner on our website or an email notification of the update). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any changes to the Privacy Policy constitutes acceptance of the updated terms.

 

No Sale of Personal Data


For absolute clarity, Mirour Media does not sell your personal data to any third party. We do not exchange your personal information for money or other valuable consideration. Any information shared with third parties is only for the purposes described above (such as using service providers to help us deliver our services) and not for those third parties’ independent use. This commitment is part of our fundamental respect for your privacy.

Thank you for taking the time to read our Privacy Policy. We value the trust you place in us to handle your personal information appropriately. If you have any questions or need further clarification, please Contact Us at any time. We are here to help and address any privacy concerns you may have.

bottom of page