Coming soon
Home

Privacy Policy

Effective Date: October 21, 2025

At Miroir, protecting your privacy and safeguarding your personal data is our top priority.

This Privacy Policy (the "Policy") explains how we process your personal data when you use the website miroir.co (the "Website") in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR") and French Law No. 78-17 of 6 January 1978 on Information Technology, Data Files, and Civil Liberties, as amended (collectively, the "Applicable Regulations").

For your information, we do not use cookies or any other tracking technologies on the Website.

1. Who is the Data Controller?

When you browse our Website or more generally in the context of managing our contractual relationship with you, the data controller is OneClickStudio, a French single-member limited liability company (EURL) registered under number 832 289 375, with its registered office in Paris (75008), France ("We," "Us," "Our").

However, when our services are used by business clients, we collect and process personal data on their behalf. In such cases, our business clients are the data controllers, and we act as a data processor.

2. What Data Do We Collect?

Personal data is any information that can identify an individual, either directly or indirectly when combined with other data.

We collect personal data falling within the following categories:

  • Identification data: first name, last name, email address, postal address, telephone number
  • Professional data: company name, CV/resume, job title/position, LinkedIn URL
  • Data relating to your business relationship with us
  • Financial data: bank details required for SEPA direct debit mandates
  • Any information you choose to provide when contacting us

Mandatory fields are indicated when you provide your data.

3. Details on the Processing of Your Personal Data

Customer Relationship Management

Purpose: To carry out operations related to managing our customers, including bookings, quotes, and ensuring proper follow-up of the contractual relationship.

Legal Basis: Performance of the contract entered into between you (or your company) and us.

Retention Period: Personal data is retained for the duration of the contractual relationship. Your data (excluding bank details) is then archived for evidentiary purposes for 5 years. Payment card data is retained by our payment service provider until full payment is received. The card security code (CVV) is never stored.

Building a Prospect Database

Purpose: To build and maintain a database of prospective customers.

Legal Basis: Our legitimate interest in developing and promoting our business.

Retention Period: 3 years from your last contact with us.

Information and Contact Requests

Purpose: To respond to your information requests, contact requests, and/or demonstration requests.

Legal Basis: Performance of pre-contractual measures taken at your request.

Retention Period: 3 years from your last contact.

Purpose: To retain administrative information and documents related to our business activities.

Legal Basis: Compliance with our legal and regulatory obligations.

Retention Period: Invoices are archived for 10 years. Transaction data (excluding banking details) is retained for 5 years. Contract-related data is retained for 5 years.

Recruitment

Purpose: To process applications and manage the recruitment process.

Legal Basis: Performance of pre-contractual measures taken at your request.

Retention Period: Your data is retained throughout the recruitment process. In case of rejection, your data may be kept for 3 months after the recruitment process ends to provide feedback. It may be archived for evidentiary purposes for 5 years.

Talent Pool

Purpose: To build and maintain a talent pool of potential candidates.

Legal Basis: Your consent.

Retention Period: 2 years from the last contact.

Exercise of Rights

Purpose: To respond to requests from data subjects exercising their rights.

Legal Basis: Compliance with our legal and regulatory obligations.

Retention Period: Identity verification documents are deleted after verification. Records of objections to marketing are retained for 3 years.

4. Who Has Access to Your Data?

The following parties may have access to your personal data:

  1. Our staff
  2. Our service providers (processors): hosting provider, CRM tool, note-taking tool, email service provider
  3. Our secure payment service provider, acting as an independent data controller (please refer to their terms of service and privacy policy)
  4. Any legally authorized authority, particularly judicial, law enforcement, or administrative authorities, upon lawful request

5. Transfers Outside the European Union

Your data is stored and retained for the duration of processing on servers operated by Cloudflare and Google Cloud, located in the United States and France, respectively.

In connection with the tools we use, your data may be transferred outside the European Union. Such transfers are secured through the following safeguards:

  • Adequacy decision: Data is transferred to a country that has been the subject of an adequacy decision by the European Commission (Article 45 GDPR)
  • Appropriate safeguards: Transfers are based on standard contractual clauses approved by the European Commission, binding corporate rules, or an approved certification mechanism (Article 46 GDPR)
  • Other safeguards as described in Chapter V of the GDPR

You may obtain a copy of the instruments enabling transfers of your data outside the European Union by contacting us.

6. What Are Your Rights Regarding Your Data?

You have the following rights concerning your personal data:

  • Right to information (Articles 13 and 14 GDPR): This is why we have prepared this Policy
  • Right of access (Article 15 GDPR): You may access all your personal data at any time
  • Right to rectification (Article 16 GDPR): You may correct inaccurate, incomplete, or outdated personal data
  • Right to restriction (Article 18 GDPR): You may obtain restriction of processing in certain circumstances
  • Right to erasure (Article 17 GDPR): You may request the deletion of your personal data
  • Right to define directives regarding the retention, deletion, and disclosure of your data after your death
  • Right to withdraw consent (Article 7 GDPR): For processing based on consent, without affecting the lawfulness of processing carried out prior to withdrawal
  • Right to data portability (Article 20 GDPR): You may receive your data in a structured, commonly used, machine-readable format
  • Right to object (Article 21 GDPR): You may object to the processing of your personal data (however, we may continue processing where we have compelling legitimate grounds or for the establishment, exercise, or defense of legal claims)

To exercise these rights, please contact us at: [email protected]

We may request additional information or proof of identity in case of doubt.

If you have any concerns that have not been satisfactorily addressed, you may lodge a complaint with the relevant supervisory authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés), located at 3 Place de Fontenoy - TSA 80715 - 75334 Paris Cedex 07. If you are located in another EU member state, you may contact your local data protection authority.

7. Changes to This Policy

We may update this Policy at any time, particularly to comply with any regulatory, case law, editorial, or technical changes. Any modifications will take effect on the effective date of the updated version.

We encourage you to review this Policy regularly. We will notify you of any significant changes.