El MirageEL MIRAGE
HeritageContact
Privacy

Privacy Policy

Last updated · May 2026

El Mirage takes your privacy seriously. This policy explains what personal information we collect, why we collect it, and what we do with it. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

El Mirage is a sole-trader fragrance house based in the United Kingdom. For the purposes of UK GDPR, the data controller is the proprietor of El Mirage, contactable at elmirageofficial@gmail.com.

Information We Collect

When you place an order, we collect:

  • Your full name
  • Email address
  • Phone number
  • Shipping and billing address
  • The items you have purchased and the amount paid

We do not collect or store your card details. All payment information is handled directly by Stripe, our payment processor, on their secure infrastructure. Your card never touches our servers.

Why We Collect It

We use this information to:

  • Process your order and arrange delivery via Royal Mail
  • Send order confirmations and shipping updates
  • Respond to enquiries you send us by email or WhatsApp
  • Comply with our legal obligations, including tax and accounting records

The lawful basis for processing this data is performance of a contract (fulfilling your order) and legal obligation (tax records).

Who We Share It With

We share your data only with the third parties necessary to deliver your order and run the business. These are:

  • Stripe, to process your payment. Stripe's privacy policy is available at stripe.com/privacy.
  • Royal Mail, to deliver your order. Their privacy policy is available at royalmail.com/privacy-policy.
  • Resend, to send transactional email notifications. Their privacy policy is available at resend.com/legal/privacy-policy.
  • Vercel and Lovable, our hosting providers, which process traffic to this website.

We do not sell, rent, or share your personal data with any other third party for marketing purposes.

How Long We Keep It

We keep order records for six years after the order date, in line with UK tax and accounting record-keeping requirements. After this period, we will delete or anonymise the data.

Cookies

This website uses essential cookies and local storage only, for example to remember the contents of your basket between page loads. We do not use tracking cookies, advertising cookies, or third-party analytics that profile you.

Stripe's checkout page (which opens when you proceed to pay) uses its own cookies for fraud prevention and session management. Refer to Stripe's privacy policy for details.

Your Rights

Under UK GDPR, you have the right to:

  • Request a copy of the personal data we hold about you
  • Ask us to correct inaccurate data
  • Ask us to delete your data, subject to our legal record-keeping obligations
  • Object to certain processing
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, please contact us at elmirageofficial@gmail.com. We will respond within one calendar month.

International Transfers

Some of our service providers (such as Stripe and Resend) may process data on servers located outside the United Kingdom, including in the European Union and the United States. Where this is the case, we rely on the standard contractual clauses and adequacy decisions recognised under UK GDPR to safeguard your data.

Changes to This Policy

If we update this policy, we will change the "Last updated" date at the top. Material changes will be communicated by email if they affect existing customers' rights.

Contact

For any privacy-related question or request, contact us at elmirageofficial@gmail.com.