In brief:
We never ask for your social media passwords. We never sell your data to third parties. Your payment data is processed by certified providers (Stripe, PayPal) and is never stored on our servers. You can exercise your data protection rights at any time via your dashboard or by email.
1Introduction
Mirage Agency Ltd (hereinafter “LikesPrime”, “we”, “our”) is committed to protecting the privacy of its users. This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our website https://likesprime.com and our services.
This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2Data Controller
Controller
Mirage Agency Ltd
Company No.
13032036
Address
71-75 Shelton Street, London, WC2H 9JQ, United Kingdom
DPO Email
3Data Collected
We collect different categories of personal data depending on your interaction with our services:
Identification data
- Full name
- Email address
- Phone number (optional)
- Billing address
Social media data
- Public profile/content URL
- Public username
- We NEVER ask for your passwords
Transaction data
- Order history
- Payment amounts and methods
- Invoices and order numbers
- Card data is processed by Stripe/PayPal and never stored by us
Technical data
- IP address
- Browser type and operating system
- Pages visited and browsing duration
- Cookie data (see our Cookie Policy)
Communication data
- Support ticket messages
- Feedback and suggestions
- Marketing communication consent
4Use of Data
Your personal data is used for the following purposes:
| Purpose | Details |
|---|---|
| Service execution | Processing orders, delivering services, managing your account |
| Customer support | Responding to inquiries, managing support tickets, delivery tracking |
| Billing | Issuing invoices, managing payments and refunds |
| Loyalty program | Calculating points, tier management, cashback and rewards |
| Security | Fraud prevention, account protection (2FA), detecting suspicious activity |
| Service improvement | Anonymized usage analysis to improve our services and website |
| Marketing communications | Sending promotions, special offers and newsletters (with your explicit consent) |
| Legal obligations | Tax compliance, responding to legal requests |
5Legal Basis (UK GDPR)
| Legal Basis | Article | Application |
|---|---|---|
| Contract performance | Art. 6(1)(b) | Order processing, account management, service delivery, billing |
| Consent | Art. 6(1)(a) | Marketing communications, analytics and marketing cookies, newsletter |
| Legitimate interest | Art. 6(1)(f) | Security, fraud prevention, service improvement, anonymized statistics |
| Legal obligation | Art. 6(1)(c) | Billing, legal retention, judicial requests |
7International Data Transfers
Some of our service providers are located outside the UK (notably Vercel and Stripe in the United States). These transfers are safeguarded by:
- Standard Contractual Clauses (SCCs) approved by the ICO
- The UK-US Data Bridge and EU-US Data Privacy Framework for certified providers
- Complementary technical and organizational measures (encryption, pseudonymization)
8Data Retention
| Data Type | Duration | Basis |
|---|---|---|
| User account | Duration of account + 36 months after last activity | Contract |
| Order data | 6 years after the order | Legal obligation (UK tax law) |
| Invoices | 6 years | Companies Act 2006 |
| Support tickets | 3 years after closure | Legitimate interest |
| Analytics cookies | 13 months maximum | ICO guidance |
| Connection logs | 12 months | Legal obligation |
| Newsletter | Until unsubscribe + 3 years | Consent |
At the end of these periods, data is deleted or irreversibly anonymized.
9Data Security
We implement appropriate technical and organizational measures to protect your data:
SSL/TLS Encryption
All communications are encrypted with 256-bit encryption
Password Hashing
Argon2id algorithm in compliance with OWASP recommendations
2FA Authentication
Two-factor authentication available (TOTP)
Secure Payments
Card data processed by Stripe/PayPal (PCI-DSS certified)
Security Headers
CSP, HSTS, X-Frame-Options, XSS protection
Restricted Access
Authorized personnel only, admin access logging
10Your Rights (UK GDPR)
Under the UK GDPR, you have the following rights over your personal data:
Right of access (Art. 15)
Obtain confirmation that data concerning you is being processed and receive a copy
Right to rectification (Art. 16)
Correct inaccurate data or complete incomplete data
Right to erasure (Art. 17)
Request deletion of your data ('right to be forgotten')
Right to restriction (Art. 18)
Restrict processing of your data in certain cases
Right to portability (Art. 20)
Receive your data in a structured, machine-readable format
Right to object (Art. 21)
Object to the processing of your data, particularly for direct marketing
Right to withdraw consent (Art. 7)
Withdraw your consent at any time, without affecting the lawfulness of prior processing
How to exercise your rights? From your dashboard (Settings > Export my data / Delete my account), by email to [email protected], or by mail to our registered office. We respond within 30 days.
You also have the right to lodge a complaint with the ICO (Information Commissioner's Office): ico.org.uk
12Protection of Minors
Our services are intended for persons aged 18 and over. We do not knowingly collect personal data from minors. If we discover that a minor has provided us with personal data, we will delete it immediately. If you are a parent or guardian and believe your child has created an account, please contact us.
13Policy Changes
We may update this policy from time to time. Changes will be published on this page with an update date. For substantial changes, we will notify you by email or website notification. Continued use of the site after publication constitutes acceptance.
14Contact — Data Protection Officer
For any questions about your data protection or to exercise your rights:
DPO Email
Support Email
Mirage Agency Ltd — DPO, 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom