top of page

Privacy Policy


Mirror Medicine LTD takes data privacy seriously. We respect your personal data and the trust you place in us to keep it safe and store it responsibly. This Privacy Policy explains who we are, how we collect, share and use Personal Information, and how you can exercise your privacy rights.


We recommend that you read this privacy policy in full to ensure you are fully informed.  If you have any questions or concerns about our use of your Personal Information, then please contact us using the contact details provided at the end of Section 3.



1. The Basics


A. About Us

The activities of Mirror Medicine LTD include content publication, 1:1 consultation sessions and training course provision both online and in person. These "Services" are operated by Amala Black and company headquartered in the United Kingdom ("we," "us," "our," and "Mirror Medicine").


B. Key Terms

In this privacy policy, these terms have the following meanings:

i. "Contact" is a person subscribed to our mailing list or a purchaser of our goods. In other words, a Contact is anyone who has volunteered their email address and confirmed their desire to be contacted by us using the provided information.

ii. "Client" is a person who receives private treatments from Amala Black in a 1:1 setting. The information they provide during sessions may include contact details, personal health history and recorded outcomes of treatment and self care practices.

iii. "Programme Participant" refers to any person or entity that is registered with us to attend a training course or affiliated with the International Academy of Italian Facial Reflexology and Mirror Medicine as an alumni and association member.

iv. "Visitor" means any person who visits any of our Websites or social pages.

v. "Website(s)" means any website(s) we own and operate (such as or or any web pages, interactive features, applications, widgets, blogs, social networks, social network "tabs," or other online, mobile, or wireless offerings linked to these sites.

vi. "Personal Information" means any information that identifies or can be used to identify a Contact, a Client, a Programme Participant or a Visitor directly or indirectly. Examples of Personal Information include, but are not limited to, first and last name, date of birth, postal address, email address, gender, occupation, passport or license number, other demographic information, health history and treatment progress notes.

vii. "you" and "your" means, depending on the context, either a Contact, a Client, a Programme Participant or a Visitor.


2. Privacy for Contacts, Clients, Programme Participants and Visitors

This section applies to the Personal Information we collect and process through the provision of the Services and via collection of cookies through our Websites and social network pages.


A. Information We Collect

The Personal Information that we may collect broadly falls into the following categories:

i. Information you provide to us: In the course of engaging with our Services, you may provide Personal Information about yourself. Personal Information is often, but not exclusively, provided to us when you sign up for and use the Services, send us an email, attend a treatment session, sign up and/or take a course with us or communicate in any other way.

We will let you know prior to collection whether the provision of Personal Information we are collecting is compulsory or if it may be provided on a voluntary basis and the consequences, if any, of not providing the information. By giving us this information, you agree to this information being collected, used and disclosed as described in this privacy policy.

ii. Information we collect automatically: When you use the Services, we may automatically collect certain information about your device and usage of the Services. We use cookies and other tracking technologies to collect some of this information.


iii. Information from the use of our mobile apps: When you use our mobile apps, we may collect certain device and usage-related information in addition to information described elsewhere in this privacy policy.


B. Use of Personal Information

We may use the Personal Information we collect through the Services or other sources for a range of reasons, including:

  • To bill and collect money owed to us by you.

  • To send you subscription alert messages.

  • To communicate with you about any contract between us and provide customer support.

  • To enforce compliance with our Terms of Use and applicable law, and to protect the rights and safety of our Members and third parties, as well as our own.

  • To provide, support and improve the Services.

  • To provide suggestions for you.

  • For our data analytics projects.


C. Data Protection Rights

You  have the following data protection rights:

  • To access, correct, update or request deletion of Personal Information. Amala Black (Mirror Medicine) takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date. As a Contact, you can manage your individual subscription settings by choosing to "update your preferences" upon receipt of our emails, or you may contact us directly by emailing us at

  • In addition, individuals who are residents of the EEA can object to processing of their Personal Information, ask to restrict processing of their Personal Information or request portability of their Personal Information. You can exercise these rights by contacting us using the contact details provided above.

  • Similarly, if Personal Information is collected or processed on the basis of consent, the data subject can withdraw their consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. If you receive these requests from Contacts, you can segment your lists within the MailChimp platform to ensure that you only market to Contacts who have not opted out of receiving such marketing.

  • The right to complain to a data protection authority about the collection and use of Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection law. We may ask you to verify your identity in order to help us respond efficiently to your request.


3. General Information

A. How We Share Information

We may share and disclose your Personal Information to the following types of third parties for the purposes described in this privacy policy (for purposes of this section, "you" and "your" refer to Contacts, Clients, Programme Participants and Visitors unless otherwise indicated):

i. Our service providers: Sometimes, we share your information with our third-party service providers (such as course organisers or affiliated membership associations, eg AIRFI), who help us provide and support our Services and other business-related functions. We will never sell or profit from the distribution of your information.

ii. Any competent law enforcement body, regulatory body, government agency, court or other third party where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person.

iii. A potential buyer (and its agents and advisors) in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition.

iv. Any other person with your consent.


B. Legal Basis for Processing Personal Information (EEA Persons Only)

If you are from the European Economic Area, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.

However, we will normally collect and use Personal Information from you where the processing is in our legitimate interests and not overridden by your data-protection interests or fundamental rights and freedoms. Typically, our legitimate interests include improving, maintaining, providing, and enhancing our Services; ensuring the confidentiality of our Services and our Websites; and for our marketing activities.

If you are a Client or Programme Participant, we may need the Personal Information to perform a contract with you. In some limited cases, we may also have a legal obligation to collect Personal Information from you.

If we ask you to provide Personal Information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not, as well as of the possible consequences if you do not provide your Personal Information.

Where required by law, we will collect Personal Information only where we have your consent to do so.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided in the "Questions and Concerns" section below.


C. Your Choices and Opt-Outs

Contacts and Programme Participants who have opted in to our emails and association contact list can opt out of receiving content from us at any time by clicking the "unsubscribe" link at the bottom of all emailed messages.

Also, all opt-out requests can be made by emailing us using the contact details provided in the "Questions and Concerns" section below. Please note that some communications (such as service messages, account notifications, billing information) are considered transactional and necessary for account management, and Contacts and Programme Participants cannot opt out of these messages unless you cancel your transaction or terminate any contract you may have with us.


D. Our Security

We take appropriate and reasonable technical and organisational measures to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information. If you have any questions about the security of your Personal Information, you may contact us at

MailChimp accounts require a username and password to log in. Members must keep their username and password secure, and never disclose it to a third party. Because the information in a Member’s MailChimp account is so sensitive, account passwords are hashed, which means we cannot see a Member’s password. We cannot resend forgotten passwords either. We will only provide Members with instructions on how to reset them.


E. Retention of Data

We retain Personal Information where we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved, but, generally, we'll refer to these criteria in order to determine retention period:

  • Whether we have a legal or contractual need to retain the data.

  • Whether the data is necessary to provide our Services.

  • Whether our Contacts, Clients and Programme Participants would reasonably expect that we would retain the data until they remove it or until their involvement with our association is closed or terminated.

When we have no ongoing legitimate business need to process your Personal Information we will either delete or anonymize it or, if this is not possible (for example, in the case of personal health data collected before and after treatment sessions - which must be retained for 5 years post-treatment; in the case of alumni basic information - which we hold records of for 10 years post-certification; or because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.


F. Changes to this Policy

We may change this Privacy Policy at any time and from time to time. The most recent version of the privacy policy is reflected by the version date located at the top of this privacy policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this privacy policy or other notice on the Websites. We encourage you to review this privacy policy often to stay informed of changes that may affect you. Our electronically or otherwise properly stored copies of this Privacy Policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this privacy policy that was in effect on each respective date you visited the Website.


G. Questions & Concerns

If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter, please send your message or request to

bottom of page