Privacy Policy

Privacy Notice (Including Third Party Services) - Last Updated 19/08/2021

Wing Mirror Man® is not a registered company in England and Wales.

Wing Mirror Man® is an affiliated website operating under the Buy It Online Ltd group of companies registered company number 10526713 in England and Wales.

Wing Mirror Man® and Buy It Online Ltd may be collectively known as we, us, our, WingMirrorMan®, WMM, Buy It Online, BIO.

We respect your right to privacy and your right to control the dissemination and other processing, storing, handling of your personal information.

This Privacy Notice applies to our websites including and any mobile applications or other online and/or mobile applications operated by us or that are related to us and/or our websites. Collectively the websites and applications included in this notice are referred to us as the service provider.

This notice also describes how the service provider collects information from you, the type of information the service provider collects and what use the service provider may have with the information you provide, we collect, and your rights regarding this information.

This notice governs the information collection, handling, protection, storage, and disclosure practices for the service provider.

Continuing to use the service provider is an acknowledgement that you have read and understood the terms of this notice.

You must review and fully understand this notice before providing the service provider with your information.

This notice only applies to the Buy It Online Ltd group of affiliated websites, for other Buy It Online Ltd services or additional relationships with users, suppliers or customers, other privacy terms may apply and override.

This notice does not apply to third-party sites which may be linked to or from the service provider.

Buy It Online Ltd is not responsible for such third-party sites and their privacy terms.

Overview of Related Content

2.1 Ensuring the security of your personal information is extremely important to us, we are dedicated to respecting your privacy rights.

2.2 This notice, which including without limits applies when using the group's websites or related retail platforms such as eBay, Amazon, provides you with information about the following:
   1 How we utilize your data.
   2 The data we collect.
   3 Who your data is shared with.
   4 How we ensure your privacy is always maintained.
   5 Your rights relating to your personal data

2.3 This notice should be reviewed carefully to completely understand our practices regarding your personal data and how your data is used.

2.4 For the purpose of the Data Protection Act 2018 & General Data Protection Regulation (EU Regulation 2016/679) (GDPR) and the EU Data Protection Directive (Directive 95/46/EC) the data controller is Buy It Online Ltd of Woolfold House, Woolfold Industrial Estate, Bury, Greater Manchester, BL8 3BL

The information we may collect from you and other sources

3.1 The precise details of the personal information we collect will vary depending on the specific purpose for the collection of information, we may collect and process the following data:

3.1.1 Information that you provide us by completing contact forms on the following platforms (Social Media e.g. Facebook, Twitter, LinkedIn, Instagram/Websites) This includes information provided at the time of registering to use our websites, subscribing to our services/newsletters, purchasing goods via our websites, posting material or requesting further services. We may request for information when you report a problem with the use of any of our websites.

3.1.2. If you contact us by phone, email, or otherwise and provide information voluntarily, we may keep a record of this correspondence.

3.1.3. We may record and monitor telephone communication. The sole purposes of any recording are for training and quality control purposes. The GDPR legislation prohibits the disclosure of any personal or confidential information provided to us by telephone to any third party organisations (unless required to do so by law) or to be used for marketing purposes. Recorded telephone communication is stored for at least 12 months from the recording date.

3.1.4 We may also request that surveys are completed to be used for research purposes, these are optional and are not mandatory or a pre-requisite to use our services.

3.1.5 Full details of the transactions you complete through our websites and for the fulfilment of your orders.

3.1.6 Details of your visits to our Websites including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.

3.1.7 We also collect browsing, transactional, and behavioural data from you to improve the service/experience we offer and for the purposes of offering you a tailored or personalised online shopping experience.

3.1.8 We may collect information about your browsing device, including where available your IP address, operating system, and browser type, for system administration and to report aggregate information to our advertisers. This is anonymous statistical data about our users' browsing actions and patterns and does not identify any individual. We collect some of this information using Cookies. We may also collect any personal information which you allow to be shared that is part of your public profile on a third-party social network.

3.2 We obtain and/or collect certain personal information about you from sources outside our business. We may also receive your personal information from other sources, such as: public databases, our retail and supplier partners, our trade customers, third party collection and recovery agencies, referrals from insurance and accident management companies, joint marketing partners; social media platforms; from people with whom you are friends or otherwise connected on social media platforms, as well as from other third parties. For example, this other personal data helps us to:
   1. Provide the relevant services in an accurate and suitable manner.
   2. Review and improve the accuracy of the data we hold.
   3. Improve and measure the effectiveness of our marketing communications, including online advertising.

The uses made of your information

4.1 We use the information stored about you in the following ways:

4.2 Ensure that content from our websites is presented in the most effective manner for you and your browsing device.

4.3 To provide you with information, products, or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.

4.4 To carry out our obligations arising from any contracts entered between you and us. For example, we pass your contact details to our courier company (e.g. FedEx and Royal Mail) who may contact you via email, text message or a telephone call to confirm delivery of your order. Where you use our Click and Collect service, we will notify you via text message or a telephone call to advise you when your order is ready to be collected by our branch. We may notify our suppliers of your details for any warranty purposes.

4.5 To carry out our obligations arising from any contracts entered between you and us. For example:
   • where you may have credit terms with us for payment of goods, we may pass your details on to third parties.
   • other independent third parties (i.e. workshops/garages/fitting service) (“Workshop(s)”) fitting goods (supplied by us) to your vehicle on your behalf, where the Workshop appointed by you needs to contact you in order for the fitment of such goods to be carried out to your vehicle.
   • to allow you to participate in interactive features of our service when you choose to do so.
   • to enhance your experience whilst using our Websites.
   • to notify you about changes to our Service.

4.6 If you are an existing customer, we will only contact you by electronic means (email or telephone) with information about goods and services that we offer. We will not contact you by email if you have unsubscribed from our mailing list, or by phone if you are registered with the Telephone Preference Service (and have not expressly indicated that we may continue to call you notwithstanding your registration).

4.7 If you are a new customer, we will only contact you by electronic means if you have consented to this.

4.8 Whether you are a new or existing customer, if you have consented to being contacted by electronic means we will contact you in accordance with your consents.

4.9 We may use your personal information to contact you if there are any urgent safety or product recall notices to communicate to you where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any personal harm to you. It is in your vital interests for us to use your personal information in this way.

4.10 Our Websites or marketplace listings may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. Therefore, when you leave any of our Websites, we strongly encourage you to read the privacy statements of every website you visit.

The disclosure of your information

5.1 To make certain services available to you, we may need to share your personal data with third parties. This will be particularly necessary in the case of third-party providing services such as the fitment of goods as in clause 4.5

5.2 We may disclose your personal information to:
   5.2.1 any member of the Buy It Online Ltd group, which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
   5.2.2 our trusted service providers acting on our behalf who provide services such as: web hosting, web analytics and integration, customer service web chat and ticketing, order fulfilment, data analysis (including data personalisation), infrastructure provision,  email marketing data, review sites of our services, auditing services and other services to enable them to provide services.#
   5.2.3 our third-party collection and recovery agencies (such as Lowell Portfolio and/or Lowell).
   5.2.4 our third-party courier companies who delivers your orders (such as FedEx).
   5.2.5 other selected third parties if you are a new customer and you have consented to this.
   5.2.6 our affiliate Websites that may use your personal information in the ways set out in the "how we use your information section" above or in connection with products and services that complement our own range of products and services.
   5.2.7 third party suppliers who manage our secure payment platform and credit card processing from time to time (such as PayPal, SagePay, or Opayo)

5.3 If we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.

5.4 If we substantially sell all our business assets or are acquired by a third party, personal data held by us about our customers will be one of the transferred assets.

5.5 If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of sale and supply and other agreements; or to protect our rights, property, or safety, including of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

5.6 It is sometimes necessary for us to share your data outside of the European Economic Area (EEA). This generally occurs when our service providers are located outside of the EEA or you are based outside of the EEA.

5.7 If this happens, we will ensure that the transfer will be compliant with the relevant data protection laws including the GDPR.

5.8 Our standard practice is to use standard contractual clauses approved by the European Commission for such transfers. Where the standard contractual clauses are not used appropriate security technical measures, contractual will be in place and if applicable the service providers have signed up to the EU-US Privacy Shield which is a framework designed to protect the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes

5.9 The Service is intended for users over the age of 18 and is not directed to children under 18 ("Children").  We do not knowingly collect personal information from children.  If you become aware that a child has provided us with personal information without parental consent, please contact us at by using the contact information in section 11 (Privacy Questions) at the bottom of this Notice, and we will take steps to remove the information and terminate the child's account.

The protection of your data

6.1 We are committed to keeping your personal data safe and secure and employ several security measures such as:

6.1.1 We ensure our Websites and data is supported with TLS 1.2 technology using RSA 2048-bit security standard and/or other appropriate standards from time to time.

6.1.2 Monitoring and auditing our service providers to ensure they have an adequate level of protection as required under the PCI DSS.

6.1.3 All credit and debit card payment transactions are initiated on our Website via our online shopping basket.

6.1.4 All information you provide to us is stored on our secure servers. For registered users, where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

6.1.5 We use reasonable, organisational, technical and administrative measures to protect personal information under our control. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

The legal requirements for processing your personal data

7.1 The personal data that you provide to us in order to purchase goods, or that is provided to Workshops fitting our goods on your behalf, other personal data generated for transactional agreements is processed as it is necessary for the performance of a contract with you.

7.2 All other personal data is processed for our legitimate interests (as set out below) and to comply with our legal obligations.

7.3 In general, we only rely on opt-in consent as a legal basis to contact (and allow for selected third parties to contact) new customers by electronic means and/or send direct marketing communications via email or text message to new customers.

7.4 You have the right to withdraw your consent at any time, by withdrawing consent, we may also remove your personal data.

The following table outlines what categories of data we process and for what purposes and on what legal basis we rely on:




Your user rights

8.1 Right to review: where you request access to your personal data (“Access Request”) and we are unable to deal with or fulfil such Access Request, we will provide you with a reason as to why. You have the right to complain as outlined in section 11 (Privacy Questions).

8.2 You can also exercise Access Rights at any time by contacting us in accordance with section 11 (Privacy Questions).

8.3 Our Websites may, from time to time, contain links to and from the websites of our third-party partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites should have their own privacy notices/policies and that we do not accept any responsibility or liability for these third-party websites and the notices/policies. Please check these notices/policies before you submit any personal data to these websites.

The storing timeframe of your data

9.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

9.2 Our procedures to manage data retention is to retain customer data for 7 years or longer to support some of our parts warranty.

9.3 The email marketing unsubscribe function will remove your details from marketing lists and confirmation of your removal will be sent to your email address.

9.4 Data back-ups can take up to 60 days to remove specific data from the system.

9.5 We will take reasonable steps under Article 17 of the GDPR to meet data subject requests.

Changes to our privacy notice

10.1 We will occasionally update this Notice, in our sole discretion. When we post changes to this Notice, we will revise the "Issue Date” at the bottom of this Notice to notify you of changes. We recommend that you check the Service from time to time to inform yourself of any changes in this Notice or any of our other policies. If you do not agree to any update, please do not use the Service; by continuing to access or use the Service after a change to this Notice becomes effective, you agree to and accept the revised Notice as of the Notice Issue Date.

10.2 As part of our customer satisfaction strategy, we constantly review and update our information to ensure accuracy and compliance. We constantly update and amend information so we can always offer the best and most supportive information possible.

Privacy Questions

If you have any questions about how we use your personal data that are not answered by this notice, please use the contact information below:

Legal Responsibility & Compliance | [email protected]

If you want to exercise your rights of Access Rights regarding your personal data, please use the contact information below:

Administration Services (Business Support) | [email protected]

You have the right to make a complaint at any time to the local data protection supervisory authority which, for the UK, is the Information Commissioner's Office (ICO) ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.