• In this policy we explained how we process personal data of our customers, shops visitors, website users, newsletter subscribers, counterparties and their representatives as well as job applicants.

  Namely, the Privacy policy covers:

  • What this Privacy Policy covers
  • How we collect data
  • Which data we collect
  • How we use your personal data
    • Customers, shop visitors
    • Subscribers to newsletters
    • Website users
    • Counterparties and their representatives
    • Job applicants
  • Who we share data with
  • Your Rights
  • How to contact us

We may need to change this policy from time to time to reflect changes in the law and/or privacy practices. When this happens, we will inform you updating this page.

• We collect personal data from you directly or indirectly. For example, when you create an account on our website, make an order, sign up for a newsletter or send us an email, you provide your personal data directly to us. Other times, personal data is collected automatically as you use the website or open our newsletters.

  And in some instances, we can receive some information from the third parties, e.g. from a delivery service provider about the status of your order, from a payment service on whether your payment was successful or from DivideBuy on outcome of your credit application. For recruitment purposes we may collect your data from specialised job websites where your CV is posted.

  If you fail to provide personal data

  You are not obliged to provide your personal data to us. However, if we need personal data in order to enter and perform the contract with you and you do not provide this data, we may not be able to perform the contract we have or are trying to enter into with you. Should this be the case we will notify you at the time.

  Also, if we process this data for a legitimate interest (e.g. assessment of job applicant’s CV) absence of necessary data may result in our incorrect conclusions.

• We have grouped together the personal data we collect and process about you as follows.

  We do not collect any special categories of personal data about you (i.e. details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

  • Identity Data

    name, username, title, assigned ID, nickname (combination of first and last name)

  • Contacts

    name, email, telephone numbers

  • Payment Data

    billing address, payment methods

    bank account details, payment card details

    DivideBuy decision

    amount of payment, payment status, payment date, coupons used

  • Order information

    order date, order status, ordered products details

    home/business address, delivery address and preferences

    delivery status

  • Communications (by email, post, in chats, social media, contact forms)

    name, date of requests / response, content of requests / response

    status of email (opened/not)

  • Call center data

    voice calls recordings, date of recording, phone number

  • CCTV in shops

    video recordings, date of recording

  • CV data

    employment background (position, work experience, employment references, salary and other compensation requests)

    educational background (degrees, certificates, transcripts)

    other information that an applicant shares (e.g. links to job-related social media sites (LinkedIn), personal preferences, hobbies, social preferences).

  • Counterparty data

    position (title), company name

    contract signed, legal basis of authorities

  • Technical Data and Cookies

    technical information about users, their devices and browsers (token, IP address, user agent, device type, operating system, read receipt and timestamp of email opening (for newsletters), etc.)

    cookie files (see more in Cookie Notice)

    IT logs

• For each category of data subjects, we have set out below, in a table format, a description of all the ways we plan to use your personal data, and which legal bases we rely on to do so.

  • Customers, shops visitors

    We use data to collect, process and perform your orders and to communicate with you in chats, emails or by phone. All phone calls with customers are recorded for quality control purposes. We also have CCTV cameras installed in our shops to ensure safety.

    Generally, CCTV recordings are stored no more than 1 month, and call recordings up to 3 months, unless a dispute or incident occur. We store data about the orders until the end of customer relationship. After that we have to store some data for compliance purposes and to protect out legitimate interest and rights in case any disputes arise.

    Your data can be processed by our reliable service providers which deliver orders, process payments and support our business functions. As well, we use SaaS software hosted by third parties. If you make a DivideBuy request, your data is also sent to this provider.

    Purpose / Activity	Type of data	Lawful basis	Third parties
    To collect and process your orders	Identity Contacts Payment Data Order Information Technical Data and Cookies	Entering and performance of a contract with you	Payment service providers processing payments DivideBuy Service providers which support our IT functions, incl. website
    To arrange delivery of orders to you	Order Information	Entering and performance of a contract with you	Delivery service and SaaS software providers Service providers which support our IT functions, incl. website
    To answer your questions, settle possible issues, to send and process other communication in relation to orders (via email, chat)	Call center data	Our legitimate interest to ensure quality control, store evidence.	Providers of SaaS software which we use for communication and storage of data
    CCTV recordings in the shops	CCTV No sound recording or face recognition system are used	Our legitimate interest to ensure safety, prevent possible crimes and detect them, store evidence	-
    To ensure compliance with tax, accounting and other regulatory requirements with respect to storage of data as well as to be able to defend our rights and interests in case of disputes	Identity Contacts Payment Data Order Information	Compliance with law Legitimate interest to store evidence that can help us to protect out rights and interests in case of disputes	Providers of SaaS software which we use for storage of data and documents

  • Subscribers to newsletters

    If you consent to, we can send you newsletters and process your data in this context. You can decide not to receive marketing communications at any time by using an ‘unsubscribe’ link in e-mail or sending email to us (hi@sleep8.eu).

    Your data can be processed by our reliable service providers which support our business functions. As well, we use SaaS software hosted by third parties.

    Purpose / Activity	Type of data	Lawful basis	Third parties
    To send newsletters and other information on our products, events or offers that we deem to be of interest for subscribers	Identity Contacts Technical Data and Cookies	Consent	Providers of SaaS software which we use for sending newsletters Service providers which support our marketing and IT functions

  • Website users

    We provide a possibility to register and update account on the website. You can make your order without a registration. The registered account section is provided for your convenience only.

    We also use cookies technology on the website. You can choose which cookies we can use at the cookie banner. See Cookie Notice.

    Your data can be processed by our reliable service providers which support our business functions. As well, we use SaaS software hosted by third parties and third-party cookie technologies.

    Purpose / Activity	Type of data	Lawful basis	Third parties
    To register and update account information	Contacts	Consent	Service providers which support our IT functions, incl. website
    To ensure that our website works properly (technical cookies)	Technical data and cookies	Legitimate interests to ensure that the website works properly and choices of users (e.g. consents) are logged correctly	Service providers which support our IT functions, incl. website
    To use data analytics to improve our website and products, marketing, customer relationships and experiences	Technical data and cookies	Consent	Third party cookie providers Service providers which support our IT functions, incl. website

  • Counterparties and their representatives

    We process data of counterparties or their representatives to be able to enter into contracts with them and perform contracts. We store data until the end of relationships. After that we have to store some data for compliance purposes and to protect out legitimate interest and rights in case any disputes arise.

    Your data can be processed by our reliable service providers which support our business functions. As well, we use SaaS software hosted by third parties.

    Purpose / Activity	Type of data	Lawful basis	Third parties
    To negotiate, enter and perform contracts with our counterparties, incl. service providers	Identity Contacts	Our legitimate interest to negotiate, enter, perform contract with counterparties (if a counterparty is a legal entity) Performance of a contract with a data subject (if a counterparty is an individual)	Providers of SaaS software which we use for storage of data and documents Service providers which support our accounting and IT functions
    To log user activities in our IT systems (if counterparties have access to systems)	Technical data and cookies	Our legitimate interest to ensure traceability of the systems use by logging users actions in the systems, their access to certain data or sections	Providers of SaaS software which we use Service providers which support our IT function
    To ensure compliance with tax, accounting and other regulatory requirements with respect to storage of data as well as to be able to defend our rights and interests in case of disputes	Identity Contacts Communications	Compliance with law Legitimate interest to store evidence that can help to defend Company's rights and interests in case of disputes	Providers of SaaS software which we use for storage of data and documents Service providers which support our IT, compliance functions

  • Job applicants

    We collect and process received CVs from job applications, conduct interviews and assess if applicants fit for open positions in Sleep 8 UK. We receive such information via email and may collect your data from specialised recruitment websites you posted your CV at. Once the decision regarding the applicant is made, we promptly delete personal data.

    Your data can be processed by our reliable service providers which support our business functions. As well, we use SaaS software hosted by third parties.

    Purpose / Activity	Type of data	Lawful basis	Third parties
    To collect and process received CVs from job applications, to conduct interviews, to assess their fit for an open position	Identity Contacts CV data	Legitimate interest to recruit personnel that fits for open positions	Service providers which support our HR and IT functions

• We share your personal data in the following cases:

  • If it is necessary for providing you goods and services (e.g. delivery service providers, payment service providers),

  • If it is necessary to efficiently perform our business activities (we use hosting providers, outsourced accounting, HR and marketing services providers, as well as a number of SaaS software hosted by third parties).

  These service providers are not allowed to use your personal data for purposes which are not directly related to processing of orders (e.g. payment processing, delivery). Such providers must comply with data protection law and to have systems and processes to protect the security of your personal information.

  Personal data may also be disclosed upon lawful request from government authorities, law enforcement and regulatory authorities, and where required or permitted by relevant local law and for tax or other purposes. For example, if the police or any other regulatory or government authority investigating suspected illegal activities requests CCTV recordings, we possess, we are obliged to comply with their requests and provide data.

  International Transfers

  We do our best to keep your data inside the UK and EU area. With that, some processes require use of foreign service providers to be efficient.

  Namely, we use Mailchimp mailout software to communicate our newsletters to the subscribers. Mailchimp hosted by the US company, which however provides sufficient guarantees in sphere of privacy and personal data protection. As an additional safeguard we make this processing activity as transparent as possible and provide data subjects with additional safeguard i.e., a consent that they can give and withdraw at any time. Should a data subject withdraw consent, we promptly delete data from Mailchimp.

  Data Retention

  We will retain personal data only for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Such period as is necessary to perform the purposes for which it was collected.

  In many cases this means that personal data will be retained for the duration of the time that we provide goods and services to you and then for a reasonable time thereafter in order to manage any problems, process any returns, manage our relationship with you, defend any claims, for tax purposes and/or for any other record keeping purposes.

  If you have registered for an account on our website, then we will continue to retain your personal information in order to maintain your account.

• Under the UK GDPR you have certain legal rights, which are briefly summarised below, in relation to any personal data about you which we hold:

  Accessing data

  You have the right to ask us to provide information on how we process your data. As well you can request copies of your personal data we hold about you.

  Data portability

  You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

  Changing or updating data

  You have the right ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  Deleting data

  You have the right to ask us to delete or remove your data in certain circumstances. For instance, if you withdraw consent and believe that is no good reason for us continuing to process it. In some cases, we may be required to continue storing data for regulatory purposes even though you require us to delete it. Should this be the case, we will provide you with further information.

  Objecting, restricting processing

  You have the right to request that we stop using all or some of your personal data, or that we limit (restrict) our use of their data. This includes objecting to use of personal data that is based on legitimate interests. If we process your personal data for direct marketing purposes, we will stop such processing without any exceptions after we receive such a request from you. But, in other cases we may continue to process data after such objection or request to the extent required or permitted by law.

  Complaints

  You have the right to file a complaint with the supervisory authority if you think that some our privacy practices are not in compliance with the UK GDPR. We would, however, appreciate the chance to deal with your concerns before you approach the ICO.

  • Supervisory authority: Information Commissioner’s Office (ICO)

    Contact details: https://ico.org.uk/global/contact-us/

  Security of data

  We take the protection of personal data seriously. We have implemented appropriate technical, physical and organisational and security measures to ensure the data is kept accurate, up to date and protected against unauthorised or accidental destruction, alteration or disclosure, accidental loss, unauthorised access, misuse, unlawful processing and/or damage.

  We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

• You can contact us by email hi@sleep8.eu if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law.

  We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights below). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

  We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.