We are subject to the UK General Data Protection Regulation (UK GDPR) under general processing regime.
In this policy, we provide you with details about:
- who we are and what personal data we collect;
- how we collect your personal data
- why we process your personal data;
- Who we share your personal data with
- information about cookies;
- who we share your personal data with;
- the legal basis for using personal data provided to us;
- how we aim to protect your privacy;
- how long we will keep your personal data;
- international transfers of your data;
- your legal rights relating to your personal data.
Full Name of Legal Entity: Sleep 8 UK Limited (a company incorporated in the UK with company registration number 12425083)
- Email address: firstname.lastname@example.org
- Telephone number: +44 1708 947486
1. The Personal data we collect about you
“Personal data” is the information which (either on its own or in combination with other information we hold) allows us to identify a customer and thus enable us to manage our relationship with us and customers. In order for us to deliver our products and services to you and manage our business efficiently, it is necessary for us to collect, maintain and process your personal data. We may collect information from you when you visit our store or our website, purchase goods or services from us, contact us by telephone, email or receive a communication from us relation to your purchase.
We have grouped together the personal data we may collect and process about you as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender,
- Contact Data includes home/business address, delivery address and preferences, email address and telephone numbers.
- Financial Data includes billing address, bank account and payment card details
- Transaction Data includes details about payments from you and other details of products and services you have purchased from us
- Technical Data includes internet protocol (IP) address, your login data including your password(s) for our website account, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes purchase history and saved items or orders made by you, your interests, preferences and feedback, your contact history, your responses to surveys, promotions
- Usage Data includes information about how you use our website, online browser activities on our website, communication you make with us
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences, your interests, preferences, feedback and survey responses
We do not collect any Special Categories of Personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2. How your personal data is collected
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by phone, email or instant messaging systems i.e. chatbots on our website. This includes personal data you provide when you;
- apply for our products or services;
- request marketing to be sent to you;
- give us feedback or contact us.
- Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using Cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our Cookies.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
Technical Data from the following parties:
- advertising networks ; Facebook, Instagram, etc.
- Internet search information providers e.g. Google, Bing, Yahoo.
- analytics providers
Please note that you are under no obligation to provide Sleep 8 UK with your personal data; however, not providing some of the Personal data described above could prevent us from performing our obligations in relation to your purchase of goods and services (and any related services) from us.
If you fail to provide personal data
Where we need to collect Personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
3. Purposes for which we will use your personal data
The term “processing” means any action taken, also with the help of electronic means, in connection with personal data, including collection, handling, use, transfer and disclosure by transmission, dissemination or otherwise making available, as well as recording, organisation, storage, retention, adaptation or alteration, access, retrieval, consultation, alignment or combination, blocking, anonymising, erasure, disposal or destruction.
Please note we have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Type of data||Purpose/Activity||Lawful basis for processing including basis of legitimate interest|
|(a) Identity(b) Contact||To register you as a new customer||Performance of a contract with you|
|(a) Identity(b) Contact(c) Financial(d) Transaction(e) Marketing and Communications||To process and deliver your order including:(a) Manage payments, fees and charges(b) Collect and recover money owed to us(c) Preventing and detecting fraud against you or us(d) Ensuring the confidentiality of commercially sensitive information||(a) Performance of a contract with you(b) Necessary for our legitimate interests (to recover debts due to us)|
|(a) Identity(b) Contact(c) Technical||To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise(b) Necessary to comply with a legal obligation|
|(a) Identity(b) Contact(c) Profile(d) Usage(e) Marketing and Communications(f) Technical||To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you and operational reasons, such as improving efficiency, training and quality control||Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|(a) Technical(b) Usage||To use data analytics to improve our website, products/services, marketing, customer relationships and experiences and ensuring business policies are adhered to, e.g. policies covering security and internet use||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|(a) Identity(b) Contact(c) Technical(d) Usage(e) Profile(f) Marketing and Communications||To make suggestions and recommendations to you about goods or services that may be of interest to you||Necessary for our legitimate interests (to develop our products/services and grow our business)|
4. Who we share your personal data with
We do not share your personal data with third parties unless it is necessary for providing you goods and services. However, we may need to share your personal data with partners, agents or service providers to allow them to perform services on our behalf from time to time. These partners, agents or service providers will only act under our instruction and will not use your personal information for their own purposes (“Data Processors”). Our current Data Processors are payment providers, warehouse and delivery partners. In the event that we need to transfer your personal data to provide our services, we ensure them to comply with data protection law and to have systems and processes to protect the security of your personal information. We promise to always keep your details safe and we’ll never sell or swap your personal information with any other organisation.
Personal data may also be disclosed upon lawful request from government authorities, law enforcement and regulatory authorities, and where required or permitted by relevant local law and for tax or other purposes.
We generally do not transfer your personal data internationally. To deliver products and services to you, it is sometimes necessary to share your personal information other countries from time to time. Our standard practice is to assess the laws and practises of the destination country and relevant service provider and the security measures that are to be taken as regards the data in the overseas location to ensure all personal data is secure at all times.
5. Security of your Personal data
As stated above, Sleep 8 UK Limited takes the protection of your Personal data seriously. We have implemented appropriate technical, physical and organisational and security measures to ensure the Personal data is kept accurate, up to date and protected against unauthorised or accidental destruction, alteration or disclosure, accidental loss, unauthorised access, misuse, unlawful processing and/or damage.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
For your safety, and the prevention and detection of crime, CCTV is in operation during your visit to any of our retail stores.
The CCTV system will NOT be used to record sound unless in accordance with the policy on covert recording or for any automated decision making.
Please note: We keep a record of the CCTV installed and used. For digital recording systems, CCTV recording will not be held for more than 60 days. Once installed, reviews will be regularly undertaken to ensure that the use of the CCTV systems and the processing of the personal data obtained through it remains justified.
If the police or any other regulatory or government authority investigating suspected illegal activities requests CCTV images of you or any other personal information relating to you, we are obliged to comply with their requests.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you.
If we have your permission, we may send you materials we think may interest you, such as we may send you materials as new offers and updates.
You will receive marketing communications including exclusive offers, promotions from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing. We will ensure you consent separately to receive further marketing communications for newsletters and campaigns.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can decide not to receive marketing communications at any time by:
- contacting us;
- using the ‘unsubscribe’ link in e-mail;
- updating your marketing preferences through our website.
Strictly necessary cookies
These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language).
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
9. Data Retention
Sleep 8 UK Limited will retain your personal data only for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Such period as is necessary to perform the purpose(s) for which it was collected. In many cases this means that personal data will be retained for the duration of the time that we provide goods and services to you and then for a reasonable time thereafter in order to manage any problems, process any returns, manage our relationship with you, defend any claims, for tax purposes and/or for any other record keeping purposes.
If you have registered for an account on our website, then we will continue to retain your personal information in order to maintain your account. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
10. Your Rights
You have certain legal rights, which are briefly summarised below, in relation to any personal data about you which we hold:
- Your right of access – You have the right to ask us for copies of your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances(where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.). You also have the right to object where we are processing your personal information for direct marketing purposes.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
Click here https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ to find out more about your individual rights.
11. Data Subject Request
‘Data Subject Requests’ can be made by data subjects where an organisation holds personal data about them. If you wish to make a request to use any of these data subject rights described above, please contact through our contacts details below.
This can be done at any time, and the requests are made in order for the data subject to find out what data is being held, and what is being done with it. You will not have to pay a fee to access your personal information (or to exercise any of the other rights).
12. How to contact us
Our contact details are shown below:
Phone: +44 1708 947486
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.