Shopping Cart

Privacy Policy

Last updated 12 July 2022 

Welcome to the Sleep 8 UK Limited’s privacy policy. We respect your privacy and are committed to keeping trust. That starts with being transparent to you about our data processing activities. 

We are Sleep 8 UK Limited, a company incorporated in the UK, reg. number 12425083. And we are subject to the UK General Data Protection Regulation (UK GDPR) under the general processing regime. 

If you have any questions or suggestions concerning our privacy practices, please email us: hi@sleep8.eu. Please also send us an email, if you would like to request data access or data deletion, or in order to exercise other rights provided under the UK GDPR, including withdrawal of consent, data portability, etc.  

What this Privacy Policy covers 

In this policy we explained how we process personal data of our customers, shops visitors, website users, newsletter subscribers, counterparties and their representatives as well as job applicants

Namely, the Privacy policy covers: 

1.  How we collect data

2.  Which data we collect

3.  How we use your personal data

4.  Who we share data with

5.  Your rights

6.  How to contact us

We may need to change this policy from time to time to reflect changes in the law and/or privacy practices. When this happens, we will inform you updating this page.  

How we collect data 

We collect personal data from you directly or indirectly. For example, when you create an account on our website, make an order, sign up for a newsletter or send us an email, you provide your personal data directly to us. Other times, personal data is collected automatically as you use the website or open our newsletters.  

And in some instances, we can receive some information from the third parties, e.g. from a delivery service provider about the status of your order, from a payment service on whether your payment was successful or from DivideBuy on outcome of your credit application.  For recruitment purposes we may collect your data from specialised job websites where your CV is posted. 

If you fail to provide personal data 

You are not obliged to provide your personal data to us. However, if we need personal data in order to enter and perform the contract with you and you do not provide this data, we may not be able to perform the contract we have or are trying to enter into with you. Should this be the case we will notify you at the time.  

Also, if we process this data for a legitimate interest (e.g. assessment of job applicant’s CV) absence of necessary data may result in our incorrect conclusions. 

Which data we collect  

We have grouped together the personal data we collect and process about you as follows.  

We do not collect any special categories of personal data about you (i.e. details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. 

Identity Data  

  • name, username, title, assigned ID, nickname (combination of first and last name)  

Contacts  

  • name, email, telephone numbers  

Payment Data  

  • billing address, payment method 
  • bank account details, payment card details  
  • DivideBuy decision 
  • amount of payment, payment status, payment date, coupons used  

Order information  

  • order date, order status, ordered products details 
  • home/business address, delivery address and preferences 
  • delivery status 

Communications (by email, post, in chats, social media, contact forms) 

  • name, date of requests / response, content of requests / response 
  • status of email (opened/not)  

Call center data 

  • voice calls recordings, date of recording, phone number 

CCTV in shops 

  • video recordings, date of recording 

CV data 

  • employment background (position, work experience, employment references, salary and other compensation requests) 
  • educational background (degrees, certificates, transcripts) 
  • other information that an applicant shares (e.g. links to job-related social media sites (LinkedIn), personal preferences, hobbies, social preferences). 

Counterparty data  

  • position (title), company name 
  • contract signed, legal basis of authorities 

Technical Data and Cookies 

  • technical information about users, their devices and browsers (token, IP address, user agent, device type, operating system, read receipt and timestamp of email opening (for newsletters), etc.) 
  • cookie files (see more in Cookie Notice
  • IT logs 

How we use your personal data 

For each category of data subjects, we have set out below, in a table format, a description of all the ways we plan to use your personal data, and which legal bases we rely on to do so.  

  • Customers, shops visitors 

We use data to collect, process and perform your orders and to communicate with you in chats, emails or by phone. All phone calls with customers are recorded for quality control purposes. We also have CCTV cameras installed in our shops to ensure safety.  

Generally, CCTV recordings are stored no more than 1 month, and call recordings up to 3 months, unless a dispute or incident occur. We store data about the orders until the end of customer relationship. After that we have to store some data for compliance purposes and to protect out legitimate interest and rights in case any disputes arise. 

Your data can be processed by our reliable service providers which deliver orders, process payments and support our business functions. As well, we use SaaS software hosted by third parties. If you make a DevideBuy request, your data is also sent to this provider.   

Purpose / Activity Type of data Lawful basis  Third parties 
To collect and process your orders Identity Contacts Payment Data Order Information Technical Data and Cookies Entering and performance of a contract with you Payment service providers processing payments  DevideBuy Service providers which support our IT functions, incl. website  
To arrange delivery of orders to you  Order Information  Entering and performance of a contract with you Delivery service and SaaS software providers  Service providers which support our IT functions, incl. website  
To answer your questions, settle possible issues, to send and process other communication in relation to orders (via email, chat) Identity 
Contacts Payment Data Order Information 
Communications  
Entering and performance of a contract with you Providers of SaaS software which we use for communication and storage of data 
To communicate with you via phone (calls recording)  Call center data Our legitimate interest to ensure quality control, store evidence. Providers of SaaS software which we use for communication and storage of data 
CCTV recordings in the shops CCTV No sound recording or face recognition system are used Our legitimate interest to ensure safety, prevent possible crimes and detect them, store evidence – 
To ensure compliance with tax, accounting and other regulatory requirements with respect to storage of data as well as to be able to defend our rights and interests in case of disputes Identity  Contacts   Payment Data Order Information Compliance with law   
Legitimate interest to store evidence that can help us to protect out rights and interests in case of disputes 
Providers of SaaS software which we use for storage of data and documents 
  • Subscribers to newsletters 

If you consent to, we can send you newsletters and process your data in this context. You can decide not to receive marketing communications at any time by using an ‘unsubscribe’ link in e-mail or sending email to us (hi@sleep8.eu).  

Your data can be processed by our reliable service providers which support our business functions. As well, we use SaaS software hosted by third parties.  

Purpose / Activity Type of data Lawful basis  Third parties 
To send newsletters and other information on our products, events or offers that we deem to be of interest for subscribers  Identity Contacts Technical data and cookies Consent   Providers of SaaS software which we use for sending newsletters Service providers which support our marketing and IT functions 
  • Website users 

We provide a possibility to register and update account on the website. You can make your order without a registration. The registered account section is provided for your convenience only.   

We also use cookies technology on the website. You can choose which cookies we can use at the cookie banner. See Cookie Notice.  

Your data can be processed by our reliable service providers which support our business functions. As well, we use SaaS software hosted by third parties and third-party cookie technologies.   

Purpose / Activity Type of data Lawful basis  Third parties 
To register and update account information  Contacts Consent  Service providers which support our IT functions, incl. website  
To ensure that our website works properly (technical cookies) Technical data and cookies Legitimate interests to ensure that the website works properly and choices of users (e.g. consents) are logged correctly Service providers which support our IT function, incl. website  
To use data analytics to improve our website and products, marketing, customer relationships and experiences  Technical data and cookies Consent Third party cookie providers  Service providers which support our IT functions, incl. website   
  • Counterparties and their representatives 

We process data of counterparties or their representatives to be able to enter into contracts with them and perform contracts. We store data until the end of relationships. After that we have to store some data for compliance purposes and to protect out legitimate interest and rights in case any disputes arise.  

Your data can be processed by our reliable service providers which support our business functions. As well, we use SaaS software hosted by third parties.   

Purpose / Activity Type of data Lawful basis  Third parties 
To negotiate, enter and perform contracts with our counterparties, incl. service providers  Identity Contacts Our legitimate interest to negotiate, enter, perform contract with counterparties (if a counterparty is a legal entity) Performance of a contract with a data subject (if a counterparty is an individual) Providers of SaaS software which we use for storage of data and documents Service providers which support our accounting and IT functions   
To log user activities in our IT systems (if counterparties have access to systems) Technical data and cookies Our legitimate interest to ensure traceability of the systems use by logging users actions in the systems, their access to certain data or sections Providers of SaaS software which we use  Service providers which support our IT function 
To ensure compliance with tax, accounting and other regulatory requirements with respect to storage of data as well as to be able to defend our rights and interests in case of disputes Identity  Contacts  Communications  Compliance with law   
Legitimate interest to store evidence that can help to defend Company’s rights and interests in case of disputes 
Providers of SaaS software which we use for storage of data and documents Service providers which support our IT, compliance functions  
  • Job applicants 

We collect and process received CVs from job applications, conduct interviews and assess if applicants fit for open positions in Sleep 8 UK. We receive such information via email and may collect your data from specialised recruitment websites you posted your CV at. Once the decision regarding the applicant is made, we promptly delete personal data. 

Your data can be processed by our reliable service providers which support our business functions. As well, we use SaaS software hosted by third parties. 

Purpose / Activity Type of data Lawful basis  Third parties 
To collect and process received CVs from job applications, to conduct interviews, to assess their fit for an open position Identity Contacts CV data Legitimate interest to recruit personnel that fits for open positions Service providers which support our HR and IT functions   

Who we share data with 

We share your personal data in the following cases:  

  • If it is necessary for providing you goods and services (e.g. delivery service providers, payment service providers), 
  • If it is necessary to efficiently perform our business activities (we use hosting providers, outsourced accounting, HR and marketing services providers, as well as a number of SaaS software hosted by third parties). 

These service providers are not allowed to use your personal data for purposes which are not directly related to processing of orders (e.g. payment processing, delivery). Such providers must comply with data protection law and to have systems and processes to protect the security of your personal information.   

Personal data may also be disclosed upon lawful request from government authorities, law enforcement and regulatory authorities, and where required or permitted by relevant local law and for tax or other purposes. For example, if the police or any other regulatory or government authority investigating suspected illegal activities requests CCTV recordings, we possess, we are obliged to comply with their requests and provide data. 

International Transfers 

We do our best to keep your data inside the UK and EU area. With that, some processes require use of foreign service providers to be efficient.  

Namely, we use Mailchimp mailout software to communicate our newsletters to the subscribers. Mailchimp hosted by the US company, which however provides sufficient guarantees in sphere of privacy and personal data protection. As an additional safeguard we make this processing activity as transparent as possible and provide data subjects with additional safeguard i.e., a consent that they can give and withdraw at any time. Should a data subject withdraw consent, we promptly delete data from Mailchimp. 

Data Retention 

We will retain personal data only for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Such period as is necessary to perform the purposes for which it was collected.  

In many cases this means that personal data will be retained for the duration of the time that we provide goods and services to you and then for a reasonable time thereafter in order to manage any problems, process any returns, manage our relationship with you, defend any claims, for tax purposes and/or for any other record keeping purposes. 

If you have registered for an account on our website, then we will continue to retain your personal information in order to maintain your account. 

Your Rights 

Under the UK GDPR you have certain legal rights, which are briefly summarised below, in relation to any personal data about you which we hold: 

Accessing data 

You have the right to ask us to provide information on how we process your data. As well you can request copies of your personal data we hold about you. 

Data portability  

You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances. 

Changing or updating data 

You have the right ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.  

Deleting data  

You have the right to ask us to delete or remove your data in certain circumstances. For instance, if you withdraw consent and believe that is no good reason for us continuing to process it.  In some cases, we may be required to continue storing data for regulatory purposes even though you require us to delete it. Should this be the case, we will provide you with further information. 

Objecting, restricting processing  

You have the right to request that we stop using all or some of your personal data, or that we limit (restrict) our use of their data. This includes objecting to use of personal data that is based on legitimate interests. If we process your personal data for direct marketing purposes, we will stop such processing without any exceptions after we receive such a request from you. But, in other cases we may continue to process data after such objection or request to the extent required or permitted by law.  

Complaints  

You have the right to file a complaint with the supervisory authority if you think that some our privacy practices are not in compliance with the UK GDPR. We would, however, appreciate the chance to deal with your concerns before you approach the ICO. 

Security of data 

We take the protection of personal data seriously. We have implemented appropriate technical, physical and organisational and security measures to ensure the data is kept accurate, up to date and protected against unauthorised or accidental destruction, alteration or disclosure, accidental loss, unauthorised access, misuse, unlawful processing and/or damage.  

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. 

How to contact us 

You can contact us by email hi@sleep8.eu if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law.  

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights below). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.