Privacy Notice

Privacy commitment

E-bedding Limited are committed to protecting and respecting your privacy and the purpose of this notice is to provide you with information on who we are, how and why we collect, and process your personal data.

  1. Who we are;
  2. Contact details;
  3. What personal data we collect about you;
  4. Children;
  5. How we collect personal data;
  6. How and why we use your personal data;
  7. Data security;
  8. Your rights;
  9. How to make a complaint;
  10. How and why we share your personal data;
  11. Transferring your personal data overseas;
  12. How long we hold personal data;
  13. Links to other websites; and
  14. Changes to privacy notice.

It is important that you read this privacy notice carefully together with any other privacy notice we may provide to you on specific occasions when we are collecting or processing personal data about you to ensure you are fully aware of how and why we are using your data. This privacy notice supplements other notices and privacy policies and is not intended to override them.

 

1. Who we are

E-bedding Limited (“we, us or our”) is a limited company registered in England and Wales with company number 05764800.

We also trade under the following names, websites and apps;

  • Comfy Quilts
  • Sleepy people
  • Bedcrest
  • Branded bedding
  • Just Bedding
  • UK Bedding
  • Sound Asleep
  • Nanu

We are the data controller and responsible for your personal data that we process in connection with the services we provide.

 

2. Contact Details

Our head office is located at 1st Floor Cloister House Riverside, New Bailey Street, Manchester, M24 2HD.

If you have any questions about this privacy notice, data processing practices, data protection matters generally, or you wish to exercise your legal rights please contact our data protection officer (DPO) using the details set out below.

Data Protection Officer
GRCI Law
Unit 3 Clive Court
Bartholomew’s Walk
Cambridgeshire Business Park
Ely CB7 4EA

Email: dpoaas@grcilaw.com
Telephone: 0333 800 7000

 

3. What personal data we collect about you

We may collect, use, store and/or transfer different kinds of personal data and special category data about you.

What we mean by personal data is any information about an individual from which that person can be identified (either by itself or when combined with other information).

As for special category personal data – this is the type of data relevant to you which reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership as well as genetic data, biometric data used to identify an individual, data concerning health or data concerning an individual’s sex life or sexual orientation.

We collect both kinds of personal data as described above. However, we will limit the collection and processing of personal data to what is necessary to achieve one or more purpose(s) as identified in this notice. The personal data we collect about you and those accompanying or supporting you will include the following:

  • Basic personal data to identify you including your name, address, username, IP address;
  • Your contact information, your email and postal addresses;
  • Health data which will include data such as sounds made whilst sleeping, sleep patterns, breathing rate whilst sleeping, snoring patterns, sleep scores, snore scores;
  • You may however provide additional information regarding your alarm times, bed information, levels of alcohol consumption, activity levels, mood, stress levels, water consumption, sleep environment sounds and characteristics;
  • Audio Recordings;
  • Mobile device information
  • Facebook – Only collect email address;
  • Anonymous App Data
  • Location data, which records your approximate location but provides information about the current time zone;
  • Online information and online activity based on your interaction with us, our websites and applications for example your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types, searches, site visits and versions, operating system and platform, and other technology on the devices you use to access this website]; and
  • Usage Data including statistical data including information about how you use our website and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We may also process:

  • Other information relevant to client feedback regarding our service.

It is important that the personal data we hold about you is accurate and current.

Please keep us informed if your personal data changes during your relationship with us.

 

4. Social Media

If you choose to sign up for your account via another service such as Facebook or Google, we may receive personal data from the other service. For example, we may receive information such as your name, profile, email address and list of contacts. You can choose to give us access to your activity data from such other services or you can stop sharing such data by removing our access tot hat service. Please note that such data is collected by the service provider and supplied to E-Bedding in accordance with the service providers privacy policy.

You may choose to post snore scores, reports and other such information including health data about your sleeping activity on social media sites. If you do choose to share such information about you should not consider such personal data to be private as these are open communities and should think carefully before posting any such personal data.

Please be aware that personal data posted can be seen and collected by third parties and used in ways that E-Bedding cannot control or predict. You should review the privacy policy of any such social media site before posting to understand how your data is processed.

 

5. Children

Please note that our websites and/or apps our are not intended for children and we do not knowingly collect children’s personal data. If we are advised that we have collected personal data of children under 18 we shall take steps to delete such data as soon as possible.

Please note however, that when the audio recording function of your device is activated this may capture ambient noises, other activity and other sounds within your location which may include sound generated by children.

If you become aware that your child has provided us with data or other information without your consent, please should contact us at the following email address DataProtectionTeam@e-bedding.co.uk or our Data Protection Officer by emailing dpoaas@grcilaw.com

We shall delete such data or information as soon as possible.

 

6. How we collect personal data

Your personal data comprises personal, special category and financial data and provided to us including;

1. you give to us directly where you:

  • download the soundasleep app
  • contact us directly via telephone, letters or email;
  • search for our services;
  • apply for our services electronically or otherwise;
  • request marketing material to be sent to you; and/or
  • give us feedback or contact us.

2. Information we learn about you through our relationship and the way you interact with us;
3. Information we gather using technology, which you may use to access our services (an IP address for example or telephone number), and how you use technology (for example recognising behavioural patterns).

 

7. How and why we use your personal data

We will only use your personal data where it is necessary to ensure the soundasleep app can function and we can provide you with our services. We will process your data for one of the following reasons:

  1. Performance of a contract – the personal data we may need to deliver our services to you;
  2. Legal obligation – where we are required by law to process your personal data;
  3. Legitimate interest – where we are permitted to use your personal data where on balance the benefits of us doing so is not outweighed by your legal rights;
  4. Consent – where your agreement is sought prior to utilising your personal data. Wherever consent is the only reason for using your personal data you have the right to change your mind and/or withdraw your consent.

We will mainly use your personal data in the following ways:

  1. When you download our app, we are required to collect and process certain personal data about you. Please note that if you do not agree to provide information requested, it will affect service provision as we may be unable to deliver our services to you.
  2. To set up your account and register you as a user of the soundasleep app;
  3. To provide the service you require including but not limited
    1. to verify your identity;
    2. to provide you with information such analysis, trends and insights into your sleeping behaviour;
    3. to provide any other ancillary service(s) as may be required to meet your specific needs that we might fulfil our contract with you;
    4. to provide other services you may request;
  4. To provide you with information regarding promotions, competitions or prize draws;
  5. To undertake administration activities necessary for the delivery our services to you including:
    1. managing payments, fees and charges;
    2. keeping an accurate history of transactions and sending you relevant statements;
    3. helping to resolve any problems or complaints you may have;
    4. collect and recover monies where appropriate;
  6. To manage our relationship with you including:
    1. notifying you of changes to our terms and conditions;
    2. to provide you with important notifications and updates;
    3. notifying you of changes to this privacy notice;
    4. asking you to leave a review.
  7. To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we provide to you.
  8. To use data analytics to improve our website, services, marketing, client relationships and experiences.

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us or emailing using our contact details outlined above.

 

8. Data security

We have put in place reasonable technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

9. Your rights

You have several rights under data protection laws which are set out below. You can access any of these rights at any time and if you wish to do so or require further information about your rights please contact us using the details above.

  1. Access – the right to request a copy of the personal data we hold on you. When you request this data, this is known as making a Subject Access Request (SAR). In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee;
  2. Rectification of personal data – is the right to have any inaccurate personal data corrected;
  3. Erasure of personal data – the right to have any out of date personal data deleted once there’s no business need or legal requirement for us to hold it;
  4. Restriction of processing personal data – the right to object or restrict some processing, in limited circumstances and only when we don’t have legitimate grounds for processing your personal data;
  5. Objection to processing of personal data – the right to object to your personal data being used for example to send you marketing material. As mentioned above, we’ll only send you marketing material where you’ve given us your consent to do so.  You can remove your consent at any time;
  6. Automated decision making – the right to ask for a decision to be made manually, where a decision is made using automated means and this adversely impacts you; and
  7. Portability – the right to have personal data we hold about you transferred securely to another service provider in electronic form.

 

10. How to make a complaint

If you are unhappy with the way we have handled your personal data and/or wish to complain about how your personal data is being processed, you can do so at any point in time. Please contact our Data Protection Officer using the details provided above.

If you’re not satisfied with our response, you can raise a complaint with the Information Commissioner’s Office (ICO) at any time. The ICO is the UK’s supervisory authority whose role is to enforce data protection laws.

https://ico.org.uk/

We would appreciate the chance to address any concern you may have before you approach the ICO and ask that you contact us in the first instance.

 

11. How and why we share your personal data

We may from time to time share your personal data with the following organisations who are also required to keep your information confidential, safe and secure:

  1. Firebase, a Google subsidiary, is a mobile app service platform that we use for multiple functions including user authentication, data storage and analytics. Your data is protected through their authentication services and security rules. We also use Firebase for analytics to better understand the app usage in order to troubleshoot or improve the app services. You can read more about Firebase and read about the Firebase privacy approach https://firebase.google.com/support/privacy/
  2. We, or third-party data processors who act on our behalf, may use the personal data you provide us in the following manner:
  • Provide the service of the app
  • Analyse, operate, maintain and improve the app; adding new features and services
  • Enable transfer of data between your devices
  • Verify your identity
  • Provide customer service; responding to comment, questions and requests
  • Troubleshoot issues with the app or website
  1. Where required as part of any proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or business assets;
  2. Anyone else with your permission.

 

12. Transferring personal data overseas

From time to time we may share your personal data with organisations in other countries outside of the European Economic Area (EEA) to fulfil your contract with us.

For example, some information we hold may be stored on servers that may be located outside of the EEA. with certain service providers. In such circumstances we use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

If you would like to find out more about these safeguards, please let us know by writing to us using the contact details above.

 

13. How long do we hold the personal data?

We retain your personal data for no longer than is necessary and will only keep your personal data for the period your account is active.

We may retain certain personal information in an aggregated and anonymised format after your account has been deleted. We reserve the right to use your information in any aggregated form after you have deleted your account, but we will ensure that the use of this information will not personally identify you.

We may also retain some information to comply with legal obligations, resolve disputes, enforce our agreement, support business operations and continue to improve the app services. For our service improvement purposes, we will take steps to ensure this information does not identify you and will only use it to gain aggregated insights into the services we provide.

The time periods for retaining data are determined by several factors including but not limited to the nature and type of record, the nature of the activity, the product or service and any applicable legal or regulatory requirements.

Our retention periods may be subject to change from time to time based on commercial, legal or regulatory requirements.

 

14. Links to other websites

Within our website we may have links to third party websites, plug-ins and applications. Clicking those links may enable third parties to share or collect your personal data. Please be aware that we do not control such third-party websites and are not responsible for their privacy statements or the contents of those websites. We would encourage you to read the privacy notice of every website you visit.

 

15. Links to other websites

We keep our privacy notice under regular review. Any changes to our privacy notice in the future will be posted on this page. We encourage you to review this page regularly to identify any updates or changes to our privacy notice.

 

Version 1.0 effective October 2019