Published: 24th May 2018
This notice describes your rights as a visitor or customer of Leesa Sleep Ltd. It provides information about your rights relating to your personal information along with how we collect, use and share your data.
Leesa Sleep is committed to abiding by all data protection laws in the countries in which it operates and will be open and transparent in how we use your personal information. Many people will be aware of the General Data Protection Regulation (GDPR) and the new 2018 UK Data Protection Act. Leesa Sleep acknowledges its requirement to comply with these laws as well as local laws applicable to other countries.
This policy contains links to more information on many of the topics listed and further external links if you wish to read further detail about personal data management.
Who we are
Leesa Sleep Ltd is a company providing mattresses and other sleep related products.
We are registered with the UK Information Commissioner’s Office as a data controller and our registration number is ZA320307.
Our head office address is 9A Lowry House, 17 Marble St., Manchester M2 3AW.
If you need to contact someone to talk about personal data privacy you can contact our Data Protection Team at email@example.com.
What is personal data?
Personal data is data which identifies a person (you) from the information provided or if combined with information that we may already have access to.
You can find out more about the legal definitions of personal data here.
In summary, personal data is:
- Name and address
- Date of birth
- Email address
- Bank account details
- An IP address
In addition, there are “special categories” of personal data which means that the data, in law, is considered more sensitive, such as:
- Personal data related to your health
- Date of birth
- Genetic data
- Religious beliefs
Click here for a more complete list of this type of data.
Collecting personal data
We collect your personal data for a number of reasons including to enable us to provide you with a product you purchase, or a service you are interested in and where you have provided these details. Your personal data may be collected from several places.
Usually we will collect information you have provided, but sometimes we get your personal information from third parties who provide us with the information of people who have given permission for their information to be shared. We will always use such information responsibly and in accordance with your rights. Click here for a list of categories of third parties.
Where your personal data is used by us, and you have a choice e.g. receiving direct marketing, you will always be afforded the option of stopping further contact “unsubscribe” and controlling these consent options to your own satisfaction.
If you believe that we have misused your personal data, please contact us and we will resolve your problem as swiftly as we can.
What we use your personal data for
We will use your personal data to let you know about offers and products (marketing), so long as we have your permission to do so. Wherever we collect personal data with marketing in mind, we will inform you and provide you with a choice to continue or stop being contacted for this purpose.
We will use your personal data to fulfil any contract we have with you, which will usually be when you order a product from us, we are contractually obliged to use your personal data to ensure you get the right product.
Who do we share your personal data with?
There are some organisations with whom we work, where we must share your personal details to provide the goods and services you require. This may be manufacturers, where your product is made to order, and courier/delivery organisations so that the item can be shipped.
Where your personal data must be shared for us to provide you with a service, then we make sure that our partners have the right controls in place to use your information responsibly and under our control. Categories of partners who may see your information are listed here.
It is important for us that you understand who your information may be shared with and the seriousness with which we take the confidentiality of your personal data. If you have questions about such uses of your personal data, we will happy to tell you more.
We may also share your information with organisations where there is a need to check the accuracy of data we hold and where there may be legal or regulatory requirement to provide personal data, for example law enforcement.
We will not share your personal data unless there is a valid legal reason or need to do so.
Where is your personal data kept?
Your personal data is kept secure at all times and we use the latest technology to ensure that all our data is kept confidential, especially personal information that we hold.
Your information may be kept in a number of places, all of which comply with data protection requirements. We use cloud providers and online application providers to help us run our business. Personal data may be held on systems and databases in several locations. However, your personal information will be held with requirements of confidentiality and with suitable legal agreements and contracts in place, so you can be assured that your personal data is looked after.
Some of our systems may include the transfer of your personal data to other countries. Your data will only be transferred to other countries which have adequate provision in place to protect personal data to an equivalent level as personal data held in the UK.
How long we keep your personal data for
We will keep your personal data for a length of time that is in line with our need to identify you and to provide goods or services to you. If you are a customer, then we will keep personal information about you for our legitimate business purposes, such as ensuring we can identify you in the case of a warranty claim, to identify payments and within our finance systems for auditing and accounting purposes. We will also keep your information you have provided for marketing purposes for a period of time that allows us to contact you with offers, if you have agreed to be contacted, and to ensure that we do not contact you inadvertently if you have refused marketing contact.
We will only keep your personal data for as long as there is a legitimate requirement to do so.
More information on how long we keep your data is available from firstname.lastname@example.org
What are your rights?
Under data protection legislation from the UK and Europe, you have rights over how your personal data is used. The main rights related to your personal data are listed below, but there are others which you may like to find out more about by looking up the Data Protection Act 2018 or the General Data Protection Regulation.
The right of transparency (right to be informed)
You have a right to be informed about the collection and use of your personal data. We have an obligation to be transparent and provide you with this information freely and that it is easily understood. This notice serves to provide information on collection and use of personal data, and you may contact us if you want to know more about any aspect of how we handle your personal information. More information on this right is available here.
The right of access to your information
You have a right to have access to the information we hold about you and to verify that we are using your personal data lawfully. If asked we will provide confirmation of what personal data we hold, provide a copy of the data, and inform you of any other rights you may have. You can find out more about what you are entitled to request by clicking here.
If you would like to make such a request, please contact the email address listed above.
The right of rectification
You have the right to have any information held about you which is inaccurate to be rectified. If you believe that we have inaccurate information, for example a misspelt name, then please contact us and we will do our utmost to sort it for you. More about rectification here.
The right to be forgotten (the right to erasure)
You have, subject to certain conditions being met, the right to be forgotten. Where we can, we will remove all your details from our systems subject to being able to do so reasonably, and where no other legal or legitimate reason exists to keep your personal data. For example, if you owe money to us via an account, we would expect this to be cleared before we considered erasure of your details. Please look here for more information on this right.
The right to restrict processing of your personal data
In some cases, you may require us to hold your data but not process it, this may be relevant if you believe inaccuracies have not been corrected and further processing would cause issues for you as an individual. More information on this right can be found here.
The right to data portability
Personal data portability, means that on request we will give you the information we hold about you in a form that can easily be used by other systems. This is most likely to be a spreadsheet file so that you may pass this information on to other organisations with which you would like to share the data. It may not always be possible to give you everything about you in this format, but we will always strive to provide what we can for you. Click here for more information.
The right to object
You have a right to object to how personal data about you are processed, in some instances. You may object to us processing your personal data for our “legitimate interests”, to stop direct marketing and processing your personal data for research or statistical purposes.
[Whilst we do have legitimate interests under which we process data and we do send marketing messages out to those that want them, we do not undertake research or statistical reporting.]
Unless we can demonstrate compelling reasons for continuing to process your personal data, which we will explain to you, if relevant, when you object, then we will always endeavour to comply with your wishes.
You may find out more about this right, here.
The right to stop automated individual decision making, including profiling
Should we wish to carry out any automated decision making or profiling of you, using your personal data, then we will abide by the law and only do this where it is necessary to do so, or we have your consent.
Any decisions made automatically about you will be made obvious to you, where they have a direct effect on you. You will always have the ability to contact us and query these activities and request that they stop or have human intervention.
We aim to be transparent and open about this type of data processing so that you can feel assured that your data is safe, kept confidential and always used lawfully and fairly.
Details about this right can be found here.
The right to complain
You have a right to complain to the regulator in the country in which you reside or where you believe any misuse of your data has taken place. The UK Information Commissioner’s Office can be contacted directly if you believe that we have failed to address your concerns.
Their information may be found at www.ico.org.uk.