TEMPUR® UK WEBSITE PRIVACY & COOKIE NOTICE
What does this notice cover?
This Privacy Notice describes how Tempur UK Ltd. (also referred to as "Tempur Sealy", "we" or "us") will make use of your data when you use our products, services and websites.
It also describes your data protection rights, including a right to object to some of the processing which Tempur Sealy carries out. More information about your rights, and how to exercise them, is set out in the "What rights do I have?" section.
We may also provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information.
What information do we collect?
- Your name, age, date of birth and gender.
- Contact details, such as your billing and shipping address, email address and phone number. Your user name and password.
- Banking information, including your debit or credit card information and sort code and account number and also transactional information including in respect of products which you purchase or when you apply for Tempur Sealy Financing or another form of financing we offer.
- Your personal preferences, such as information about your household and purchase decisions.
- Information about your communications with us.
- Your marketing preferences, including any consents you have given us.
- Product reviews or testimonials and other content you submit to us.
- Location data we get about where you are, such as the address where you connect a computer to the internet, or a shop where you buy something with your card.
- Information related to the browser or device you use to access our website.
- Information about your website preferences.
How do we use this information, and what is the legal basis for this use?
We use the personal data referred to above and information which you give us for the following purposes:
To fulfil a contract, or take steps linked to a contract: this is relevant where you apply for one of our financial products or services. This includes:
- Taking and processing payments.
- Communicating with you and providing customer services.
- Arranging the delivery or other provision of products, services or prizes.
- Administering our loyalty programmes
- Managing our relationship with you.
Where necessary for Tempur Sealy's legitimate interests, as listed below, and where our interests are not overridden by your data protection rights:
- Providing products and services you have requested and responding to any comments or complaints you may send us. We may process personal data about your dependents, family and partner (which you give to us) in doing so.
- Facilitating the creation of, and securing, online registered accounts.
- Promoting our services to customers and potential customers, advising you of news and updates, and hosting or administering events.
- Monitoring the use of our websites and online services and using your information to help us monitor, improve and protect our products, content, services and websites, both online and offline.
- Personalising our website, products or services for you.
- Investigating any complaints received from you or from others, about our services, products or websites.
- To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance and audit.
- Monitoring customer accounts to detect, prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime in accordance with applicable law.
- Managing how we work with other companies that provide services to us and our customers.
- In connection with legal claims and for compliance, regulatory and investigative purposes.
- Call recordings when you call our call centre (we will always flag to you when a call is being recorded).
- Applications which you give us if you are applying for a job or information that we obtain from referees or your previous employers.
- To assist us in evaluating and improving the quality of the products and services we supply
- Collecting Internet Protocol (IP) addresses during the creation of an order to prevent fraud.
Where you give us consent:
- We will send you direct marketing by email and/or SMS in relation to our products and services.
- We will place cookies and use similar technologies in accordance with our Cookies Policy (below) and the information provided to you when those technologies are used.
- On other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.
For purposes which are required by law:
- Undertaking checks on customers, potential customers and other third parties for the purpose of compliance with our legal, regulatory and professional obligations.
- In response to requests by government or law enforcement authorities conducting an investigation.
- We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details set out below.
- We will not be able to provide the products or other services requested if we are not provided with all relevant personal data. The provision of some information, such as the details you provide so we can send you marketing communications, is optional.
Automated decision making
In performing some of the functions above, we rely on technology that makes automatic decisions based on the criteria we determine to be relevant and the information we collect about you or a particular transaction. These include credit and fraud checks. We routinely test our software to improve the accuracy of these decisions and to prevent unintended bias. These decisions can have significant effects for you, such as:
- Preventing access to our services, where we determine there is a high likelihood that providing the service to you would cause us to violate our regulatory requirements.
- Cancelling transactions, where we determine there is a high likelihood that a transaction is fraudulent (for example, because the payment is made from a location that does not correspond to our records for that end-customer) or the payer does not have sufficient funds to cover the expense.
- Cancelling the service, where we determine that the service is being used in violation of our terms. For example, we automatically analyse your transactions to assess whether any of the activities you conduct appear on our list of restricted activities.
Who will we share this data with?
Your personal data will be processed in and accessed from jurisdictions outside the European Economic Area (EEA) by us and by the third parties with whom we share your personal data.
We will share your personal data with other members of the Tempur Sealy Group to administer and manage group functions, including the provision of our products and services to you.
Your personal data will be transferred to Tempur Sealy Groupaffiliates and vendors in the following non-EEA countries:
- The United States of America
When we transfer your data within the Tempur Sealy Group, we use an intra-company agreement containing European Commission-approved standard contractual clauses. When we transfer your data to organisations outside the Tempur Sealy Group we use European Commission-approved standard contractual clauses to safeguard the transfer, unless we transfer personal data to a third party that has implemented Binding Corporate Rules or which uses the EU-U.S. Privacy Shield, in which case we may rely on one of those mechanisms to safeguard the transfer.
Your personal data will also be shared with trusted third parties,such as financial or other advisers, consultants and other professional experts.
We will share your personal data with companies providing services under contract to Tempur Sealy. Such third parties include providers of order fulfilment services, website and IT hosting, help desks, maintenance, call centre operations, marketing research and analysis, credit card payments and customer feedback platforms.
Your personal data will also be shared with government agencies and/or law enforcement agencies and credit reference and fraud prevention agencies if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
What rights do I have?
You may be entitled to ask Tempur Sealy for a copy of your personal data, to correct, delete or restrict processing of it, and to obtain the personal data you provide in a structured, machine readable format and ask us to share (port) this personal data to other organisations. You may also have the right to object to processing in some circumstances.
Where we have asked for your consent, you may withdraw consentat any time. If you ask to withdraw your consent to Tempur Sealy processing your personal data, this will not affect any processing which has already taken place at that time. You can also ask us not to send or to carry out profiling for direct marketing, at any time.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.
If you wish to exercise these rights, please contact us as set out below.
If you have unresolved concerns you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occured.
What are cookies and similar technologies
Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. Other tracking technologies are also used which are similar to cookies. This can include pixel tags and tracking URLs. All these technologies are together referred to in this policy as "Cookies".
The types of Cookies that we use on our website, and the purposes for which they are used, are set out below:
- Strictly necessary cookies: These cookies are essential in order to enable you to move around our website and use its features, such as accessing secure areas of our site. Without these cookies, any services on our website you wish to access cannot be provided.
- Analytical/performance cookies: These cookies collect information about how you and other visitors use our site, for instance which pages you go to most often, and if you get error messages from web pages. We use data from these cookies to help test designs and to ensure a consistent look and feel is maintained on your visit to the website. All information these cookies collect is aggregated. It is only used to improve how a website works.
- You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website:
- Disable Google Analytics
- Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or at https://www.google.de/intl/en_uk/policies/. Please note that on this website, Google Analytics code is supplemented by “anonymizeIp” to ensure an anonymized collection of IP addresses (so called IP-masking).
- Functional cookies: These cookies allow our site to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting. Additionally, these cookies can be used to allow an optional service to function such as offering a live chat session. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
- Targeting cookies: These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. These cookies are dropped only with your consent. You can give your consent either by closing the cookie banner displayed on the landing page of our website or browsing the website outside the cookie banner and clicking on any of its item. Please note that we track your consent using a technical cookie; therefore, in the event you delete any cookies stored on your devices you see the cookie banner once again. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
- Social media cookies: These cookies allow you to share what you’ve been doing on our Site on social media such as Facebook and Twitter. These cookies are not within our control. Please refer to the respective privacy policies for how their cookies work.
- Pixel tags: Also known as a clear GIF or web beacon. These are invisible tags placed on certain pages of our Site but not on your computer. When you access these pages, pixel tags generate a generic notice of that visit. They usually work in conjunction with cookies, registering when a particular device visits a particular page. If you turn off cookies, the pixel tag will simply detect an anonymous website visit.
- Tracking URLs: These are used to determine from which referring website the website is accessed.
If you wish to opt out of FullStory collecting information please click the link https://www.fullstory.com/optout/
Opting out will create a cookie that tells FullStory to turn off recording on any site which uses the FullStory Services. The presence of this cookie is required to continue opting out. That means if you clear your browser cookies, you will have to opt-out again.
How long will you retain my data?
Where we process account registration data, we do this for as long as your account is active or you are an active user of our sites and for no more than six years after this.
Where we process personal data in connection with performing a contract or for a competition or survey, we keep the data for six years from your last interaction with us.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
Updates to this Privacy Notice
This Privacy Notice may be updated periodically. We will update the date at the top of this Privacy Notice accordingly. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Privacy Notice as required by applicable law.
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, feel free to contact our Data Protection Manager, who can be contacted at firstname.lastname@example.org.
The data controller for your information is Tempur UK Ltd. registered in United Kingdom under Company Number 02748033 who registered office address is: Caxton Point, Printing House Lane; Hayes, Middlesex UB3 1AP UK.