Security & Privacy
- visit one of our websites: shop.pocketspringbed.co.uk; shop.sealy.co.uk; www.rest-assured.co.uk; www.sealy.co.uk; www.silentnight.co.uk; www.silentnightgroup.co.uk (the "websites"):
- interact with one of our brands (Silentnight or Sealy);
- purchase products from us or from one of our stockists;
- visit one of our showrooms;
- contact us, for example by telephone, email, post or through submitting a form on our websites;
- provide products or services to us;
- apply for a job with us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Are you a sole trader / partnership or an individual communicating with us from a business?
Information About Us
For the purposes of the applicable UK and EU data protection laws ("Data Protection Law"), the data controller is Silentnight Group Limited ("we","our", "us"), registered under company number 07525259, at registered address Long Ing Business Park, Long Ing Lane, Barnoldswick, Lancashire, BB18 6BJ. We are registered with the Information Commissioner's Office under number Z2805809.
What information do we collect?
Information that you give us
When you purchase products or make enquiries about our products, enter a competition, register to use our websites or otherwise provide us with your personal data while either on our websites or through one of our local stockists, contact us with a query or complaint, apply for a job with us, visit one of our showrooms, or provide services or products to us as a supplier, you may provide us with information about yourself.
This may include your name, address (including your billing and delivery address details where appropriate), your email address, contact telephone number, date of birth, gender details of any comments or feedback which you provide to us, and job application information.
If you sign up to be kept informed about our promotions and products you will also provide us with your name and email address.
We will also require your credit/debit card details from you where you are purchasing products from us. We will use this information to supply you with the products that you have purchased and to help us prevent fraud.
You are not obliged to provide your personal data to us. However, if you do not provide your personal data to us, we may not be able to provide products to you, respond to your queries, enter you into competitions, or process your job application.
Information that we collect about you
We may also collect and process records of any correspondence and communications that you have with us and a record of transaction history and details of transactions conducted on our websites is kept by us together with details of the fulfilment of any of your order.
We monitor, record, store and use any telephone, email or other communication you provide (including call recordings) in order to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our customer service.
As you move around our websites, subject to appropriate consents being obtained, we will collect information about your visit, such as which pages you visit, how often you visit and what links you click on.
This will include technical information such as Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, operating system and platform and information about your visit such as the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
We may also receive information about you if you use any of the other services we provide. In this case we will have informed you when we collected that personal data that it may be shared internally and combined with personal data collected on the websites for the purposes set out in this policy, including helping us to build a profile of you to get to know you better, and so that we can personalise and enhance your customer experience with us, for example; to ensure that content is relevant for you.
We also collect CCTV images of you when you visit one of our own showrooms. Please note that our stockists may also operate CCTV on their premises, the operation of which is subject to their own privacy policies.
Where you apply for a job with us we will take notes about your interview or application which include your personal data.
Information that we receive about you from other sources
We may receive personal information about you from other sources such as retailers of our products, social media platforms where you make your information publically available, publicly available customer lists lawfully acquired from third party vendors and from third parties who work with us in connection with our websites and services.
Where you apply for a job with us, we may also receive personal data about you when we seek references from your previous employers and other referees.
How do we use your personal information?
- Information you give to us. We will use this information:
- to carry out our obligations arising from any agreements entered into between you and us and to provide you with the information, products and services that you request from us;
- to carry out appropriate and necessary investigations and discharge our legal and regulatory obligations and duties, including to comply with anti-fraud and anti-money laundering requirements;
- to send you a welcome email to verify your account when you register with the websites or sign-up in-store and other emails for the purposes of providing any services, products, competitions or promotions to you, including in relation to account management or system maintenance;
- to provide you with marketing information about other services or products we offer that are similar to those that you have already purchased, or services or products you have consented to receiving on the websites or in-store; to notify you about changes to our services and/or products;
- build a profile of you, your preferences and your habits in order to personalise and enhance your customer experience; to provide customer support;
- to receive products or services from you where you are a supplier;
- to process your job application; and/or
- to ensure that content from the websites is presented in the most effective manner for you and for your computer.
We may use the personal data we collect about you on an anonymised basis to create statistics and anonymised information which we then share with third parties including ad networks, search engines and analytics providers.
Please note we will not use any financial or credit card information for any purpose other than to discharge our legal / regulatory duties and to process payments paid by you for our products and services or due to you by agreement (e.g. refunds).
- Information we collect about you. We will use this information:
- to administer our websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to carry out appropriate and necessary investigations and discharge our legal and regulatory obligations and duties, including to comply with anti-fraud and anti-money laundering requirements, and (where applicable) to safeguard our staff and other customers / users in respect of unlawful, disruptive or objectionable behaviour in any of our stores or on our websites;
- to improve our websites to ensure that content is presented in the most effective manner for you and for your computer;
- to enhance our website experience to ensure you receive a personalised and continuously improving customer service;
- to allow you to participate in interactive features of our websites, when you choose to do so;
- as part of our efforts to keep our websites safe and secure;
- for data-matching purposes in respect of your use of our websites / services and your use of certain third party services;
- to deliver (whether directly or indirectly via third parties) effective and personalised marketing material and content of Silentnight Group Limited and where you have consented, other companies within our Group and to assist us in the improvement and optimisation of advertising, marketing material and content, our services and the websites;
- to measure, understand or monitor the effectiveness of advertising, promotions, marketing material and content and any joint initiatives with our affiliates, suppliers, partners, subcontractors and other selected third parties;
- to build an anonymous profile of you, your preferences and your habits, so we can provide you with advertisements and content that is more relevant to your interests;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you where permitted; and/or
- to make suggestions and recommendations to you and other users of our websites or services about products or services that may interest you or them.
- Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Using your information in accordance with Data Protection Law
- Compliance with legal obligations: As an entity established under the laws of England and Wales, Silentnight Group Limited is obliged to comply with UK laws and guidance provided by UK regulatory bodies. In particular, we will need to process your personal information to verify your identity, establish your age and to verify your source of funds for anti-money laundering and fraud purposes.
- Necessary for the entry into / performance of a contract: When you enter into a transaction with us, a contract between you and us will have been entered into. In order for us to fulfil our obligations under such contract (e.g. to allow you to purchase products from us), we will need to collect and process your personal information. Failure to provide the requisite personal information on sign-up and financial information on entering into the transaction or objecting to this type of processing / exercising your deletion rights will unfortunately mean we cannot provide our goods / services to you.
- Consent: We may send you marketing messages by email about us and our products and offers where you have not unsubscribed and where you have purchased similar products from us. We provide easy ways to stop our marketing, and you can opt out at any time.
If you are not a customer of ours but have provided us with consent to use your details for marketing purposes, then we may also contact you about our products.
In each of the situations above, you have the right to withdraw your consent at any time and can object to processing of this nature.
We have a legitimate interest in processing your information as:
- you benefit from the provision of products and services;
- we have a legitimate interest in recording calls to monitor staff performance, train staff, and improve our processes;
- we will both benefit from the ability to enforce or apply rights under any contract between us;
- we are required to ensure health and safety of our showrooms and have a legitimate interest in ensuring any processes are effective;
- we have a legitimate interest in ensuring the security of our showrooms, and in assisting with the prevention and detection of crime;
- we both benefit from the processing of your job application with us;
- we both benefit from the provision of services and products where you are a supplier to us;
- we would be unable to provide our products and services without processing your information.
Impact of processing
We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as the processing of your personal data does not unreasonably intrude on your privacy.
How long we keep your information for
When your data is no longer required for the purposes listed above, we will delete it within the periods set out below:
- Marketing consents will be refreshed after 12 months;
- CCTV will typically be deleted after 90 days;
- Cookies are refreshed in accordance with our cookies policy
- Call recordings will typically be deleted after 1 year;
- Unsuccessful job applications will typically be deleted after 6 months
Any other information will typically be deleted within 7 years from date of our last positive interaction with you to enable us to deal with any issues or concerns you may have about how we processed your order or otherwise, and also to allow us to bring or defend legal proceedings. This data is archived where you are inactive for a period of 12 months. In some circumstances, some of your data will be deleted in much shorter timescales, where possible (e.g. copies of marketing emails and other communications).
We want to keep you informed about all our products, promotions and news, and where you have indicated you are happy to receive marketing email we will keep in touch with the latest news.
If you have previously purchased products from us and have not opted out from receiving marketing correspondence, we will contact you by email with information about products and services similar to those which you have already purchased from us.
If you have not made a purchase from us, and where we permit selected third parties to use your data, we (or they) will contact you with marketing if you have consented to this.
We may also send updates and marketing from our selected third parties about their products, promotions and news to you on their behalf where you have consented to this.
If you prefer not to continue to receive promotional or marketing information from us or from selected third parties, please use the unsubscribe function in the information we send you or alternatively write to our Data Protection Officer using the details below.
The Data Protection Officer
Silentnight Group Limited
Long Ing Business Park
Long Ing Lane
We may disclose your personal data to any member of our group (being our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006) We will only share your personal information with other members of our group for marketing purposes where you have expressly opted-in/consented to the disclosure of your personal data for these purposes.
Third-party service providers may, without limitation, be appointed by us to provide us with technical support, to process your transactions and to maintain your accounts or to run promotions or marketing campaigns, and we will disclose your personal data to them to enable them to provide these services, as further detailed below. In addition, credit card details are sent directly to our secure payment processors Barclaycard and PayPal who process payments on our behalf.
We will disclose your information to:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; e.g. service providers who operate elements of our website service and process personal data on our behalf. These may include businesses who provide technology services such as hosting for our servers and email distribution, and business partners who provide delivery fulfilment services. We may also disclose your personal data to our supply and delivery partners for the purpose of processing and fulfilling your order. Where such disclosures are made, this will be under contractual arrangements with us and carried out in accordance with the requirements of the Act.
- third party suppliers and service providers to the extent they assist our group with its legal / regulatory obligations e.g. providers of services in respect of anti-money laundering, fraud, verification etc.;
- selected third parties so that they can contact you with details of the services that they provide, where you have expressly opted-in/consented to the disclosure of your personal data for these purposes;
- analytics and search engine providers that assist us in the improvement and optimisation of our websites and other selected third parties; and
- law enforcement agencies, or other appropriate third parties, where we consider your behaviour to be unlawful, offensive, inappropriate or objectionable in one of our stores or on our websites.
We will disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- in the event of any insolvency situation (e.g. the administration or liquidation) of Silentnight Group Limited or any of its group;
- if Silentnight Group Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- to protect the rights, property or safety of us, our staff, our customers, or others. This includes exchanging information with other companies and organisations (including without limitation, other third parties, your employer, educational institution, email or internet provider, your parents (if you are under the age of 18) and law enforcement agencies) for the purposes of staff and customer safety (whether this is in-store or online), crime prevention, fraud protection and credit risk reduction; and
In assessing your request for products or services, we may use your personal data for the purposes of the prevention and detection of fraud. One of the purposes for which we may disclose your address and postcode details is to check against the IMRG Security Alert or any other Fraud Prevention Scheme. At all times where we disclose your personal data it will remain secure.
Where we store your personal data
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Protecting Your Information
Our websites use up-to-date industry procedures to protect your personal information. We also protect the security of your data during transmission using Secure Sockets Layer (SSL) encryption software. We may vary this in the future if we feel you will benefit from greater security whilst using our websites.
We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you via our websites. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Third Party Services
We may from time to time make available through our websites certain services provided by third parties. To gain access to these services, you must register with these third parties and deal with them direct. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
You have a number of rights under data protection law in relation to the way we process your personal data, although these are not absolute and in some instances we may be unable to accept your request, in which case we will respond to you to explain why. These are set out below. You may contact us using the details on our websites (or by contacting us directly – details below) to exercise any of these rights, and we will respond to any request received from you within one month from the date of the request.
Our Data Protection Officer is:
The Data Protection Officer
Silentnight Group Limited
Long Ing Business Park
Long Ing Lane
Please address any questions, comments and requests regarding our data processing practices to us in this way in the first instance.
1. You have the right to request access to your personal data
You have the right to request confirmation that your personal data is being processed, access to your personal data (through us providing a copy) and other information about how we process your personal data.
2. You have the right to ask us to rectify your personal data
You have the right to request that we rectify your personal data if it is not accurate or not complete.
3. You have the right to ask us to erase your personal data
You have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data. This right would apply if we no longer need to use your personal data to provide products or services to you, where you withdraw your consent for us to market to you, or where you object to the way we process your personal data (see right 6 below).
4. You have the right to ask us to restrict or block the processing of your personal data
You have the right to ask us to restrict or block the processing of your personal data that we hold about you. This right applies where you believe the personal data is not accurate, you would rather we block the processing of your personal data rather than erase your personal data, where we don need to use your personal data for the purpose we collected it for but you may require it to establish, exercise or defend legal claims.
5. You have the right to port your personal data
You have the right to obtain and reuse your personal data from us to reuse for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you.
6. You have the right to object to our processing of your personal data
You have the right to object to our processing of your personal data on the basis of our legitimate business interests, unless we are able to demonstrate that, on balance, our legitimate interests override your rights or we need to continue processing your personal data for the establishment, exercise or defence of legal claims.
7. You have the right not to be subject to automated decisions
You have the right to object to any automated decision making, including profiling, where the decision has a legal or significant impact on you.
8. You have the right to withdraw your consent
You have the right to withdraw your consent where we are relying on it to use your personal data.
If you have any concerns regarding our processing of your personal data, or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office. Their address is:
First Contact Team
Information Commissioner's Office
Updating Your Information
If you believe your details are incorrect you can amend your details by contacting us at firstname.lastname@example.org or Silentnight Group Limited. Long Ing Business Park, Long Ing Lane, Barnoldswick, Lancashire BB18 6BJ.
This policy was last reviewed and updated: June 2018
Please remember to include your name, address and postcode along with any correspondence reference you may have.