We are eve Sleep Plc (company number 09261636) registered in England with our registered office at 29A Kentish Road, London, NW1 8NL. (and we refer to ourselves as “eve”, “we” or “us” or “our” in this document).
We will only use the information that we collect about you lawfully (in accordance with the Act and other applicable data protection laws in the UK). We are registered with the Information Commissioner’s Office (registration number 07481600397).
This privacy notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter, purchase a product or service or take part in a competition.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Eve sleep plc is the controller and responsible for your personal data (collectively referred to as "we", "us" or "our" in this privacy notice.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us on [email protected]].
When you register on www.evemattress.co.uk (the “Site”) or you buy anything from us we will ask for some or all of the following information: your name, email address, phone number and full and shipping and billing addresses, including postcode. We also have a record of your password and IP address.
If you buy from us, you will also be asked to provide payment information; this is to be collected by a third party payment gateway and we do not see this. Please see the section on “Payment Information”, below, for more information on payment data.
We may also ask you sometimes to provide your age and possibly certain other personal details such as gender or where you heard about us.
As you use the Site, we collect data about your activity on the Site. This includes things like:
We may receive information about you from third party sources, such as data aggregators and from third parties to whom you have given permission to share your information or from whom you have given us permission to request your information. For instance, by registering for the Site using Facebook or another social network, you grant permission to that network to share your details. Depending on the network rules and your settings on it, this may include data such as your date of birth, your marital status, the number of people in your household and other information.
Sensitive personal data is defined by the Data Protection Act and includes details such as information related to your health, sexual orientation, religion, race or ethnic origin. For the most part, we will not need any Sensitive Personal Data in order to provide our services and we will not request it.
We use the personal data we collect to provide the Site, the goods on the Site and services related to them, to customise and improve your experience with eve, to make your experience as enjoyable and efficient as possible and for commercial purposes.
Certain information is required in order for the Site to operate.
Here are some specific examples of information used:
We want your shopping experience with us to be as enjoyable as possible. We will collect the data about your shopping activities and preferences to customise your account (in addition to how you customise it yourself) and to enable us to provide an efficient and user-friendly service. We will also use it to improve the quality of the Site.
Here are some specific examples of how we use your data:
We may earn revenues (which allows us to keep the Site online and our prices for our goods low!) through sources including advertising sales, including online behavioural advertising, including personalised retargeting advertising, and through the sale of business intelligence data.
Here is how your information is used for this:
For more information on data sharing, please see the “Data Sharing” section.
We collect and may display or use for the purposes of marketing and advertising the Site, our goods, our services or ourselves, any testimonials or reviews you provide us with about the Site, our products or our services or ourselves – and we may append to the testimonial or review your first name (but not your surname) and general geographic location (e.g. City or locale).
We use your email address to communicate with you. We will send you both transactional and service message emails so we can communicate with you about Site updates or your activity on the Site. For instance, we may send you emails:
Your acceptance of the eve Terms and Conditions means that you are giving us consent to send you these emails. These emails are not marketing emails and we do not require you to explicitly opt in to receive them.
As noted above, we may use your email address to send you direct marketing communications. However, unless you explicitly opt into receiving these marketing emails, you will not receive any from us or any of our partners. You are entitled to opt out of marketing emails we may send you at any time by clicking on the "unsubscribe" link in the email footer. Please note, even if you do opt out, we may still send you non-marketing emails – non-marketing emails include emails about your Account with us (if you have one) and our business dealings with you.
Aggregate information is data we collect about a group or category of products, services or users, from which individual user identities have been removed and from which it is not possible to work out individual customer identities. In other words, information about how you use a service may be collected and combined with information about how others use the same service, but all such information will be anonymised and no identifying information will be included in the resulting data.
Aggregate data helps us to understand trends and customer needs so that new products and services can be considered and so that existing products and services can be tailored to customer desires. We use and disclose anonymised aggregate information to provide other products and services, as well for the purposes of evaluating and improving our existing products and services. We may also sell such aggregate information through business channels.
This aggregation may include grouping customer profiles by shared characteristics such as demographic, geographic, psychographic and behavioural characteristics to better improve our ability to offer relevant products and services to you based on your demographic, geographic, psychographic and behavioural characteristics.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact [email protected] if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Anyone wishing to complete a purchase via payment card on the Site must provide the information for that payment card (eg, debit or credit card). We receive secure payment card acceptance and vaulting services from third party payment processers. We neither receive nor store any payment card details ourselves. Your payment details are received only by the third-party payment processor and are not shared with any third parties. The third-party payment processers will store your payment card details for use by you in future transactions.
Currently, eve receives payment card acceptance and vaulting services from AIB. For more information, please see AIB’s privacy policies.
All of the information we collect about you is stored on our secure servers and will be held securely in accordance with our internal security policy and the law. For example, we use secure encryption to hold passwords (e.g. the password allocated as part of the registration process – which may later be changed).
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Your acceptance of the eve Terms and Conditions (in accordance with the provisions thereof) means that you are giving us consent to share your personal data with our carefully selected third party partners. However, you can easily opt out of this sharing of your personal data by emailing [email protected] Even if you opt out, we will still share your personal data as needed to operate the Site or as is needed for corporate or statutory purposes.
For more information on how we might share your personal data and with whom, please see below:
We may share your personal data with third parties where you have provided your consent to do so.
We may share your personal data with our third party service providers who provide services such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your personal data.
We may share your personal data with other third parties with whom we have a third-party partnership. However, if we do so, we will always list here who they are, what information they have and what they do with it.
If you would like to learn more about behavioural advertising, please visit (http://www.youronlinechoices.com/uk/).
If you wish to manage your other online behavioural advertising choices, you may do so athttp://www.youronlinechoices.com/uk/your-ad-choices
We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
You may contact us anytime to opt-out of: (a) direct marketing communications; (b) automated decision making and/or profiling; (c) our collection of sensitive data (if applicable); (d) any new processing or your personal data we carry out beyond the original purpose; or (e) the transfer of your personal data outside the EEA.
Please note that if you do opt out, some parts of the Site may become ineffective.
You may access the information we hold about you at any time by contacting us directly at [email protected] or via your Account on the Site (if applicable).
You can also contact us to update or correct any inaccuracies in your personal data.
Your personal data is portable – i.e. you to have the flexibility to move your personal data to other service providers as you wish.
In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your personal data.
If you wish to exercise any of these rights, please contact us at:
Data Protection Request
Eve Sleep Plc
29A Kentish Road
In your request, please make clear:
For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request.
We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by [email protected]
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.