General Data Protection Regulation
At Mattress Online, we welcome the General Data Protection Regulation (GDPR). It's a transparent way for us to explain what personal data we need and how we use it.
Here, we explain how your personal data is controlled and processed. We also explain how to exercise your rights.
Your order and payment
We need some personal information so that you can shop with us.
Data we need to fulfill your order | Why we need it |
---|---|
Title, first name, last name and phone number | To contact you if we need to discuss your order or delivery. |
Title, first name and last name of the person receiving the delivery | To know who will receive the item(s) at the delivery address. |
Delivery address | To deliver your item(s) to the right place. |
Payment information | We pass this to our payment provider who processes payments. We do not store your payment details. |
Email address | To email your order confirmation and order status updates. |
Invoice address | To match against the registered card holder's address and ensure that your card isn't being used fraudulently. |
IP address | We pass this to our fraud screening provider to help prevent any fraudulent transactions. |
We use trusted payment providers to validate and process your payment. We also take precautions to prevent fraud.
Your payment method | Data we use |
---|---|
Credit or debit card | We pass your data to our payment provider, SagePay, to validate and process your payment. We also share your data with Mastercard Payment Gateway Services for fraud screening. |
PayPal | PayPal shares your name and address with us so we can complete your order. |
Klarna interest-free finance | We pass your data on to our interest-free finance provider - Klarna. Klarna requires information including your mobile phone number, email address and payment details. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna's privacy policy. |
Your delivery
In order to deliver your item(s), we share your details with one of our trusted courier partners: either Panther or UKMail. The courier we use depends on which items you purchase and your delivery location.
If your purchase is 'direct from supplier', our suppliers arrange your delivery with their selected courier.
Data we need for your delivery | Why we need it |
---|---|
Title, first name and last name of the person receiving the delivery | To know who will receive the item(s) at the delivery address. |
Delivery address | To deliver your item(s) to the right place. |
Phone number | To send you text message updates about your delivery and call you if there are any issues. |
Reviewing your product and our services
Your reviews help us know what we're doing right - and how we can improve. They also help other customers choose the right product and learn more about who we are.
You'll receive one email from each of our trusted, independent reviewing partners. Reevoo will invite you to review your product and Trustpilot will invite you to review our services.
So you can review your product and our services, we use the following data:
Your data | How we use it |
---|---|
Email address | So Trustpilot and Reevoo can email you invitations to review your product and our services. |
First name | So you can be greeted personally. |
Order and product ID | So you can review the correct product. |
Purchase and delivery dates | To give you time to use your product before reviewing it. |
Your email preferences
We use Mailchimp to send you emails about our special offers and discounts. We also offer the best sleep tips and product advice to help you get the most out of your new purchase.
Every email you receive has a clear unsubscribe link so you can opt-out of receiving further emails at any time.
If you opt-in to receive emails, we use the following data:
Your data | How we use it |
---|---|
First name | To greet you personally when we email you. |
Email address | To send you information by email. |
If you opt-in to receive our promotional emails, in addition to the above we also use the following data:
Your data | How we use it |
---|---|
Purchase date | So we don't send you emails too frequently. |
Purchase product type | To offer you the most relevant promotional information. |
Your IP address
Whenever you connect to our website, your web browser makes a web request to our servers. This web request includes your IP address which is considered personal data.
There is no simple way to prevent your IP address being sent over the internet. This is true for any website. We do, however, treat your IP address with great care.
Below, we explain how we use your IP address:
How we use your IP address | Why we need it |
---|---|
Web server logs | Our web servers automatically log all web requests. The only personal information this includes is your IP address. We need this so we can monitor the behaviour of all web requests. This helps us protect the security of our servers. |
Fraud prevention | At the point of purchase, we pass your IP address to Mastercard Payment Gateway Services to help prevent fraudulent transactions. |
Web hosting provider | Our web hosting provider uses your IP address to prevent any Distributed Denial of Service (DDoS) attack and enable rate limiting of web requests. This ensures the availability of our web servers. |
Analytics (including Google Analytics) | We use third-party cookies to capture data for analytics purposes. However, your IP is anonymised to ensure that your personal data is removed from any analytical data stored. |
How we store your data
We use systems to protect, simplify and improve the management of your data.
System | How we use it |
---|---|
Web hosting provider | We use CloudFlare and Rackspace to serve web traffic to you. We store your order information within Rackspace. We do not store your payment information. |
Customer Relationship Management | We use Google's G Suite and Sirportly to store any correspondence and additional supporting information to fulfill your order. |
Telephone communications | We record telephone calls with Daisy Communications to ensure we have the most accurate information in the event of an issue. We route all incoming phone calls via Infinity Tracking Ltd and Daisy Communications so we can ensure we remain efficient when dealing with telephone enquiries. |
Cloud storage | We use cloud storage to securely store a record of your order and delivery details. We store your name, delivery address, telephone number and email address. We only keep the details required to process your order. |
View, change or remove your data
To view, remove or change your consent around your data, please email: gdpr@mattressonline.co.uk
You have the right to request this at any time. We will respond to all requests within 28 days of submission - this service will be provided completely free of charge.