Privacy Policy

1. Information We Collect

1.1 Personal Information

We collect information you provide directly to us, including:

• Identity Information: Name, email address, phone number, date of birth
• Contact Information: Billing and shipping addresses
• Payment Information: Credit card details, billing information (processed securely through Shopify)
• Account Information: Username, password, preferences
• Communication Records: Customer service interactions, feedback, reviews

1.2 Automatically Collected Information

• Device Information: IP address, browser type, device identifiers
• Usage Data: Pages visited, time spent, click patterns, referral sources
• Location Data: General geographic location (country/region level)
• Cookies and Tracking: Session cookies, analytics cookies, marketing cookies (with consent)

1.3 Shopify Data Integration

As a Shopify-powered store, we also collect data through Shopify's platform:

• Order history and purchase behavior
• Cart abandonment data
• Product interaction analytics
• Customer segmentation data

2. How We Use Your Information

2.1 Primary Purposes

• Order Processing: Process payments, fulfill orders, arrange shipping
• Customer Service: Respond to inquiries, provide support, handle returns
• Account Management: Maintain your account, process preferences
• Legal Compliance: Meet regulatory requirements, prevent fraud

2.2 Marketing and Analytics (With Consent)

• Personalized Marketing: Send relevant product recommendations and offers
• Analytics: Understand website usage, improve user experience
• Advertising: Display targeted advertisements (with consent)
• Research: Analyze trends, develop new products

2.3 Legal Basis for Processing (UK GDPR)

• Contract Performance: Processing necessary to fulfill your orders
• Legitimate Interest: Fraud prevention, website security, analytics
• Consent: Marketing communications, non-essential cookies
• Legal Obligation: Tax compliance, regulatory reporting

3. Information Sharing and Disclosure

3.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business:

• Shopify: E-commerce platform, payment processing, order fulfillment
• Shipping Partners: Delivery services (DHL, FedEx, Australia Post)
• Analytics Providers: Google Analytics, Shopify Analytics (with consent)
• Marketing Tools: Email marketing platforms, advertising networks (with consent)

3.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our terms of service

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, customer information may be transferred as part of the business assets, subject to the same privacy protections.

4. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including:

• United States: Shopify's primary servers and service providers
• Canada: Shopify's backup and processing facilities
• European Union: Analytics and marketing service providers

We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) and adequacy decisions under applicable privacy laws.

5. Your Rights and Choices

5.1 General Rights

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests

5.2 Marketing Communications

You can opt out of marketing communications at any time by:

• Clicking "unsubscribe" in any marketing email
• Updating your preferences in your account settings
• Contacting us directly at privacy@winkysleep.com

5.3 Cookie Preferences

You can manage your cookie preferences through our cookie consent banner or by:

• Adjusting your browser settings
• Using our cookie preference center
• Contacting us for assistance

6. Data Security

We implement comprehensive security measures to protect your personal information:

• Encryption: Data encrypted in transit and at rest
• Access Controls: Limited access to authorized personnel only
• Regular Audits: Security assessments and vulnerability testing
• Incident Response: Procedures for handling security breaches
• Staff Training: Regular privacy and security training

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to improve our safeguards.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

• Account Information: Until account closure or 3 years of inactivity
• Order Data: 7 years for tax and legal compliance
• Marketing Data: Until consent is withdrawn or 3 years of inactivity
• Analytics Data: Aggregated and anonymized after 26 months

We may retain certain information longer if required by law or for legitimate business purposes.

8. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

10. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

11. Regulatory Information