Privacy policy

Last updated: 1 January 2025

My Sleep Club ("we", "us") is a UK online shop. We take the privacy of your personal information seriously. This policy explains what we collect, why we collect it, how we use it and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who is the data controller?

My Sleep Club is the data controller for the personal information collected through this website. You can contact our data protection lead at rkk2026@tutamail.com.

What we collect

  • Account & contact details — name, email, phone, delivery address.
  • Order & payment information — products ordered, prices, delivery preferences. Payment is made by UK bank transfer or cryptocurrency — we never collect or store card numbers.
  • Technical data — IP address, browser, device, pages visited, referrer. Used to operate the website and prevent fraud.

Why we use it

  • To process and deliver your orders and handle refunds.
  • To answer your questions and provide customer care.
  • To keep records required by law, including for tax and accounting.
  • To improve our service and, where you have consented, send you marketing emails.

Legal bases (UK GDPR)

We process personal data on the following bases:

  • Contract — to provide the service you have asked for.
  • Legal obligation — record-keeping required by law, including tax and accounting.
  • Consent — for marketing communications and non-essential cookies.
  • Legitimate interests — to keep the website secure and to improve it.

How long we keep your information

We keep order and transaction records for the period required by law, currently 6 years for tax and accounting purposes. Account information is kept while your account is open and for 6 years afterwards. Marketing preferences are held until you unsubscribe.

Who we share it with

  • Our delivery and fulfilment partners.
  • Service providers (Resend for email, hosting partners and our delivery courier) under written data-processing agreements.
  • Regulators, the police or the courts where the law requires it.

We never sell your information.

International transfers

Where our service providers process data outside the UK, we rely on UK adequacy decisions or the International Data Transfer Addendum to the EU Standard Contractual Clauses.

Your rights

You have the right to:

  • Access a copy of your personal data.
  • Ask us to correct inaccurate data.
  • Ask us to delete data we no longer need (this does not apply to records we are legally required to keep).
  • Object to processing or ask us to restrict it.
  • Withdraw marketing consent at any time.
  • Complain to the Information Commissioner's Office.

To exercise any of these rights, email rkk2026@tutamail.com.

Cookies

We use a small number of essential and analytics cookies. See our Cookies policy for details.

Changes to this policy

We may update this policy from time to time. When we make material changes we will email registered customers and update the "last updated" date above.