Privacy Policy

Last Updated: January 2025

Introduction

At Sleepsters, operated by Business Growth Architects s.r.o. ("Company," "we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://sleepsters.com and make purchases from our store.

We are based in the Czech Republic (European Union) and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws, including the California Consumer Privacy Act (CCPA) for our California customers.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or make purchases.

Data Controller

For the purposes of GDPR, the data controller is:

Business Growth Architects s.r.o.
Trading as: Sleepsters
Address: Pekařská 426/48, Staré Brno, 602 00 Brno, Czech Republic
Email: contact@sleepsters.com

Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when you:

• Place an order (name, email, shipping address, billing address, phone number)
• Create an account (email address, password)
• Subscribe to our newsletter (email address)
• Contact our customer support (name, email, message content)
• Leave a product review (name, email, review content)
• Participate in promotions or surveys

Payment Information

When you make a purchase, your payment information (credit card number, billing address) is collected and processed directly by our payment processors (Shopify Payments, PayPal, Stripe). We do not store your complete credit card information on our servers. Our payment processors are PCI-DSS compliant.

Automatically Collected Information

When you visit our website, we automatically collect certain information, including:

• Device information (browser type, operating system, device type)
• IP address and general location data (country, city)
• Pages viewed and links clicked
• Time spent on pages
• Referring website or source
• Shopping behavior (products viewed, items added to cart)

Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill your order and provide our services
• Legitimate Interest: Improving our services, preventing fraud, and conducting business analytics
• Consent: Marketing communications (which you can withdraw at any time)
• Legal Obligation: Compliance with tax, accounting, and business regulations

How We Use Your Information

We use the information we collect to:

• Process and fulfill your orders
• Send order confirmations and shipping updates
• Respond to your customer service requests
• Send marketing communications (with your consent)
• Improve our website and product offerings
• Prevent fraudulent transactions and protect against theft
• Comply with legal obligations
• Personalize your shopping experience
• Analyze website usage and trends

How We Share Your Information

We may share your information with the following categories of third parties:

Service Providers

• Shopify: Our e-commerce platform that processes transactions and stores order data (Shopify Inc., Canada/USA)
• Payment processors: To process your payments securely (Shopify Payments, PayPal, Stripe)
• Email marketing services: To send newsletters and promotional emails (e.g., Klaviyo, Mailchimp)
• Analytics providers: To understand how visitors use our site (Google Analytics)
• Customer support tools: To manage customer inquiries

Fulfillment Partners

We work with third-party fulfillment partners to ship products directly to you. We share your shipping information (name, address, phone number, email) with these partners solely for order fulfillment purposes. Our fulfillment partners are contractually obligated to protect your information and use it only for fulfilling your order.

Shipping Carriers

We share your shipping information with carriers (such as USPS, UPS, FedEx, DHL, and local postal services) to deliver your orders and provide tracking information.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government requests).

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

International Data Transfers

Business Growth Architects s.r.o. is based in the Czech Republic (European Union). However, to fulfill orders and provide our services, your personal data may be transferred to and processed in countries outside the EU/EEA, including the United States.

When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Contractual obligations with our service providers to protect your data

By using our website and providing us with your information, you acknowledge this transfer. We ensure your data is protected in accordance with this privacy policy regardless of where it is processed.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

Your Privacy Rights

For European Union Residents (GDPR Rights)

If you are located in the European Economic Area (EEA), you have the following rights under GDPR:

• Right of Access: Request a copy of your personal data we hold
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data for certain purposes
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
• Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise these rights, please contact us at contact@sleepsters.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Czech Data Protection Authority (ÚOOÚ) or your local supervisory authority.

For California Residents (CCPA Rights)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the personal data we've collected about you in the past 12 months
• Right to Delete: You can request that we delete your personal information, subject to certain exceptions
• Right to Opt-Out of Sale: You can opt out of the "sale" of your personal information. Note: We do not sell personal information in exchange for monetary compensation.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, please contact us at contact@sleepsters.com with the subject line "CCPA Request."

Categories of Personal Information Collected (CCPA Disclosure)

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, postal address, phone number, IP address
• Commercial information: Products purchased, purchase history, shopping preferences
• Internet or network activity: Browsing history on our site, interactions with our website
• Geolocation data: General location based on IP address

Data Retention

We retain your personal information for as long as necessary to fulfill your orders, provide customer support, comply with legal and accounting requirements (typically 7 years for financial records), and resolve disputes. When data is no longer needed, we securely delete or anonymize it.

You can request deletion of your data at any time by contacting us at contact@sleepsters.com.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• SSL/TLS encryption for all data transmission
• Secure payment processing through PCI-DSS compliant providers
• Limited access to personal data on a need-to-know basis
• Regular security assessments and updates

However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal information using commercially reasonable measures, we cannot guarantee its absolute security.

Children's Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@sleepsters.com, and we will promptly delete such information.

Marketing Communications

With your consent, we may send you promotional emails about new products, special offers, and sleep tips. You can opt out at any time by clicking the "unsubscribe" link in any marketing email, contacting us at contact@sleepsters.com, or updating your preferences in your account settings.

Even if you opt out of marketing emails, we will still send you transactional emails related to your orders.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites.

Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.