We are pleased about your use of our website. The protection of your personal data is important to us and we want you to feel safe when using our website.
1. Information concerning the collection of personal data
a. The following shall inform you about the collection, processing and utilization of personal data on our website. Personal data means all data relating to a living individual who can be identified.
b. Controller as per the APP entity as per the Privacy Act No. 1988 (as amended) (the “Privacy Act”) is: Emma Sleep Pty. Ltd.
Level 11, 307 Queen Street,
Brisbane Queensland 4000,
You can reach our data security officer through the following details: entplexit GmbH
Kölner Straße 12
65760 Eschborn [email protected]
c. If we use contracted service providers for individual functions to present our services to you or to your data for advertising purposes, we will inform you in detail about the respective processes below.
2. Your rights as a data subject
a. You have the following rights against us with respect to the personal data concerning you:
Right of access by the data subject (Australia Privacy Principle 12.1):
You have the right to request information on the data we hold about you from us at any time subject to the following exceptions under Australia Privacy Principle 12.1:
- we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
- giving access would have an unreasonable impact on the privacy of other individuals; or
- the request for access is frivolous or vexatious; or
- the information relates to existing or anticipated legal proceedings between you and us, and would not be accessible by the process of discovery in those proceedings; or
- giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations; or
- giving access would be unlawful; or
- denying access is required or authorised by or under an Australian law or a court/tribunal order; or we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in; or
- giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision making process.
We reserve the right to charge you a reasonable fee for these copies according to Australia Privacy Principle 12.8.
Right to rectification (Australia Privacy Principle 13.1):
You have the right to request that we rectify inaccurate data relating to you. You may also request us to inform the other APP entities to whom we previously disclosed the erroneous personal data about the correction. We will take appropriate steps unless it is impracticable or unlawful to do so.
Right to object to direct marketing (Australia Privacy Principle 7.2):
You have the right to object to the processing of your data for direct marketing purposes.
b. Where possible, we will allow you to interact with us anonymously or using a pseudonym. However, for most of our functions and activities we usually need your name and contact information and enough information about the particular matter to enable us to fairly and efficiently handle your inquiry, request, complaint or application, or to act on your report.
c. If you have the feeling that we have not responded in an appropriate manner to your requests, or complaints, or you have further concerns, you additionally have the right to complain to a data protection authority. The responsible authority for us is the Office of the Australian Information Commissioner.
c. You can send your inquiries regarding your rights as a data subject to us by sending a data subject request to [email protected]
3. Collection of personal data when you visit our website
When visiting our website, (i.e. without registering or agreeing to our further processing or utilization of the data) only the personal data, which your browser transmits to our server is automatically saved. In order to fulfil these technical requirements for you to view our website and provide for the necessary security, the following data is saved:
- IP Address,
- Date and time of your visit,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the query (specific site visited),
- Access status/HTTP status code,
- Amount of transferred data,
- Website from which the initial request emanates,
- Operating system, device, and its user interface
- Language and version of browser software.
The personal data mentioned above gets processed for the following purposes: To ensure a smooth connection of the website To guarantee a comfortable use of our website To evaluate system security and stability as well as for other administrative purposes.
These information are temporarily stored in so-called log files. When you visit this website, this information is automatically recorded without your intervention and stored until it is automatically deleted. If you don’t want the above personal data to be collected, you should not access our website as we will be unable to allow you access to our website without such personal data.
4. Use of our webshop: orders and product returns
If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order and fulfill the contract of sale with you. The essential data for the conclusion of the contract is marked, further data is given on a voluntary basis. We use the personal data provided by you to process your order and returns. For charging purposes, we can pass on your payment data to our house bank or to the selected payment service provider. To manage the delivery of the goods to you, and due to the nature of the transaction, we will need to share your delivery address and contact details (email and phone number) with delivery companies. Only strictly necessary data will be shared for the purpose of coordination of delivery, protection against fraud and clarification of urgent issues. The legal basis for this is that this processing is objectively necessary for the performance of the contract of sale with you (Article 6 (1) (b) GDPR). This means that the sale of goods cannot, as a matter of fact, be fully performed if this specific processing of the personal data in question does not occur. Please note that failure to provide the mandatory personal data can lead to that that your order with us cannot be carried out.
If you want to do a product return, we will also need to share your personal data (delivery address and contact details) to the assigned non-governmental/charitable organization or delivery company for the pick-up and collection of the product. The legal basis is that the processing is necessary for the performance of a contract to which the data subject is party (Article 6 (1) (b) GDPR) and our legitimate interest in managing product returns.
5. Recipients of personal data
a. Within the scope of our activities and services, it may become necessary for us to disclose the personal data stored about you to natural persons, legal entities or public authorities. We conclude contracts with our service providers, which ensure that they may only process your personal data in a way that we have explicitly instructed them to do so. Furthermore, we ensure that they take the necessary technical and organizational measures to process your data securely and store your personal data only as long as necessary. External service providers who may receive personal data generally fall into the following categories of recipients: Subsidiaries and affiliates Credit institutions and providers of payment services for billing and payment processing (online payment providers) Parcel Shipper Non-Governmental/Charitable Organization that collects product returns IT service provider to maintain our IT infrastructure Cloud provider Service provider for the optimization of the online offer Collection service providers or lawyers to collect receivables and enforce claims in court. If, in the event of a collection case, personal data (customer and contact data, payment and consumption data and data on the claim) is transferred to a collection service provider, we will inform you in advance about the intended transfer.
b. If personal data is processed in countries outside of Australia, we will ensure that your personal data is processed in accordance with Australia’s data protection level. In the absence of an adequacy decision, we only transfer data to service providers from third countries that offer suitable guarantees in accordance with the Privacy Act.
6. Communications and contact form
When you contact us such as through e-mail or via the contact form, the information you provide will be processed for the purpose of processing your request and for the event that follow-up questions arise. If you are contacting us in relation to your purchase, the purpose of the processing of your personal data is that it is needed to fulfill our contract of sale with you and for customer service. The personal data collected by us in this context will be deleted when the request associated with the contact has been completely clarified and it is also not to be expected that the specific contact will become relevant again in the future, unless legal storage obligations stand against this.
7. Newsletters and electronic notifications
a. We send newsletters, e-mails and other electronic notifications containing promotional information. Our newsletters contain information about our products, offers, promotions and our company. With the following notes we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right of objection.
For the subscription to our newsletter we use a logged Double-Opt-in procedure. This means that after subscription you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. Newsletter subscriptions are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored by the service provider are also logged. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
To subscribe to the newsletter, it is sufficient to enter your e-mail address. The provision of further data is voluntary and is used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The newsletter dispatch and the measurement of performance are based on your consent if you subscribed.
b. If you receive a newsletter, notification, and/or marketing without subscribing, we are doing so on the basis of exceptions provided under the Privacy Law such as APP 7.2 and APP 7.3. For example, if you have an existing user account with us we may use your data to suggest products or offers based on the profile you create based on your purchase history, the products you view when you browse our platforms, or the products you leave in your cart when you do not finish the purchase process. These suggestions can come to you through push notifications, banners, or even to your email using the abandoned cart feature.
c. To stop receiving the newsletter, you may withdraw your consent to or object to receiving the same at any time by clicking on the unsubscribe link provided in every newsletter e-mail or by completing the DSR Request Form at the bottom left of this page.
8. Data retention
We keep your personal data for the period of the customer relationship with you or for the legally-required period after termination of such relationship or agreement in order to defend our legal claims, to protect and enforce our rights, or to comply with laws and regulations. In general, the legal retention period for documents important for taxation (such as accounting receipts) is ten (10) years while other documents that can be considered as commercial or business transaction documents is six (6) years.
9. Social-Media portals
a. We are represented in the social networks and employer evaluation portals mentioned below. These presences are operated exclusively by the respective provider. They serve to communicate directly with customers, interested parties and users. If you contact us via our social media channels, we process the personal data that you provide us with as well as the personal data that is necessary to process your request. Insofar as you have given your consent to the operators of the respective social media platforms (e.g. by means of a checkbox opt-in), the processing is carried out on the basis of your consent. You can revoke your consent at any time with the operator of the respective platform with effect for the future.
b. When you visit our social media pages, your user data is recorded and provided to us by the operator. The exact types of data differ from provider to provider, but generally include the following information: Follower: number and stored profiles; information about growth and development over a defined time frame. Reach: number of people who see a specific contribution; number of interactions with a contribution. From this, it can be deduced, for example, which content is better received by the community than others. Ad performance: how many people were reached by a contribution or a paid ad and have interacted with it? Demographics: average age of visitors, sex, location, language.
c. Since our social media channels are operated by the providers of the respective social network, there may be a supplementary use of your personal data by the respective operator, over which we have no influence. This often involves the recording of your IP address, the creation of static evaluations and the processing of further information stored in the form of cookies. We have no influence on the generation and presentation of this personal data and can neither turn off this function nor prevent the processing of the personal data.
d. The assertion of data subject rights and requests can most effectively be addressed directly to the platform providers, since only they have access to your personal data and can take immediate action and provide information. Should our cooperation be necessary for this, we will support you in enforcing your rights as a data subject.
10. Social-Media plug-ins
We have integrated plug-ins on our web services. These plug-ins are indicated by the respective button belonging to the service. With the help of the plug-ins, users can share or post links to the corresponding websites in social networks such as Facebook or Twitter or recommend the contents there. Through your active interaction with these plugins, (e.g., by clicking the respective button or leaving a comment) this information is transmitted directly to the respective service and stored there.
When you visit one of our web services that contain an activated plugin, your browser establishes a connection with the servers of the respective service, which in turn transmits the content of the plugin to your browser, which then integrates it into the displayed page. Thus, the information about the visit of our web services is forwarded to the respective service. We do not collect personal data ourselves by means of the social plugins or about their use and have no influence on which data an activated plugin collects and how these are used by the provider. It must be assumed that at least the IP address and device-related information is collected and used. It is also possible that the service provider will attempt to store cookies on the computer used. If you are logged in to the respective service at the same time as visiting our web services via your personal user account (e.g. via another browser session), the service provider can assign the visit to our web services to your account.
11. Facebook Insights - "Facebook Fanpages"
Upon a visit of our Facebook page collects Facebook among others your IP address as well as other information, which is saved on your device in form of cookies. This information will be used to provide us as the operator of the Facebook page with statistical information on Facebook usage. We can access these statistics through so-called Facebook “insights”. These statistics are collected and provided solely by Facebook. We as the operator of the page have no influence over their generation and presentation. We cannot either stop or prevent their generation and data processing. You can find further information about “Insights” provided by Facebook here: https://www.facebook.com/help/pages/insights. Following information will be provided to us by Facebook through “Insights”: Number of page views, “likes”, page activities, reach, impressions, video views, post clicks and reactions, post reach, comments, shared content, answers, gender ratio, regional distribution of the users (origin based on country and city), language, opens and clicks in the shop, clicks on the address and on the telephone number. The operation of this Facebook page and processing of personal data of the users arising out of it is for the purpose of our legitimate interest to inform and interact with users and visitors of our Facebook page.
b. This website uses the following types of cookies: Transient Cookies - Transient cookies are automatically deleted when you close your browser. These are mostly session cookies, which save a so-called “session-ID”, which allows for the assigning of different queries within your browser during a particular session. This can be used to identify your device when one repeatedly visits a website during a session. These cookies are deleted once you log out or the browser window is closed. Persistent Cookies - Persistent cookies enable the website to remember your information and settings on your next visit. This gives you faster and more convenient access to the website, as you do not have to change your language settings again, for example. How long the cookie remains on your device depends on the duration or expiration date of the respective cookie and your browser settings. These cookies are automatically deleted after a set period of time which can differ from cookie to cookie. Persistent cookies can be deleted via the security settings in your browser at any time.
c. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. This may result in a functional limitation of our offers and our website.
d. Cookies used in the website may include the following: