1
Over 250,000 customers
Safe shipping
30-day right of return
Assortment Close
Search
Somnishop CO UK logo
Login / Register

Privacy Policy (As of June 2026)

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyse how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Right to object to data collection and direct marketing in special cases (Art. 21 GDPR)

If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which the processing is based can be found in this privacy policy. If you file an objection, we will no longer process the personal data concerned unless we can prove compelling reasons for the processing, based on justifiable grounds, which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims (objection according to Art. 21 para. 1 GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is connected with such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 para. 2 GDPR).

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behaviour. This happens primarily using cookies and analytics. The analysis of your surfing behaviour is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

2. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via Email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

health.On Ventures GmbH
Im Gewerbegebiet 5
91093 Heßdorf
Germany

Telephone: +49 9135 422 97 80
E-mail: service@health-on.ventures

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, Email addresses, etc.).

Many data processing operations are only possible with your express consent. You may revoke your consent in the future with immediate effect. An informal Email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

Any data subject shall have the right of appeal to a supervisory authority, in particular in the Member State of his habitual residence, place of work or place of presumed infringement, without prejudice to any other administrative or judicial remedy, if the data subject considers that the processing of personal data concerning him is contrary to this Regulation. The lead regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. This is the: Landesamt für Datenschutzaufsicht, Promenade 27, 91522 Ansbach, Germany, Tel.: 0981/53-1300, E-mail: poststelle@lda.bayern.de.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. your credit card number), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, payment due on presentation of invoice) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.

In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

Information, rectification, limitation of the processing, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, its processing limited, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data.

You can contact us at any time at the address given in the in our legal notice. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the examination you have the right to demand the restriction of the processing of your personal data.
  • If the processing of your personal data has taken place unlawfully, you can demand the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 Para. 1 GDPR, a balance must be struck between your and our interests. As long as it is not yet clear whose interests predominate, you have the right to demand that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data may only be processed – apart from its storage – with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.

Opposition to promotional Emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as spam Email, is received.

3. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored without your consent pursuant to Section 25 paragraph 2 of the TDDDG; the associated data processing is based on Art. 6 (1) (f) GDPR. All non-essential cookies and comparable technologies (in particular for analytics and marketing purposes) are only used with your consent pursuant to Section 25 paragraph 1 of the TDDDG and Art. 6 (1) (a) GDPR.

On our website, we use the consent management tool Complianz (provider: © Complianz BV CoC 717814475 Kalmarweg 14-5 9723 JG, Groningen, The Netherlands), which allows you to select non-essential cookies and services and to revoke or adjust your consent at any time with future effect via the “Cookie Settings”. A cookie is stored to document your selection so that it can be taken into account when you visit the site again. The storage of this cookie is necessary to fulfil our obligation to provide proof; the legal basis is Art. 6 (1) (c) in conjunction with Art. 7 (1) GDPR as well as Section 25 paragraph 2 no. 2 of the TDDDG.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data will not be merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the technically error-free presentation and optimisation of his website – for this purpose the server log files must be recorded.

Hosting

We host our website with Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (“AWS”). The data is processed in a data centre in Frankfurt am Main (Germany). The legal basis is our legitimate interest in the secure and efficient provision of our website (Art. 6 (1) (f) GDPR); we have entered into an order data processing agreement with AWS pursuant to Art. 28 GDPR.

Contact form

Should you send us questions via the contact form or per Email, we will collect the data entered on the form or sent per Email, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form or sent per Email only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal Email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form or per Email until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Leaving comments on this website

Our comment function stores the IP addresses of those users who post comments., We need this information to be able to pursue legal action against illegal or slanderous content.

As a user of this site, you may also be able to subscribe to the comments. Your Email address will be checked by means of a confirmation Email. You can unsubscribe from this function at any time by clicking the link in the Emails. The data provided when you subscribed to the comments feed will then be deleted, but if you have submitted this data to us for other purposes or elsewhere (such as subscribing to a newsletter), it will be retained.

The comments and the associated data (e.g. IP address) are stored and remain on our website until the content commented upon has been completely deleted or the comments are required to be removed for legal reasons (slander, etc.).

The Comments and the associated data (e.g. IP address) are stored and remain on our website until the content that has been commented on has been completely deleted or the comments have been deleted for legal reasons (e.g. insulting comments).

The comments are stored based on your consent per Art. 6 (1) (a) GDPR. You may revoke your consent at any time with future effect. An informal E-mail requesting this is sufficient. The data processed before we receive your request may still be legally processed.

Inquiry by Email, telephone or fax

If you contact us by Email, telephone or fax, your request including all personal data (name, request) will be stored and processed by us for the purpose of processing your request.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and / or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of enquiries addressed to us.

The data sent by you to us via contact requests remains with us until you ask us to delete it, revoke your consent to the storage thereof or the purpose for the data storage no longer applies (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Collected customer data shall be deleted after completion of the order or termination of the business relationship, unless we require them in order to fulfil our legal obligations or to assert, exercise or defend our legal claims.

Customer Account

You can create a free customer account without any obligation to do so. In the process, various personal data may be collected and processed, such as your e-mail address or your first and last name. We do not pass these on to third parties. The basis for this data processing is the respective consent of the user, Art. 6 para. 1 lit. a DSGVO. 

After logging into the customer account, the data stored in the customer account can be viewed or changed by you at any time, the latter, however, not for orders already placed. If you do not actively log out of the customer account, you will remain logged into your customer account even if you leave the SomniShop website. 

Your customer account with us is password protected. You can set your own password, but you must follow our security guidelines. The data required for access to your customer account (e-mail address and password) must be treated confidentially and must not be passed on to third parties. 

You have the option of having your customer account deleted at any time. To do so, please send an e-mail to our customer service (service@somnishop.co.uk). The deletion of your data stored in the customer account does not affect those data whose storage or processing is required for the assertion, exercise or defence of legal claims or according to statutory provisions (e.g. of a commercial or fiscal nature), Art. 17 (3) e) and b) DSGVO.

Data transmitted when entering into a contract with online shops, retailers, and mail order.

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your consent or legal basis.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Transfer to third countries (in particular the USA)

We use services from providers based in or processing data in the USA. Insofar as the respective provider is certified under the EU-US Data Privacy Framework, the transfer takes place on the basis of the adequacy decision of the European Commission of 10 July 2023 (Art. 45 GDPR). Additionally, or for non-certified recipients, we have agreed on the standard contractual clauses of the European Commission (Art. 46 (2) (c) GDPR) with the respective providers and – where necessary – implemented additional protective measures. A list of certified companies can be found at dataprivacyframework.gov. Despite these measures, a level of data protection fully equivalent to that of the EU cannot be guaranteed in the USA, in particular with regard to possible access by US authorities.

Withdrawal from contracts (electronic withdrawal function)

For the withdrawal from contracts, we provide you with an electronic withdrawal function (“withdrawal button”). If you use this, we process the details you submit — in particular to identify the contract concerned, your name, and the means of communication via which we send you the confirmation of receipt (e.g. your Email address). We use this data exclusively for processing and handling the reversal of your withdrawal as well as for transmitting the legally required confirmation of receipt of your declaration of withdrawal.

The legal basis is Art. 6 (1) (b) GDPR (reversal of the contract) as well as Art. 6 (1) (c) GDPR in conjunction with Section 356a of the German Civil Code (BGB) (legal obligation to provide the withdrawal function and to confirm receipt). The data will be deleted as soon as it is no longer required for these purposes; statutory retention periods (in particular of a commercial or fiscal nature) remain unaffected.

4. Analytics and advertising

The services mentioned below store information on your device or read such information and, unless otherwise stated, are only activated after you have given your consent. Unless otherwise stated, the respective legal basis is Section 25 paragraph 1 of the TDDDG in conjunction with Art. 6 (1) (a) GDPR. You can revoke or adjust your consent at any time with future effect via the “Cookie Settings” (Complianz). Insofar as data is transferred to the USA in this context, the statements in the section “Transfer to third countries (in particular the USA)” in section 3 apply.

Google Analytics

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies that allow an analysis of your use of the website. In Google Analytics 4, IP anonymisation is integrated by default; IP addresses are only processed in a shortened form and are not permanently stored. We have entered into an order data processing agreement with Google. The data collected at user and event level is automatically deleted after the retention period set by us. Further information: https://policies.google.com/privacy.

Google Ads and Conversion Tracking

This website uses Google Ads, an advertising programme from Google Ireland Limited. As part of conversion tracking, a cookie is set when you click on one of our ads (usually valid for 30 days), which is not used for personal identification. It enables us and Google to recognise that a user has clicked on the ad and reached our site, and is used exclusively for the statistical evaluation of conversions.

Google Ads / Google Analytics Remarketing

We use Google’s remarketing functions to display interest-based advertising to you across devices. For this purpose, cookies are set and target audiences are created. A cross-device link with your web and app history only takes place if you have consented to personalised advertising in your Google Account. You can deactivate this at any time in the ad settings of your Google Account.

Google reCAPTCHA

To protect our input forms against abusive automated use and spam, we use Google reCAPTCHA (Google Ireland Limited). To distinguish between humans and machines, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website, mouse movements) and transmits this to Google. The data processing is carried out on the basis of Art. 6 (1) (f) GDPR (legitimate interest in protection against spam and bot attacks).

Microsoft Advertising and Microsoft Clarity

We use Microsoft Advertising (formerly “Bing Ads”) with conversion tracking; the provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA. When you click on one of our Microsoft ads, a cookie is set which is used for the statistical evaluation of conversions and does not identify you personally. In addition, we use Microsoft Clarity (Microsoft Ireland Operations Limited, One Microsoft Place, Dublin 18, Ireland) to pseudonymously evaluate user behaviour (e.g. clicks, scrolling behaviour, device information); the IP address is processed in a shortened form, and the maximum retention period is 13 months. Further information: https://privacy.microsoft.com/en-gb/privacystatement.

Meta Pixel (Facebook)

We use the Meta Pixel for conversion tracking. The controller responsible for users in the EU is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”). This allows the behaviour of visitors to be tracked for statistical and market research purposes after clicking on a Meta advertisement. Meta can connect the data with the respective user account and use it for its own advertising purposes; we have no influence over this. You can manage your ad settings in your Meta Account. Further information: https://www.facebook.com/privacy/policy.

5. Newsletter / Information Emails

Newsletter data

If you would like to receive our newsletter, we require a valid Email address as well as information that allows us to verify that you are the owner of the specified Email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and Email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. Email addresses for processing your order remain unaffected.

Surveys, information or advertising by Email (“information Emails”)

If we have received your Email address in connection with the sale of a product or service, we will use it to send you surveys, information or other advertising about similar products or services in accordance with the legal requirements of section 7. paragraph 3 of the Act Against Unfair Competition. You can object to this at any time without incurring any costs other than the transmission costs according to the basic tariffs. To object, it is sufficient, for example, to send an Email to service@health-on.ventures or click on the unsubscribe link contained in our Emails. If you file an objection, the Email address concerned will be blocked immediately for further advertising data processing. The processing of the Email addresses for this purpose is carried out on the basis of Art. 6 lit. f GDPR. We have a legitimate interest in continuously optimising our website and offering you suitable products.

Klaviyo

This website uses the services of Klaviyo to send newsletters and informational emails. The provider is Klaviyo Inc., 125 Summer St, Floor 6, Boston, MA 02111, United States (“Klaviyo”).

Klaviyo is a service with which, among other things, the dispatch of emails can be prepared, organised, evaluated and – based on your consent – adapted to your interests. The data required for this (e.g. your order data, your email address as well as data regarding your opening and click behaviour) is transmitted to Klaviyo and stored on its US servers.

We have entered into an order data processing agreement with Klaviyo. This also includes the standard contractual clauses of the European Commission for the lawful transfer of data between EU and non-EU countries. Regarding the lawfulness of the transfer to the USA, the statements in the section “Transfer to third countries (in particular the USA)” in section 3 apply.

The emails sent with Klaviyo enable us – provided you have consented to this – to analyse the behaviour of the email recipients. In this context, it can be analysed, among other things, how many recipients have opened the email and how often which link was clicked. With the help of so-called conversion tracking, it can also be determined whether a predefined action (e.g. purchase of a product, sharing of information on social media, unsubscriptions) has taken place after clicking the links in the email. From this data, user profiles can be created under a pseudonym in order to adapt content to your presumed interests and to improve future campaigns.

Legal bases

The dispatch of the newsletter takes place on the basis of your consent (Art. 6 (1) (a) GDPR). The dispatch of informational emails to existing customers regarding similar goods or services takes place on the basis of our legitimate interest (Art. 6 (1) (f) GDPR in conjunction with Sec. 7 (3) UWG).

The behavioural evaluation (opening, click and conversion tracking) as well as the interest-based personalisation take place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR); this is included in your newsletter consent. Without your consent, we send informational emails without such personal performance measurement and personalisation.

Withdrawal and objection
 You can withdraw your consent – including that for tracking and personalisation – at any time with effect for the future, without incurring any costs other than the transmission costs according to the basic rates. You can unsubscribe from receiving the newsletter and informational emails at any time; for example, an email to service@health-on.ventures or a click on the unsubscribe link included in our emails is sufficient for this. Furthermore, you can object to the dispatch of informational emails at any time pursuant to Art. 21 GDPR; we will then no longer use your email address for direct marketing purposes.

In the event of a withdrawal or unsubscription from the newsletter, we will delete the data stored by us for the purpose of your newsletter subscription. Data stored by us for other purposes remain unaffected by this. The lawfulness of the data processing operations carried out prior to the withdrawal remains unaffected.

For further details, please refer to Klaviyo’s privacy policy at:https://www.klaviyo.com/legal/privacy-notice

6. Plugins and tools

YouTube

Our website uses plugins from YouTube, which is operated by Google. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

We use YouTube in advanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they view the video. However, YouTube’s enhanced privacy mode does not necessarily preclude the sharing of information with YouTube partners. YouTube connects to the Google DoubleClick network whether you are watching a video or not.

When you start a YouTube video on our site, it connects to YouTube’s servers. This will tell the YouTube server which of our pages you’ve visited.

If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account..

YouTube can also store various cookies on your device after you start a video. YouTube can use these cookies to obtain information about visitors to our website.

This information is used, among other things, to collect video statistics, improve usability and prevent fraud. The cookies remain on your device until you delete them.

If necessary, after the start of a YouTube video, further data processing operations may be triggered over which we have no control. When you visit one of our pages equipped with a YouTube plug-in, a connection is established to YouTube’s servers. This will tell the YouTube server which of our pages you have visited.

Insofar as information is stored in or read from your end device in this context, this takes place on the basis of your consent pursuant to Sec. 25 (1) TDDDG and Art. 6 (1) (a) GDPR.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://policies.google.com/privacy?hl=en-US External link icon.

Vimeo

To embed videos, we use the Vimeo service. The provider is Vimeo Inc., 330 West 34th Street, New York, New York 10001, USA. We use Vimeo in privacy-friendly mode (“Do Not Track”), so that Vimeo does not set cookies for tracking purposes and does not evaluate your user behaviour for advertising purposes. However, when you visit a page with an embedded video, a connection to Vimeo’s servers is established, whereby your IP address is transmitted to Vimeo and also transferred to the USA. This is technically necessary to deliver the video. The legal basis is our legitimate interest in an appealing presentation of our online offers (Art. 6 (1) (f) GDPR). Regarding the data transfer to the USA, the statements in the section “Transfer to third countries (in particular the USA)” in section 3 apply. Further information: https://vimeo.com/privacy.

Google Maps

This site uses the Google Maps map service via an API. It is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of making our website appealing and to an error-free entry of the billing and delivery address. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

Further information about handling user data, can be found in the data protection declaration of Google at https://policies.google.com/privacy?hl=en&gl=en External link icon.

7. Payment service providers

PayPal

Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.

If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GDPR (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

Amazon Pay

We also offer payment with Amazon Pay on our website. The providers of this payment service are Amazon Payments s.c.a. and, secondarily, Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three located at 5, Rue Plaetis L 2338, Luxembourg (hereinafter “Amazon Pay”)

If you select payment via Amazon Pay, the shopping cart value is transferred to Amazon Pay. Amazon Pay in turn transmits your contact data to us for the purpose of order processing. This transmission of your data is based on the basis of Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (processing to fulfill a contract). You have the possibility to revoke your consent to data processing at any time. A revocation has no effect on the data processing operations in the past.

Credit card, Google Pay & Apple Pay

We also offer credit card payment, Google Pay or Apple Pay on our website. The payment service provider is Stripe, Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin (hereinafter “Stripe”).

If you select credit card payment, Google Pay or Apple Pay, the payment details you enter will be sent to Stripe. Your data will be transmitted to Stripe on the basis of Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (processing to fulfill a contract). You have the possibility to revoke your consent to data processing at any time. A revocation has no effect on the data processing operations in the past.

8. Anti-snoring test

If you grant us your consent for this, we will store your email address together with the test result. We will then use this personal data to send you your test result as well as further information on the topic of snoring and our offers. You can withdraw your consent at any time with effect for the future.

We also collect and store the results of the SomniShop anti-snoring test in order to analyse the test results in aggregated form and to continuously improve the test. For this purpose, we collect the test results anonymously. We have a legitimate interest in this data collection and processing for the analysis and improvement of the test pursuant to Art. 6 (1) (f) GDPR.

9. Application for employment

When you apply to us, we process the personal data you provide to us (such as personal details, contact details, certificates and credentials). We use this data exclusively for the application process, in particular to make a decision about your application. This data processing takes place on the basis of Art. 6 (1) (b) GDPR (general initiation of a contract) and Art. 88 GDPR in conjunction with Sec. 26 BDSG.

Retention period of the data

If we are unable to make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data transmitted by you including any remaining physical application documents will be stored for a maximum of one year after completion of the application process (retention period) in order to be able to trace the details of the application process in the event of discrepancies (Art. 6 Para. 1 lit. f GDPR). You may object to this storage if you have legitimate interests that outweigh our interests.

After expiry of the retention period, the data will be deleted unless there is a legal obligation to retain it or any other legal reason for further storage. If it is evident that the retention of your data will be necessary after the expiry of the retention period (e.g. due to an impending or pending legal dispute), deletion will only take place when the data has become irrelevant. Other legal storage obligations remain unaffected.