Welcome to the website of My Mattress located at: www.thatsmymattress.com (hereinafter "We", "Us", "Our"). We thank You (any visitor to Our website and hereinafter "You" or "Your") for visiting Our website and considering Our products and services.
When You use Our website, Our servers may automatically collect certain Non-Personal Information such as: Your IP address, Your operating system, or Your browser.
Your Personal Identifiable Information (PII)
The Personal Information We collect and store is the information that You voluntarily disclose to Us for the functionality of Our site upon registration or ordering, including but not limited to; any information that identifies, relates to, describes, or is capable of being associated with a particular individual.
Whether or not You submit the following information to Us, "Personal information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
This personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household:
- Name or alias, address, billing address, IP address, email, account name, and other identifiers such as social security number, driver's license number, passport number, or military identification card number; or
- Any information that identifies, relates to, describes, or is capable of being associated with, a particular Individual, including, but not limited to, signature, physical characteristics, education, employment or employment history, and financial, medical or health insurance information, as well as the following numbers: telephone, Insurance policy, bank account, credit card, and a debit card; or
- Characteristics of protected classifications of PII under state or federal law; or
- Commercial information, such as records of personal property, products or services purchased or considered, and purchasing histories or tendencies; or
- Biometric or genetic information including but not limited to: physiological, biological, or behavioral characteristics, including DNA, sufficient to establish identity, etc.
- Internet or other network activity such as browsing history or interactions with websites, apps, or ads; or
- Geolocation data; or
- Audio, electronic, visual, thermal, olfactory, or similar information; or
- Professional or employment-related information; or
- Education information including the name or address of a student or family members, student number, date or place of birth, mother's maiden name, handwriting, or other information that could identify a student with reasonable certainty; or
- Information concerning children; or
- Inferences drawn from any of the above information to create a consumer profile.
Third Party Information
No Information Collected from Children
We do not intentionally collect Personal Information from people who have not yet reached the age of majority in their jurisdiction. If you have not yet reached the age of majority in Your jurisdiction, please leave Our site immediately.
Storage and Security of Personal Information
Data Protection Officer
We have designated a Data Protection Officer (DPO) for Us who has the duty to: Ensure by contract that third parties to whom the company transfers personal information will adequately protect the information and use it only for specified lawful purposes; protect Your personal data using appropriate security measures; notify authorities of personal data breaches; obtain appropriate consents for processing data; keep records detailing data processing; train privacy personnel and employees. Please feel free to contact Our Data Protection Officer by email to firstname.lastname@example.org.
We store Your Personal Information on Our computers, and We believe We have reasonable security measures in place including administrative, technical and physical safeguards that are appropriate for the size and complexity of Our business to protect Your Personal Information including encryption of any personally identifying information. However, We cannot guarantee that Our security measures will prevent Our computers from being accessed without authorization and Your Personal Information stored on them stolen, deleted or changed. We assume no responsibility for such unauthorized actions.
You hereby agree that We may store Your data on Our servers located within the U.S. or anywhere in the cloud.
Security Breach Notice
For any unencrypted data that We maintain that includes Personal Information, We will notify You of any unencrypted Personal Information that was, or is reasonably believed to have been, acquired by an unauthorized person. In the unlikely event that We do have a data breach We will be contacting Your state’s office of the Attorney General to report the breach and follow their instructions concerning communication with You and the repair that is required.
Disposal of Customer Records
Your data will be kept in Our files for approximately two years from the time You last logged into Our website.
When the time comes to dispose of Customer Records; We will shred, erase or otherwise modify the personal information when disposing of Customer Records under Our control and notify any service providers to do likewise.
How We Use Your Information
We may use Your Personal Information for any legal purpose in Our sole discretion, including but not limited to; membership, registration, log-in, or order fulfillment purposes. You agree that We may also use Your Personally Identifiable Information to contact You by phone, U.S. mail, texts or email.
Dissemination of Individual Information
We may transfer Personally Identifiable Information to third parties for order fulfillment, to respond to Legal Processes or governmental requests for information, or for any other legal purpose.
Do Not Track Requests
While Your browser may contain a "do not track" signal or other mechanism that provides You the ability to exercise choice regarding the collection of Personally Identifiable Information or about Your Internet activities over time and across third-party sites or online services, Our systems are not set up to accommodate Your browser's request.
Special Information for Nevada Residents
If You are a resident of the state of Nevada and a customer of Ours, You have the right to opt out of any "sale" of Your Personal Information. Simply write Us an email to email@example.com and We will remove Your Personal Information with-in 60 days and confirm this removal to You before any sale of Personal Information is made.
Under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 ("CCPA"), a consumer, a California employee and Our service providers and contractors (Hereinafter "You" or "Your") have various rights with regard to personal information relating to You that is held by Us, including the right to request Us to delete any Personally Identifiable Information about You collected by Us, and requires Us to comply with a verifiable request by You to that effect, unless it is necessary for Us or Our service providers to maintain Your personal information in order to carry out specified acts.
Your Personally Identifiable Information (PII) is described above. Further, the CCPA defines certain "Sensitive Personal Information" which means:
Personal information that reveals:
- Your social security, driver's license, state identification card, or passport number.
- Your account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
- Your precise geolocation.
- Your racial or ethnic origin, religious or philosophical beliefs, or union membership.
- The contents of Your mail, email, and text messages unless We are the intended recipient of the communication.
- Your genetic data.
- The processing of biometric information for the purpose of uniquely identifying You.
- Personal information collected and analyzed concerning Your health.
- Personal information collected and analyzed concerning Your sex life or sexual orientation.
- "Personal information" does not include publicly available information or lawfully obtained, truthful information that is a matter of public concern. "Publicly available" means: information that is lawfully made available from federal, state, or local government records, or information that a business has a reasonable basis to believe is lawfully made available to th e general public by You or from widely distributed media, or by You; or information made available by You to whom You have disclosed the information if You have not restricted the information to a specific audience. "Publicly available" does not mean biometric information collected by Us about You without Your knowledge.
- "Personal information" does not include Your information that is deidentified or aggregate information.
- Sensitive information that is collected from You must be reasonably necessary and proportionate to either the purposes for which it was collected or another disclosed purpose that is compatible with the context in which the personal information was collected.
Your Personally Identifiable Information is being collected when required for the functionality of Our website; as well as for the purpose of fulfilling Your order and processing Your payment. Shipping and payment processing may be provided by a third-party service provider or contractor to whom We will provide Your data for this purpose.
You have the right to request that We disclose to You the categories and specific pieces of personal information We have collected about You. If We receive a verifiable request from You to access Your personal information, We will acknowledge your request within 10 days and We shall promptly take steps to disclose and deliver them to You, free of charge within 45 days (with a 45 day extension under certain conditions.) The information may be delivered by mail or electronically.
Further, You have the right to request that We delete or correct Your personal information and any information we have shared with a third-party service provider or contractor with certain exceptions like the need to complete a transaction. This information shall cover the 12-month period preceding Our receipt of the verifiable consumer request and shall be made in writing and delivered through Your account with Us if You maintain an account with Us, or by mail or electronically at Your option if You do not maintain an account. We are not obligated to provide the information requested by You more than twice in a 12-month period. We will not discriminate against You because You exercised any of Your rights under the CCPA, including, but not limited to, by:
- Denying goods or services to You.
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
- Providing a different level or quality of goods or services to You.
- Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services.
However, nothing in CCPA prohibits Us from charging You a different price or rate, or from providing a different level or quality of goods or services to You, if that difference is reasonably related to the value provided to You by Your data. We may offer financial incentives, including payments to You as compensation, for the collection of personal information, the sale of personal information, or the deletion of personal information. We may also offer a different price, rate, level, or quality of goods or services to You if that price or difference is directly related to the value provided to You by Your data. We may offer financial incentives to You only if You give Us prior opt-in consent which clearly describes the material terms of the financial incentive program, and which may be revoked by You at any time.
- If We receive a verifiable request from a consumer to delete the consumer's personal information pursuant to subdivision (a) of this section We shall delete Your personal information from Our records, notify any service providers or contractors to delete Your personal information from Our records, and notify all third parties to whom We have sold or shared such personal information to delete Your personal information, unless this proves impossible or involves disproportionate effort.
- We may maintain a confidential record of deletion requests solely for the purpose of preventing the Your personal information who has submitted a deletion request from being sold, for compliance with laws, or for other purposes solely to the extent permissible under this title.
- Our service providers or contractors shall cooperate with Us in responding to a verifiable request from You, and at Our direction, shall delete, or enable Us to delete, and shall notify any of Our service providers or contractors to delete, personal information about You collected, used, processed, or retained by the service provider or the contractor.
- You shall have the right to request Us to correct inaccurate personal information about You and request that We correct such inaccurate personal information taking into account the nature of the personal information and the purposes of the processing of the personal information. Further, We shall not be required to comply with Your request to delete the Your personal information if it is reasonably necessary for Us to maintain the Your personal information in order to c omplete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide goods or services requested by You, or reasonably anticipated by You within the context of Our ongoing business relationship with You, or otherwise perform a contract between You and Us.
We do not offer financial incentives associated with our collection, use, or disclosure of your personal information. You shall have the right to request that if We sell or share Your personal information, or if We disclose it for a business purpose, that We inform You of:
- The categories of personal information that We collected about You.
- The categories of personal information that We sold or shared about You and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared.
- The categories of personal information that the business disclosed about You for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
You have the right to opt-out of any sale of Your information. We do not sell or share your personal information and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law as well as other descriptions of actions you may take. Similarly, we do not offer financial incentives associated with our collection, use, or disclosure of your personal information.
If in the future, We do begin to sell or share Your PII there will be an opt-out button on Our home page entitled "For California Residents: Do Not Sell or share My Personal Information."
The obligations imposed on Us by the CCPA shall not restrict Our ability to:
- Comply with federal, state, or local laws or comply with a court order or subpoena to provide information.
- Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities. Law enforcement agencies, including police and sheriff's departments, may direct a business pursuant to a law enforcement agency-approved investigation with an active case number not to delete a consumer's personal information, and upon receipt of that direction, a business shall not delete the personal information for 90 days in order to allow the law enforcement agency to obtain a court-issued subpoena, order, or warrant to obtain a consumer's personal information. For good cause and only to the extent necessary for investigatory purposes, a law enforcement agency may direct a business not to delete the consumer's personal information for additional 90-day periods. A business that has received direction from a law enforcement agency not to delete the personal information of a consumer who has requested deletion of the consumer's personal information shall not use the consumer's personal information for any purpose other than retaining it to produce to law enforcement in response to a court-issued subpoena, order, or warrant unless the consumer's deletion request is subject to an exemption from deletion under this title.
- Cooperate with law enforcement agencies concerning conduct or activity that the business, service provider or contractor, or third party reasonably and in good faith believes may violate federal, state, or local law.
- Cooperate with a government agency request for emergency access to a consumer's personal information if a natural person is at risk or danger of death or serious physical injury provided that:
- The request is approved by a high-ranking agency officer for emergency access to a consumer's personal information.
- The request is based on the agency's good faith determination that it has a lawful basis to access the information on a nonemergency basis.
- The agency agrees to petition a court for an appropriate order within three days and to destroy the information if that order is not granted.
- Exercise or defend legal claims.
- Collect, use, retain, sell, share, or disclose consumers' personal information that is deidentified or aggregate consumer information.
- Collect, sell, or share a consumer's personal information if every aspect of that commercial conduct takes place wholly outside of California. For purposes of this title, commercial conduct takes place wholly outside of California if the business collected that information while the consumer was outside of California, no part of the sale of the consumer's personal information occurred in California, and no personal information collected while the consumer was in California is sold. This paragraph shall not prohibit a business from storing, including on a device, personal information about a consumer when the consumer is in California and then collecting that personal information when the consumer and stored personal information is outside of California.
If You feel We have not lived up to the requirements of the CCPA You may contact us at firstname.lastname@example.org.
You may also designate an authorized agent to contact us on your behalf subject to our verification of their authority granted by you. The agent must be a natural person or a business entity that is registered with the California Secretary of State.
Not for use by Residents of the European Union
We do not accept customers who are residents of the European Union. This website may not be used by any resident of the European Union.