privacy policy
1. IMPORTANT INFORMATION ABOUT THIS POLICY
Silentnight Group Limited (“Silentnight”, "we", "our", "us") takes your privacy very seriously and this privacy policy (“policy”) sets out the basis on which any personal data we collect from you, that you provide to us, or that other third parties provide to us, will be processed by us.
This policy applies to personal data collected when you:
visit www.silentnight.co.uk (our "website")
interact with our brand (Silentnight)
create an account on our website
purchase products and/or services from us (or from one of our stockists)
contact us by any means with queries, comments, complaints etc.
choose to complete a survey we send you
partake in a promotion or competition
provide products and/or services to us
visit our premises
apply for a job with us
We have designed this policy to make it easier for you to navigate and find the information that is most relevant to you. We use clearly worded headings so you can quickly and easily find the information you are looking for by clicking on the relevant heading.
Please read this policy carefully as it explains how we use personal data. We keep this policy under regular review and may make changes from time to time, and when we do, we update this page, so please check back frequently.
It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes to your personal data during your relationship with us, for example a new address or email address.
Controller and Data Protection Officer contact details
We are the controller of personal data we collect in accordance with this policy and our contact details are set out below.
If you have any queries that are not covered by this policy or would like to request to exercise any of Your legal rights, please contact our Data Protection Officer either by email at: dpo@silentnight.co.uk, or at the following address:
The Data Protection Officer Silentnight Group Limited Long Ing Business Park Long Ing Lane Barnoldswick Lancashire BB18 6BJ
2. What personal data do we use and how we collect it
“Personal data” means any information describing or relating to an identified or identifiable individual and we collect and process various types of personal data, which we have set out in the table below, for the purposes set out in the table in section 3 .
We use different methods to collect personal data, for example:
when you interact with us by any means, including when you place an order with us or correspond with us by phone, email, post, Live Chat or otherwise.
when you interact with our website, we collect Technical Information and Usage Information by using cookies and other similar technologies (depending on your consent preferences). Please see our Cookie Policy for further details.
during the recruitment process.
Personal and Contact Details | name email address telephone/mobile numbers address (billing and delivery) |
Financial Details | bank account details payment card details payment method |
Transactional and Customer Service Information | details about your purchases and payments made details of the fulfilment of your order correspondence/communications relating to your order or any instructions given to us (via email, during telephone calls) and/or any other forms of communication (such as our Live Chat functionality) details of your interactions with us including with our customer service team or online, for example, we record incoming calls and collect notes from our conversations with you including details of any complaints or comments any other personal data which you chose to disclose to us whether verbally (on calls) or in written form (via email or otherwise) |
Profile Information | your username and password your interests and preferences your feedback, including where you complete one of our surveys, your survey responses |
Technical Information | internet protocol ( IP ) address login information browser type and version operating system and platform full uniform resource locator (URL) location as defined by IP address |
Recruitment Information | relevant Personal and Contact Details CV, details of your qualifications, training, experience and education, and employment history interview notes/information (successful candidates only) right to work and identification information (i.e. National Insurance number), (as applicable) driving licence details, references, date of birth, emergency contact and beneficiary details, bank account details any other personal information which you chose to disclose to us during the recruitment process whether verbally or in written / electronic form |
Usage Information | information about how you interact with and use our website, products and services including clickstream to, through and from our website (including time and date), products viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information such as scrolling, clicks and mouse-overs), methods used to browse away from page |
Marketing and Communications Information | your preferences in receiving marketing from us your communication preferences |
CCTV Footage | CCTV images/footage (if you visit our premises) |
Call Recordings | recordings of calls (if you call us) |
To the extent permitted by applicable laws, we collect and process a limited amount of personal data within the above-mentioned information falling into “special categories of personal data”, often referred to as “sensitive personal data”) for the purposes set out in the table in section 3. Sensitive personal data means information relating to (amongst others): racial or ethnic origin, physical or mental health (including details of accommodations and adjustments), sex life or sexual orientation. For example, during our recruitment/onboarding process (as applicable), information about your health to provide appropriate adjustments or accommodations where appropriate in the event you choose to disclose that you have a disability.
Personal data that we receive about you from other sources
We may receive your personal data from other sources such as retailers of our products (for example, so that we can arrange delivery of our products to you), social media platforms where you make your information publicly available, and from third parties who work with us in connection with our website and services. Where you apply for a job with us, we may obtain some information from third parties, for example, (if you are a successful job candidate) when we seek references from your previous employers and other referees.
How we use personal data and what it our legal basis for using it
Legal basis for using your personal data
The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you. For us to fulfil our obligations under such contract (e.g. to enable you to purchase products from us), we will need to collect and process your personal data. Failure to provide the requisite personal data on sign-up and financial information on entering into the transaction or objecting to this type of processing / exercising your deletion rights will unfortunately mean we cannot provide our products and/or services to you.
Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. For example, Silentnight is obliged to comply with UK laws and guidance provided by UK regulatory bodies. In particular, we will need to process your personal data to verify your identity, establish your age and to verify your source of funds for anti-money laundering and fraud purposes.
Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example, if you subscribe to our newsletter. We provide easy ways to stop our marketing, and you can opt out at any time. See Section 4 Marketing for further details.
Purposes for which we use your personal data
In the table below, we set out the ways we use personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are (where appropriate).
Purpose/Use | Type of personal information | Lawful basis for processing |
To create an online account with us | Personal and Contact Details | Consent, at the time you open an account with us. |
To provide our products and/or services in accordance with any contract between us, including processing orders, sending invoices and payment reminders, collecting payments / debts owed to us and any other general contract administration | Personal and Contact Details Financial Details Transactional and Customer Service Information Marketing and Communications Information | The processing is necessary for the performance of a contract. Additional processing is necessary for our legitimate interests (for example, to recover debts due to us) (“necessary for our legitimate interests”) and help us prevent fraud. |
To manage our relationship with you including: (i) dealing with your enquiries, requests, complaints and queries, and (ii) notifying you of changes to our terms or privacy policy | Personal and Contact Details Transactional and Customer Service Information Profile Information Marketing and Communications Information | The processing is necessary for the performance of a contract. Necessary to comply with a legal obligation. Additional processing is necessary for our legitimate interests to respond to any correspondence or queries you send us. |
To send you relevant marketing communications and make personalised suggestions and recommendations to you about our products or services that may be of interest to you based on your Profile Data, including where you sign up for our newsletter | Personal and Contact Details Technical Information Profile Information Usage Information Marketing and Communications Information | This processing is necessary for our legitimate interests to carry out marketing, develop our products and services and grow our business. Consent, having obtained your prior consent to receiving marketing communications, such as our newsletter. |
To enable you to partake in, or enter, a promotion or competition | Personal and Contact Details Profile Information Usage Information Marketing and Communications Information | Consent, given at the time of entering one of our promotions or competitions. Necessary for our legitimate interests to help us better understand our customers via their interactions with us and information provided during their involvement in our promotions/competitions. |
To carry out market research through your voluntary participation in surveys | Personal and Contact Details Profile Information | Necessary for our legitimate interests to collect information from customers and prospective customers to: better understand how they choose, use and experience our products and/or services (including delivery experiences), better understand how they interact us, including via our website or during telephone calls, and their experiences of these interactions, help us shape future business decisions and for the continuous improvement and development of our products and services. |
For training and quality control purposes we record calls | Call Recordings Transactional and Customer Service Information | Necessary for our legitimate interests to: identify staff training needs so we can effectively train our staff, monitor for quality control, identify any issues with internal processes for continual improvement purposes, verify what was discussed within a call (e.g. service requests, order queries, issues, complaints etc.), should a dispute or complaint arise, or for the purposes of, or in connection with, any legal proceedings, protect our staff from threatening, nuisance and abusive calls. All incoming calls are recorded in accordance with our call recording policy. If you would like to see a copy of this policy, please contact us. |
To administer and protect our business and website and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes, system maintenance, support, reporting and hosting of data | Personal and Contact Details Technical Information | Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise. |
To deliver (whether directly or indirectly via third parties) relevant and effective website content and online advertisements (ads) to you, continue to improve such content and ads, and measure or understand the effectiveness of the marketing/advertising we serve to you | Personal and Contact Details Technical Information Profile Information Usage Information Marketing and Communications Information | Necessary for our legitimate interests to analyse how customers use our products and/or services, to develop them, to grow our business and to inform our marketing strategy. Consent, having obtained your prior consent to the setting of any relevant cookie. |
To use data analytics to improve our website, products and/or services, customer relationships and experiences and to measure the effectiveness of our communications and marketing | Technical Information Usage Information | Necessary for our legitimate interests to determine the types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy. |
Recruitment and selection to consider your suitability for the role you applied for, comparing you to other candidates and making recruitment decisions | Personal and Contact Details Recruitment Information | Some of this processing is necessary for compliance with legal obligations to which we are subject. Some of this processing is necessary for taking steps at your request to enter into a contract with you. Additional processing is necessary for our legitimate interests in fully assessing job candidates to ensure that only suitable and appropriate candidates are selected, to compare candidates and make fair decisions on the most appropriate candidate for the role. |
Offers of employment and onboarding including making job offers, providing contracts of employment and preparing for the commencement of your employment where you accept an offer from us | Personal and Contact Details Recruitment Information | Some of this processing is necessary for compliance with legal obligations to which we are subject including the requirement to issue written particulars or terms of employment. Additional processing is necessary to take steps to enter into an employment contract with you because we will need information to make an appropriate offer to you. The remainder of the processing is necessary for the purpose of the legitimate interests pursued by us, for example, we have a legitimate interest in: (i) ensuring the effective engagement of staff on appropriate terms and conditions of employment, (ii) a smooth transition into employment for successful candidates, and (iii) information supplied during the recruitment process which is relevant to ongoing employment being retained. |
When you provide us with products and/or services (including support, maintenance and other associated services) including ordering and making payments, delivery and any other general contract administration | Personal and Contact Details | The processing is necessary for the performance of our contract with you. We also process certain personal data to comply with legal obligations to which we are subject, such as with respect to tax. Additional processing is necessary for our legitimate interests in conducting our business, including ordering and paying for products and/or services and good contract management. |
For security and safety purposes we use CCTV on our premises | CCTV Footage | Necessary for our legitimate interests, and those of our staff, suppliers and visitors, to have in place appropriate security measures, including CCTV (in accordance with our CCTV policy), at our premises for safety and security purposes. |
To comply with laws and regulations applicable to Silentnight, including anti-fraud and anti-money laundering requirements | Potentially all types of personal data | This processing is necessary for the compliance with legal obligations with which Silentnight is subject. |
To enforce our legal rights and obligations, and for any purposes in connection with any complaint or legal claim made by, against or otherwise involving you | Potentially all types of personal data | This processing is necessary for our legitimate interests. Silentnight has a legitimate interest in protecting itself from breaches of legal obligations owed to it and defending itself against litigation in order to ensure that its legal rights and interests are appropriately protected, to protect its reputation and itself from other damage or loss. |
In connection with any merger, sale, transfer of our assets, investment, acquisition, bankruptcy or similar event or corporate transaction | Potentially all types of personal data | This processing is necessary for our legitimate interests to ensure we can protect and grow our business. |
Types of sensitive personal information we process, the purposes we use it for and the additional lawful basis that applies
We have identified the following purposes for collecting and processing sensitive personal information and these are set out in the table below together with the additional lawful basis we rely on in each case:
Purpose/Use | Type of personal information | Lawful basis for processing |
Pre-employment checks including (as appropriate) identify check, assess and review eligibility to work / right to work verification | Recruitment Information including documentation such as work permits, VISAs, details of residency, proof of citizenship, which include personal data revealing racial or ethnic origin | This processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law, to the extent permissible under applicable laws, in particular, the requirement to check that you are legally permitted to work in the UK. |
Health and medical data may be used to comply with employment, health and safety or social security laws, e.g. to make reasonable accommodations or adjustments | Information relating to medical history, (where relevant) health / medical records | This processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law, to the extent permissible under applicable laws. |
To keep our commitment to equal opportunity under review | Information relating to ethnic or racial origin, sexual orientation, disability status | This processing is necessary for the public interest of ensuring equality of opportunity or treatment between people of different racial or ethnic origins, with different states of physical or mental health or of different sexual orientation with a view to enabling such equality to be promoted and maintained. |
We may seek your consent to certain processing which is not otherwise justified under one of the above basis. If consent is required for the processing in question, it will be sought from you separately to ensure it is freely given, informed and explicit. Information regarding such processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent. You should be aware that it is not a condition or requirement of your recruitment to agree to any request for consent from Silentnight.
If You Don’t Provide Us Your Personal Data
You are not obliged to provide your personal data to us. However, if you do not provide your personal data to us, we may not be able to (as applicable) provide our products and/or services to you, respond to your queries, enter you into promotions or competitions, or process your job application.
Marketing
You will receive marketing communications from us if you have requested information from us, subscribed to receive newsletters, emails and texts from us, or purchased our products and/or services and have not opted out of receiving marketing, which is often referred to as “soft opt-in”.
We may analyse your Personal and Contact Details, Transactional and Customer Service Information, Technical, Usage and Profile Information to help us get to know you better including to form a view of which products, services and offers may be of interest to you so that we can personalise and enhance your customer experience with us, ensure that content is relevant for you and send you relevant marketing communications.
Change your marketing preferences or opt out of marketing
Within our marketing communications, we include a link where you can: (i) manage your marketing preferences, as well as (ii) ask us to stop sending you marketing communications at any time.
If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes, for example, order confirmations for a product/service, warranty registrations, appointment/delivery reminders, checks that your contact details are correct, and market research surveys.
Cookies
For more information about the cookies we use and how to change your cookie preferences, please see our Cookie Policy .
Who do we share personal data with
Within our company, your personal data can be accessed by or may be disclosed internally on a need-to-know basis, for example, with members of our HR team involved in the recruitment exercise, our customer services team, management team, system administrators, members of our finance / IT teams etc.
Your personal data is also accessed by those third parties set out below for the purposes set out in the table in section 3.
We require all third parties to respect the security of personal data and treat it in accordance with the law. We carry out an appropriate level of due diligence and put in place contractual documentation in relation to any such third party to ensure that they process personal data appropriately and according to our legal and regulatory obligations.
We will disclose your information to:
business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; e.g. service providers who operate elements of our website and process personal data on our behalf. These may include businesses who provide technology services such as hosting for our servers and email distribution, and business partners who provide delivery fulfilment services. We may also disclose your personal data to our supply and delivery partners for the purpose of processing, fulfilling and delivering your order;
third party suppliers and service providers to the extent they assist us with our legal / regulatory obligations e.g. providers of services in respect of anti-money laundering, fraud, verification etc.;
analytics and search engine providers that assist us in the improvement and optimisation of our website and other selected third parties; and
law enforcement agencies, e.g. when a court order is submitted to share data with law enforcement agencies or a court of law, or other appropriate third parties, where we consider your behaviour to be unlawful, offensive, inappropriate or objectionable.
We will also disclose your personal information to third parties:
in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
in the event of any insolvency situation (e.g. the administration or liquidation) of Silentnight;
if Silentnight or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
to protect the rights, property or safety of us, our staff, our customers, or others. This includes exchanging information with other companies and organisations (including without limitation, other third parties, your employer, educational institution, email or internet provider, your parents (if you are under the age of 18) and law enforcement agencies) for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk reduction; and
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements or in order to enforce or apply our Terms and Conditions and other agreements, or otherwise for the prevention or detection of fraud or crime.
In assessing your request for our products and/or services, we may use your personal data for the purposes of the prevention and detection of fraud. One of the purposes for which we may disclose your address and postcode details is to check against the IMRG Security Alert or any other Fraud Prevention Scheme. At all times where we disclose your personal data it will remain secure.
In order to be able to offer you Klarna’s payment options, we will pass to Klarna (which is a third-party payment processing provider) the personal data it requires about you, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you. General information on Klarna can be found here. As Klarna is a third party, we do not accept any responsibility or liability for Klarna’s handling our your data, which is subject to Klarna’s privacy policy.
International transfer of personal data
The personal data that we collect from you is processed/stored on secure information technology systems located in the European Economic Area (EEA) which are operated by us or on our behalf by third parties.
Data security
We are committed to protecting the security of the personal data you share with us and we use a variety of technical and organisational methods to secure personal data in accordance with applicable laws, such as Secure Sockets Layer (SSL) encryption software. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
Regards personal data that you transmit to us via the internet, unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us; any transmission is at your own risk. Once we have received your personal data, we will use security procedures and features to help prevent unauthorised access.
Data retention
We will only retain your personal data for as long as necessary for the purposes set out in the table in section 3,including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Different retention periods apply to different types of data, however, typically the longest period we will store personal data is 7 years.
Your legal rights
You have a number of rights under data protection law, which we set out below in further detail, in relation to the way we process your personal data, although these are not absolute, and in some instances, we may be unable to accept your request, in which case we will respond to you to explain why.
1. You have the right to request access to your personal data | Commonly known as a "data subject access request", you have the right to request confirmation that your personal data is being processed, access to your personal data (through us providing a copy) and other information about how we process your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. |
2. You have the right to ask us to rectify your personal data | You have the right to request that we rectify your personal data if it is not accurate or not complete. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. |
3. You have the right to ask us to erase your personal data | In certain circumstances, you have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data. This right would apply if we no longer need to use your personal data to provide products and/or services to you, where you withdraw your consent for us to market to you, or where you object to the way we process your personal data (see right 6 below). |
4. You have the right to ask us to restrict or block the processing of your personal data | You have the right to ask us to restrict or block the processing of your personal data that we hold about you. This right applies where you believe the personal data is not accurate, you would rather we block the processing of your personal data rather than erase your personal data, where we don’t need to use your personal data for the purpose we collected it for but you may require it to establish, exercise or defend legal claims. |
5. You have the right to port your personal data | You have the right to obtain and reuse your personal data from us to reuse for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you. |
6. You have the right to object to our processing of your personal data | You have the right to object to our processing of your personal data on the basis of our legitimate business interests, unless we are able to demonstrate that, on balance, our legitimate interests override your rights or we need to continue processing your personal data for the establishment, exercise or defence of legal claims. |
7. You have the right not to be subject to automated decisions | You have the right to object to any automated decision making (if applicable), including profiling, where the decision has a legal or significant impact on you. |
8. You have the right to withdraw your consent | You have the right to withdraw your consent where we are relying on it to use your personal data. |
You also have the right to object any time to the processing of your personal data for direct marketing purposes (please see 4. Marketing for details of how to object to receiving direct marketing communications).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Third-party links
Our website may from time to time include links to third-party websites, plug-ins and applications, which offer certain services provided by these third parties. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control any such third-party websites, they have their own privacy policies and we do not accept any responsibility or liability for these policies and their handling our your data. When you leave our website, we encourage you to carefully read the policies of every third-party website you visit before you submit any of your personal data to these websites.
How to contact us
If you have any questions about this policy, about the use of your personal data or you want to exercise any of Your legal rights (Section 9) , please contact us either by email at: dpo@silentnight.co.uk or by using the contact details set out below.
The Data Protection Officer Silentnight Group Limited
Long Ing Business Park Long Ing Lane Barnoldswick Lancashire BB18 6BJ
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), which is the UK regulator for data protection issues (www.ico.org.uk). However, we would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance. Email & SMS Silentnight Group's website uses cookies to help keep track of items you put into your shopping cart, including when you have abandoned your cart. This information is used to determine when to send cart reminder messages via Email & SMS. For more information see terms and conditions.
