Recently updated: December 21st, 2019
This Policy explains what data we may collect from our users, how such data may be used or shared with others, how we safeguard it and how you may exercise your rights related to your Personal Data, among others, and where applicable, as required according to the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
In the event you are a California resident and the CCPA apply to you – please review our CCPA Privacy Notice
You are not required by law to provide us with any Personal Data. Sharing Personal Data with us is entirely voluntary. Some of our Services however, may depend on providing us with certain Personal Data, as specified below.
In general we use Personal Data (1) where we have a legitimate interest to do so (for example for website’s security purposes); (2) in order to perform a contract (for example, to provide you with the support you have requested or response to your inquiry); (3) where there is a legal obligation imposed on us or to protect our legal rights; and (4) otherwise with your consent to do so.
Children under the age of 16 are not permitted to use the Services or provide us with any Personal Data.
You may be entitled under applicable law to request to review, amend, erase or restrict the processing of your Personal Data, all as detailed under this Policy.
We do not sell, trade, or rent users’ Personal Data to third parties. We only share Personal Data for limited circumstances as specified herein. If you have any questions or requests regarding the processing of your Personal Data, or would otherwise like to contact us in connection with this Policy, please send us an email to: [email protected]
We may update or revise this Policy from time to time. Modifications to this Policy will be posted on the website, and shall be effective as of the date reflected under the “Recently Updated” header above. We encourage you to periodically review this Policy to stay informed about our practices related to the collection and processing of Personal Data.
Note to California Residents: Notwithstanding the above, as required under the, this Policy will be reviewed and updated every 12 months, as required under the CCPA.
In the event you access or interact with our website, we collect both Personal and Non-personal data, as follows:
“Personal Data”, means information which identifies or may with reasonable effort identify an individual, including online identifiers, as detailed below.
“Non-Personal Data”, means non-identifiable aggregated data, such as technical data transmitted by the user’s device and aggregated use of the website. This data is not used to identify individuals.
Non-Personal Data Processed by Us
We collect Non-Personal Data regarding use of the website and the Services, such as technical and aggregated data about you, such as: type of browsers; type of operation system; type of device; time and date you access the website and use the Services; users’ navigation and actions in the website; language preference; country level location. Non-Personal Data is used mainly for click stream analysis in order to provide, maintain, develop and enhance our website and Services, including among others, in order to measure and understand the level of engagement with the Services, for general business analytics for ensuring the technical functioning of our network, to help prevent fraudulent use of the Services, etc.
Personal Data Processed by Us
We collect the following Personal Data, and process it in accordance with the purposes and legal basis specified in the table below.
|Type of Personal Data||Purposes of Processing||For EU Individuals - Legal Basis under the GDPR|
|Contact Details & Contact History If you voluntarily contact through any means of communication we make available (for example, through a “Contact Us” page in the website, by sending us an email, or any other request or notification) you may be required to provide us with certain information such as your name and email address||Your contact details and contact history with us will be processed in order to provide you with the support you have requested or response to your inquiry, as well as in the event we find it applicable (e.g., in the event of future claim).||Performance of a contract and necessity of processing for the purposes of our legitimate interests.|
|Online Identifiers We will collect your Internet Protocol (“IP”) addresses. This data might be collected by us or by our service providers or business partners.||We use this data in order to maintain, protect and manage the website and Services; improve our Service, as well as enhance your experience while you use our Services; for analytic and statistic purposes regarding traffic flow and users’ interaction with our website; in order to audit our affiliates, calculate payments and detect fraud, as well as detect and resolve security or technical issues.||Necessity of processing for the purposes of our legitimate interests, and your consent, where required under applicable law.|
Certain Personal Data is collected automatically by using cookies and other similar tracking technologies, while other Personal Data is provided by you voluntarily and actively, for example, when you contact us.
We use “cookies” (or similar tracking technologies) when you access the website or interact with the Services we offer. This use is a standard industry-wide practice. A "cookie" is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes. You can find more information about cookies at: www.allaboutcookies.org and https://cookiepedia.co.uk/.
There are several types of cookies, the three main and common ones are:
Essential, Functionality, Operation & Security Cookies - essential for enabling user movement around the website, for the website to function properly, and for security purposes. Please note that these cookies either cannot be disabled, or if disabled, certain features of the Services may not work.
Analytic, Measurement & Performance Cookies - used to collect information about how users use the website (clickstream, navigation, time and date of access, etc.) in order to improve our Services and the way we offer them, as well as assessing performance of the content available in the website. We further use this information to compile reports and calculate payments in the course of relationship with our business partners which their services are displayed in our website.
Preference, Targeting & Advertising Cookies - used to advertise across the internet and to display relevant ads tailored to users based on the parts of the website they have (e.g., the cookie will indicate you have visited a certain webpage and will show you ads relating to that webpage)
|Google Analytics||Analytic, Measurement & Performance||http://www.google.com/intl/en/policies/privacy/ https://tools.google.com/dlpage/gaoptout|
|Cloudflare __cfduid||Security & Functionality||https://www.cloudflare.com/privacypolicy/|
|_csrf-frontend _csrf-backend are part of the Yii2||Security & Functionality|
Please note that, most browsers will allow you to erase cookies from your computer's hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. By following the instructions of your device preferences, and by adjusting the privacy and security settings of your web browser, you may remove cookies, however, if you block or erase cookies some features of the Services may not operate properly and your online experience may be limited.
Please refer to the support page of the browser you are using. In this regard, following are some links which you may find useful: Google Chrome; FireFox; Internet Explorer; Safari; Edge; Opera You may also contact us (see our contact details below), and we will make efforts to assist you.
We will not share your Personal Data with third parties, other than as specifically mentioned herein:
Subject to your consent - we may share your Personal Data upon your explicit consent. Once we share your Personal Data under these circumstances, that data becomes subject to the other third party’s privacy practices.
Policy enforcement and third party rights - we may share your Personal Data in the event required to enforce our policies and agreements or to establish and exercise our rights to defend against legal claims, including investigations of potential violations and in order to detect or prevent illegal activities or other wrongdoing, security or technical issues. In addition, we may share your Personal Data to prevent harm to the rights or safety of our users or any applicable third party.
Law enforcement - we may share your Personal Data, solely to the extent needed to comply with any applicable law, regulation, legal process or governmental request.
Affiliate company and corporate transaction – in the event required, we may share your Personal Data with our parent company, any subsidiaries, joint ventures, or other companies under common control ("Affiliated Companies") or in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). Our Affiliated Companies or acquiring company will assume the rights and obligations as described in this Policy;
Online Identifiers - we may disclose or share online identifiers collected for the purpose of operating our business and providing the Services, as well as to calculate payments and detect fraud, security or technical issues in connection with the Service;
Service Providers - we may disclose Personal Data to our service providers to perform requested services on our behalf. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services (e.g., servers, tracking services intended to calculate payments).
Note that, regarding aggregate or Non-Personal Data, we may share it with our business partners and other third parties in any of the circumstances detailed above, as well as for any business operation and commercial use.
The Personal Data we collect and process will be stored by us solely for the minimum period of time necessary to fulfil the purpose for which it is collected and provide the Service, meet our business goals, to comply with our legal obligations, resolve disputes, enforce agreements between us and other parties, in accordance with applicable laws, or until an individual request for deletion is met and complied with the terms as set forth in this Policy.
Subject to applicable law requirements, we will provide individuals with the opportunity to exercise their rights regarding their Personal Data. Individuals’ principal rights under data protection and privacy laws may include (you may have some or all of these rights depending on your jurisdiction):
the right to confirm whether or not we process your Personal Data;
the right to access your Personal Data and being provided with a copy of the Personal Data that we hold.
the right to rectification;
the right to erasure of your Personal Data.
the right to restrict processing of your Personal Data.
the right to object to processing of your Personal Data;
the right to data portability.
the right to complain to a supervisory authority (in the event that you are a European Economic Area (“EEA”) resident); and
the right to withdraw consent.
Please review our Privacy Rights Policy regarding your rights under applicable law.
You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request (“DSR”) form available here https://top5bestmattresses.com/files/DSR.pdf and send it to our privacy team at: [email protected].
Please note that -
We may request additional information from you when you contact us in order to verify your identity and locate your data.
It may take time to process requests in a way that is consistent with applicable privacy law.
We make best efforts keep our website, Services and the data we secure. We employ industry standard and implemented technical and administrative security measures to ensure the safety of our users’ Personal Data and prevent unauthorized access or use of such Data. In spite of all our efforts, it is not guaranteed that the protection is hermetic and that data transmission over the Internet or any wireless network is 100% secure and we cannot be responsible for the acts of those who gain unauthorized access or abuse our website or Service, and we make no warranty, express, implied or otherwise, that we will be able to prevent such access. If you feel that your privacy was treated, or if suffered from individual attempt to abuse our website or Service or acted in an inappropriate manner, please contact us directly at: [email protected].
The Services are not intended for individuals under the age of sixteen (16). Accordingly, we do not use the website to knowingly solicit data from or market to children as defined under applicable law (e.g. thirteen (13) regarding US individuals and sixteen (16) regarding European Economic Area ("EEA") individuals). We request that such individuals do not provide Personal Data. If you become aware or have any reason to believe that a child has shared any Personal Data with us, please contact us at: [email protected].
We use cloud base services to store data we process. Thus, while accessing or engaging with the Services, the international transfer of Personal Data may occur. Please note that we implement appropriate safeguards to protect data transferred as well as your rights in connection with such data. Any transfer of Personal Data shall be made in accordance with applicable law.
The website or our Services does not respond to Do Not Track signals. For more information about Do Not Track signals, please see: http://www.allaboutdnt.com/.
If you have any questions or concerns regarding privacy issues, or if you wish to be provided with any other information related to our privacy practices, please contact us at:
Alon Tower 1, Yigal Alon 94