Recently updated: December 21st, 2019
Terayos Ltd. (“Company” or “we” or “us”) values the privacy rights of our users (“you” or “yours”). Thus, we have designed this Privacy Rights Policy (“Privacy Rights Policy” or “Policy”) as an overview of your rights regarding your personal data, under the following legislation:
(i) The EU General Data Protection Regulation (“GDPR”), which shall apply to you in the event you are a resident of the European Economic Area (“EEA”); and
(ii) The California Consumer Privacy Act of 2018 ("CCPA") which shall apply to you in the event you are a “California resident”, as defined under the CCPA, meaning, if you are in California for other than a temporary or transitory purpose or you are domiciled in California.
If you wish to submit a request to exercise any of your rights, please fill in the form available at: https://www.top5bestmattresses.com/files/DSR.pdf.
Definition of Personal Data
“Personal Data” is defined under the GDPR as any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Online identifiers may be considered as Personal Data, such as IP addresses, cookie identifiers, and radio frequency identification tags. It covers publicly available data as well.
Your Rights under the GDPR
Your Right to Be Informed
You have the right to be informed with the Company’s details (e.g. name, address, etc.), as well as why and how we process Personal Data. This right includes, among others, the right to be informed with the identity of the business, the reasons and lawful basis for processing Personal Data, and additional information necessary to ensure the fair and transparent processing of Personal Data (for specific information that must be provided to you please see Exhibit A).
Access
You have a right to request us to confirm whether we process certain Personal Data related you, as well as a right to obtain a copy of such Personal Data, with additional information regarding how and why we use this Personal Data. After we receive such request, we will analyze and determine the veracity and appropriateness of the access request and provide you with the applicable confirmation of processing, the copy of the Personal Data or a description of the Personal Data and categories of data processed, the purpose for which such data is being held and processed, and details about the source of the Personal Data if not provided by you. Our response detailed above will be provided within the period required by law (please see additional information under “Response Timing and Format” below).
Rectification
If Personal Data held by us is not accurate, you may require us to update such data so it is accurate. Further, in the event we have passed on incorrect information about you to a third party, you also have a right to oblige us to inform those third parties that the applicable information should be updated.
Erasure ("right to be forgotten")
You have the right to require us to erase certain Personal Data, subject to fulfillment of specific conditions. We are required to comply with a request to exercise the right to be forgotten, and delete the requested Personal Data if:
(i) the applicable Personal Data is no longer needed for the original purpose for which it was collected and in addition, there is no new lawful basis for continued processing;
(ii) the lawful basis for processing is consent of you request to withdrew the consent provided by you;
(iii) you have exercised your right to object to the processing of your Personal Data by us, and we have no overriding grounds for the processing of such Personal Data;
(iv) the Personal Data is processed by us unlawfully; or otherwise, the erasure of your Personal Data is necessary to comply with applicable laws.
In addition, in the event we have passed on your Personal Data to a third party, you have the right to us to request those third parties to erase such information.
Please note that, this right to erasure is not absolute. We are entitled to reject your request to erase the data in the event that we find it (subject to applicable laws):
(i) necessary to comply with legal obligations;
(ii) necessary to establish, exercise or defend legal claims; or
(iii) necessary for scientific purposes, etc.
Object
With regards to Personal Data processed by us under the lawful basis of our legitimate interests, you may object to our processing on such grounds. However, even if we receive your objection, we will be permitted to continue processing the Personal Data in the event that (subject to applicable laws and regulations):
(i) our legitimate interests for processing override your rights, interests and freedoms;
(ii) the processing of such Personal Data is necessary to establish, exercise or defend a legal claim or right, etc.
Restriction
You may request to limit the purposes for which we process your Personal Data in the event that:
(i) the accuracy of the data is contested;
(ii) restriction is requested instead of erasure where the processing is considered to be unlawful;
(iii) we no longer need the Personal Data for its original purpose, but the data is still required to establish, exercise or defend legal rights; or
(iv) consideration of overriding grounds in the context of an erasure request.
Data Portability
You may request us to send or "port" your Personal Data held by us to a third-party entity however solely when:
(i) you have provided us the Personal Data;
(ii) it is processed automatically;
(iii) it is processed on the legal bases of either consent or fulfilment of a contract.
Response Timing and Format
We endeavor to respond to a verifiable consumer request with undue delay and in any event within 30 days from the receipt of the request. If we require more time, we will inform you of the reason and extension period in writing. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Please submit a request by either:
Filling in the form available at: https://www.top5bestmattresses.com/files/DSR.pdf
Emailing us at [email protected]
Definition of Personal Information
“Personal Information” is defined as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The categories of information become personal information if that information identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household. Identifiers can be Personal Information, such as a real name, alias, postal address, unique personal identifier, online identifier IP address or other similar identifiers also It does not cover publicly available information.
Your Rights under the CCPA
All of the rights detailed above under the GDPR also apply to individuals under the CCPA except for the following exceptions:
Right to be informed
The categories of Personal Information collected/sold/disclosed by us in the previous 12 months must be provided to you (for specific information that must be provided to you please see Exhibit A).
Right of Access
The right applies only to Personal Information collected in the 12 months prior to the request and we are not required to provide access to Personal Information more than twice in 12 months.
Right to deletion
Under the CCPA, there are no specific situations of deletion and no justifications needed for a deletion request.
In addition to the exceptions enumerated under the GDPR, we are not required to comply with the right to deletion in the following circumstances:
(i) to perform a contract between you and us;
(ii) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity;
(iii) debug to identify and repair errors that impair existing intended functionality;
(iv) to enable solely internal uses that are reasonably aligned with your expectations based on the our relationship with you;
Explicit Notice
Under the CCPA a third party is prohibited from selling information about you that has been sold by us unless you have received explicit notice and provided the opportunity to opt out.
Nondiscrimination
You must not be discriminated for exercising any of your rights, including by:
(i) denied goods or services;
(ii) charged different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
(iii) provided a different level or quality of goods or services;
(iv) suggested they will receive a different price or rate for goods or services.
Notwithstanding the above it is allowed to set up schemes for providing financial incentives and you can opt-in to become part of them.
Data Portability
Your right under the CCPA is limited to allowing you receive Personal Information, and it does not extend to having us transfer the information to another business.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days. If we require more time, up to 90 days, we will inform you of the reason and extension period in writing. Under the CCPA your rights only applies to the Personal Information collected 12 months prior to the request and you are not entitles to submit more than 2 requests in a 12 months period.
Please submit a request by either:
Filling in the form available at: https://www.top5bestmattresses.com/files/DSR.pdf
Emailing us at [email protected]
Website Address: https://www.top5bestmattresses.com
Exhibit A
Information on the following must be provided to you under the GDPR and CCPA:
1) the categories of Personal Data processed;
2) the purposes of processing;
3) the existence of data subjects’ rights and the contact details of the data protection officer.
Information provided only under the GDPR:
1) contact details of the data protection officer;
2) the legitimate interest of the data controller or the third party;
3) the recipients or categories of Personal Data;
4) transfer of data to third parties;
5) data retention period;
6) the right to withdraw consent at any time;
7) the right to lodge a complaint with a supervisory authority.
8) when data is necessary for the performance of a contract, the possible consequences of not doing so;
9) the existence of automated decision-making including profiling, including the logic involved and consequences of such processing.
Information provided only under the CCPA:
1) the categories of Personal Information collected;
2) the sources from which the information was collected;
3) the business or commercial purpose for collecting or selling the information;
4) categories of third parties with whom the business shares the information;
5) the specific pieces of Personal Information the business collected about the consumer.
Top5BestMattresses.com uses cookies for personalizing content, tailoring advertising and measuring site usage. Please approve by clicking "I accept", or visit our Cookie Policy for more information.