Privacy and Data Protection Policy

1.           General

1.1         L K & G Group Limited trading as Milam (“we”, “us” or “Milam”) takes the privacy of your information very seriously. Our Privacy and Data Protection Policy is designed to tell you, the user of our website and services (together referred to as the “Site”) about our practices relating to the collection, use and disclosure of personal and other information about you, your enterprise or your organisation that may be provided via our website and any other digital product provided by Milam or collected through other means such as an online form, email, or telephone communication.

1.2         This policy applies to information provided by our users, whether they have purchased goods from us or not.

1.3         By using the Site, you are consenting to the collection, use, and disclosure of that information about you in accordance with this policy.

1.4         This policy is governed by the EU General Data Protection Regulation (the “GDPR”) from 25 May 2018 and until 25 May 2018 is governed by the Data Protection Act 1998.

2.           Ways that we may collect information

2.1         We may collect and process the following personal information or data (information that can be uniquely identified with you) about you:

   2.1.1     your name, residential address, contact address and numbers, email address, photos, information and content you may have created or provided through your use of the Site;

   2.1.2     any billing address provided to us;

   2.1.3     information you have provided in order to place an order with us;

   2.1.4     payment information we may use to collect payment (if applicable);

   2.1.5     a record of any correspondence between you and us;

   2.1.6     replies to any surveys or questionnaires that we may use for research purposes;

   2.1.7     details of your visits to the Site, the resources and pages that you access and any searches you make;

   2.1.8     any information we may require from you when you report a problem or complaint;

   2.1.9     information about any goods you have purchased.

2.2         We only collect such information when you choose to supply it to us. You do not have to supply any personal information to us but the Site may not be operable in practice without providing personal information to us.

3.           Cookies              

3.1         What are cookies?

A cookie is a small piece of text based file stored locally on your computer and contains information about your activities on the Internet.  Cookies can be temporary files (only lasting as long as your website visit), or permanent (being stored on your computer until your next visit to the website). Cookies can also be first party (that is, they are created by the website the user is visiting), or third party (that is, they are placed on a user's hard disk by a Web site from a domain other than the user is visiting). Third-party cookies could record information about whether you have clicked on certain content on our Site or other websites. We do not have control over, or access to, third-party advertising cookies or the information they contain. Third parties manage these in accordance with their privacy policies. Cookies generally allow websites to function properly, and improve your experience of the internet.

3.2         How are cookies used?

On our Site, we use cookies to track users' progress through the Site, allowing us to make improvements based on usage data. A cookie helps you get the best out of the Site and helps us to provide you with a more customised service.

You have the ability to accept or decline cookies. We are required to obtain your consent to use certain cookies. Other cookies (operationally necessary cookies, functionality cookies and performance cookies) are exempt from this requirement therefore we only require your consent for those cookies that are not exempted. If you continue to use the Site having seen the notice on the Site then we assume you are happy for us to use these cookies.

You can withdraw your consent at any time by deleting all cookies on your devices and/or by changing the cookie settings of your browser or device. However, you will not be able to make full use of our online services.

An Internet Protocol (IP) address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet. We may use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our Site, and to administer and improve the Site.

3.3         How can I manage cookies?

Most browsers have options to manage/remove/disable cookies should you wish to do so:

Manage Cookies on Chrome:

https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en

Manage Cookies on Firefox:

https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Manage Cookies on Safari:

https://www.whatismybrowser.com/guides/how-to-enable-cookies/safari

Disabling cookies may impact your experience on our website.

3.4         What kinds of cookies are used on our site?

   3.4.1     Operational Cookies

   These cookies enable our website to function properly. If you disable these cookies, the Site will not function correctly.

   3.4.2     Performance Cookies

   These cookies collect anonymous data about visitors to our website. These cookies can monitor traffic and help us identify and remedy and problems with our      website.

   3.4.3     Functionality Cookies

   These cookies help to improve your experience of a website by providing a more personalised service for example they recognise and remember your preferences    such as language, location etc.

   3.4.4     Marketing Cookies

   These cookies are used to deliver advertisements that are more relevant to you and your interests. They are also used to limit the number of times you see an      advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a platform and this information may be shared with other organisations such as advertising partners. This means after you have been to our platform you may see some advertisements about our services elsewhere on the Internet.

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at: http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

-             GOOGLE - https://www.google.com/settings/ads/anonymous

-             FACEBOOK - https://www.facebook.com/settings/?tab=ads

-             Visit the Network Advertising Initiative: http://optout.networkadvertising.org/?c=1#!%2F

4.           Use of Personal Informaiton

4.1         We may use your information to:

   4.1.1     ensure that the content of the Site is presented in the most effective manner for you and for your device;

   4.1.2     customise the Site to your preferences;

   4.1.3     provide information, products and services to you;

   4.1.4     assist in the administration of the Site (if any);

   4.1.5     assist in making general improvements to the Site;

   4.1.6     carry out and administer any obligations arising from any agreements entered into between you and us including any orders you place with us;

   4.1.7     contact you and notify you about changes to our products and services or to provide information to you about our products and services, provided that we comply with the Privacy and Electronic Communications Regulations (and we agree that you will always have the right to opt out of any such communications);

   4.1.8     manage any orders you place with us and provide you with customer support;

   4.1.9     analyse how our services are used and to identify trends;

   4.1.10   administer the Site for internal purposes, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

4.2         We may also use aggregated, anonymised data which includes personal data you have supplied to sell advertising space on the Site or market services to other users but if we do this then we will not disclose your data in a form which allows you to be identified and we will not process your personal information in this way if you object.

5.           Data Retention

5.1         Our current data retention policy is to delete or destroy (to the extent we are able to) the personal data we hold about you after a period of 6 years from the date of delivery of any goods to you if you have placed an order with us. This is the period during which you are entitled to make a legal claim relating to an order.

5.2         If you have not placed an order with us then we will delete any personal information we hold about you after 12 months. 

5.3         We review the personal data (and the types of personal data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this data as may be required.

5.4         If you wish to request that data we hold about you is amended or deleted, please refer to clause 8 below, which explains your privacy rights.

6.           Sharing your information

6.1         We do not disclose any information you provide to any third parties other than as follows:

   6.1.1     where information such as your address needs to be passed to third parties who provide support in the provision of goods and services (for instance a delivery company);

   6.1.2     payment information may be provided to our payment processors or bank (if applicable);

   6.1.3     if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);

   6.1.4     in order to enforce any terms and conditions or agreements between you and us that may apply;

   6.1.5     where we carry out research to gain an insight into the use of our services, the results of this research may be transferred to interested third parties but will not disclose your data in a form which allows you to be identified and we will not process your personal information in this way if you object;

   6.1.6     we may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected;

   6.1.7     to protect the rights, property, or safety of us, our users, or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

6.2         Other than as set out above, we shall not disclose any of your personal information unless you give us permission to do so.

6.3         If we do supply your personal information to a third party we will take steps to ensure that your privacy rights are protected.

7.           Security

7.1         In order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage, we will take all reasonable steps to ensure that the following technical measures are carried out:

   7.1.1     our servers are protected by both hardware and software firewalls;

   7.1.2     our data processing storage facilities are sited in secure locations;

   7.1.3     all data stored on our server is encrypted with an industry standard encryption method that encrypts the data between your computer and our server so that in the event of your network being insecure no data is passed in a format that could easily be deciphered;

   7.1.4     when we dispose of or delete your data it is done so securely;

   7.1.5     all data we hold is regularly backed up and encrypted.

7.2         We will take reasonable steps to ensure that all employees and other parties working on our behalf are aware of their obligations under this policy. This policy and our procedures for handling personal data will be reviewed as necessary.

7.3         Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use the strict procedures and security features referred to in this clause to try to prevent unauthorised access.

8.           Your privacy rights

8.1         The GDPR gives you the following rights in respect of personal data we hold about you:

- The right to be informed            

You have a right to know about our personal data protection and data processing activities, details of which are contained in this policy.

- The right of access         

You can make what is known as a Subject Access Request (“SAR”) to request information about the personal data we hold about you (free of charge, save for reasonable expenses for repeat requests). If you wish to make a SAR please contact us as described below.

- The right to correction  

Please inform us if information we hold about you is incomplete or inaccurate in any way and we will update our records as soon as possible, but in any event within one month. We will take reasonable steps to communicate the change to any third parties to whom we have passed the same information.

- The right to erasure (the ‘right to be forgotten’)              

Please notify us if you no longer wish us to hold personal data about you (although in practice it is not possible to provide our Service without holding your personal data). Unless we have reasonable grounds to refuse the erasure, on receipt of such a request we will securely delete the personal data in question within one month. The data may continue to exist in certain backup, but we will take steps to ensure that it will not be accessible. We will communicate the erasure to any third parties to whom we have passed the same information.

- The right to restrict processing 

You can request that we no longer process your personal data in certain ways, whilst not requiring us to the delete the same data.

- The right to data portability       

You have right to receive copies of personal data we hold about you in a commonly used and easily storable format (please let us know a format which suits you). You may also request that we transfer your personal data directly to third party (where technically possible).

- The right to object         

Unless we have overriding legitimate grounds for such processing, you may object to us using your personal data for direct marketing purposes (including profiling) or for research or statistical purposes. Please notify your objection to us and we will gladly cease such processing.

- Rights with respect to automated decision-making and profiling             

You have a right not to be subject to automated decision-making (including profiling) when those decisions have a legal (or similarly significant effect) on you. You are not entitled to this right when the automated processing is necessary for us to perform our obligations under a contract with you, it is permitted by law, or if you have given your explicit consent.

8.2         All SARs and other requests or notifications in respect of your above rights must be sent to us in writing to hello@milammattress.co.uk.

8.3         We will endeavour to comply with such requests as soon as possible but in any event we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).

9.           Data Breaches

9.1         If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to the Information Commissioner’s Office (ICO) and/or our data protection officer (if one has been appointed).

9.2         If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.

10.         Other websites

10.1       Our Site may contain links and references to other websites. Please be aware that this policy does not apply to those websites.

10.2       We cannot be responsible for the privacy policies and practices of sites that are not operated by us, even if you access them via the Site and/or any other service that is operated by us. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

10.3       In addition, if you came to this Service via a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.

11.         Transferring your information outside of Europe

11.1       As part of the services offered to you the information you provide to us may be transferred to, processed and stored at, countries outside of the EEA. By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. We may also share information with other equivalent national bodies, which may be located in countries worldwide. These countries may not have similar data protection laws to the UK. If we transfer your information outside of the EEA in this way, we will take reasonable steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.

11.2       If you use our Service while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.

11.3       By submitting your personal information to us you agree to the transfer, storing or processing of your information outside the EEA in the manner described above.

12.         Notification of changes to this policy

We will post details of any changes to our policy on the Site to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.

13.         Policy towards children

The Site is not intended for and should not be accessed by individuals under 16. Our policy is not to intentionally or knowingly collect, process, maintain or use personal information from any individual under the age of 16.

14.         Contact us

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to your personal information or how it is handled, you can do so via the following email address: hello@milammattress.co.uk

If we are unable to resolve any issues you may have, you can contact the ICO at http://www.ico.org.uk/ for further assistance.

Your journey towards naturally perfect sleep