General Data Protection Regulation

At Mattress Online, we welcome the General Data Protection Regulation (GDPR). It's a transparent way for us to explain what personal data we need and how we use it.

Here, we explain how your personal data is controlled and processed. We also explain how to exercise your rights.

Your order and payment

We need some personal information so that you can shop with us.

Data we need to fulfill your orderWhy we need it
Title, first name, last name and phone numberTo contact you if we need to discuss your order or delivery.
Title, first name and last name of the person receiving the deliveryTo know who will receive the item(s) at the delivery address.
Delivery addressTo deliver your item(s) to the right place.
Payment informationWe pass this to our payment provider who processes payments. We do not store your payment details.
Email addressTo email your order confirmation and order status updates.
Invoice addressTo match against the registered card holder's address and ensure that your card isn't being used fraudulently.
IP addressWe pass this to our fraud screening provider to help prevent any fraudulent transactions.

We use trusted payment providers to validate and process your payment. We also take precautions to prevent fraud.

Your payment methodData we use
Credit or debit cardWe pass your data to our payment provider, SagePay, to validate and process your payment. We also share your data with Mastercard Payment Gateway Services for fraud screening.
PayPalPayPal shares your name and address with us so we can complete your order.
Klarna interest-free financeWe pass your data on to our interest-free finance provider - Klarna. Klarna requires information including your mobile phone number, email address and payment details. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna's privacy policy.

Your delivery

In order to deliver your item(s), we share your details with one of our trusted courier partners: either Panther or UKMail. The courier we use depends on which items you purchase and your delivery location.

If your purchase is 'direct from supplier', our suppliers arrange your delivery with their selected courier.

Data we need for your deliveryWhy we need it
Title, first name and last name of the person receiving the deliveryTo know who will receive the item(s) at the delivery address.
Delivery addressTo deliver your item(s) to the right place.
Phone numberTo send you text message updates about your delivery and call you if there are any issues.

Reviewing your product and our services

Your reviews help us know what we're doing right - and how we can improve. They also help other customers choose the right product and learn more about who we are.

You'll receive one email from each of our trusted, independent reviewing partners. Reevoo will invite you to review your product and Trustpilot will invite you to review our services.

So you can review your product and our services, we use the following data:

Your dataHow we use it
Email addressSo Trustpilot and Reevoo can email you invitations to review your product and our services.
First nameSo you can be greeted personally.
Order and product IDSo you can review the correct product.
Purchase and delivery datesTo give you time to use your product before reviewing it.

Your email preferences

We use Mailchimp to send you emails about our special offers and discounts. We also offer the best sleep tips and product advice to help you get the most out of your new purchase.

Every email you receive has a clear unsubscribe link so you can opt-out of receiving further emails at any time.

If you opt-in to receive emails, we use the following data:

Your dataHow we use it
First nameTo greet you personally when we email you.
Email addressTo send you information by email.

If you opt-in to receive our promotional emails, in addition to the above we also use the following data:

Your dataHow we use it
Purchase dateSo we don't send you emails too frequently.
Purchase product typeTo offer you the most relevant promotional information.

Your IP address

Whenever you connect to our website, your web browser makes a web request to our servers. This web request includes your IP address which is considered personal data.

There is no simple way to prevent your IP address being sent over the internet. This is true for any website. We do, however, treat your IP address with great care.

Below, we explain how we use your IP address:

How we use your IP addressWhy we need it
Web server logsOur web servers automatically log all web requests. The only personal information this includes is your IP address. We need this so we can monitor the behaviour of all web requests. This helps us protect the security of our servers.
Fraud preventionAt the point of purchase, we pass your IP address to Mastercard Payment Gateway Services to help prevent fraudulent transactions.
Web hosting providerOur web hosting provider uses your IP address to prevent any Distributed Denial of Service (DDoS) attack and enable rate limiting of web requests. This ensures the availability of our web servers.
Analytics (including Google Analytics)We use third-party cookies to capture data for analytics purposes. However, your IP is anonymised to ensure that your personal data is removed from any analytical data stored.

How we store your data

We use systems to protect, simplify and improve the management of your data.

SystemHow we use it
Web hosting providerWe use CloudFlare and Rackspace to serve web traffic to you. We store your order information within Rackspace. We do not store your payment information.
Customer Relationship ManagementWe use Google's G Suite and Sirportly to store any correspondence and additional supporting information to fulfill your order.
Telephone communicationsWe record telephone calls with Daisy Communications to ensure we have the most accurate information in the event of an issue. We route all incoming phone calls via Infinity Tracking Ltd and Daisy Communications so we can ensure we remain efficient when dealing with telephone enquiries.
Cloud storageWe use cloud storage to securely store a record of your order and delivery details. We store your name, delivery address, telephone number and email address. We only keep the details required to process your order.

View, change or remove your data

To view, remove or change your consent around your data, please email:

You have the right to request this at any time. We will respond to all requests within 28 days of submission - this service will be provided completely free of charge.