Data Protection

We are delighted that you have visited us at and thank you for your interest. Protection of your privacy when you visit our website is important to us.

By means of this Data Protection Policy, we provide our users with full and transparent information about the type, extent and purpose of collection and use of personal data in connection with the use of our website.

The data controller for processing of personal data within the scope described here is GmbH (, represented by its managing director Adam Szpyt, Tauentzienstr. 11, 10789 Berlin, Germany.

You can contact our data protection officer at [email protected] or at our postal address, marked for the attention of the data protection officer.

Please take a moment to read the following information about how we handle and protect your data when you visit our website.

We comply with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG), the German Social Code X (SGB X) and other regulations of data protection law. We carry out the following data processing procedures:

Collection, Processing and Use of Data by

Logfiles – Users can visit our website without providing specific information about their identity. Every time our site is accessed, system-related usage data are logged by our servers. The following information is transmitted by the web browser and stored in so-called server logfiles: the date and time of access, name of the file accessed, data volume transmitted, notification of successful access, web browser, requesting domain and IP address of the requesting computer. We use these data to ensure fault-free technical operation of our website, in particular to detect faults in the system, and they are erased at the latest 60 days after collection. The legal basis for this storage is Art. 6 (1) (f) GDPR.

Registration – For users who create a user account on our website, we collect, process and use the following personal data: first name, surname, e-mail address and password. We use these data to create your user account, which we provide for your use and through which we contact you about matters relating to your user account. Your contact details (address, fax number, telephone number and your billing and delivery address(es)), your previous orders and information about your newsletter subscription are also stored in your user account when you place an order. The legal basis for this storage process is, on the one hand, Art. 6 (1) (b) GDPR; on the other hand, it is Art. 6 (1) (f) GDPR, as we have a legitimate interest in being able to provide more specific assistance or an easier process for subsequent orders by collecting the data. We erase the registration data if no purchase is made, at the latest after six months from deregistration. If you make a purchase, the following regulations apply in relation to that purchase.

Purchase – For users who order one of the products offered on our website in return for payment, a mattress for example, we collect, process and use the following personal data: e-mail address, first name, surname, street and house number, any additional address details, town or city, post code, country and telephone number. Depending on the payment method you choose, we also process payment details, such as account number and sort code. We use these data to process the purchase you make, in particular to send you the product you have ordered. We pass on your personal order data to third parties (in particular, suppliers and financial service providers) for the purposes of processing the contract as far as is necessary. The legal basis for this data processing is Art. 6 (1) (b) GDPR and, as we also have retention obligations under tax law, Art. 6 (1) (c) GDPR. The data are erased when we no longer require them for contractual reasons or under tax law, at the earliest therefore 10 years after delivery of the mattresses.

Newsletter – Users have the option to register voluntarily to receive a newsletter (available in German language only) by e-mail. In this case, we process the following personal data so that we can inform you by e-mail newsletter of forthcoming offers and special deals in our web shop: surname, first name and associated e-mail address. The legal basis for this data processing is Art. 6 (1) (a) GDPR. The data is erased four years after cancellation of the newsletter.

Users can cancel their subscription to the newsletter at any time with effect from that point forward by sending a cancellation e-mail to [email protected], simply clicking on the link at the end of the newsletter or cancelling the newsletter in the customer area. The legal basis for use is Art. 6 (1) (a) GDPR. Following cancellation, we will no longer use the data to send the newsletter but only for evidential purposes and for legal defence against action relating to distribution of newsletters (Art. 6 (2) (f) GDPR).

We use the technical service provider MailChimp to distribute our customer newsletter. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA (MailChimp). If you subscribe to our newsletter, the data that you provide are transmitted to MailChimp and stored there. MailChimp offers extensive analytical options in relation to use of the newsletters. These analyses are group-based and are not used by us for individual analysis. MailChimp also uses the analytical tool Google Analytics and integrates it in part into the newsletters. MailChimp takes part in the EU-US Privacy Shield framework programme of the US Trade Department and the European Commission in relation to collection, use and storage of personal data from the Member States of the European Economic Area. You can obtain information about which data MailChimp collects, processes and uses and for what purposes within the framework of the EU-US Privacy Shield framework programme here: Further information about MailChimp and data protection at MailChimp is available here:

Reviews – The satisfaction of our customers with our products and service is extremely important to us. In order to survey your satisfaction, we may contact you with your unique order number from your order, your name and your e-mail address which you provided in the order process. The legal basis for this is Art. 6 (1) (f) GDPR.

For distribution of e-mails, we use the services of the technical service providers Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen, Denmark, Trusted Shops GmbH, Colonius Carré, Subbelrather Straße 15c, 50823 Cologne, Germany and MailChimp, The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA.

Communication – Customers have the opportunity to consult our customer service with questions. In this case, we process the personal data that you have provided to us voluntarily, solely for the purposes of answering your query as effectively as possible and making contact with you (Art. 6 (1) (b) GDPR, Art. 6 (1) (f) GDPR).

Payment Service Provider for Purchase on Account and Hire Purchase

We offer various types of payment to our customers. For the “payment on account” and “hire purchase” payment types, we use the payment service provider Klarna AB (hereinafter referred to as Klarna), Sveavägen 46, 111 34 Stockholm, Sweden.

We ask customers who choose one of these payment types to give their consent in the course of the ordering process for us to transmit to Klarna the personal data required to process the payment and to check your identity and creditworthiness, such as your first name and surname, address, date of birth, gender, e-mail address, IP address and telephone number, and the data required to process the purchase on account that are associated with the order, such as the number of items, the item number, the invoice amount and the percentage of tax. Klarna may pass on personal data to credit agencies to carry out the check of identity and creditworthiness. An overview of the credit agencies involved can be found in Klarna’s data protection policy:

You may withdraw your consent to Klarna to use these personal data at any time. You will find Klarna’s contact details in its legal notice at:

Security Information

We work continuously to make the most of all of the technical and organisational options available to protect the personal data of our customers from access by unauthorised third parties. Communication by e-mail, however, brings with it risks that cannot be excluded entirely. We recommend that you communicate confidential information to us by post.

Information About Cookies

We use cookies on our website. Cookies are small text files that your internet browser places and stores on your computer. We use cookies to recognise users who repeatedly access our website. When the user revisits our site, these cookies provide information that allows automated recognition of that user. This information is used to optimise our services and to give the user easier access to our site. We also use cookies to enhance users’ shopping experience on the website, in particular by storing items already placed in the shopping basket for an hour. Users can prevent cookies from being stored on their hard drive by selecting “Do not accept cookies” in their browser settings. This may however, restrict some of the functions of our website.

Most of the cookies we use are so-called “session cookies”, which are erased as soon as you end your browser session. There are also cookies that are stored for longer periods for the shopping basket and login status, with the aid of which we recognise you as a visitor to These cookies expire after one hour. In addition, Google Analytics uses persistent cookies, which are valid for up to two years.


We use the “Website Custom Audiences” service of the social network Facebook on This service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, and makes it possible for us to display advertising to a defined target audience on Facebook. According to its own information, Facebook generates a non-reversible and non-personal checksum (hash value) from your usage data through this service, which Facebook can use for the purposes of analysis and marketing. For the “Website Custom Audiences” product, a cookie, web beacon, pixel or similar technology is accessed by Facebook on the website and may be stored on your end device. As the service and the data processing carried out through this service are solely the responsibility of Facebook, we do not have any influence over possible processing of personal data. Further information about the purpose and extent of data collection, further processing and use of the data by Facebook and your setting options to protect your privacy is available in Facebook’s data protection policy, which can be found at and, among other places. If you wish to object to the use of Facebook Website Custom Audiences, you can exercise your right to object (opt-out) at:

Google Analytics

Principles – The website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and which facilitate analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and is saved there. If IP anonymisation is activated on this website, your IP address is first truncated by Google in Member States of the Europe Union and in other countries that are signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted by Google to a server in the USA and truncated there. Google uses this information on behalf of the operator to analyse your use of the website, compile reports about website activities and provide other services associated with use of the website and the internet to the website operator. The IP address transmitted by your browser in the context of Google Analytics is not combined with any other Google data. You can prevent storage of cookies by means of a corresponding setting in your browser software; please note, however, that in this case you may not be able to use all functions of this website to their full extent. In addition, you can prevent recording of the data generated by the cookie relating to your use of the website (including your IP address) by Google and processing of that data by Google (including your IP address) by downloading and installing the browser plugin available at

Opt-out Function – Users have the option to prevent recording of data by Google Analytics by clicking on Deactivate Google Analytics. An opt-out cookie is set that prevents future recording of your data when visiting this website.

Further information about the terms of service and data protection can be found at: and at:

We wish to point out that Google Analytics has been extended on the website of to include the code “anonymizeIp”, which ensures anonymised recording of IP addresses (so-called IP masking).

We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. If you do not want this to happen, you can deactivate it via the ad preferences manager (

Google reCAPTCHA

For our contact form, we use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This function serves to reduce the level of abuse of our contact form by automated processes (‘bots’). For this process, your IP address and further data that may be required for the purpose of identifying abusive conduct are transmitted to Google. The processing is subject to Art. 6 para. 1 (f) GDPR in the legitimate interest of preventing abuse and spam, as well as guaranteeing the technical integrity of our website. Within this context, personal data can be transferred to Google LLC’s servers in the USA. In such case, Google LLC is certified under the US-European data protection convention ‘Privacy Shield’, which ensures compliance with the level of data protection applicable in the EU. A current certificate is available to view here: Further information on Google reCAPTCHA, as well as the privacy policy of Google is available at:


Principles – We use the technical service of Criteo GmbH on the website of Anonymised information about the surfing behaviour of website visitors is collected and stored for marketing purposes. These data are stored in cookies on the visitor’s computer. Criteo GmbH uses an algorithm to analyse the anonymised surfing behaviour recorded and can then display specific product recommendations as personalised advertising banners on other websites (so-called publishers). These data are not used to identify you in person as a visitor to our websites. The data collected are used only to improve our service. No other use is made of this information and it is not passed on to any third party.

You will find further information about the technology used in the data protection policy of Criteo GmbH at:

Opt-out Function – You can object to anonymous analysis of your surfing behaviour on our website by ticking the box to opt out of the technical service of Criteo GmbH at:


This website uses Hotjar, a web analysis service of Hotjar Ltd, Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta (“Hotjar”). Hotjar uses cookies. The information generated by the cookies about your use of this website is usually transmitted to a Hotjar server and stored there. Hotjar uses this information to analyse your use of the website and compile reports about website activities. The following data is stored in particular: IP address in anonymised form; web pages viewed and pattern of movement on those pages; number and position of clicks on links; browser type and version; screen size of the end device used.

Hotjar states that it does not store personal data or movements on profile pages that contain personal data. According to Hotjar, IP addresses are stored in anonymised form only. Further information about data protection and Hotjar can be found in Hotjar’s data protection policy: Hotjar also provides the option of objecting to data processing by the cookie with effect from that point forward by activating the “Do Not Track” function of browsers. You can find out how to activate this here:

If you do not want information about your behaviour to be used by Hotjar as described above, you can deactivate automatic acceptance of cookies in general in your browser settings.

We also use the option provided by Hotjar of receiving anonymous user feedback in the form of so-called “Feedback Polls”. Website visitors can give us feedback about our website by means of this function without providing personal data. Sometimes you may have the option to send us a feedback message on a voluntary basis as a user. If personal data are included in this message (e.g. your name), we then process these data solely for the purpose of evaluating the feedback and, if appropriate, contacting you about your feedback.


Processing Outside the European Economic Area does not process any personal data outside the scope of the European Data Protection Regulation other than in the cases specified in this Data Protection Policy.

Your Rights As a Data Subject and Withdrawal of Your Consent

The General Data Protection Regulation guarantees you certain rights that you can assert in respect of us. You have the right:

– to demand confirmation from us about whether we are processing personal data about you and if so, the precise details of that data processing (Art. 15 GDPR: Right of access by the data subject),

– to demand that we immediately rectify incorrect personal data about you. In accordance with the purpose of the processing, you also have the right to demand completion of incomplete personal data – including by means of an additional declaration (Art. 16 GDPR: Right to rectification),

– to demand that we immediately erase personal data about you (Art. 17 GDPR: Right to erasure),

– to demand that we restrict processing (Art. 18 GDPR: Right to restriction of data processing),

– in the case of processing on the basis of consent or to fulfil a contract, to receive the personal data about you that you have provided to us in a structured, commonly used, machine-readable format and to transmit those data to another controller without hindrance from us or to transfer the data directly to the other controller insofar as this is technically feasible (Art. 20 GDPR: Right to data portability),

– to object, on grounds relating to your particular situation and at any time to processing of personal data concerning you that is necessary for the performance of a task carried out for reasons of public interest or to exercise public authority (Art. 21 GDPR: Right to object),

– to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law (Art. 77 GDPR in conjunction with § 19 BDSG: Right to lodge a complaint with a supervisory authority).

Finally, if you have given us your consent, you have the right to withdraw that consent at any time. All data processing that we have carried out up to the time of your withdrawal remains lawful in this case. You can simply click on the link included in all e-mails for this purpose and deregister from the e-mail service, or send a message to [email protected] If you notify us in this message that you do not wish to receive e-mails in future, we will not send any more e-mails to the e-mail address provided by you. E-mails that we send to you to fulfil any contract concluded with you are not affected by this.

As of: 29 July 2019