WantMattress is an independent mattress review website based in the UK. We are committed to protecting your privacy and handling your personal data responsibly. This policy explains what data we collect, why we collect it, and what rights you have.
1 Who We Are
WantMattress is the data controller for the personal data described in this policy.
If you have any questions about this policy or how we handle your data, please contact us using the details above.
2 What Personal Data We Collect
We collect different types of data depending on how you use our site.
Data you give us directly
- Contact form submissions: Your name, email address, and message content when you get in touch with us.
- Sleep University accounts: Your email address and any profile information you provide when creating an account to access our learning content.
Data collected automatically
- Analytics data: Pages visited, time on site, browser type, device type, and approximate location (country/region level). We use Cloudflare Zaraz for analytics.
- Search queries: What you search for on our site, processed through Algolia to return product results.
- Traffic source data: How you arrived at our site, including UTM parameters and referring websites. This is stored in a first-touch cookie so we understand which channels bring visitors to WantMattress.
- Cookies and similar technologies: We use cookies for site functionality, analytics, and remembering your preferences. Full details are in our Cookie Policy.
Data we do not collect
WantMattress does not sell mattresses or any other products directly. We do not collect payment information, delivery addresses, or any financial data. When you click through to a retailer such as Dreams, Bensons for Beds, or Mattress Online, any purchases and associated data are handled entirely by that retailer under their own privacy policy.
3 Why We Collect Your Data and Our Legal Basis
Under UK GDPR, we must have a lawful basis for processing your personal data. Here is what we use and why.
- Consent: We rely on your consent for non-essential cookies and analytics tracking. You can manage your cookie preferences at any time via our cookie consent banner or our Cookie Policy page.
- Contract performance: When you create a Sleep University account, we process your data to provide the service you signed up for.
- Legitimate interests: We use analytics data to understand how visitors use our site, improve our content, and monitor site performance. We also track traffic sources to measure the effectiveness of our content. We have assessed that these interests do not override your rights and freedoms.
4 Who We Share Your Data With
We do not sell your personal data to anyone. We share data only with the following types of third parties, and only to the extent necessary for running our site.
- Cloudflare: Provides our CDN (content delivery network), security, and analytics services. Cloudflare processes analytics data on our behalf. Cloudflare Privacy Policy.
- Algolia: Powers our product search functionality. Search queries are sent to Algolia to return results. Algolia Privacy Policy.
- Affiliate retailers: When you click an affiliate link, the destination retailer may receive a referral identifier so we can be credited for the referral. We do not send your personal data to these retailers.
- Hosting providers: Our web hosting provider stores site data, including any information submitted through forms or accounts, on servers secured with appropriate technical measures.
5 How Long We Keep Your Data
- Contact form messages: Retained for up to 12 months after your enquiry is resolved, then deleted.
- Sleep University accounts: Retained for as long as your account is active. If you request account deletion, we will remove your data within 30 days.
- Analytics data: Aggregated analytics data is retained in line with Cloudflare's data retention policies, typically up to 12 months.
- Traffic source cookies: First-touch source cookies expire after 90 days.
6 Your Rights
Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data.
- Right of access: You can request a copy of the personal data we hold about you.
- Right to rectification: You can ask us to correct any inaccurate or incomplete data.
- Right to erasure: You can ask us to delete your personal data where there is no ongoing reason for us to keep it.
- Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
- Right to data portability: You can request your data in a structured, commonly used format so you can transfer it to another service.
- Right to object: You can object to processing based on legitimate interests. We will stop unless we have a compelling lawful reason to continue.
- Right to withdraw consent: Where we rely on consent (such as for cookies), you can withdraw it at any time. This does not affect any processing that took place before withdrawal.
To exercise any of these rights, email us at [email protected]. We will respond within one month, as required by law.
7 Cookies
We use cookies and similar technologies on our site. Rather than duplicate that information here, please refer to our Cookie Policy for full details on what cookies we use, their purpose, and how to manage your preferences.
8 Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our site is served over HTTPS, and we use Cloudflare's security features including DDoS protection and web application firewall. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
9 Children's Privacy
Our site is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10 Complaints
If you are unhappy with how we have handled your personal data, we would appreciate the chance to address your concerns first. Please contact us at [email protected].
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.
11 Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to check back periodically. If we make significant changes that affect how we use your personal data, we will make reasonable efforts to notify you.