GDPR Notice

Last Updated: May 07, 2024

1. Introduction

This GDPR Privacy Addendum (the "GDPR Privacy Addendum") for Identity Works ("Controller") supplements the information contained in Controller's Privacy Notice (our "Privacy Notice") and applies solely to the users of this Website (https://www.ashleysleepretailer.com, "Website") who are located in the European Economic Area ("EEA") and/or the United Kingdom ("UK").

We adopt this GDPR Privacy Addendum to comply with the European Union's ("EU") General Data Protection Regulation, and any laws implementing the foregoing by any member states of the EEA and the UK (including the UK Data Protection Act and the UK-GDPR) (collectively, the "GDPR"). Unless otherwise defined in this GDPR Privacy Addendum, any terms defined in the GDPR or Controller's Privacy Notice have the same meaning when used in this GDPR Privacy Addendum. When this GDPR Privacy Addendum is applicable to you, it takes precedence over anything contradictory in Controller's Privacy Notice.

2. Data Controller and Representatives

Controller is the data controller of your Personal Data. Controller has appointed representative(s) in the European Union and the United Kingdom in compliance with the GDPR and the UK Data Protection Act and UK-GDPR. Controller and its representative(s) may be contacted in any manner set forth below in the Contact Information section of this GDPR Privacy Addendum.

3. Personal Data We Collect About You and How We Collect It

The Personal Data we collect and the ways in which we collect it is described in our Privacy Notice. We do not ask you to provide, and we do not knowingly collect, any Special Categories of Personal Data from or about you.

4. Lawful Basis for Processing Your Personal Data

The processing of your Personal Data is lawful only if it is permitted under the GDPR. We have a lawful basis for each of our processing activities (except when an exception applies as described below):

5. How We Use and Disclose Your Personal Data

With the exception of certain cookies and marketing-related communications described below, we use your Personal Data in the same manner set out in our Privacy Notice and do not share or otherwise disclose your Personal Data other than to the entities and for the purposes discussed in our Privacy Notice.

6. Automated Decision Making

We do not use your Personal Data with any automated decision-making process, including profiling, which may produce a legal effect concerning you or similarly significantly affect you.

7. Your Rights

The GDPR provides you with certain rights with regards to our processing of your Personal Data. These rights replace the similar rights provided in our Privacy Notice or are supplemental to such rights.

8. Consent to Processing of Personal Data In Other Countries Outside the EEA or the UK

In order to provide our Website, products, and services to you, we may store and process your Personal Data outside of the EEA or the UK, including in the United States. Accordingly, your Personal Data may be stored and processed outside the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Data. In limited circumstances, federal, state, and local governments, courts, or law enforcement or regulatory agencies in the United States may be able to obtain disclosure of your information through the laws of the United States. By using our Website, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where you reside or are located, including in the United States.

9. Data Retention Periods

We will retain your Personal Data for as long as is necessary for the purposes set out in this GDPR Privacy Addendum (e.g., for as long as you maintain an account with us on the Website) unless a longer period is required under applicable law, or as needed to resolve disputes or protect our legal rights or otherwise to comply with legal obligations.

Where we are processing Personal Data based on our legitimate interests, we generally will retain the data for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.

Where we are processing Personal Data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.

Where we are processing Personal Data based on your consent, we generally will retain the information for the period of time necessary to carry out the processing activities to which you consented, subject to your right, under certain circumstances, to have certain of your Personal Data erased (see Your Rights).

10. Changes to This GDPR Privacy Addendum

Controller reserves the right to amend this GDPR Privacy Addendum at its discretion and at any time, as further described in our Privacy Notice. If we make material changes to how we treat our users' Personal Data, we will notify you by email to the email address we have on file for you, through the posting of a notice on the home page of our Website, or by using a similar method. The date this GDPR Privacy Addendum was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this GDPR Privacy Addendum to check for any changes. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

11. Contact Information

If you have any questions, concerns, complaints, or suggestions regarding our Privacy Notice or this GDPR Privacy Addendum, have any requests related to your Personal Data described in the Privacy Notice or this GDPR Privacy Addendum, or otherwise need to contact us, you can do so using the contact information below.

To Contact Identity Works (Controller)
Identity Works
920 Industrial Drive
West Salem, WI 54669
Phone: 800-658-9014
Email: privacy@idworks.com

To Contact Our Representative in the EU/EEA
DataRep
77 Camden Street Lower
Dublin D02 XE80
Ireland

datarequest@datarep.com

To Contact Our Representative in the UK
DataRep
107-111 Fleet Street
London EC4A 2AB
Ireland

datarequest@datarep.com