Who are we and what do we do?
We are Shleep B.V. acting under the name Shleep. Further also mentioned as we or us. We have developed a platform incl. a mobile application offered under the name “Shleep” which assesses sleep behaviour and coaches users in which ways their sleep can be improved (Platform). Besides the Platform, Shleep offers workshops and other services that complement the App. We offer both counselling to individual users (Individual Program) as well as in corporate programs (Corporate Program). Altogether they will be referred to as Services. You can find more information about us and our Services on our Website: www.shleep.com (Website).
Privacy and relevant legislation
We care about your privacy. We comply with the General Data Protection Regulation (GDPR), which has replaced various privacy laws in European Union Member States as of 25 May 2018, and with the Dutch Telecommunications Act (Telecommunicatiewet). This legislation will be referred to as the Relevant Legislation.
What is this?
What is Personal Data?
Are you younger than eighteen years?
If you are younger than eighteen years, you cannot use our Website, Platform or Services without permission of your parents or legal guardian.
Which Personal Data do we process, for which purposes and on which grounds?
We collect and process Personal Data for our own purposes. In this regard, we act as Data Controller within the meaning of the Relevant Legislation.
We ask for your name to address you with your name.
We process your name on the basis of legitimate interest, in order to address you with your name.
We ask your e-mail address to create an account and to verify your identity (in combination with your password) to make sure only you can access your account. We will also send you emails to improve the sleep coaching experience.
We need your e-mail address to perform our contract with you, i.e. to deliver our Services after verifying your identity (in combination with your password).
In order to improve the coaching experience, we ask your prior permission by presenting an opt-in button. “Yes, fine to send me emails!”.
Average time of sleep, age (year of birth), gender, information about cognitive well-being and sleep environment, sleep-related habits.
We ask this information so that we can map your current sleeping behaviour. Based hereon we can give you tailored advice that enables you to improve your sleep.
We can only see answers after you press the “Submit!”-button. Hence, we will never see your answers to partly finished questionnaires.
We need this data to perform our contract with you, i.e. to deliver our Services. Without this data, we are not able to analyse your current sleeping behaviour.
Daily sleep information, such as the hours of sleep you have had and how well you have slept.
We ask data for this information for the purpose of assessing your sleeping habits and to tailor our advice for a better sleep and service experience for you.
We need this data to perform our contract with you, i.e. to deliver our Services. Without this data, we are not able to analyse the developments in your sleeping behaviour.
We may also process non-Personal Data whenever you use our Services, for example:
- Your browser name, the type of your computer and technical information about your means to connect to our Website or Platform (such as the operating system and the utilized internet service providers).
- Office data collected by an expert (Corporate Program): facilities in the building, locations of work stations, office environment and amount of personal space.
How long will we keep your Personal Data?
If the Personal Data is no longer necessary for the fulfilment of the purposes mentioned above, the data will be deleted. In no event will the Personal Data be kept longer than two years after the date on which the data have been updated for the last time, unless we are legally obliged to keep the data for a longer period.
If the user terminates its contract with Shleep, we will remove all Personal Data of that user within one month. On request of the user, we may retain the Personal Data up to three months.
Who do we share your Personal Data with?
Besides the above, we will not share your data with third parties – unless we are legally obliged to do so.
In case you participate in a Corporate Program: We will not share your Personal Data with your employers (our clients). Our clients in Corporate Programs cannot see which employees have or have not participated in the questionnaires. The information we share with your employer are breakdown-reports with anonymized data. Before we share this information, we convert it into fully anonymised data – whereby the raw data will be deleted. Your employer can thus not access nor deduce individual data of employees.
Generic (non-personal) data
We may convert Personal Data into non-Personal Data and combine it with information collected from other users and/or using another anonymization methods. This means that the data will be fully and irreversibly anonymized: it will not contain any Personal Data. We may share such generic aggregated data with our clients and business partners for industry analysis, demographic profiling, improvement of our services and other purposes.
How do we protect your Personal Data?
We work hard to protect your Personal Data from unauthorized or unlawful access, alteration, disclosure, use or destruction. We take among other things the following security measures to make sure the Personal Data is safe:
- Network connection with Secure Socket Layer (SSL) technology;
- Password and data encryption (AES-256);
- Use of a LTS Robust Framework (Django) with the latest security patches installed;
- OS virtual machine: Ubuntu 16LTS with latest security patches (updated monthly);
- Scanning servers for viruses every 15 minutes;
- Split of application and database servers;
- Shleep uses dedicated servers, not mixed with other potential harmful apps.
We may use the following types of cookies on our Website and App:
Technical (functional) cookies: these are cookies that are essential for the operation of our Services. They enable you to move around and use our features.
Analytical (statistical) cookies: we use these cookies to track visitor statistics. We use these statistics to continuously improve our Services and thus offer you relevant content. These cookies also allow us to recognize and count the number of visitors and to see how visitors navigate when they’re using our Services. This helps us to improve user navigation and to ensure users to find what they need more easily.
Tracking cookies: these cookies monitor clicking behaviour and surfing habits. By means of these cookies we can see, for example, whether and when you view your profile, and whether you click through to our Website and App. We might use these cookies to show you advertisements based in your interests.
You can change your cookie settings in your web browser, if you do not want cookies to be sent to your device. Please note that some features of our Services may not function properly without cookies.
Third party websites
You may find advertising or other content on our Services that link to the websites and services of our clients, partners, suppliers, advertisers, sponsors, licensors or other third parties. We do not control the content or the links that appear on these websites and we are not responsible for the practices employed by websites linked to or from our Services. In addition, these websites or services, including their content and links, may be constantly changing. These websites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites that are linked to our Website or App, are subject to the terms and policies of that website.
(No) Export of data outside the European Union
As a rule, we will only process the Personal Data within the European Union (EU). We will only transfer Personal Data outside the EU, if the countries or organisations where the data is being transferred to provides an adequate level of data protection meeting EU-standards. For example, we will verify if that organization is a Privacy Shield Participant or is listed as third country whose level of data protection has been considered adequate by the European Commission. We want to ensure that any transfer of Personal Data outside the EU is in compliance with the Relevant Legislation.
Your rights and who to contact
As specified in the Relevant Legislation, you have the right to tell (us) if you:
- would like to view and/or a copy of the Personal Data which are being processed about you, when they are being processed, who is receiving them, how long they will be saved by us and for what purposes;
- would like us to correct, update, or delete your Personal Data or restrict the processing or object to the processing, for example as a result of any misuse of your Personal Data;
- think we are processing your Personal Data unlawfully. In this respect, you can file a complaint with the Dutch Data Protection Authority.
If you want to exercise your aforementioned rights or when you have any questions, comments or concerns regarding the manner in which we handle your Personal Data, please contact our Data Protection Officer at firstname.lastname@example.org. We will respond to such a request within 30 days of receipt by us.
Please note that you can always access and delete your Personal Data from our systems yourself. Then all your Personal Data will be deleted immediately. Only the combined data, as mentioned above, will remain.
1075 RS Amsterdam
Chamber of Commerce (Kamer van Koophandel) number: 68089791
VAT number: 857296978B01