Responsible party pursuant to data protection laws, in particular the UK General Data Protection Regulation (UK GDPR) under general processing regime, is Sleep8-PT, Lda.
The UK General Data Protection Regulation (UK GDPR) effective from 31st January 2020 and is applicable to all UK and European Union citizens or in case the establishment of the responsible for the personal data treatment is located in the EU, conceding more rights and protections for the personal data of individuals, to minimise the possibility of misuse, theft and fraud.
These regulations include provisions for the following areas:
Sleep.8 Coaching Program ("us", "we", or "our") operates the https://coaching.sleep8.uk/ (the "Service").
This page informs you of our services and policies regarding the collection, use, and disclosure of personal data when you use our website and Services and the choices you have associated with that data.
When you access our website – i.e. if you do not register or submit information – information of a general nature will be collected automatically. This information (server log files) contains the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.
It is processed in particular for the following purposes:
▪ Ensuring an unproblematic website connection
▪ Ensuring seamless use of our website
▪ Analysis of system security and stability as well as
▪ For additional administrative purposes.
We will not use your data to draw conclusions about your person. This type of information will be statistically analysed by us if necessary, with the purpose to optimise our website and its underlying technology.
When you submit your details through the “Talk with a sleep coach”, “Get Started”, “Sleep Quiz” and “Sign up” options, we will collect, store and use your data to provide and improve the Service to you. By using the Service, you agree to the collection and use of information in accordance with this policy, unless otherwise defined in this Document.
Our core principles regarding user privacy and data protection
2. Relevant legislation
Alongside our business and internal computer systems, this Sleep Coaching at Sleep.8 website is designed to comply with the following national and international legislations with regards to data protection and user privacy:
This site’s compliance with the above legislation, all elements of which are stringent in nature.
If you have given us consent, you may withdraw it at any time, which will remain in effect in the future.
You can contact a supervisory authority with a complaint at any time.
You’ll find a list of supervisory authorities (for the non-public area) with their respective addresses at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
3.1. Personal Data
‘personal data’ is any information relating to an identified or identifiable natural person (‘data subject’), who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, location data, or an online identifier such as email identification and phone number.
3.2. Usage Data
‘Data subject’ is any living individual who is the subject of Personal Data.
‘Processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, storage, organisation, structuring, consultation, use, disclosure by transmission, dissemination or otherwise making available, erasure or destruction.
3.4. Restriction of Processing
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. This might be used for research purposes after securing the adequate level of consent for that.
3.6. Filing System
‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
’recipient’ is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
3.10. Third Party
‘third party’ is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
3.12. Personal Data Breach
‘personal data breach’ is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
3.13. Biometric Data
‘biometric data’ relates to personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person.
3.14. Data Concerning Health
‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
3.15. Cross-border Processing
‘cross-border processing’ means either:
3.16. Usage Data
‘usage data’ is data collected automatically either generated by the use of the Service or from the Service infrastructure itself.
‘cookies’ are small pieces of data stored on a User’s device.
The ‘user’ is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
4. Information Collection And Use
We collect several different types of information for various purposes to provide and improve our Service to you.
This website and other digital forms we use and share with you to provide our service, safely collect and use personal information for the following reasons:
4.1. Personal Data
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
We may use your Personal Data to contact you to provide our service but also to send newsletters, marketing or promotional materials and other information that may be of interest to you, in case you authorize us to. You may opt out of receiving any, or all, of these marketing communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us. If you unsubscribe whilst you use our services, we might not be able to provide the requested services whilst consent to access and use of your Personal Data is not acquired again.
4.1.1. Sensitive Personal Data and Data Concerning Health
Sleep Coaching program at Sleep.8 has a special concern about ‘sensitive personal data’ of their clients, including Data concerning Health status. The access to this type of data is limited to the client and client-selected sleep professional. Only under special conditions, the client may consent that its data be revealed to another person. This consent must be written.
This data is acquired with client consent through protected forms sent directly to the client, using the encryption level required by GDPR for this kind of data.
4.2. Usage Data
We may also collect information about how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
4.3. Tracking & Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
5. Use of Data
Sleep Coaching program at Sleep.8 uses the collected data for various purposes:
To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
5.1. Use of Special Personal Data
Sleep Coaching at Sleep.8 has special attention to all ‘sensitive data’, such as ‘data concerning health’ collected in [or related to] contacts with our healthcare professionals. All of this data is stored encrypted and is accessible only by the health professional who executed the contacts. The owner of this data is the ' client ' and can request the Sleep Coaching Team to send or access it.
6. Retention of Data
Sleep Coaching at Sleep.8 will also retain Usage Data for internal analysis purposes.
7. Transfer Of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside the United Kingdom/ Portugal and choose to provide information to us, please note that we transfer the data, including Personal Data, to Portugal and process it there.
8. Disclosure Of Data
8.1. Disclosure for Law Enforcement
Under certain circumstances, Sleep.8 may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency) or to the exercise of court proceeding or due to public interest motives.
8.2. Legal Requirements
9. Security Of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
10. Your Rights
Sleep Coaching at Sleep.8 aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact us to make the required changes through firstname.lastname@example.org .
11. Service Providers
We may collaborate and/or employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Calendly, Thinkific, Google Workspace and Somly may be used to provide the service to you.
We may use third-party Service Providers to monitor and analyse the use of our Service.
12.1. Google Analytics/Site Visitation Tracking
This website uses Google Analytics, a web analytics service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA (hereinafter: ‘Google’). Google Analytics uses so-called ‘cookies’, i.e. text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is typically transmitted to a Google server in the U.S. and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be truncated beforehand by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the U.S. and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, summarise reports on website activities and provide other services related to website and Internet usage to the website operator. The IP address transferred from your browser as part of Google Analytics will not be combined with other data from Google.
The data processing purposes are the website-use analysis and the summary of reports on activities on the website. Based on the use of the website and the Internet, other related services will be provided.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/
The processing of the data occurs based on the user’s consent (Art. 6 Para. 1 (a) GDPR).
The recipient of the data is Google as the processor. For this, we have entered the corresponding data-processing contract with Google.
Third country transfers
Google processes your data in the United States of America and is subject to the EU-U.S. Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
If for service provision you follow Somly program (U.S.) for your CBTI course, your contact details will be shared and processed by Somly for that purpose only, during the 6 weeks of the program.
13. Behavioral Remarketing
14. Contact forms and email links
Should you choose to contact us using the contact form, on our Contact Us Page or Talk with a sleep coach page, only your name and e-mail will be stored on this website so you can access your account. No Data provided to us using said contact form will be passed to/ processed by any of the third party data processors defined below.
Instead, the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
15. How we store your personal information
If you have acquired some services from this website, then, your details (not including any financial details) are stored in our Google Workspace database so that we can fulfil your order(s) and also to refer back to your email in order that we may track any orders you have queries on. No financial information is stored or used by us as all our transactions are made within the Stripe platform which is integrated with our website and does not retain any financial information once the transaction has been processed.
Stripe may also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners.
16. About this website’s server
This website is hosted in data centres in Europe.
This framework does not save data. It only works as a data provider to our servers.
All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950
To opt-out from Facebook's interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance.
For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation
19. Data breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
21. Contact Us
Questions for the data protection officer
If you have any questions pertaining to data protection, please send us an e-mail