A. Who We Are?
1. We are FreshSleep360 (“FreshSleep360” or “ we” or “our” or “us”). We own and operate www.freshsleep360.com. We are a limited company registered in USA (Co. EIN 84-2733960) at TopEpc, LLC 3 Germay Dr, Unit 4 #1611 Wilmington DE 19804
B. What Is The Purpose Of This Policy?
3. We take our responsibilities under Spain's Personal Data Protection Act (the “PDPA”) seriously. We also recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.
C. What Information Do We Collect?
5. “Personal data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. TopEpc, LLC collects information about you when you use our website(s), mobile application and other online products and services and throughout other interactions and services you have with us. Personal data which we may collect include:
We will collect your personal data in accordance with the PDPA.
6. We may also collect and store certain information automatically when you visit the Site. Examples include the internet protocol (IP) address used to connect your computer or device to the internet, connection information such as browser type and version, your operating system and platform, a unique reference number linked to the data you enter on our system, login details, the full URL clickstream to, through and from the Site (including date and time), cookie number and your activity on our Site, including the pages you visited, the searches you made and, if relevant, the services you purchased.
7. We may receive information about you from third parties if you use any websites or social media platforms operated by third parties (for example, Facebook, Instagram, Twitter etc.) and, if such functionality is available, you have chosen to link your profile on the Site with your profile on those other websites or social media platforms.
9. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or device.
10. You can block or deactivate cookies in your browser settings.
11. We use log-in cookies in order to remember you when you have logged in for a seamless experience.
12. We use session cookies to track your movements from page to page and in order to store your selected inputs so you are not constantly asked for the same information.
13. This Site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the Site and ways that we can improve your experience. These cookies may track things such as how long you spend on the Site and the pages that you visit so we can continue to produce engaging content.
15. For further information on types of cookies and how they work visit www.allaboutcookies.org
E. The Purposes For Which We Collect, Use Or Disclose Your Personal Data
16. TopEpc, LLC will/may collect, use, disclose and/or process your personal data for one or more of the following purposes :
(a) administering, facilitating, processing and/or dealing in any matters relating to your use of the website of TopEpc, LLC (i.e. the Site) and/or any mobile applications provided by TopEpc, LLC;
(b) monitoring, processing and/or tracking your use of the Site in order to provide you with a seamless experience, facilitating or administering your use of the Site, and/or to assist us in improving your experience in using the Site;
(c) assessing and processing your request for the purchase of and/or subscription to our products and/or services;
(d) registering you as a customer of TopEpc, LLC; and/or to deal with, process and/or administer the account that you may open with us to facilitate your transactions or activities on the Site;
(e) administering, facilitating, processing and/or dealing in any transactions or activities carried out by you on the Site. This includes processing your application, orders and payment transactions; implementing transactions and the supply of products and/or services to you that you have requested;
(f) carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
(g) contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering and/or managing your use of the Site, your account with us or any transactions made by you with us. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;
(h) providing services to you as our account holder, as our customer, or when requested by you;
(i) sharing or disclosing (at our discretion) your suggestions, comments, feedback or content (including audio, video etc.) (collectively “ Feedback”) that you provide to the Site, with other users of the Site or with the public. This includes us disclosing your name together with your Feedback. Do not provide us with Feedback if you do not wish for such Feedback to be disclosed to the public. If you wish to give us your comments or feedback without it being disclosed to the public as aforesaid, please separately email our customer service officer at Contact Us and head the subject of your email with the word “Confidential”;
(j) carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations applicable to us (whether Spain or non-Spain country), the requirements or guidelines of governmental authorities which we determine are applicable to us (whether Spain or non-Spain country), and/or our risk management procedures that may be required by law (whether Spain or non-Spain country) or that may have been put in place by us;
(k) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with and/or investigating complaints; carrying out internal investigations, compliance, audit or security purposes including, without limitation, crime detection, prevention and prosecution;
(l) complying with or as required by any applicable law, court order, order of a regulatory body, governmental or regulatory requirements of any jurisdiction applicable to us or our affiliates/associated companies, including meeting the requirements to make disclosure under the requirements of any law binding on us or our affiliates/associated companies, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Spain or elsewhere), with which we or our affiliates/associated companies are expected to comply;
(m) complying with or as required by any request or direction of any governmental authority (whether Spain or non-Spain country) which we are expected to comply with; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities (including but not limited to Singapore Customs and Ministry of Health) (whether Spain or non-Spain country). For the avoidance of doubt, this means that we may/will disclose your personal data to the aforementioned parties upon their request or direction;
(n) conducting research, market surveys, analysis and/or development activities (including but not limited to data analytics, surveys and / or profiling) to improve our services and facilities in order to enhance any continued interaction between yourself and us connected or in relation to the Site, or to improve our products or services;
(o) storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Spain;
(p) facilitating, dealing with and/or administering external audit(s) or internal audit(s) of the business of TopEpc, LLC or that of its affiliates/related corporations;
(q) for marketing purpose and in this regard, we would be providing you with marketing, advertising and promotional information, materials and/or documents relating to products, contests, services and/or events (including those of third party organisations with which we may collaborate with) that we (including our affiliates/related corporations) or such third party organisations may be selling, marketing, offering, organizing, involved in or promoting, whether such products, services and/or events exist now or are created in the future :
(ii) if you have separately expressly consented to one or more of the following 3 DNC Modes, by way of the 3 modes of communications of voice calls, text messages or faxes (the “3 DNC Modes”) to your Spain telephone number, in compliance with the requirements of applicable local data protection law (i.e. the PDPA); and/or
(iii) Notwithstanding (ii) above, regardless that you have not separately provided express consent as aforementioned in (ii) above, TopEpc, LLC reserves its right to send a specified fax message (as defined in Spain’s Personal Data Protection (Exemption from Section 43) Order 2013) (the “Exemption Order”) and/or a specified text message (as defined in the Exemption Order) (i.e. a marketing fax message or marketing text message) to your Spain telephone number, if :
(1) there is an ongoing relationship between TopEpc, LLC and you and the purpose of the message is related to the subject of the ongoing relationship, pursuant to the requirements and conditions of the Exemption Order; or
(2) the law permits.
(r) dealing with and/or facilitating a business asset transaction or a potential business assert transaction, where such transaction involves TopEpc, LLC as a participant or involves only a related corporation or affiliated company of TopEpc, LLC as a participant or involves TopEpc, LLC and/or any one or more of TopEpc, LLC’s related corporations or affiliated companies as participant(s), and there may be other third party organisations who are participants in such transaction. “ business asset transaction” means the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation;
(s) to implement and maintain our information technology systems, including to store and process personal data in computer databases and servers located within and outside Spain;
(t) to support and/or assist with the operation, administration, development or enhancement of TopEpc, LLC’s business;
(u) record-keeping purposes and producing statistics and research for internal and/or statutory reporting and/or record-keeping requirements, of TopEpc, LLC or of its affiliates/related corporations; and
(v) TopEpc, LLC, TopEpc, LLC Group Companies’ or TopEpc, LLC’s parent corporation’s reporting purposes including but not limited to reporting on TopEpc, LLC’s business performance (“TopEpc, LLC Group Companies” means TopEpc, LLC, its affiliates, related corporations and associated companies around the world).
(the purposes set out in this paragraph  above shall be collectively referred to as the “Purposes”).
17. TopEpc, LLC may/will need to disclose your personal data to third parties, whether located within or outside Spain, for one or more of the above Purposes, as such third parties, would be processing your personal data for one or more of the above Purposes. In this regard, you hereby acknowledge, agree and consent that we may/are permitted to disclose your personal data to such third parties (whether located within or outside Spain) for one or more of the above Purposes and for the said third parties to subsequently collect, use, disclose and/or process your personal data for one or more of the above Purposes. Without limiting the generality of the foregoing or of paragraph 16, such third parties include :
(a) our associated or affiliated organisations or related corporations;
(b) any of our agents, contractors or third party service providers that process or will be processing your personal data on our behalf including but not limited to those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies and data centres; and
(c) third parties to whom disclosure by TopEpc, LLC is for one or more of the Purposes and such third parties would in turn be collecting and processing your personal data for one or more of the Purposes.
18. We may share your information with any member of our group (which means our subsidiaries, our ultimate holding company and its subsidiaries from time to time for one or more of the Purposes.
19. You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by emailing us at Contact Us. We will process your request 48 hours from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request, unless an exception under the law or a provision in the law permits us to. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal, including us being unable to perform the transactions requested by you in the Site.
20. We may collect, use, disclose or process your personal data for other purposes that do not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.
21. We may/will also be collecting from sources other than yourself, personal data about you, for one or more of the above Purposes, and thereafter using, disclosing and/or processing such personal data for one or more of the above Purposes. We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the Purposes set out above (depending on the types of information we receive).
F. How Do We Store Data?
22. Security of your personal data is important to us. We take appropriate action to protect personal data from loss, misuse, unauthorised access or disclosure, alteration or destruction using the same safeguards as we use for our own proprietary information. All information you provide to us is stored on our secure servers and any payment transactions will be encrypted using SSL technology or equivalent. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
23. We will put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
24. You have the right to ask us not to use your personal data for marketing purposes. Please let us know if you want to withdraw your consent by emailing us at Contact Us.
25. You have the right to access and/or correct any personal data that we hold about you, subject to exceptions under the law. This right can be exercised at any time by emailing us at Contact Us. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. With respect to your access request, we may charge a fee in order to process it.
26. For a request to access personal data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant personal data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested. Note that the PDPA exempts certain types of personal data from being subject to your access request.
27. For a request to correct personal data, once we have sufficient information from you to deal with the request, we will correct your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPA exempts certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request. We will send the corrected personal data to every other organisation to which the personal data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.
28. We hold and deal with your data in accordance with the PDPA.
H. Complaint Process
29. If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance.
30. Please contact us with your complaint or grievance by emailing us at Contact Us
31. Where you are sending an email in which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in our organisation to handle. For example, you could insert the subject header as “PDPA Complaint”.
32. We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
34. For the avoidance of doubt, in the event that Spain personal data protection law permits an organisation such as us to collect, use or disclose your personal data without your consent, such permission granted by the law shall continue to apply.