Privacy Policy
Article 1. General Provisions
1.1. This Privacy Policy (hereinafter the "Policy") sets out how Sheep Sleep LLC collects, uses, stores, protects, and otherwise processes Users' personal data.
1.2. This Policy applies to the processing of personal data carried out through the Company's Website, social media pages, electronic communication channels, telephone services, order processes, and any other services offered by the Company.
1.3. The Company processes personal data in accordance with applicable Georgian law, including the legal requirements governing the protection of personal data.
1.4. The Company is committed to ensuring that personal data is processed lawfully, fairly, and transparently, and only for specified and legitimate purposes.
1.5. This Policy forms an integral part of the Company's Terms and Conditions unless a different rule is expressly established in a separate document governing a specific matter.
1.6. By using the Website, placing an Order, communicating with the Company, or otherwise using the Company's services, the User confirms that they have read this Policy.
1.7. If the User does not agree with the terms of this Policy, the User may refrain from using any service for which the processing of the relevant personal data is necessary.
1.8. The Company may amend or update this Policy from time to time to reflect changes in applicable law, business processes, or technical requirements. Any updated version shall become effective upon publication or on the date specified therein.
1.9. In the event of material changes affecting Users, the Company will, where reasonably practicable, publish an appropriate notice on the Website or use another suitable communication channel.
Article 2. Definitions
2.1. For the purposes of this Policy, the following terms shall have the meanings set out below:
2.1.1. Company – Sheep Sleep LLC (Identification Number: 402368825), which determines the purposes and means of processing personal data unless otherwise specified in a particular case.
2.1.2. User / Data Subject – any natural person whose personal data is processed by the Company, including a Website visitor, purchaser of a Product, recipient of an Order, contact person, or any individual using the Company's services.
2.1.3. Personal Data – any information relating to an identified or identifiable natural person.
2.1.4. Processing – any operation or set of operations performed on Personal Data, including collection, receipt, recording, organisation, storage, modification, use, disclosure, transfer, blocking, deletion, or destruction.
2.1.5. Website – any online platform owned, operated, or managed by the Company through which Users may obtain information, place Orders, or access services.
2.1.6. Cookies – small text files or similar technologies stored on a User's device and used for the operation of the Website, analytics, remembering preferences, or improving the User experience.
2.1.7. Third Party – any natural person, legal entity, public authority, organisation, or other body other than the User, the Company, and persons processing data on behalf of the Company.
2.1.8. Processor – any person or entity that processes Personal Data on behalf of the Company and in accordance with the Company's instructions.
2.1.9. Applicable Law – the laws and regulations in force in Georgia, including legislation governing the protection of personal data.
2.2. References to the singular shall, where the context requires, include the plural and vice versa.
2.3. Headings are included for convenience only and shall not affect the interpretation of any provision of this Policy.
Article 3. Personal Data We Collect
3.1. The Company processes only such Personal Data as is necessary for the provision of services, fulfilment of Orders, communication with Users, compliance with legal obligations, and the pursuit of legitimate business activities.
3.2. Personal Data provided directly by the User may include:
3.2.1. full name;
3.2.2. telephone number;
3.2.3. e-mail address;
3.2.4. delivery and/or billing address;
3.2.5. Order details;
3.2.6. messages, comments, requests, or inquiries submitted to the Company; and
3.2.7. any other information voluntarily provided by the User.
3.3. In connection with the Order and payment process, the Company may process transaction-related information, including:
3.3.1. payment method;
3.3.2. payment status;
3.3.3. transaction identifier; and
3.3.4. transaction amount and date.
3.4. As a general rule, the Company does not store complete payment card details unless such storage is technically necessary, legally permissible, and required for the relevant service.
3.5. When the Website is used, certain technical information may be collected automatically, including:
3.5.1. IP address;
3.5.2. browser type and version;
3.5.3. device type;
3.5.4. operating system;
3.5.5. date, time, and duration of visits to the Website;
3.5.6. navigation and usage behaviour data; and
3.5.7. information related to Cookies and similar technologies.
3.6. In the course of communicating with Users, the Company may process information relating to correspondence, telephone calls, customer support requests, complaints, feedback, or service evaluations.
3.7. Where a User provides the Company with Personal Data relating to a third party (for example, a recipient's name or contact details), the User confirms that they have a valid legal basis for providing such information to the Company.
3.8. The Company does not knowingly collect Personal Data relating to minors unless such collection is permitted by law or necessary for a specific service.
3.9. The Company reserves the right to request additional information where objectively necessary for the provision of a particular service or the achievement of a specific legitimate purpose.
Article 4. Purposes and Legal Bases for Processing Personal Data
4.1. The Company processes Personal Data only for specified, explicit, and legitimate purposes.
4.2. Personal Data may be processed for the following purposes:
4.2.1. receiving, processing, confirming, and fulfilling Orders;
4.2.2. arranging and completing the delivery of Products;
4.2.3. communicating with Users regarding Orders, services, requests, or inquiries;
4.2.4. administering payment processes and managing transactions;
4.2.5. reviewing requests relating to Returns, Exchanges, warranties, or the 100-Night Trial Program;
4.2.6. verifying the identity of Users and ensuring security;
4.2.7. operating, maintaining, improving, and providing technical support for the Website;
4.2.8. analysing User experience and improving the quality of services;
4.2.9. complying with legal and regulatory obligations;
4.2.10. preventing disputes, protecting legal claims, and exercising or defending legal rights; and
4.2.11. sending promotional, informational, or marketing communications where the User has provided the necessary consent.
4.3. The Company processes Personal Data only where an appropriate legal basis exists, including:
4.3.1. the conclusion or performance of a contract with the User;
4.3.2. compliance with a legal obligation applicable to the Company;
4.3.3. the User's prior consent, where such consent is required; and
4.3.4. the legitimate interests of the Company or a third party, provided that such interests do not override the User's rights and freedoms.
4.4. Where processing is based on the User's consent, the User may withdraw such consent at any time with effect for future processing, unless otherwise provided by applicable law.
4.5. The withdrawal of consent shall not affect the lawfulness of any processing carried out prior to such withdrawal.
4.6. The Company shall not process Personal Data for purposes that are incompatible with the original purposes of collection unless a new legal basis exists.
4.7. Where the provision of Personal Data is necessary for the performance of a contract, failure to provide the required information may make it impossible for the Company to fulfil an Order or provide the requested service.
Article 4¹. Direct Marketing
4¹.1. Subject to the User's consent, the Company may process the User's contact details for direct marketing purposes, including the sending of special offers, promotions, news, information about products and services, and other promotional communications.
4¹.2. Direct marketing communications may be sent via e-mail, short message service (SMS), telephone calls, mobile notifications, social media platforms, or other electronic communication channels.
4¹.3. Consent to direct marketing is voluntary and is not a condition for using the Company's services unless otherwise required by applicable law.
4¹.4. The User may withdraw their consent to direct marketing communications at any time by using the unsubscribe mechanism provided in the relevant communication or by contacting the Company directly.
4¹.5. Opting out of direct marketing communications shall not affect the User's ability to receive Order-related, service-related, or other non-marketing communications.
Article 5. Sources of Personal Data and Automatic Collection
5.1. The Company obtains Personal Data from various sources only to the extent necessary for the relevant purposes.
5.2. The primary source of Personal Data is the User, including when the User:
5.2.1. completes an Order form;
5.2.2. creates an account or registers for a service;
5.2.3. contacts the Company by telephone, e-mail, social media, or any other communication channel;
5.2.4. submits a request for a Return, Exchange, warranty service, or other customer support service; or
5.2.5. provides reviews, comments, feedback, or other communications.
5.3. Certain information may be collected automatically when the User accesses or uses the Website or other digital services, including:
5.3.1. IP address;
5.3.2. device type and device identifiers;
5.3.3. browser type, language, and version;
5.3.4. operating system;
5.3.5. visit date, time, duration, and navigation data;
5.3.6. clicks, pages visited, and usage behaviour; and
5.3.7. information collected through Cookies and similar technologies.
5.4. The Company may also obtain Personal Data from third parties where necessary for the provision of services or otherwise permitted by law, including:
5.4.1. payment service providers;
5.4.2. courier, transportation, and logistics service providers;
5.4.3. technical support and IT service providers;
5.4.4. marketing and analytics platforms; and
5.4.5. publicly available sources, to the extent permitted by applicable law.
5.5. Where a User provides the Company with Personal Data relating to another individual, the User is responsible for ensuring that any required notice, consent, or other legal basis exists for such disclosure.
5.6. The Company does not engage in automated collection practices in a manner that violates applicable law or infringes the lawful rights of Users.
5.7. Information collected automatically is used for purposes including Website security, functionality, analytics, error detection, performance monitoring, and the improvement of the User experience.
5.8. Where required, the Company will provide additional information regarding the use of specific technologies through a separate Cookie Policy, notice, consent mechanism, or other appropriate means.
Article 6. Data Sharing and Disclosure to Third Parties
6.1. The Company does not sell Users' Personal Data and does not disclose such data to third parties unlawfully or otherwise than as described in this Policy.
6.2. Personal Data may be disclosed only to the extent necessary to achieve the relevant purpose and on a valid legal basis.
6.3. The Company may share Personal Data with the following categories of recipients:
6.3.1. courier, transportation, and logistics service providers for the purposes of delivery, collection, Returns, or Exchanges;
6.3.2. payment service providers, banks, and payment platforms for the processing of payments and transactions;
6.3.3. providers of IT services, hosting services, software solutions, cybersecurity services, and technical support;
6.3.4. accounting, auditing, legal, and professional advisory service providers;
6.3.5. marketing, analytics, and communication platforms where an appropriate legal basis exists;
6.3.6. affiliated entities, group companies, or other related parties for legitimate business and operational purposes, to the extent permitted by applicable law; and
6.3.7. public authorities, regulators, courts, law enforcement agencies, or other competent authorities where disclosure is required by law.
6.4. When sharing Personal Data with third parties, the Company takes reasonable measures to ensure that such data is used only for the intended purpose and subject to appropriate security safeguards.
6.5. The Company may enter into agreements containing confidentiality, data protection, and security obligations with persons or entities processing Personal Data on its behalf.
6.6. In the event of a merger, acquisition, reorganisation, restructuring, sale of assets, or transfer of business operations, Personal Data may be transferred to the relevant successor entity in accordance with applicable law.
6.7. Personal Data may be transferred outside Georgia where necessary for the provision of services, provided that appropriate legal safeguards, standards, or other lawful transfer mechanisms are in place as required by applicable law.
6.8. The Company does not disclose Personal Data to third parties for their own independent marketing purposes without the User's consent unless otherwise permitted by applicable law.
6.9. Where the disclosure of Personal Data is necessary to fulfil a User's request (for example, arranging delivery services), failure to provide or permit the sharing of the relevant information may make it impossible for the Company to provide the requested service.
Article 7. Data Retention and Deletion
7.1. The Company retains Personal Data only for as long as necessary to achieve the purposes for which it was collected, perform contractual obligations, comply with legal requirements, or protect the Company's legitimate interests.
7.2. Retention periods are determined based on the type of Personal Data, the purpose of processing, applicable legal requirements, and the associated risks.
7.3. Information relating to Orders, payments, deliveries, Returns, warranties, or contractual relationships with Users may be retained for as long as necessary:
7.3.1. to fully perform the relevant services;
7.3.2. to comply with accounting, tax, and other legal obligations;
7.3.3. to establish, exercise, or defend legal claims and resolve disputes; and
7.3.4. for internal record-keeping, audit, and compliance purposes.
7.4. Contact information, correspondence, customer support requests, and related communications may be retained for a reasonable period for quality control, dispute resolution, customer service, and verification purposes.
7.5. Where Personal Data is processed on the basis of the User's consent, such data may be retained until the consent is withdrawn or the relevant purpose has been fulfilled, unless a longer retention period is required by applicable law.
7.6. Upon expiration of the applicable retention period, fulfilment of the relevant purpose, or termination of the legal basis for processing, the Company shall delete, anonymise, block, or otherwise securely cease processing the relevant Personal Data unless continued retention is required by law.
7.7. Deletion of Personal Data does not necessarily result in its immediate removal from all systems. Certain information may remain temporarily in backup copies, logs, archives, or disaster recovery systems for a limited period where necessary for security, business continuity, or system restoration purposes.
7.8. Where a User requests the deletion of Personal Data, the Company shall review the request in accordance with applicable law and delete the relevant data to the extent that no lawful basis for continued retention exists.
7.9. The Company periodically reviews retained Personal Data and takes reasonable measures to remove, anonymise, or otherwise dispose of information that is excessive, outdated, inaccurate, or no longer necessary.
Article 8. User Rights
8.1. As a Data Subject, the User is entitled to the rights granted under applicable Georgian law in relation to their Personal Data, subject to the limitations and conditions set out in this Policy and applicable law.
8.2. The User has the right to obtain confirmation as to whether the Company processes their Personal Data.
8.3. The User has the right to access their Personal Data and, where provided by law, to receive a copy of such data in a reasonable and commonly used format.
8.4. The User has the right to request the correction, updating, or completion of inaccurate, incomplete, or outdated Personal Data.
8.5. The User has the right to request the deletion of Personal Data where:
8.5.1. the Personal Data is no longer necessary for the purpose for which it was collected;
8.5.2. consent has been withdrawn and no other legal basis for processing exists;
8.5.3. the processing of Personal Data is unlawful; or
8.5.4. deletion is otherwise required by applicable law.
8.6. The User has the right to request the restriction of processing where grounds for such restriction exist under applicable law.
8.7. The User has the right to object to the processing of Personal Data where such processing is based on the Company's legitimate interests, unless the Company demonstrates compelling legitimate grounds that override the User's rights and interests.
8.8. The User may withdraw consent at any time where processing is based on consent. Withdrawal of consent shall not affect the lawfulness of any processing carried out prior to such withdrawal.
8.9. The User has the right to object to direct marketing communications and to request that such communications cease.
8.10. The User may submit a request to the Company in order to exercise any of the rights described in this Article. The Company may take reasonable steps to verify the identity of the applicant before responding to such request.
8.11. The Company shall review and respond to requests within the time limits prescribed by applicable law or, where no specific time limit applies, within a reasonable period.
8.12. A request may be rejected in whole or in part where permitted by law, including where compliance would adversely affect the rights of another person, undermine fraud prevention measures, conflict with a legal obligation, or where the Company has a lawful basis to retain the relevant Personal Data.
8.13. The User has the right to lodge a complaint with the competent supervisory authority or seek judicial remedies in accordance with applicable law if the User believes that their rights relating to Personal Data have been violated.
Article 9. Data Security
9.1. The Company implements reasonable technical, organisational, and administrative measures to protect Personal Data against unauthorised access, unlawful processing, loss, destruction, alteration, or disclosure.
9.2. Such security measures may include, among other things:
9.2.1. access control mechanisms and authorisation procedures;
9.2.2. password protection, system permissions, and role-based access controls;
9.2.3. network, application, and cybersecurity safeguards;
9.2.4. data backup and recovery procedures;
9.2.5. confidentiality obligations applicable to personnel;
9.2.6. internal policies, standards, and procedures; and
9.2.7. incident detection, response, and management mechanisms.
9.3. Access to Personal Data is restricted to employees, contractors, service providers, and other authorised persons who require such access for the performance of their professional, contractual, or operational responsibilities.
9.4. The Company periodically reviews and, where appropriate, updates its security measures to reflect technological developments, evolving risks, and applicable legal requirements.
9.5. While the Company takes reasonable steps to protect Personal Data, no method of transmission over the Internet or method of electronic storage can be guaranteed to be completely secure. Accordingly, the Company cannot guarantee absolute security.
9.6. Users are also responsible for protecting their own information, including maintaining the confidentiality of account credentials, authentication methods, passwords, and the secure use of their devices.
9.7. If a User believes that their Personal Data, account, or communications have been compromised, the User should notify the Company without undue delay.
9.8. In the event of a Personal Data security incident, the Company shall act in accordance with applicable Georgian law and, where necessary, take appropriate containment measures, investigate the incident, and provide any required notifications.
9.9. When engaging third-party service providers, the Company exercises reasonable care in selecting its partners. However, the Company shall not be liable for the independent unlawful acts or omissions of such third parties, or for conduct undertaken contrary to the Company's instructions, except where otherwise required by applicable law.
Article 10. Cookies and Similar Technologies
10.1. The Company may use Cookies, pixel tags, SDKs, local storage technologies, and similar tools on the Website for purposes including functionality, analytics, security, and the improvement of the User experience.
10.2. A Cookie is a small text file stored on a User's browser or device that enables systems to recognise the device, remember certain preferences, or collect technical information.
10.3. The Company may use the following categories of Cookies:
10.3.1. Strictly Necessary Cookies – required for the core functionality of the Website, including security, authentication, and Order processing;
10.3.2. Functional Cookies – used to remember User preferences, settings, and choices;
10.3.3. Analytics Cookies – used to analyse Website usage, generate statistics, and assess Website performance; and
10.3.4. Marketing or Advertising Cookies – used, where an appropriate legal basis exists, to deliver personalised offers and advertisements and to measure the effectiveness of marketing campaigns.
10.4. Certain Cookies may be placed directly by the Company, while others may be placed by third-party partners, service providers, or platforms.
10.5. Where required by law or technically necessary, the Company will obtain the User's consent before placing or using non-essential Cookies.
10.6. Users may restrict, block, or delete Cookies through their browser settings. However, doing so may affect the functionality, performance, or availability of certain features of the Website.
10.7. The retention period of Cookies depends on their type. Some Cookies are deleted automatically at the end of a browsing session, while others remain stored for a specified period or until deleted by the User.
10.8. The Company may periodically modify the Cookies it uses, including their categories, purposes, and technical characteristics, to reflect developments in the Website, security requirements, or business needs.
10.9. Additional information regarding the use of Cookies may be provided through a separate Cookie Notice, Cookie Management Platform, Cookie Banner, or other information made available on the Website.
Article 11. Third-Party Service Providers
11.1. The Company primarily processes Orders, arranges deliveries, and provides services using its own resources and personnel.
11.2. Where necessary, the Company may engage third-party service providers, including transportation, courier, logistics, technical support, IT, hosting, accounting, payment processing, or other operational service providers.
11.3. In such cases, Personal Data shall be disclosed only to the extent necessary for the performance of the relevant services.
11.4. The Company takes reasonable measures to ensure that third-party service providers engaged by the Company maintain appropriate standards of confidentiality, security, and data protection.
11.5. The Company does not disclose Personal Data to third parties for their own independent marketing purposes unless the User has provided consent or another lawful basis for such disclosure exists under applicable law.
Article 12. Amendments and Updates to this Policy
12.1. The Company may periodically amend or update this Privacy Policy to reflect changes in applicable law, technical processes, services, business operations, or operational requirements.
12.2. Any updated version of this Policy shall become effective on the date of its publication on the Website or on such later date as may be specified in the Policy.
12.3. In the event of material changes, the Company may provide additional notice to Users by e-mail, Website notification, or any other appropriate communication channel.
12.4. Users are encouraged to review the current version of this Policy periodically.
12.5. Continued use of the Website or the Company's services following the effective date of any amendment shall be deemed acknowledgement of the updated Policy, unless otherwise required by applicable law.
Article 13. Contact Information and Data Subject Requests
13.1. Users may contact the Company regarding this Privacy Policy, the processing of their Personal Data, or the exercise of their rights as Data Subjects.
13.2. Requests may be submitted through the Company's official communication channels, including e-mail, telephone, the contact form available on the Website, or any other officially designated communication method.
13.3. In order to process a request, the Company may require reasonable identification information to verify the identity of the requester, protect Personal Data, and prevent unauthorised disclosure to third parties.
13.4. The Company shall review and respond to requests within a reasonable period and in accordance with applicable Georgian law.
13.5. If a User believes that their Personal Data is being processed unlawfully or that their rights have been infringed, the User may exercise the remedies available under applicable law and may submit a complaint to the competent supervisory authority or seek relief through the courts.
Article 14. Final Provisions
14.1. This Privacy Policy forms an integral part of the Company's Terms and Conditions unless expressly stated otherwise in relation to a specific matter.
14.2. If any provision of this Privacy Policy is determined to be invalid, unlawful, or unenforceable, such determination shall not affect the validity or enforceability of the remaining provisions, which shall remain in full force and effect to the maximum extent permitted by law.
14.3. Any failure, delay, or single instance of non-exercise by the Company of any right or remedy under this Policy shall not constitute a waiver of such right or remedy.
14.4. Any matters not expressly governed by this Privacy Policy shall be governed by the applicable laws of Georgia.
14.5. The latest version of this Privacy Policy shall be available on the Company's official Website.