We invite anyone to participate in our sleep surveys as long as participants adhere to the following survey guidelines:


1. Accept our Privacy Policy and any other terms stated on the website or survey stipulations.

2. You are a human (not AI, a bot, or computer program).

3. You are over the age of thirteen years old (13+ years-old);
or, over the age of sixteen years old with your parents written consent.

4. You provide solely real, honest responses to survey all questions, and participate in our surveys in good faith.

5. Agree to only take each survey once, unless for the purpose of changing your previous survey response(s).

If you do not meet these guidelines or don't agree with this policy, you do not qualify to participate in our surveys or any other programs or offers posted.

Effective Date: October 8, 2024

H2Pillow (H2P, for short) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you about how we collect, use, and share your personal data when you participate in our survey, as well as your rights under the General Data Protection Regulation (GDPR).

Data Controller

H2Pillow, DBA as HydroPillow

privacy@h2pillow.com

+1 415 420 four-zero-two-nine (4029)

We are the data controller responsible for your personal data collected via this survey.

Types of Data Collected

We may collect the following types of data:

• Non-identifiable information: Anonymous responses to survey questions.

• Required and/or Optional Personal Data: If you provide any personal information

voluntarily (e.g., email for follow-up surveys or feedback).

• Technical Data: Device and connection data, such as IP address (if applicable).

Purpose of Data Collection

We collect and process your data for the following purposes:

• To analyze trends and patterns related to sleep habits and product usage.

• To improve the development of our products and services.

• To communicate with you (only if you provide your contact information for follow-up purposes).

• To comply with any legal or regulatory obligations.

Legal Basis for Processing

Under GDPR, we rely on the following legal bases for processing your personal data:

• Consent: By participating in the survey, you give us consent to collect and use your data for the stated purposes.

• Legitimate Interest: We process non-identifiable data to improve our product design and services.

How data will be protected

All survey data collected through Typeform is hosted on Amazon’s AWS service. Our main servers are located in Virginia, USA. You can read more about AWS here. Note that we prevent access to information by any third party by encrypting your data in-transit (end-to-end, including within the virtual private cloud at AWS) using secure TLS cryptographic protocols (TLS 1.2), and Advanced Encryption Standard (AES) is used with a 256-bit key to encrypt data at rest including the backups of the information. You can read more about security here.

• All Typeform employees are bound by strict confidentiality agreements.

  TLS is used to secure all data in transit. Find out more about TLS here.
  
  

Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Survey responses are anonymized and stored securely.

International Data Transfers

If any personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as standard contractual clauses or an adequacy decision from the European Commission.

Complaints

If you believe your data rights have been violated, you have the right to file a complaint with a supervisory authority, particularly in the EU country where you reside, work, or believe the infringement took place.

Changes to This Privacy Policy

We may update this privacy policy from time to time. Any changes will be posted on this page, and we will notify you by email (if provided) or through the survey platform.

Contact Information:

If you have any questions about this privacy policy or how we handle your data, please contact us at privacy@h2pillow.com.

We use Typeform to create and administer this survey (e.g., a Survey Platform). Typeform is a third-party platform that helps us collect and process your responses. This addendum outlines how Typeform handles and protects the data collected through the survey in accordance with GDPR.

1. Typeform’s Role as a Data Processor

Typeform acts as a data processor under the GDPR, processing data on our behalf as the data controller. This means that while we determine the purposes and means of processing your survey responses, Typeform processes the data in compliance with our instructions and GDPR regulations.

2. Data Collected by Typeform

Typeform collects and processes the following types of data:

• Survey responses: All answers you provide in the survey.

• Optional personal data: Any personally identifiable information (PII) that you voluntarily submit (e.g., contact details for follow-up).

• Technical data: IP address, browser type, and device information (for security and troubleshooting purposes).

This data is processed in compliance with GDPR and other relevant data protection laws.

3. Data Storage and Retention by Typeform

• Typeform stores your data on secure servers located in the European Union and the United States. They use AWS (Amazon Web Services) as their hosting provider, which is GDPR-compliant.

• Data will be retained on Typeform’s platform for as long as necessary to fulfill the purposes outlined in our privacy policy, or until you request its deletion.

4. Data Security Measures

Typeform implements the following security measures to protect your data:

• Encryption: All data collected through Typeform is encrypted during transmission (via HTTPS) and while stored on their servers.

• Access Controls: Only authorized personnel can access your data, and Typeform enforces strict access control policies to prevent unauthorized access.

• Regular Audits: Typeform conducts regular security audits to ensure compliance with data protection standards.

5. Data Transfers

If Typeform transfers your data outside of the European Economic Area (EEA), they ensure that appropriate safeguards are in place to comply with GDPR requirements. These safeguards may include Standard Contractual Clauses (SCCs) or reliance on adequacy decisions from the European Commission.

6. Your Rights Regarding Typeform’s Processing of Your Data

In addition to the rights outlined in our main privacy policy, you have the right to:

• Request information on how your data is processed by Typeform.

• Withdraw consent for Typeform to process your data at any time.

• Request deletion of your survey data from Typeform’s servers (contact us at [your email address] to facilitate this request).

7. Typeform’s Privacy Policy

For more detailed information on how Typeform processes personal data and complies with GDPR, please refer to their privacy policy: Typeform's Terms of Service and Privacy Policy.

You have the following rights regarding your personal data:

• Access: You can request access to the personal data we hold about you.

• Rectification: You can request correction of any inaccurate personal data.

• Erasure: You can request deletion of your data (“Right to be forgotten”).

• Restriction: You can request restriction of the processing of your data.

• Data Portability: You can request a copy of your data in a structured format.

• Withdrawal of Consent: You can withdraw your consent at any time without affecting the lawfulness of the processing carried out before your withdrawal.

To exercise these rights, contact us at privacy@h2pillow.com.

The cookies that our third party partners use are as follows: Typeform: Uses are small text files that store data made available by your web browser, such as language preference. This information helps us give you a better experience.

Cookies do not provide us with any personally identifiable information.

You can change or block cookies in your browser settings.

Cookies do not harm your computer or impact your online security.