Privacy policy

Sleep Firm Privacy Policy 

Last Updated: 26 February 2026 


1. About This Privacy Policy 

This Privacy Policy explains how Sleep Firm collects, uses, stores and discloses your personal information. 

Sleep Firm is operated by Chiropedic Bedding Pty Ltd (ABN 86 052 960 808) as part of Sleep Collective, the group brand for Chiropedic Bedding Pty Ltd (ABN 86 052 960 808) and Sleep Republic Pty Ltd (ABN 74 607 067 121). 

In this policy:  

  • "we", "us", "our" refers to Chiropedic Bedding Pty Ltd (ABN 86 052 960 808)
  • "you", "your" refers to you, the user or customer
  • "Sleep Collective" refers to the group brand encompassing Chiropedic, Eco Kids, Yinahla, Sleep Firm, Mattress Factory Direct, House of Sleep, Sanctum and Sleep Republic
  • "Personal Information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable

 

We are committed to protecting your privacy and complying with the Australian Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and all applicable privacy laws. 


2. What Personal Information Do We Collect? 

We may collect the following types of personal information from you: 

Contact Information 

  • Full name
  • Email address
  • Phone number (mobile and/or landline)
  • Postal address and delivery address
  • Business name and ABN (for commercial customers) 

Transaction Information 

  • Purchase history and order details
  • Payment information (processed securely by our payment gateway - we do not store credit card details on our systems)
  • Delivery preferences and instructions
  • Product preferences and reviews 

Account Information 

  • Username and password (encrypted)
  • Communication preferences
  • Saved shopping cart items
  • Wishlist items 

Technical Information 

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on our website
  • Referring website/source
  • Cookies and similar tracking technologies (see Section 9) 

Marketing and Communication Information 

  • Marketing preferences (opt-in/opt-out status)
  • Survey responses
  • Competition entries
  • Customer service interactions and correspondence
  • Product reviews and testimonials 

Sensitive Information 

We do not generally collect sensitive information (such as health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or criminal records) unless you voluntarily provide it to us (for example, in a product review or customer service inquiry). If we collect sensitive information, we will only do so with your explicit consent and in accordance with APP 3. 


3. How Do We Collect Your Personal Information? 

We collect personal information in the following ways: 

Directly From You 

  • When you create an account on our website
  • When you make a purchase or place an order
  • When you subscribe to our newsletter or marketing communications
  • When you contact our customer service team (by phone, email, live chat, or social media)
  • When you enter a competition, promotion, or survey
  • When you leave a product review or testimonial
  • When you engage with us on social media
  • When you visit our physical retail stores (if applicable)
  • When you apply for a job with us 

Automatically When You Use Our Website 

  • Through cookies, web beacons, and similar tracking technologies
  • Through website analytics tools (e.g., Google Analytics, Meta Pixel)
  • Through your device and browser settings 

From Third Parties 

  • Payment gateway providers (e.g., Shopify Payments, PayPal, Afterpay, Zip)
  • Delivery and logistics providers (e.g., Australia Post, StarTrack, couriers)
  • Marketing and advertising platforms (e.g., Google Ads, Meta/Facebook, Instagram)
  • Social media platforms (if you connect your social media account)
  • Credit reporting agencies (for commercial credit applications only)
  • Publicly available sources (e.g., business directories for B2B customers) 


4. Why Do We Collect, Use and Disclose Your Personal Information? 

We collect, use and disclose your personal information for the following purposes: 

Primary Purposes 

Order Processing and Fulfilment 

  • To process your orders and payments
  • To arrange delivery of products to you
  • To manage returns, refunds and exchanges
  • To provide customer service and support
  • To communicate with you about your order status 

Account Management 

  • To create and manage your customer account
  • To verify your identity
  • To allow you to access your order history and account settings
  • To save your preferences for future visits 

Marketing and Communications (with your consent) 

  • To send you promotional emails, newsletters and special offers
  • To inform you about new products, sales and events
  • To send you personalised product recommendations
  • To invite you to participate in surveys, competitions and promotions
  • You can opt out at any time using the unsubscribe link in our emails or by contacting us directly 

Website Improvement and Analytics 

  • To understand how you use our website
  • To improve our website functionality, user experience and product offerings
  • To conduct market research and analyse customer trends
  • To develop new products and services 

Legal and Compliance 

  • To comply with our legal obligations under Australian law
  • To enforce our Terms and Conditions
  • To prevent fraud, security breaches and other illegal activities
  • To respond to legal processes (e.g., court orders, subpoenas) 

Secondary Purposes 

We may also use your personal information for secondary purposes that are related to the primary purposes above, or where you have consented, or where permitted or required by law. Secondary purposes include: 

  • Internal business operations – administration, finance, quality assurance, staff training
  • Credit management – for commercial customers, to assess creditworthiness and manage accounts
  • Dispute resolution – to resolve complaints or disputes with you
  • Business transactions – if we sell or transfer part of our business, your information may be transferred to the purchaser
  • Group collaboration – sharing information within the Sleep Collective group (between Chiropedic Bedding Pty Ltd and Sleep Republic Pty Ltd) for administration, marketing, customer service, product development, and operational purposes 


5. Who Do We Disclose Your Personal Information To? 

We may disclose your personal information to the following third parties: 

Within Sleep Collective Group 

Chiropedic Bedding Pty Ltd (ABN 86 052 960 808) and Sleep Republic Pty Ltd (ABN 74 607 067 121) may share your information for administration, marketing, customer service, and product development purposes within the Sleep Collective group. 

Service Providers 

  • Payment processors – Shopify Payments, PayPal, Afterpay, Zip, bank payment gateways (to process payments securely)
  • Delivery and logistics providers – Australia Post, StarTrack, couriers, freight companies (to deliver your orders)
  • Website hosting and IT services – Shopify, cloud storage providers, IT support providers (to host and maintain our website)
  • Email and communication services – email marketing platforms (e.g., Klaviyo, Mailchimp), SMS providers (to send you communications)
  • Customer service tools – live chat providers, helpdesk software, CRM systems (to provide customer support) 

Marketing and Analytics Partners 

  • Google – Google Analytics, Google Ads, Google Tag Manager (for website analytics and advertising)
  • Meta/Facebook – Facebook Pixel, Instagram advertising (for remarketing and advertising)
  • Other advertising platforms – retargeting providers, social media platforms (to show you relevant ads) 

Professional Advisers 

Lawyers, accountants, auditors, insurers, financial advisers (to obtain professional advice) 

Government and Regulatory Authorities 

Law enforcement agencies, courts, tribunals, regulatory authorities (when required by law or to protect our legal rights) 

Business Purchasers 

In the event of a merger, acquisition, sale of assets, or business restructure, your information may be transferred to the purchaser or successor entity 

Other Third Parties 

  • Competition and survey providers (if you enter a competition or survey)
  • Product review platforms (if you leave a review)
  • Credit reporting agencies (for commercial customers only) 

We require all third parties to handle your personal information securely, in accordance with Australian privacy laws, and only for the purposes we disclose to you. 


6. Cross-Border Disclosure of Personal Information 

Some of our service providers store or process personal information outside of Australia. Your personal information may be disclosed to recipients in the following countries: 

  • United States – Shopify (website hosting), Google (analytics), Meta/Facebook (advertising), email service providers
  • European Union – Cloud storage providers, IT support services
  • Singapore – Payment gateway providers
  • Other countries – as required for specific service providers we engage from time to time 

When we disclose personal information to overseas recipients, we take reasonable steps to ensure that they comply with the Australian Privacy Principles or are subject to similar privacy protections. By using our website and services, you consent to the disclosure of your personal information to overseas recipients for the purposes outlined in this policy. 

If we are unable to ensure that an overseas recipient complies with the APPs, we will seek your express consent before disclosing your personal information to that recipient. 


7. How Do We Store and Secure Your Personal Information? 

We take the security of your personal information seriously and implement a range of technical, physical and administrative measures to protect it from misuse, interference, loss, unauthorised access, modification or disclosure. 

Security Measures 

  • Encryption – We use Secure Socket Layer (SSL) encryption technology to protect data transmitted between your browser and our website
  • Secure payment processing – We use Payment Card Industry Data Security Standard (PCI-DSS) compliant payment gateways. We do not store credit card details on our systems.
  • Access controls – Only authorised employees and service providers have access to your personal information, on a need-to-know basis
  • Password protection – User accounts are password-protected. We recommend using strong, unique passwords and not sharing them with others.
  • Regular security reviews – We regularly review and update our security measures to address emerging threats
  • Secure servers – Our website and data are hosted on secure servers with appropriate firewalls and security protocols 

Data Retention 

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods include: 

  • Order and transaction records – 7 years (for tax and accounting purposes under Australian law)
  • Marketing communications – Until you unsubscribe or request deletion, or until 2 years of inactivity
  • Account information – While your account remains active, or until you request deletion
  • Website analytics data – Aggregated and anonymised data may be retained indefinitely
  • Customer service records – 3-5 years (for quality assurance and dispute resolution)
  • Job applications – 6-12 months after the recruitment process concludes 

When personal information is no longer needed, we will take reasonable steps to destroy or permanently de-identify it in a secure manner. 

What Happens If There Is a Data Breach? 

In the event of a data breach that is likely to result in serious harm to you, we will: 

  • Take immediate steps to contain and remediate the breach
  • Assess the nature and extent of the breach
  • Notify you and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme
  • Provide you with information about the breach and steps you can take to protect yourself
  • Take steps to prevent future breaches


 

8. Your Rights and Choices 

Under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights in relation to your personal information: 

Right to Access 

You have the right to request access to the personal information we hold about you. We will provide you with access within 30 days of your request, unless we are legally prohibited from doing so or an exception applies. 

Right to Correction 

You have the right to request that we correct any personal information about you that is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will take reasonable steps to correct your information within 30 days of your request. 

If we refuse to correct your information, we will provide you with written notice explaining our reasons and informing you of your right to complain to the OAIC. 

Right to Deletion (in certain circumstances) 

You may request that we delete your personal information in the following circumstances: 

  • It is no longer necessary for the purposes for which it was collected
  • You withdraw your consent (where consent was the basis for collection)
  • You object to the processing and there is no overriding legitimate reason
  • It was collected or processed unlawfully
  • It must be deleted to comply with a legal obligation 

We may be unable to delete your information if we are required to retain it by law (e.g., for tax or accounting purposes) or if we have a legitimate business need to retain it (e.g., to defend legal claims). 

Right to Object or Restrict Processing 

You have the right to object to or request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the information or object to the purpose for which it is being processed. 

Right to Withdraw Consent 

Where we rely on your consent to collect, use or disclose your personal information, you have the right to withdraw your consent at any time by contacting us. This will not affect the lawfulness of processing based on consent before its withdrawal. 

Right to Opt-Out of Marketing 

You have the right to opt out of receiving marketing communications from us at any time by: 

  • Clicking the "unsubscribe" link in any marketing email
  • Replying "STOP" to any marketing SMS
  • Contacting us directly using the contact details in Section 13
  • Updating your marketing preferences in your account settings 

We will process your opt-out request within 5 business days. Please note that even if you opt out of marketing, we may still send you transactional or service-related communications (e.g., order confirmations, delivery updates, important account information). 

Right to Complain 

If you believe we have breached the Australian Privacy Principles or your privacy rights, you have the right to make a complaint. Please see Section 12 for our complaints process. 

 

9. Cookies and Tracking Technologies 

Our website uses cookies, web beacons, pixels and similar tracking technologies to enhance your browsing experience, analyse website traffic, and deliver personalised advertising. 

What Are Cookies? 

Cookies are small text files that are placed on your device when you visit a website. They allow the website to recognise your device and remember information about your visit. 

Types of Cookies We Use 

Essential Cookies (Always Active) 

These cookies are necessary for the website to function properly and cannot be disabled. They include: 

  • Session cookies (to maintain your shopping cart and login session)
  • Security cookies (to prevent fraud and ensure secure browsing)
  • Load balancing cookies (to distribute website traffic efficiently) 

Analytics and Performance Cookies 

These cookies help us understand how visitors interact with our website by collecting anonymous information about pages visited, time spent on the site, and any errors encountered. We use: 

  • Google Analytics – to analyse website traffic and user behaviour
  • Shopify Analytics – to monitor website performance and sales data 

Marketing and Advertising Cookies 

These cookies are used to deliver personalised advertisements and measure the effectiveness of our marketing campaigns. We use: 

  • Google Ads – for remarketing and conversion tracking
  • Meta Pixel (Facebook/Instagram) – for social media advertising and retargeting
  • Third-party retargeting platforms – to show you relevant ads on other websites 

Functional Cookies 

These cookies enable enhanced functionality and personalisation, such as: 

  • Remembering your preferences (e.g., language, currency, location)
  • Saving items in your wishlist or shopping cart
  • Providing live chat support 

Managing Cookies 

You can control and manage cookies through your browser settings. Most browsers allow you to: 

  • View and delete cookies
  • Block cookies from specific websites
  • Block all cookies (note: this may affect website functionality)
  • Receive a notification before a cookie is placed 

To manage cookies, visit your browser's help section: 

  • Chrome: Settings>Privacy and security>Cookies and other site data
  • Firefox: Options>Privacy & Security>Cookies and Site Data
  • Safari: Preferences>Privacy>Cookies and website data
  • Edge: Settings>Privacy, search, and services>Cookies and site data 

 

You can also opt out of personalised advertising by visiting: 

Please note that disabling cookies may affect the functionality of our website and your ability to access certain features. 


10. Third-Party Links and Services 

Our website may contain links to third-party websites, social media platforms, and services (e.g., Facebook, Instagram, YouTube, payment gateways, product review platforms). 

We are not responsible for the privacy practices or content of third-party websites. When you click on a third-party link or interact with a third-party service, you are subject to their privacy policy and terms of service, not ours. 

We recommend that you review the privacy policy of any third-party website or service before providing your personal information to them. 

 

11. Direct Marketing and Spam Act Compliance 

We may use your personal information to send you direct marketing communications (e.g., promotional emails, newsletters, SMS messages) about our products, services, special offers and events. 

Consent 

We will only send you marketing communications if: 

  • You have expressly consented (e.g., by ticking a box or subscribing to our newsletter), OR
  • It is reasonable to expect that we would use your information for marketing (e.g., you are an existing customer and the marketing relates to similar products), AND
  • You have not opted out 

Spam Act 2003 Compliance 

We comply with the Australian Spam Act 2003 by: 

  • Only sending commercial electronic messages (emails and SMS) to individuals who have consented
  • Clearly identifying ourselves as the sender in all messages
  • Including a functional unsubscribe link in all marketing emails
  • Processing unsubscribe requests within 5 business days
  • Ensuring that our messages are not misleading or deceptive 

How to Opt-Out 

You can opt out of receiving marketing communications at any time by: 

  • Clicking the "unsubscribe" link in any marketing email
  • Replying "STOP" to any marketing SMS
  • Contacting us directly at  hello@sleepfirm.com.au
  • Updating your preferences in your account settings 

 

12. Complaints and Dispute Resolution 

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you have the right to make a complaint. 

How to Make a Complaint 

Step 1: Contact Us 

Please contact our Privacy Officer in writing: 

  • Email:  hello@sleepfirm.com.au
  • Mail: Privacy Officer, Sleep Collective, 240 Ballarat Road, Braybrook, Vic, 3019
  • Phone: 03 9318 1211 

Please include the following information in your complaint: 

  • Your full name and contact details
  • A clear description of the issue or privacy breach
  • Any relevant details, dates, and supporting documentation
  • The outcome you are seeking 

Step 2: We Will Investigate 

We will acknowledge your complaint within 5 business days and investigate the matter. We aim to resolve complaints within 30 days, but complex matters may take longer. We will keep you informed of our progress. 

Step 3: We Will Provide a Response 

Once our investigation is complete, we will provide you with a written response that: 

  • Explains our findings
  • Outlines any corrective action we will take
  • Informs you of your right to escalate the complaint if you are not satisfied 

Escalating Your Complaint 

If you are not satisfied with our response, or if we have not resolved your complaint within 30 days, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC): 

The OAIC is an independent regulator that investigates complaints about privacy breaches and can make binding determinations. 

 

13. Contact Us 

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please contact us: 

Sleep Republic

We aim to respond to all inquiries within 5-7 business days. 

 

14. Changes to This Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational, legal or regulatory reasons. 

When we make changes to this Privacy Policy: 

  • We will update the "Last Updated" date at the top of this policy
  • If the changes are significant, we will notify you by email (if you have provided us with your email address) or by displaying a prominent notice on our website
  • The updated policy will be effective immediately upon posting on our website 

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use and protect your personal information. 

Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of the updated policy. 


15. Anonymity and Pseudonymity 

Where practicable, you have the option to interact with us anonymously or using a pseudonym. For example: 

  • Browsing our website without creating an account
  • Contacting customer service with general inquiries 

However, in most cases, we will need to collect your personal information to provide you with our products and services (e.g., to process an order, create an account, or respond to a specific inquiry). If you choose not to provide us with your personal information, we may be unable to provide you with the requested products or services. 

16. Children's Privacy 

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal information from children under 18 without parental consent. 

If you are under 18, please do not provide any personal information through our website or services. If you are a parent or guardian and you believe your child has provided us with personal information without your consent, please contact us immediately at hello@sleepfirm.com.au and we will take steps to delete that information. 

 

17. Sleep Collective Group Brand 

Sleep Firm is part of Sleep Collective, the group brand for: 

  • Chiropedic Bedding Pty Ltd (ABN 86 052 960 808) – owner and operator of Chiropedic, Eco Kids, Yinahla, Sleep Firm, Mattress Factory Direct, House of Sleep, and Sanctum
  • Sleep Republic Pty Ltd (ABN 74 607 067 121) – owner and operator of Sleep Republic 

As part of the Sleep Collective group, your personal information may be shared between Chiropedic Bedding Pty Ltd and Sleep Republic Pty Ltd for the purposes of: 

  • Administration and business operations
  • Customer service and support
  • Product development and improvement
  • Marketing and communications (with your consent)
  • Legal and compliance obligations 

All entities within the Sleep Collective group are committed to protecting your privacy and complying with the Australian Privacy Principles.