Effective Date: May 28th, 2024
This Privacy Policy describes our data practices with regard to your Personal Information, including the kinds of information we collect, how we collect, use, disclose, and retain that information, and how you can exercise choice regarding that information. “Personal Information” means any information relating, or reasonably capable of being linked, to you.
This Privacy Policy applies to casper.com and all other websites, applications, products, services, and other offerings (collectively, the “Service” or “Services”) owned and operated by Casper Sleep Inc. and our affiliates and subsidiaries (“Casper,” “we,” “our,” or “us”) that link to this Privacy Policy or offline locations that makes this Privacy Policy available to you. It does not apply to information collected by third parties or information collected in the context of your employment with us.
Your use of the Services is also governed by our Terms and Conditions.
If you have any questions, please contact us as set out in the “Contact Us” section below.
When you use the Services, you may be asked to provide Personal Information to us, such as when you register an account, make a purchase, sign-up for our newsletters, participate in a promotion, respond to our surveys, contact support, or apply for a job. The categories of Personal Information we collect include:
a. Information You Provide through the Services
Please do not provide any information that we do not request.
b. Information Collected When You Visit Our Stores
We collect information about you when you visit our stores in person. For example, we deploy security cameras to capture video for security purposes. In some stores, we deploy video cameras with software that allows us to count the number of users who enter our stores and track their physical movement within our stores. The software does not engage in any facial scanning, make determinations regarding user age, ethnicity, or gender, or otherwise use information with the intent to identify a specific individual. We do not deploy the software in our stores located in Illinois.
c. Information Collected from Your Device or Browser
When you use the Services, we and third parties we work with automatically collect information from your browser or device. The categories of information we automatically collect include:
This information is automatically collected through cookies and other tracking technologies incorporated into our Service, as described below:
For details on your choices around cookies and other tracking technologies, see the “Your Privacy Choices” section below.
d. Information Collected When You Use Glow
When you use our Glow light and accompanying application, we collect information about how you use Glow, such as when you turn it on, off, or change the brightness setting; your device type; and information about the light levels in the room you’re in to provide the right light settings.
e. Information Collected from Other Sources
We also collect information from other sources. The categories of sources from which we collect information include:
f. Information We Infer
We infer new personal information from other information, including to generate personal information about your likely preferences or other characteristics.
g. Sensitive Information
To the extent any of categories of information we collect are sensitive categories of personal information under applicable law, we process such information only for the limited purposes permitted by applicable law. We do not sell or use sensitive categories of personal information for purposes of targeted advertising or to make inferences.
We collect and use personal information in accordance with the practices described in this Privacy Policy, including in the following ways:
Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may use non-personal information for any purpose to the extent permitted by applicable law. For details on your choices around use of your information, see the “Your Privacy Choices” section below.
Casper may disclose your information in the following ways:
Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may disclose non-personal information for any purpose to the extent permitted by applicable law. For details on your choices around disclosure of your information, see the “Your Privacy Choices” section below.
We may link to or offer parts of our Service through websites and services controlled by third parties. In addition, we may integrate technologies, including those disclosed in the “How we Collect Information” section above, controlled by third parties. Except where third parties act as our service providers, they, and not us, control the purposes and means of processing any information they collect from you, and you should contact them directly to address any concerns you have about their processing. Third party data practices are subject to their own policies and disclosures, including what information they collect, your choices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.
We provide a variety of ways for you to exercise choice, as described below.
a. Region-Specific Rights
Some regions provide additional rights by law, as described in our region-specific terms below. This subsection details how you may exercise some of those rights to the extent they apply to you.
b. Communications
You can opt-out of receiving certain communications from us, as described below. Your opt-out is limited to the email address, phone number, or device used and will not affect subsequent subscriptions.
c. Accounts
If you hold an account with us, you can delete your account through your account settings. We will address your request in accordance with our data retention practices.
d. Browser and Device Controls
e. Matched Ads
To opt out of us disclosing your hashed email address to third parties for matched ads purposes, please click the “Your Privacy Choices Link” below to opt out of matched ads. We will remove your email address from any subsequent lists disclosed to third parties for matched ads purposes.
We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.
We retain information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
The Service is not directed toward children under 13 years old, and we do not knowingly collect personal information (as that term is defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. If you are a parent or guardian and believe we have collected personal information from children, please contact us as set out in the “Contact Us” section below. We will delete the personal information in accordance with COPPA.
We are based in the U.S. If you are located outside the U.S., please be aware that your information may be transferred to and processed in the U.S. or another country where we operate.
Casper Sleep Inc.
3 World Trade Center, 40th Floor,
175 Greenwich Street,
New York, NY 10007
Toll-free Privacy helpline: 1-855-255-8611
To exercise choice, use the methods described in the “Your Privacy Choices” section above or your region-specific terms below.
We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon our posting of the revised Privacy Policy. Your continued use of our Services indicates your consent to the Privacy Policy posted. If the changes are material, we may provide you with additional notice to your email address.
These additional rights and disclosures apply only to California residents. Terms have the meaning ascribed to them in the California Consumer Protection Act as amended by the California Privacy Rights Act (“CPRA”), unless otherwise stated.
a. Notice at Collection
At or before the time of collection of your personal information, you have a right to receive notice of our data practices. Our data practices are as follows:
Some of our disclosures of personal information may be considered a “sale” or “share” as those terms are defined under the CPRA. A “sale” is broadly defined under the CPRA to include a disclosure for something of value, and a “share” is broadly defined under the CPRA to include a disclosure for cross-context behavioral advertising. We collect, sell, or share the following categories of personal information for commercial purposes: contact identifiers, characteristics or demographics, commercial or transactions information, user-generated content, device identifiers, device information, internet activity, non-precise geolocation data, and inferences drawn from any of the above. The categories of third parties to whom we sell or share your personal information include, where applicable, vendors and other parties involved in cross-context behavioral advertising. We do not knowingly sell or share the personal information of minors under 16 years old who are California residents. For details on your rights regarding sales and shares, please see the “Right to Opt-Out of Sales and Shares” section below.
Some of the personal information we collect may be considered sensitive personal information under the CPRA. We collect, use, and disclose such sensitive personal information only for the permissible business purposes for sensitive personal information under the CPRA or without the purpose of inferring characteristics about consumers. We do not sell or share sensitive personal information.
b. Rights to Know, Correct, and Delete
You have the following rights under the CPRA:
To exercise any of these rights, please follow the instructions for data subject requests in the “Your Privacy Choices” section above. Please note these rights are subject to exceptions. If you have an account with us, we may require you to use the account to submit the request. We will confirm receipt of your request within 10 business days and respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.
c. Right to Opt-Out of Sales and Shares
To the extent we sell or share your personal information as those terms are defined under the CPRA, you have the right to opt-out of the sale or sharing of your personal information. To exercise this right, please follow the instructions for opting out of sales, shares, and targeted advertising in the “Your Privacy Choices” section above.
d. Authorized Agent
You can designate an authorized agent to submit requests on your behalf. Requests from authorized agents must be submitted to privacy@casper.com. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.
e. Right to Non-Discrimination
You have the right not to receive discriminatory treatment by us for the exercise of any your rights.
f. Shine the Light
Under California’s Shine the Light law, customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To make a request, please write us at the email or postal address set out in the “Contact Us” section above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
These additional rights and disclosures apply only to residents of Colorado, Connecticut, Utah, and Virginia. Terms have the meaning ascribed to them in the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), the Texas Data Privacy and Security Act (“TDPSA”), the Oregon Consumer Privacy Act (“OCPA”), the Montana Consumer Data Privacy Act (“MCDPA”), and the Virginia Consumer Data Protection Act (“VCDPA”), as applicable.
a. Data Subject Requests
You may have the following rights under applicable law:
If you are an Oregon resident, you also have the following rights:
To exercise any of these rights, please follow the instructions for data subject requests in the “Your Privacy Choices” section above. Please note these rights are subject to exceptions and retention practices. We will respond to your request within 45 days. If you have an account with us, we may require you to use the account to submit the request. We may require specific information from you to help us confirm your identity and process your request. If we are unable to verify your identity, we may deny your request. We do not process personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers. Some of the personal data we collect may be considered sensitive personal data under applicable law. We collect sensitive personal data with your consent.
You have the right to not receive discriminatory treatment by us for the exercise of any of your rights.
b. Right to Opt-Out of Sales and Targeted Advertising
You also may have the right to opt-out of the processing of personal data for purposes of targeted advertising or the sale of personal data. To exercise this right, please follow the instructions for opting out of sales, shares, and targeted advertising in the “Your Privacy Choices” section above.
c. Authorized Agent
You can designate an authorized agent to submit requests on your behalf. Requests from authorized agents must be submitted to privacy@casper.com. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.
d. Appeals
If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacy@casper.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows:
If you are a Nevada consumer, you have the right to direct us not to sell certain information that we have collected or will collect about you. To exercise this right, please follow the instructions for opting out of sales, shares, and targeted advertising in the “Your Privacy Choices” section above.
To the extent we receive personal data transferred from the European Union (EU), the United Kingdom (UK), and Switzerland, we will provide appropriate safeguards, such as through the use of Standard Contractual Clauses.
Casper complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (together, the “DPF”) as set forth by the U.S. Department of Commerce. Casper has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension and to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (together, the “Principles”). If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Casper is responsible for the processing of personal data subject to the DPF that it receives and subsequently transfers to a third party acting as an agent on its behalf. Casper complies with the Principles for all onward transfers of personal data from the EU, the UK, and Switzerland based on the DPF, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the DPF, Casper is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Casper may be required to disclose personal data subject to the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the DPF, Casper commits to resolve DPF-Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the DPF should first contact Casper at: privacy@casper.com.
In compliance with the DPF, Casper commits to refer unresolved complaints concerning our handling of personal data received in reliance on the DPF to JAMS, an alternate dispute resolution provider based in the United States (free of charge). If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, more fully described on the DPF website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.