Legal

ShopShop
0

No products in the cart.

Shop nowShop now

INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA
(pursuant to Art. 13 of EU Regulation 2016/679 and Art. 3 of EU Regulation 2023/2854)

  1. Data Controller and Data Protection Officer (DPO)

The Data Controller of personal data is Somnia Technologies S.r.l. (hereinafter “Somnia” or the “Controller”), with its registered office in Milan, Via Foppa n. 7. The Data Controller is the entity that determines the purposes and means of the processing of personal data.

A Data Protection Officer (DPO) has been appointed, who can be contacted for any matter concerning the processing of your personal data at the following email address: support@qimora.com.

  1. Types of Personal Data Processed

Somnia collects and processes the following categories of personal data:

  • Data voluntarily provided by the user: Data communicated by the user when registering on the site, filling out contact forms, making purchases, participating in forums or other initiatives, or through communications via email, social media, or telephone. This data may include, by way of example, name, surname, email address, telephone number, shipping address, and payment data.
  • Navigation data: Data collected automatically during navigation on Somnia’s website. This data, although not collected to be associated with identified data subjects, could, through processing and association with data held by third parties, allow users to be identified. This category includes IP addresses, domain names of the computers used by users, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. The image or handwritten signature of a natural person also falls within the definition of “personal data”.
  • Data generated from the use of connected products (Product Data): If you purchase and use our “connected” products (e.g., heated mattress toppers equipped with sensors), data relating to their operation and your use is generated. This data is defined as “product data” under the Data Act and is, by default, accessible to you.
  1. Purposes and Legal Basis for Processing

Personal data is processed for the following purposes and on the basis of the following conditions of lawfulness (Art. 6 GDPR):

  • a) Provision of requested services: To manage site registration, process purchase orders, allow participation in forums and other activities, and generally to perform a contract to which the data subject is a party or to take pre-contractual measures at the data subject’s request.
    • Legal basis: Performance of a contract (Art. 6, para. 1, lett. b) GDPR).
  • b) Compliance with legal obligations: To comply with obligations provided for by law, a regulation, or EU legislation, such as accounting and tax obligations.
    • Legal basis: Compliance with a legal obligation (Art. 6, para. 1, lett. c) GDPR).
  • c) Exercise of rights in legal proceedings: To ascertain, exercise, or defend a right of the Controller in legal proceedings .
    • Legal basis: Legitimate interest of the Controller (Art. 6, para. 1, lett. f) GDPR), provided that the interests or fundamental rights and freedoms of the data subject do not override it.
  • d) Direct marketing: Subject to your explicit consent, to send commercial and promotional communications, newsletters, advertising material relating to products and services of Somnia and/or third-party commercial partners, via email, SMS, telephone, paper mail, and social media. Consent for this purpose is optional and can be revoked at any time. Pursuant to Art. 130, paragraph 4, of Legislative Decree 196/2003 (Privacy Code), the email coordinates provided in the context of the sale of a product or service may be used for sending commercial communications relating to similar products or services (so-called “soft spam”), provided that the data subject, being adequately informed, does not object to such use.
    • Legal basis: Consent of the data subject (Art. 6, para. 1, lett. a) GDPR) or legitimate interest for “soft spam”.
  • e) Profiling: Subject to your explicit consent, to analyze your preferences, consumption habits, and purchasing choices, also based on data generated by connected products, in order to create user profiles and offer personalized services, content, and commercial communications. Consent for this purpose is optional and can be revoked at any time.
    • Legal basis: Consent of the data subject (Art. 6, para. 1, lett. a) GDPR).
  1. Processing Methods and Security Measures

The processing of personal data is carried out by means of the operations indicated in Art. 4, no. 2) GDPR. The processing is based on the principles of lawfulness, fairness, and transparency. The data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. Somnia adopts appropriate technical and organizational security measures to prevent data loss, illicit or incorrect use, and unauthorized access.

  1. Pre-contractual Information for Connected Products (pursuant to the Data Act)

In accordance with Article 3, paragraph 2, of Regulation (EU) 2023/2854 (Data Act), before the conclusion of the purchase contract for one of our connected products (e.g., heated mattress topper), we provide you with the following clear and comprehensible information.

  • a) Data generated by the product:
    • Type of data: The product is capable of generating data related to its use, such as: power-on and power-off times, set temperatures, duration of operating cycles, selected usage modes, estimated energy consumption, and diagnostic operating codes.
    • Format and estimated volume: The data is collected in a structured, commonly used, and machine-readable format (e.g., JSON). The volume of data generated is estimated at a few kilobytes for each day of use.
    • Frequency of generation: The product can generate data continuously and in real-time during its operation, transmitting it periodically to our servers.
  • b) Access, retrieval, and deletion of product data:
    • Access methods: You can access the data generated by your product at any time, easily, securely, and free of charge, through your personal account on our website or via the dedicated mobile application.
    • Technical means: We provide a specific “Export my data” function within your reserved area, which allows you to download a complete copy of the product data. Application programming interfaces (APIs) may also be available to allow automated access; the related terms of use and quality of service will be detailed in the technical documentation.
    • Deletion: You can request the deletion of data associated with your product directly from your personal area or by contacting our customer service. Deleting the data may limit or prevent the operation of some “smart” features of the product.
  • c) Data storage:
    • The data generated by the product is stored on secure servers located within the European Union. The retention period is indicated in the subsequent Section 7.
  • d) Specific rights under the Data Act:
    • You have the right to use the data generated by your product for any legitimate purpose, including the right to share it with third parties of your choice (for example, providers of repair or energy analysis services), without any discrimination.
    • These information obligations are additional to and do not replace those provided for by the GDPR.
  1. Communication and Recipients of Data

Your personal data may be communicated to:

  • Employees and collaborators of the Controller, duly authorized and instructed.
  • Third-party companies or other entities (e.g., technical service providers, hosting providers, postal couriers, IT companies) that carry out outsourcing activities on behalf of the Controller, appointed, if necessary, as Data Processors pursuant to Art. 28 GDPR.
  • Judicial or administrative authorities, for the fulfillment of legal obligations.
  • The data subject has the right to obtain the specific identity of the recipients to whom their data has been disclosed. The Controller may limit itself to indicating only the categories of recipients if it is impossible to identify the specific recipients or if the data subject’s request is manifestly unfounded or excessive.
  1. Data Retention Period

Personal data is kept for the time strictly necessary to achieve the purposes for which it was collected. Specifically:

  • For contractual and legal obligation purposes, the data will be kept for the entire duration of the contractual relationship and, after its termination, for the period provided for by law (usually 10 years for accounting records).
  • Data generated from the use of connected products will be kept for the entire lifespan of the product associated with your account and until the withdrawal of consent (if the processing is based on it) or your request for deletion.
  • For marketing and profiling purposes, the data will be kept until the data subject withdraws consent or for the maximum period permitted by the regulations and by the provisions of the Data Protection Authority.
  1. Rights of the Data Subject

As a data subject, you may at any time exercise the rights provided for in Articles 15 to 22 of the GDPR, in addition to the specific rights provided for by the Data Act mentioned in Section 5:

  • Right of access (Art. 15 GDPR): Obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information regarding the processing.
  • Right to rectification (Art. 16 GDPR): Obtain the rectification of inaccurate personal data.
  • Right to erasure (‘right to be forgotten’, Art. 17 GDPR): Obtain the erasure of personal data in the cases provided for by law.
  • Right to restriction of processing (Art. 18 GDPR): Obtain the restriction of processing where one of the provided hypotheses applies.
  • Right to data portability (Art. 20 GDPR): Receive the personal data concerning you in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.
  • Right to object (Art. 21 GDPR): Object at any time to the processing of personal data based on legitimate interest or carried out for direct marketing purposes.
  • Right not to be subject to automated decision-making (Art. 22 GDPR): The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.

Requests to exercise your rights can be sent to the Data Controller or the DPO at the addresses indicated above. The Controller will provide a response without undue delay and, in any event, at the latest within one month of receipt of the request.

  • Right to lodge a complaint: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the Data Protection Authority if you believe that the processing concerning you violates the GDPR. For violations related to the obligations of the Data Act, you have the right to file a complaint with the competent national authority.
  1. Cookies

For details regarding the use of cookies by Qimora website, please refer to the specific Cookie Policy.

  1. Changes to this Notice

This notice may be subject to changes and updates. Any changes will be made known to users through publication on Somnia’s website.

Last updated date March 27th, 2026.

Additional 10% off Unlocked

Checkout now with a 20% total discount

Start sleeping better from tonight with a special 20% total discount.

Use the coupon code WELCOME10 at checkout.

Shop the Sleep CoreShop the Sleep Core