Galos Limited (T/A Galos UK) Security & Privacy Policy 

including Cookies

Galos Limited (t/a Galos UK) is committed to ensuring that, when you use our website ( (the “Website”), your privacy is protected and that we fully comply at all times with the Data Protection Act 1998 (the “DPA”) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (in each case, as amended, supplemented or superseded from time to time).  Please note that, for the purposes of the DPA, the data controller is Galos Limited.

1. The information we collect and how we use it

When you order or enquire about our products we need to know your name, address, email address, and in particular your post code.  If ordering, we need to know your debit and/or credit card number and expiry date.  If you have ordered products for a third party we will need to know their delivery address. We gather this information to allow us to process your registration and any orders you may make. The relevant information is then used by us, our agents and sub-contractors to organise delivery, provide you with statements of your account and to communicate with you on any matter relating to the conduct of your account and the provision of our service.

We may also use aggregate information and statistics for the purposes of monitoring the usage of the Website in order to help us develop the Website and our services and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual. From time to time we may share your information with (i) other members of our group (which means our subsidiaries, our ultimate holding company and its other subsidiaries (each as defined in section 1159 of the UK Companies Act 2006)), (ii) our customer service agencies for research and analysis purposes so that we can monitor and improve the products and services we provide and (iii) analytics and search engine providers that assist us in the improvement and optimisation of the Website. We, our fellow group members and our respective agents and sub-contractors may contact you by mail, email or telephone to ask you for your feedback and comments on our products and services.

We and our fellow group members may also wish to provide you with information about special features of the Website or any other service or products we think may be of interest to you. If you would rather not receive this information, please click here (link to an email).  You can also unsubscribe from our contact list at any time by clicking the “unsubscribe” link at the bottom of a marketing email or by emailing with “unsubscribe” in the subject line.

We may also want to provide you with related information from third parties we think may be of interest to you. If you would rather not receive this information, please log into your account and change your preferences by clicking here (link to an email).  We may also provide your information to carefully selected third parties whose products or services we believe may be of interest to you. If you do not wish us to disclose your information in this way, please log into your account and change your preferences by clicking here (link to an email).

2. Our use of cookies and other information gathering technologies

A cookie is a small text file which we transfer to your hard drive through your web browser when you visit the Website or open certain emails. It enables our own system to recognise you when you visit the Website again and improve our services to you. The information can be used to enhance the content of the Website and make your use of it easier. For more information about cookies please visit

To order products on the Website you will need to ensure that the setting on your web browser allows cookies. If you don’t want to allow cookies you can still enjoy browsing the Website for that gorgeous gift or self-indulgent treat, you’ll just have to visit our store in person in order to purchase. 

Four types of cookies may be used during your visit to the Website.

  • Strictly necessary cookies. These are cookies that are required for the operation of the Website.  They include, for example, cookies that enable you to log into secure areas of the Website, use a shopping cart or make use of e-billing services.
  • Analytical/performance cookies.  These cookies allow us to recognise and count the number of visitors using the Website and to see how they move around the Website when they are using it.  This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies.  These cookies are used to recognise you when you return to the Website and enables us to personalise content for you.
  • Targeting cookies.  These cookies record your visit to the Website, the pages you visit and the links you follow.  We will use this information to make the Website and the advertising displayed on it more relevant to your interests.  We may also share this information with third parties for this purpose.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below: 


Cookie name Cookie use Cookie duration Cookie purpose
 PHPSESSID Strictly necessary Until browser closes  Enables cart and customer log in
 galos Functionality 6 months  Enables customer log-in
 wfvt_ Functionality Until browser closes  Test cookie to see if browser accepts cookies
_ga Tracking Until browser closes  Helps improve service to customers



3. How we protect your information

Security is a major issue for anyone purchasing on the internet. You need to know that a website is legitimate, and transactions are secure before you buy.  To address these issues the Website uses Sage Pay (via to process your orders. Sage Pay is an independent payment service provider. Sage Pay encrypts every transaction to the highest global standards. Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.  Sage Pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance, so that you can be confident about using them to make a secure payment online. Sage Pay is also an active member of the PCI Security Standards Council (SSC) that defines card industry global regulation.

All transaction information passed between the Website and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted. You can be completely assured that nothing you pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.

Once on Sage Pay’s systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign’s Global Root certificate, making them all but impossible to extract. The data Sage Pay hold is extremely secure and they are regularly audited by banks and banking authorities to ensure it remains so.

4. Sale of business

If Galos Limited or this business is sold or integrated with another entity or business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of Galos Limited/the business.

5. Other circumstances in which we may disclose your information

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or pursuant to any order of a court or tribunal, or in order to enforce or apply our Terms & Conditions or to protect the rights, property, or safety of Galos Limited, our customers, or others.  This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

6. Access to information

The DPA gives you the right to access information held about you. Your right of access can be exercised in accordance with the DPA. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

7. Updating your details

If any of the information that you have provided to us changes, for example if you change your email address or name, please login to your account by clicking here (insert email address). If you wish to cancel your registration, please send an email by clicking here, or by sending a letter to Galos UK, 6 Old Cross, Hertford, SG14 1LS.

8. Your consent and changes to our Security and Privacy Policy

By continuing to use the Website and submitting your information you consent to the use of that information as set out in this Policy. If we change our Security and Privacy Policy we will post the changes on this page, and may place notices on other pages of the Website, so that you may be aware of the information we collect and how we use it at all times. We will also email you should we make any changes so that you may consent to our use of your information in that way. Continued use of the Website will signify that you agree to any such changes.

9. How to contact Galos UK

We welcome your views about the Website and our Security and Privacy Policy. If you would like to contact us with any queries or comments please send an email by clicking here (insert email address).

Visit us on Facebook Visit us on Twitter