Galos Limited (t/a Galos UK) is committed to ensuring that, when you use our website (www.galosuk.com) (the “Website”), your privacy is protected and that we fully comply at all times with the Data Protection Act 1998 (the “DPA”) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (in each case, as amended, supplemented or superseded from time to time). Please note that, for the purposes of the DPA, the data controller is Galos Limited.
1. The information we collect and how we use it
When you order or enquire about our products we need to know your name, address, email address, and in particular your post code. If ordering, we need to know your debit and/or credit card number and expiry date. If you have ordered products for a third party we will need to know their delivery address. We gather this information to allow us to process your registration and any orders you may make. The relevant information is then used by us, our agents and sub-contractors to organise delivery, provide you with statements of your account and to communicate with you on any matter relating to the conduct of your account and the provision of our service.
We may also use aggregate information and statistics for the purposes of monitoring the usage of the Website in order to help us develop the Website and our services and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual. From time to time we may share your information with (i) other members of our group (which means our subsidiaries, our ultimate holding company and its other subsidiaries (each as defined in section 1159 of the UK Companies Act 2006)), (ii) our customer service agencies for research and analysis purposes so that we can monitor and improve the products and services we provide and (iii) analytics and search engine providers that assist us in the improvement and optimisation of the Website. We, our fellow group members and our respective agents and sub-contractors may contact you by mail, email or telephone to ask you for your feedback and comments on our products and services.
We and our fellow group members may also wish to provide you with information about special features of the Website or any other service or products we think may be of interest to you. If you would rather not receive this information, please click here (link to an email). You can also unsubscribe from our contact list at any time by clicking the “unsubscribe” link at the bottom of a marketing email or by emailing firstname.lastname@example.org with “unsubscribe” in the subject line.
We may also want to provide you with related information from third parties we think may be of interest to you. If you would rather not receive this information, please log into your account and change your preferences by clicking here (link to an email). We may also provide your information to carefully selected third parties whose products or services we believe may be of interest to you. If you do not wish us to disclose your information in this way, please log into your account and change your preferences by clicking here (link to an email).
A cookie is a small text file which we transfer to your hard drive through your web browser when you visit the Website or open certain emails. It enables our own system to recognise you when you visit the Website again and improve our services to you. The information can be used to enhance the content of the Website and make your use of it easier. For more information about cookies please visit www.allaboutcookies.org.
To order products on the Website you will need to ensure that the setting on your web browser allows cookies. If you don’t want to allow cookies you can still enjoy browsing the Website for that gorgeous gift or self-indulgent treat, you’ll just have to visit our store in person in order to purchase.
Four types of cookies may be used during your visit to the Website.
- Strictly necessary cookies. These are cookies that are required for the operation of the Website. They include, for example, cookies that enable you to log into secure areas of the Website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors using the Website and to see how they move around the Website when they are using it. This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These cookies are used to recognise you when you return to the Website and enables us to personalise content for you.
- Targeting cookies. These cookies record your visit to the Website, the pages you visit and the links you follow. We will use this information to make the Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|Cookie name||Cookie use||Cookie duration||Cookie purpose|
|PHPSESSID||Strictly necessary||Until browser closes||Enables cart and customer log in|
|galos||Functionality||6 months||Enables customer log-in|
|wfvt_||Functionality||Until browser closes||Test cookie to see if browser accepts cookies|
|_ga||Tracking||Until browser closes||Helps improve service to customers|
3. How we protect your information
Security is a major issue for anyone purchasing on the internet. You need to know that a website is legitimate, and transactions are secure before you buy. To address these issues the Website uses Sage Pay (via SagePay.com) to process your orders. Sage Pay is an independent payment service provider. Sage Pay encrypts every transaction to the highest global standards. Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands. Sage Pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance, so that you can be confident about using them to make a secure payment online. Sage Pay is also an active member of the PCI Security Standards Council (SSC) that defines card industry global regulation.
All transaction information passed between the Website and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted. You can be completely assured that nothing you pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Once on Sage Pay’s systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign’s Global Root certificate, making them all but impossible to extract. The data Sage Pay hold is extremely secure and they are regularly audited by banks and banking authorities to ensure it remains so.
4. Sale of business
If Galos Limited or this business is sold or integrated with another entity or business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of Galos Limited/the business.
5. Other circumstances in which we may disclose your information
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or pursuant to any order of a court or tribunal, or in order to enforce or apply our Terms & Conditions or to protect the rights, property, or safety of Galos Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
6. Access to information
The DPA gives you the right to access information held about you. Your right of access can be exercised in accordance with the DPA. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
7. Updating your details
If any of the information that you have provided to us changes, for example if you change your email address or name, please login to your account by clicking here (insert email address). If you wish to cancel your registration, please send an email by clicking here, or by sending a letter to Galos UK, 6 Old Cross, Hertford, SG14 1LS.
9. How to contact Galos UK