DATA PROTECTION AND DATA PROCESSING
Data protection of the websites of GALLMED Ltd. (Registered office: Unit 22 Bulrushes Park, Coombe Hill Road, East Grinstead, West Sussex, RH19 4LZ, United Kingdom) (hereinafter: Service Provider) at domain names gallmet.co.uk, gallmed.co.uk (hereinafter: website).
The current version of the data protection bulletin of the Service Provider is available at the gallmet.co.uk website.
With regards to the management of personal data, the Service Provider as the data manager hereby informs the users accessing the Website about the personal data managed at the Websites, its principles and practices with regards to personal details, the organisation and technical measures taken for the purpose of protecting personal data and the methods and opportunities of the relevant User to exercise its rights.
The Service Provider manages all recorded personal data confidentially, in compliance with the data privacy laws and international recommendations as well as the provisions herein. The Service Provider is committed to the protection of the personal data of its partners and users, and especially respects the right of informational self-determination of website users. The Service Provider manages all personal data confidentially and takes all security, technical and organisational measures to guarantee data security.
The Service Provider may amend this data protection bulletin unilaterally.
By using the Website, the User accepts the provisions of the Data Protection Bulletin and agrees to the management of his personal data as detailed below.
The data of the Service Provider as the Data Manager
Name of the service provider: GALLMED Ltd. (hereinafter: Service Provider)
Registered office: Unit 22 Bulrushes Park, Coombe Hill Road, East Grinstead, West Sussex, RH19 4LZ, United Kingdom
Company register number: 08287408
Tax number: GB279 2480 67
The scope of personal data, and the purpose, legal title and duration of data management
Personal data may be managed by the Service Provider pursuant to Article 5 (1) a) Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Information Act), i.e. when the data subject has given his consent, and pursuant to Act CVIII of 2001 on certain issues of electronic commerce services and information society.
The Service Provider does not check the authenticity personal data provided as that is the exclusive responsibility of the person providing the data, the User, or the contracting party. By providing his email address, the User assumes responsibility that only he will use the service from the email address provided. With regards to this, the User providing the email address will be exclusively responsible for all actions related to the logins with that specific email address.
For technical reasons and for the purpose of preparing statistics on user behaviours, during each User visit to the website, the Service Provider records the User’s IP address, the starting and ending times of the visit, the title of the page viewed, and the type of the web browser and the operating system of the User. These data are automatically logged by the system and are not linked to any other data or use. Only the Service Provider will have access to the data thereby recorded.
The html code of the services include links from and to external servers independent from the Service Provider. External servers help the independent measurements and auditing of the number of visitors and other web analytics data of the Website (Google Analytics). For more information on the management of web analytics data, please consult the Data Manager at www.google.com/analytics.
To facilitate customised service, the Service Provider and the specific external service providers store and retrieve a cookie, a small data package on the User’s computer. If the web browser returns a previously stored cookie, the service provider managing the cookie may establish a link between the data stored during the current visits of the User and those store earlier, but only for the purpose of its own content.
Most web browsers have a Help function available from the menu to provide the User with information on how to
• block cookies,
• accept new cookies,
• instruct you web browser to configure a new cookie, or
• turn off other cookies.
If the User does not want Google Analytics to measure the above data in the methods and for the purpose describe above, the User needs to install an addon that blocks it.
The Service Provider uses the following cookie:
• Session cookies: these are automatically deleted after the User’s visit. These cookies are designed to help the Website of the Service Provider function more efficiently and safely; therefore, these are inevitable for the appropriate operation of specific functions or certain applications.
• Persistent cookies: the Service Provider also uses persistent cookies for better user experience (e.g. optimised navigation). These cookies are stored for a longer period of time in the cookie file of the web browser. The exact time period depends on the individual setting of the User’s web browser.
• Cookie used for password protected sessions.
• Cookie needed for the shopping cart.
• Security cookie.
The Website uses the codes of the following websites that (may) store cookies on the visitor’s device:
• Facebook pixel code enabling the Service Provider to display ads for website visitors on Facebook.
• Google Analytics enabling the Service Provider to collect Website statistics on visitors.
The data logged by the Service Provider and the data acquired from the information on user behaviours via cookies are used for statistical purposes only.
Should you have any question or issue when accessing our services, please contact the Service Provider at the contact information specific in Section 2 above.
The Service Provider agrees to delete all incoming emails with the names and email addresses (and any other voluntarily entered data) of the sender after a maximum period of 1 year following the settlement of the case.
GALLMED Ltd. makes the selling through the Amazon. Amazon makes the shipping and invoicing. Data processing of Amazon.co.uk
The Service Provider use and store the personal datas and its internal employees are authorised to view the data. However, they will not disclose such data to any third party.
The Service Provider may employ a data processor (e.g. system operator, accountant).
The method of storing personal data and data management security
The Service Provider ensures protection of the security of data management via technical, administrative and organisational means that offers an appropriate level of protection in line with the risks associated with data management.
The IT system and network of the Service Provider is protected against computer fraud, spying, sabotage, vandalism, fire, flood, computer viruses, computer intrusions and denial of service attacks. The Service Provider guarantees security via server and application level protection procedures.
User’s rights and remedial options
The right to be informed
The User may request information on the personal data managed by the Service Provider and relevant to the User by email sent to firstname.lastname@example.org or by regular mail.
Upon a request by the User, the Service Provider will provide information on the user-relevant data it manages, the purpose and legal grounds for data management, its duration and the parties that receive(d) such User data as well as the purposes thereof. The Service Provider will provide the requested information in writing within 30 days from the date the User’s request was submitted.
The User may direct any question or comment on data management to the employee of the Service Provider via the contact information designated hereunder.
The User may request its data to be deleted, corrected or blocked
The User is entitled to request the correction or deletion of any incorrectly recorded data via any of the contact information listed hereunder. The Service Provider will delete the data within 5 working days from their receipt, in which case they cannot be restored. The deletion of the data does not affect data management required by law (e.g. accounting regulations), which data the Service Provider will retain as required.
Personal data manage
The User may object to his personal data being managed. Within the shortest possible time but no later than 15 days from the date such objection is submitted, the Service Provider shall investigate the case, make a decision and inform the requesting User about the decision in writing.
The User may exercise its rights using the contact information listed in Section 2 above.