Privacy policy

This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with our website and related services (collectively, the “Platform”). We operate from the United Kingdom and act as the data controller for all personal data processed through our Platform.

By accessing or using our Platform, you confirm that you have read and accepted the practices described in this Privacy Policy.

1. Data Controller

We are responsible for determining how and why your personal information is processed.

2. Categories of Personal Data We Collect

Depending on how you engage with our Platform, we may collect the following types of information:

Identification & Contact Information

Including your name, email address, telephone number, billing address, and delivery address.

Transaction & Purchase Data

Records of products purchased or returned, order values, payment references, and limited payment information (full card numbers are handled directly by our payment providers and are never stored by us).

Account Information

If you register an account, this may include login credentials, usernames, and saved preferences.

Customer Support Communications

Any messages, documents, or correspondence exchanged with our support team.

Technical & Usage Data

Such as IP address, browser type, device identifiers, operating system, visited pages, click activity, and cookie identifiers.

3. How Your Information Is Collected

We collect data through several channels:

  • Directly from you when placing orders, creating accounts, subscribing to updates, or contacting customer support.

  • Automatically via cookies and similar tracking technologies when you browse our Platform.

  • From third-party service providers that assist with payments, shipping, analytics, and marketing.

4. Purpose of Processing and Legal Grounds

We process your personal data for the following purposes and under the corresponding legal bases:

Order Fulfillment & Account Services

Including purchase processing, delivery coordination, returns handling, and customer support.
Legal basis: Contract performance and legitimate interests.

Payments & Fraud Prevention

Managing transactions and protecting against fraudulent activity.
Legal basis: Legitimate interests and legal obligations.

Platform Optimization & Analytics

Improving website performance, resolving technical issues, and understanding user behavior.
Legal basis: Legitimate interests.

Marketing Communications

Sending newsletters, promotions, and personalized advertising where permitted.
Legal basis: Consent (where required) or legitimate interests. You may opt out at any time.

Legal & Regulatory Compliance

Meeting tax, accounting, and legal requirements or responding to lawful authority requests.
Legal basis: Legal obligation.

5. Cookies and Tracking Technologies

We use cookies and related technologies to:

  • Enable essential website functionality

  • Store preferences

  • Measure performance and engagement

  • Deliver marketing content where allowed

Where legally required, we request consent for non-essential cookies upon your first visit. You can manage cookie preferences at any time through your browser or cookie settings. Disabling cookies may affect Platform functionality.

6. Disclosure of Personal Information

Your data is shared only where necessary to operate our services, including with:

  • E-commerce infrastructure providers (including Shopify)

  • Payment processors

  • Shipping and fulfillment partners

  • Analytics and technology providers

  • Professional advisors such as legal or accounting services

In the event of a business transfer or acquisition, personal data may be transferred to the new entity.

We never sell your personal information.

7. International Data Transfers

Some service providers may process data outside the UK or EEA. Where this occurs, we implement appropriate safeguards such as Standard Contractual Clauses. You may request further information regarding these safeguards.

8. Data Retention

We retain personal data only as long as necessary:

  • Transaction records: up to 10 years (legal requirement)

  • Account data: while active, then deleted or anonymized after inactivity

  • Customer support records: up to 3 years

  • Marketing preferences: until consent is withdrawn

9. Your Data Protection Rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Request erasure in certain circumstances

  • Restrict or object to processing

  • Receive portable copies of your data

  • Withdraw consent at any time

Requests can be submitted via email. Identity verification may be required. Responses are provided within one month (extendable for complex requests).

You also have the right to lodge a complaint with your local supervisory authority.

10. Children’s Information

Our Platform is not intended for individuals under 16. We do not knowingly collect children’s data. If such data is discovered, it will be promptly deleted.

11. Automated Processing

We do not use automated decision-making or profiling that produces legal or significant effects.

12. Shopify Infrastructure

Our store operates on Shopify, which provides hosting, analytics, and security services. Shopify processes data on our behalf and may also manage certain aggregated platform data independently.

13. Policy Updates

This Privacy Policy may be updated periodically. Revisions will be posted on this page. Where legally required, we will notify you of material changes.

CONTACT INFORMATION

Phone: +44 7735374072

Email: info@garalato.com

Address: 37 Westminster Buildings, Theatre Square, Nottingham, NG1 6LG (Address available only for administrative correspondence and product returns. No physical point of sale at this address.)

Customer Service Hours: Monday to Friday, 9.00 a.m. – 5.00 p.m. (GMC)

We aim to respond within 24 hours.