This website with an address https://online.galanto.com is owned by Independent Member of Herbalife Nutrition Galina Mihaylova (tel. +359 999 2000). +359 88 8 153 150) and Anton Ivanov (tel. +359 88 9 920 930), holders of Galanto Ltd. with UIC 203661329, registered data controller. We hold the privacy and security policy in all its aspects very much. The e-mail address for correspondence is email@example.com.
What personal data we collect and why
We do not collect personal data from users and visitors of the site without them declaring their consent.
From registered users we require the standard name, email address, website (if any), profile picture avatar (optional), personal profile preferences. Self-registration of users is not allowed and is in personal contact with one of the owners of the site.
It is possible for visitors to collect technical information about visiting the cookies and statistics site.
In cases where we collect information about a specific event or activity, this is done with a special form with a declaration of consent and may include names, email address, social network profile, telephone number for contact in connection with the specific activity using once and if necessary.
When visitors leave comments on the site, we collect the data displayed in the comments form, as well as the visitor’s IP address and user browser ID to help detect spam.
If you upload images to the site, you should avoid uploading images with built-in location data (EXIF GPS). Visitors to the site can download and retrieve location data with this GPS data from images on the site.
The site maintains a request form in which the willing visitor records names, email, phone, convenient contact time and desired services. The data is used once to establish a contact. It uses Google forms, each for specific purposes and with a declaration of consent, including time limits for collection and possibilities for the withdrawal of personal data. In the forms, everyone records the personal data provided by them himself, ensuring that we store contact requests for a certain period of time for customer service purposes and do not use the information provided by them for marketing purposes and/or third parties.
If you leave a comment on our site, you can allow the retention of your name, email address and website in cookies. They’re for your convenience, so you don’t have to fill in your details again when you leave another comment. These cookies will be kept for a year.
If you have an account (the service is only available after personal contact) and log in to this site, we will set a temporary cookie to determine whether your browser accepts cookies. This cookie does not contain personal data and is deleted when you close your browser.
When you sign in to the site, a few more cookies will keep your login information and your preferences for what to see on the screen. Login cookies expire in two days, and for screen preferences after a year. If you select the option to remember, your login information will be kept for two weeks. If you sign out, login cookies will be deleted.
If you edit or publish an article, an additional cookie will be saved in your browser. It will not contain personal data, but will simply add the identifier of the post you have just edited. Expires in a day.
Inserted content from other websites
Articles on this site can be embedded (videos, images, content, etc.). Embedded content from other sites accepts and treats the site visitor like a visitor to their own site.
By default, WordPress does not collect any insights. The site collects the information needed for statistics about the Jetpack app such as number of visits for the day, duration of visits, subscriptions, comments, posts, spam, but without collecting personal data about visitors. Internet providers collect insights depending on the legislation in the country.
Who we share your data with
We do not share any personal data with third parties, except in cases regulated by law.
How long we store your personal data
In cases where we have collected personal data with a specific form, this duration is described in the declaration of consent. If not described there, the data shall be kept for up to one month after the specific event has taken place and shall then be duly destroyed. The data recorded by registered users shall be kept according to their wishes and may be withdrawn and deleted at any time within one month.
Analysis and statistics records are kept within the current year.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so that we can automatically recognize and approve subsequent comments of yours instead of keeping them in the approval queue.
For users who register on our website (registration only after personal contact), we also store the personal information they provide in their profile. All users can view, edit, or delete their personal information at any time (except that they cannot change their username). Only website administrators can view and edit this information. Even administrators can’t see the password of registered users, but they can delete or set a new one-time password.
Your rights over your personal data
If you have an account on this site or have left comments on it, you may request to receive a file containing all the data we hold about you, including data you have provided to us, without the personal password that we are unable to see and send you accordingly. You may also request that we delete the personal data we hold about you. However, this does not include data that we are obliged to store for administrative purposes, for the security purposes of the site, or by law.
How we use your data
We do not transfer any personal data inside or outside the EU or for other third-party services.
Comments from visitors can be verified through an automatic spam comment checking service.
Your contact information
The Site does not collect contact information outside of the cases described here and does not send unsolicited information to persons who have provided contact details at will.
The site complies with the legislative frameworks in the country for e-commerce.
How we protect your personal data
We provide the ability to encrypt data and authenticate in two steps. Galanto Ltd. is a personal data administrator and complies with the legislation in the country and the EU.
Our processes for personal data incidents
A server administrator receives information about attempts to access the devices and, if necessary, can delete all personal data to prevent their leakage.
What other sources do we get data from?
We do not receive personal data from third parties.
Automatic actions and filtering
The site does not provide services that include automatic decision-making based on personal information.
Herbalife Nutrition Security Policy
As an Independent Member of Herbalife Nutrition, we also comply with the data collection and processing requirements and the Security Policy of Herbalife Nutrition https://www.herbalife.bg/privacy..
Site Add-on Policies
What we collect and store
While visiting our site, we record:
- Products you’ve viewed: we may use this functionality to show you products that you’ve recently opened
- Location, IP address and browser type: we will use this data for purposes such as calculating tax rate and delivery
- Delivery address: we will ask you to enter it, for example, so that we can estimate the value of the delivery before making an order and to send it to you.
When you make a purchase from us, we will ask you for details such as name, billing and delivery addresses, email address, phone number, credit card details or other payment method and – of your choice – registration information for your account, such as username and password. We will use this data for any of the following purposes:
- Sends information about your profile and order
- Respond to your requests, including refund requests and complaints
- Payment processing and fraud prevention
- Register an account in our store
- Compliance with our legal obligations, such as calculating tax rates
- Improving offers from our store
- Sends you marketing messages if you choose to receive them
If you create an account, we will store your name, address, email address and phone number and use them to fill them out automatically on subsequent orders.
In general, we store information about you for the minimum period required for the purposes for which we collect and use it. For example, we will keep your order data for XXX years for tax and accounting purposes. This data includes your name, email address, and billing and delivery addresses.
We’ll also store comments and reviews if you want to post them.
Which one of our team has access
Our team members have access to the information you provide. For example, store administrators and managers have access to:
- Order information: what was purchased, when it was purchased, where it should be sent and
- Customer information: your name, email address, and billing and delivery addresses.
Our team has access to this information so that they can execute orders, make returns and provide assistance.
What we share with others
We share information with third parties that help us provide order service; such as delivery address.
In this subsection, you need to describe which external payment methods you are working with, as they may process personal data. PayPal is included as an example, but if you don’t use it, remove it.
We accept payments via PayPal. When we process the payment, some of your data will go through PayPal, including information necessary for the payment processing, such as the total amount and details of the originator.
Really Simple SSL
Note: Smush does not interact with end users of your website. The only built-in option in Smush is for a newsletter subscription for site administrators only. If you want to notify your users of this, you can use the information below in your privacy statement.
Smush sends images to WPMU DEV servers to optimize them for network use. This includes the transfer of EXIF data. EXIF data will be removed or returned as sent. They are not stored on WPMU DEV servers.
Smush uses a third-party email service (Drip) to send information emails to the site administrator. The administrator address was sent to Drip and the cookie was set by the service. Only administrator information is collected by Drip.
We collect information about visitors who comment on the site who use our Akismet spam protection service. The information we collect depends on how the User uses Akismet for the site, but usually includes the IP address, user agent, forwarder and URL of the commentator’s site (along with other information provided directly by the commentator, such as the name, username, email address and comment itself).
What personal data we collect and why we collect it
If you submit a subscription form on our site, you will subscribe to us by saving your name, email address and other relevant information.
These subscriptions are used to let you know about related content, discounts & other special offers.
You can opt out or opt out at any time in the future by clicking on the link at the bottom of each email.
Name Usage Time
pum-1414 To prevent multiple pop-ups. 1 day
pum-4312 To prevent multiple pop-ups. 1 day
pum-1079 To prevent multiple pop-ups. 1 month
pum-1299 To prevent multiple pop-ups. 30 minutes
pum-1199 To prevent multiple pop-ups. 30 minutes
pum-1178 To prevent multiple pop-ups. 1 month
pum-1144 To prevent multiple pop-ups. 1 month
pum-1129 To prevent multiple pop-ups. 1 month
We use anonymous cookies to prevent the same pop-up from appearing repeatedly to users in an attempt to make our users more enjoyable while still providing time-sensitive messages.
How long we store your data
Subscriber information shall be retained in the local database indefinitely for analytical tracking and future export purposes.
The data will be deleted at the user’s request by deletion.
Where we send your data
A pop-up machine does not send any user data off the site.
For all the questions raised, do not hesitate to contact us with the contact details at the beginning of this page and on the site.