Privacy Policy

Last update: 22.07.2024

Privacy Policy Introduction

Welcome to Gali!

Your privacy is critically important to us. Gali is committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy or our practices with regards to your personal information, please contact us at email address [email protected].

The following Privacy Notice was designed for www.galichat.com and it will be reviewed and updated periodically according to all applicable laws and regulations.

Please read this Privacy Policy before using our Service (website, widget, API). By engaging with our Service, you consent to the processing of your information as described in this policy. This Privacy Policy utilizes terms that are defined within it, which hold the same meaning as those outlined in our Terms and Conditions.

The use of our Service is also governed by our Terms and Conditions (“Terms”), which, when combined with this Privacy Policy, form a binding agreement between you and us.

Definition according to the GDPR

• Service - represents the www.galichat.com website operated by Gali including the Website, Widget and/or the API .

• Website - representsto the collection of web pages accessible through www.galichat.com

• Widget - represents the Gali Chat widget, which can be added to a User's website for integration.

• API - represents the Gali application programming interface, designed for integration with the User's systems.

• Personal data - represents any information relating to an identified or identifiable natural person (‘data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

• Processing - represents any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

• Restriction of processing - represents the marking of stored personal data with the aim of limiting their processing in the future;

• Controller - represents the natural or legal person, public authority, agency or other bodies which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

• Processor - represents a natural or legal person, public authority, agency or other bodies which processes personal data on behalf of the controller;

• Recipient - represents a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with the European Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

• Third-party - a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

• Consent of the data subject - represents any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

• Data Breach - represents a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.

• Supervisory Authority - an independent public authority which is established by a Member State;

What types of data we collect

As you visit or use our services, we collect the following information:

• Personal Information: This includes names, email addresses, and any other contact details you provide when using our services, such as when you sign up for our newsletter, or fill out a contact form.

• Usage Data: Information on how the Services are accessed and used. This Usage Data may include information such as your computer's Internet Protocol address (e.g., IP address), browser type, browser version, our Service pages that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

• Tracking & Cookies Data: We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. However, you have the option to configure your browser to reject all cookies or to alert you when a cookie is sent.

How we collect your personal data

Gali may collect your personal data in two ways:

1. When you voluntarily provide such information to us by filling in the available fields - e.g, for creating your account, for contacting us, for registering to our newsletter, and so forth.

Based on our contractual relationship, we may use your e-mail to send you relevant information about our services, offers, and activity status updates. In other cases, your personal data will be used for marketing purposes only after obtaining your prior consent. Please note that you can choose at any time to withdraw your consent, without affecting the processing already performed, by contacting us at email address.

2. We may automatically collect some technical information about your activity or the device used to access Gali, such as a truncated version of your IP address, operating system type, browser type, screen resolution, or details about suspicious IPs & cyber-attacks to protect our infrastructure.

In general, we use cookies to collect the information mentioned above, which are essential for our website's functionality and security or for collecting other data for marketing purposes.

All the collected personal data mentioned above are stored on our partner's servers, and they have taken high-security measures to respect the provisions of Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR.

We will keep:

• any information that you provide to us (such as e-mail for receiving our newsletter) until you will request to unsubscribe or to delete them;
• all information collected using cookies according to our Cookie Policy;
• your billing and payment information for invoicing and receiving your payment will be kept according to the regulation applicable to our Payment Processor and by us for 10 years;

Why we collect your personal data

Gali uses the collected Personal Data for various purposes:

• Provide, operate, and maintain our website

• Improve, personalize, and expand our website

• Understand and analyze how you use our website

• Develop new products, services, features, and functionality

• Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection

• Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes

• Send you emails

• Find and prevent fraud

• For lead generation purposes

Any disclosure of your personal data to third parties

Our employees:

Our employees have access to your personal data, and they have been trained to respect confidentiality.

Business development:

We will not share your information with any third parties for the purposes of direct marketing. We do not sell or otherwise share your Personal Data, except as described in this Privacy Policy.

We are trying to do the best in our industry, so sometimes we may choose to collaborate with other companies to perform certain business-related functions such as hosting or Google Analytics' features. In this case, we provide them only with the information that they need to perform their specific job.

For example, we may use:

1. for Hosting and data storage Amazon Web Services, Supabase and Vercel - if you want to know more about their privacy policy, you can find it here, here and here.
2. for delivering e-newsletter: Brevo and SendGrid- if you want to know more about their privacy policy, you can find them here and here;
3. for monitoring website activity: Google Analytics, Facebook Pixel - if you want to know more about their activity, please check our Cookie Policy.
4. for process your payment: Paddle - if you want to know more about their privacy policy, you can find it here.
5. for AI Models OpenAI - if you want to know more about their privacy policy, you can find it here. For training purposes we use OpenAI GPT API. We send the text, PDFs, docs, or any other file format, and all the details provided by the chatbot's owner to OpenAI API for the purpose of training the chatbot. No personal data about the owner of the chatbot nor the leads details are sent to OpenAI API.

Legal Requirements: Your personal data may be communicated to governmental authorities and/or law enforcement agencies if required by the applicable law.

Which are your rights

• Right of access - You have the right to obtain the confirmation as to whether or not personal data concerning you are being processed by us, and, where that is the case, access to your personal data and information on how they are processed

• Right to data portability - You have the right to receive some of your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and you have also the right to transmit those data to another controller without hindrance from us, where technically feasible.

• Right to object - You have the right to object to the processing of your personal data when processing is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by us. You have the right to object at any time if your personal data are being processed for direct marketing purposes.

• Right to rectification - You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. The rectification shall be communicated to each recipient to whom the data was sent unless this proves impossible or involves disproportionate (demonstrable) efforts.

• Right to erasure - You have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase your personal data without undue delay where one of the following grounds applies: your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent on which the processing is based and there is no other legal ground for the processing; you object to the processing and there are no overriding legitimate grounds for the processing; your personal data have been unlawfully processed; your personal data have to be erased for compliance with a legal obligation; your personal data have been collected in relation to the offer of information society services.

• Right to restriction of processing - You have the right to obtain from us restriction of processing where one of the following applies: you contest the accuracy of your personal data, for a period enabling us to verify the accuracy of your personal data; the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead; we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; you have objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

For any information or requests in accordance with your rights, please contact us at the following email address: [email protected].

Children's personal data

Gali does not collect any Personal Data from children under the age of 16. So, if you are under 16 please do not submit to us any Personal Data.

Our security precautions to protect you

We are committed to adopting appropriate technical and organizational safeguards for the privacy and security of your personal data.

1. Access to our data records is exclusively granted to individuals appointed by Gali, utilizing unique user accounts and passwords that are regularly updated.
2. All our employees, partners, and service providers who handle personal data are obliged to comply with data processing principles and policies. They have acknowledged their commitment to adhere to GDPR regulations either through signing Data Processing Agreements or by statutory requirement.
3. Our team members and partners are permitted to access personal data solely for carrying out their job responsibilities and strictly within the limits of the original purpose of data collection.
4. Printing of personal data is restricted to authorized personnel when necessary for operational tasks or to meet legal requirements.

Please be mindful about the personal data you decide to share, considering that the internet and email communications are not completely secure mediums, and unforeseen technical issues can occur at any time.

The Payment on our website

Our Service may include paid products and/or services. For these transactions, we rely on external third-party services for payment processing (such as payment processors). Your payment card information is not stored or collected by us; instead, it is directly transmitted to our third-party payment processors, who manage your personal information according to their own privacy policies. Among the payment processors we utilize is:

Paddle - You can review the Privacy Policy at: https://www.paddle.com/legal/privacy.

External links

Our Service might include links to websites not managed by us. Clicking on a link to a third-party website will take you to that site. We highly recommend that you examine the Privacy Policy of each website you explore. We do not oversee, nor are we accountable for, the content, privacy policies, or procedures of any external sites or services.

Changes to the privacy policy

To ensure you remain informed as we continuously enhance our services, we consistently post the most recent version of the Privacy Notice on our website. We guarantee that our methods of collecting and processing your personal data comply with the standards set by the GDPR Regulation.

Information concerning Data Protection Supervisory Authority

Should you believe that your rights under Regulation No. 679/2016 have been infringed upon, you have the option to reach out directly to us or to our overseeing Data Protection Authority by filing a complaint.

Contact details of the authority:

• Link for compliances

• Tel: +40.318.059.211

• Fax: +40.318.059.602

If you have any questions about our Privacy Policy, please contact us at [email protected]

Requesting, Modifying or Deleting Your Data (GDPR)

Should you wish to modify, export, or permanently delete any data associated with your account, kindly contact us at email address. We will promptly address your request.