Privacy Policy
Effective Date: 1 May 2025
1. Who we are
Galiltec S.A. de C.V. ("Galiltec", "we", "us", "our")
Address: km 7 Autopista a La Lima, Nave #7a, San Pedro Sula, Honduras
Email (privacy & support): support@galiltec.com
We are the data controller for personal data collected through galiltec.com.
2. What data we collect
| Category | Examples | How we get it |
|---|---|---|
| Identification | Name, email address | Account sign-up, newsletter opt-in, contact forms |
| Payment | Card, bank, or crypto details (tokenised—never full card numbers) | Checkout via Stripe or Wise |
| Technical (essential cookies only) | Session ID, authentication token, server logs | Auth.js, Vercel servers |
| Communications | Messages you send us, copies of contact-form emails | Stored in our database (Neon.tech) and emailed to you & us |
We do not collect GPS/location, sensitive ("special-category") data, or information from children. Our services are not directed to anyone under 16 (EU standard) / 13 (US COPPA).
3. Why we process your data (legal bases – GDPR Art. 6)
| Purpose | Legal basis |
|---|---|
| Provide and secure the website, authenticate users | Contract (Art. 6 (1)(b)) |
| Process orders and payments | Contract |
| Send service emails (receipts, account notices) | Contract |
| Send marketing newsletters if you opt in | Consent (Art. 6 (1)(a)) – you may withdraw any time |
| Keep server logs, detect fraud, maintain backups | Legitimate interest (Art. 6 (1)(f)) |
4. Cookies & trackers
We use only strictly necessary cookies (session/authentication). No analytics cookies, retargeting pixels, or cross-site tracking are set without consent. Browser settings allow you to block or delete cookies; doing so may break login sessions.
5. Who we share data with
| Recipient | Role | Location & safeguard |
|---|---|---|
| Vercel Inc. | Hosting & analytics | USA · Standard Contractual Clauses (SCCs) |
| Neon.tech | Database | EU/USA · SCCs |
| Stripe, Inc. | Payment processor | USA · SCCs |
| Wise Plc | Payment processor | UK/EU · UK Addendum/SCCs |
| Google LLC | Google Ads (only if you click an ad) | USA · SCCs |
We do not sell or rent personal data.
6. International transfers
Because some vendors' servers are in the United States or other countries, your data may be transferred outside your region. Transfers rely on each vendor's Standard Contractual Clauses or equivalent safeguards.
7. How long we keep data
We retain personal data while your account remains active. When you close your account, we delete or anonymise data within 30 days unless we must keep it longer to comply with law or resolve disputes.
8. Security measures
- HTTPS everywhere
- Data encrypted at rest and in transit
- Role-based staff access; all staff sign confidentiality agreements
- Automated and off-site backups
- Continuous monitoring via Vercel Analytics
9. Your rights
If you are in the EU/EEA, UK, or a similar jurisdiction, you can:
- Access the data we hold about you
- Request correction or deletion
- Object to or restrict processing
- Withdraw consent at any time (newsletters)
- Receive a portable copy of your data
If you are in California, you have parallel rights under the CCPA, including the right to know, delete, and opt-out of "sale" (we don't sell data).
How to exercise your rights: email support@galiltec.com. We may ask you to verify your identity.
10. Third-party links
Our site may link to external sites (e.g., payment gateways). We are not responsible for the privacy practices of those sites.
11. Changes to this policy
We will email registered users about material changes and update the "effective date" above. Continued use of the site after updates constitutes acceptance.
12. Contact
Questions or complaints? Email support@galiltec.com or write to the address in Section 1.
Residents of the EU/EEA may lodge a complaint with their local supervisory authority.
Last updated: 12 May 2025