How CIK GALA LTD protects your data

1. Privacy Policy overview

CIK GALA LTD ("CIK GALA", "we", "us", or "our") is committed to protecting the privacy, confidentiality, and security of individuals who visit our corporate website at https://cikgala.site/, engage with our non-store retail channels, or otherwise interact with us as clients, partners, suppliers, candidates, or other stakeholders.

This Privacy Policy describes how we handle information that relates to an identified or identifiable individual ("personal data") and other information that we collect when you browse our website, submit an enquiry, request information about our products and services, or participate in our business activities.

We process personal data in line with applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We encourage you to read this Privacy Policy carefully to understand how and why we use your information and the choices available to you.

This Privacy Policy applies to the corporate website and related online contact and enquiry channels only. For specific contractual arrangements with clients or partners, additional or more detailed privacy terms may apply and will be communicated separately where relevant.

2. Information we collect

We collect a combination of personal and non-personal information to enable us to operate our corporate website, respond to enquiries, and deliver our non-store retail services efficiently and securely.

2.1 Information you provide directly

When you interact with CIK GALA LTD, you may provide us with the following types of personal data:

• Contact details: such as your name, job title, company name, business address, email address, and telephone number when you submit an enquiry through our Contact Us page or communicate with us by email or phone.
• Order and service information: information related to product interests, order requests, delivery instructions, or service specifications when you engage with our non-store retail operations through our Products, Categories, Ordering, or Delivery processes.
• Marketing preferences: your choices about receiving updates, news, or information about our products, categories, and services.
• Recruitment data: if you contact us about career opportunities, we may collect information such as your CV, professional experience, and other details you choose to share.
• Other information you choose to share: for example, feedback, case-study proposals, testimonials, or information provided during calls and meetings that is recorded in our internal systems.

2.2 Information collected automatically

When you visit our website, we may automatically collect certain technical and usage information to support site functionality, security, and performance:

• Device and browser data: including IP address, browser type and version, device type, operating system, language settings, and approximate geographic location derived from your IP address.
• Usage data: such as pages visited, time and date of visits, referral URLs, click paths, time spent on pages, and interactions with on-page elements.
• Cookie and tracking data: information collected through cookies and similar technologies that help us understand how our website is used and enable features like remembering your preferences. For more details, please refer to our dedicated Cookie Policy.

2.3 Information from third parties

In specific cases, we may receive personal data about you from third parties, such as:

• Business partners and service providers: for example, logistics partners, payment and invoicing providers, or professional advisors who support us in delivering our services and may share limited information necessary for that purpose.
• Publicly available sources: such as company websites, professional networks, or public registries, where this is relevant to a business relationship or due diligence activity.

Where required by law, we will inform you about the sources of your data and the purposes for which we intend to use it.

3. How we use your information

We use personal data only where we have a lawful basis to do so and where it is necessary for our business operations as a UK-based non-store retailer. Depending on the context, the lawful bases may include the performance of a contract, compliance with legal obligations, our legitimate interests, or your consent.

3.1 Service delivery and business operations

We process your personal data to:

• Respond to enquiries submitted via our Contact Us page or other communication channels.
• Provide information about our Services, Products, Categories, Ordering, and Delivery arrangements, including preparing quotes and outlining ordering or distribution options.
• Process and manage non-store orders, including coordination with logistics and delivery partners.
• Maintain and administer business relationships with clients, suppliers, partners, and other stakeholders.

3.2 Communication and support

• To communicate with you regarding enquiries, requests for information, or support related to our products and services.
• To send important service-related messages, such as confirmations, updates about service availability, or changes to this Privacy Policy or our Terms and Conditions.
• To manage our relationship with you, including collecting feedback and addressing concerns or complaints.

3.3 Website improvement and analytics

We use automatically collected data to:

• Monitor and improve the performance, security, and usability of our website.
• Understand how visitors interact with our pages, such as About, Services, and Delivery, so that we can refine content, navigation, and user experience.
• Support troubleshooting, security monitoring, and protection against fraudulent or malicious activity.

3.4 Marketing and business development

Where permitted by law and, where required, with your consent, we may:

• Send you carefully selected information about our products, categories, services, or corporate news relevant to your role or organisation.
• Invite you to events, briefings, or initiatives related to our non-store retail activities and distribution services.

You can opt out of marketing communications at any time by following the unsubscribe instructions included in our messages or by contacting us directly (see section 10 below).

4. Data sharing and disclosure

We do not sell your personal data. We limit access to personal data to those individuals and organisations who need it to perform their roles and who are subject to appropriate confidentiality obligations.

4.1 Service providers and business partners

We may share personal data with carefully selected third parties who help us operate our business and deliver our services, such as:

• IT and hosting providers that supply infrastructure, maintenance, security, and support for our website and internal systems.
• Logistics and delivery providers who assist us in fulfilling orders and coordinating nationwide delivery across the UK.
• Professional advisors such as legal, accounting, or compliance consultants who support our corporate governance and regulatory obligations.
• Analytics and performance tools that help us better understand how our website is used and how it can be improved.

Where third parties process personal data on our behalf, we put in place appropriate written agreements and require them to use the data only as necessary to provide the agreed services and to protect it in line with applicable law.

4.2 Legal and regulatory obligations

We may disclose your personal data where required to:

• Comply with applicable laws, regulations, or legal processes.
• Respond to lawful requests from public authorities, regulators, or law enforcement agencies.
• Protect the rights, property, or safety of CIK GALA LTD, our clients, partners, or the public, including in the context of fraud prevention or security incidents.

4.3 Corporate transactions

In connection with a potential or actual merger, acquisition, restructuring, or sale of assets, we may share relevant personal data with prospective or actual purchasers and their advisors, subject to appropriate confidentiality measures and only to the extent necessary for the evaluation or completion of the transaction.

5. Cookies and tracking technologies

Our website uses cookies and similar technologies to provide a secure, reliable, and user-friendly experience. Cookies are small text files stored on your device that allow us to remember certain information about your visit and preferences.

5.1 Types of cookies we may use

• Strictly necessary cookies: required for basic website functionality, such as page navigation, session management, and security. These cookies are essential and cannot be switched off in our systems.
• Performance and analytics cookies: help us understand how visitors use our website, which pages are most frequently visited, and how users move through our content. This information supports improvements to structure, navigation, and accessibility.
• Preference cookies: allow the website to remember choices you make (such as preferred language or cookie settings) to offer a more tailored experience.

5.2 Your choices regarding cookies

Where required by law, we will ask for your consent before placing non-essential cookies on your device. You can manage your cookie preferences through your browser settings or, where available, through the consent tools presented on our website.

Disabling certain cookies may affect the functionality or performance of the website, but you will still be able to access core content about our company, products, and services.

Further details about the specific cookies we use, their purposes, and retention periods are set out in our dedicated Cookie Policy.

6. Data security measures

We take the security of personal data seriously and implement a range of technical and organisational measures designed to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

6.1 Technical measures

• Use of appropriate security technologies such as encryption in transit (for example, HTTPS) to help protect data as it moves between your browser and our website.
• Access controls and authentication mechanisms designed to ensure that only authorised personnel and service providers can access personal data relevant to their role.
• Regular monitoring and maintenance of our systems and infrastructure to reduce vulnerabilities and support resilience.

6.2 Organisational measures

• Internal policies and procedures that address data protection, information security, and acceptable use of systems.
• Limiting access to personal data to staff and service providers who need that information to perform their duties.
• Where appropriate, contractual obligations placed on third-party service providers to ensure that they protect personal data in line with legal requirements and our standards.

While we strive to protect your personal data, no system or transmission of data over the internet can be guaranteed to be entirely secure. You should also take steps to protect your own information, such as using up-to-date security software and being cautious when sharing data online.

7. Your rights and choices

Under applicable data protection laws, including the UK GDPR, you may have various rights in relation to your personal data. These rights may apply subject to certain limitations or exceptions.

7.1 Data subject rights

• Right of access: to request confirmation that we process your personal data and to receive a copy of the data we hold about you, together with information about how it is used.
• Right to rectification: to request that inaccurate or incomplete personal data be corrected or updated.
• Right to erasure: to request that we delete your personal data in certain circumstances, for example, when it is no longer necessary for the purposes for which it was collected and we have no overriding legitimate grounds for retaining it.
• Right to restriction of processing: to request that we limit the processing of your personal data in specific situations, such as when you contest its accuracy.
• Right to data portability: to receive certain personal data in a structured, commonly used, and machine-readable format and, where technically feasible, have it transmitted to another controller.
• Right to object: to object to the processing of your personal data where we rely on legitimate interests, including to object at any time to the use of your data for direct marketing.
• Right to withdraw consent: where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

7.2 Exercising your rights

You can exercise your rights or raise questions about how we handle your personal data by contacting us using the details in section 10 below. To help protect privacy and security, we may need to verify your identity before processing your request.

You also have the right to lodge a complaint with a supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO). We would, however, appreciate the chance to address your concerns directly before you approach the ICO, so we encourage you to contact us in the first instance.

8. Retention of information

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet any legal, regulatory, accounting, or reporting requirements.

8.1 Retention criteria

The length of time we keep your data may depend on factors such as:

• The nature of our relationship with you (for example, client, supplier, candidate, or website visitor).
• The type of personal data and the sensitivity of the information involved.
• Our legal obligations, including record-keeping and limitation periods for bringing claims.
• Whether there is an outstanding enquiry, request, dispute, or complaint that requires us to retain the information.

8.2 Data deletion and anonymisation

When personal data is no longer required for the purposes set out in this Privacy Policy and we have no legal obligation or legitimate interest in retaining it, we will either securely delete it or anonymise it so that it can no longer be associated with an identifiable individual. In some cases, we may retain aggregated, non-identifiable information for statistical or analytical purposes.

9. International data transfers

CIK GALA LTD is based in the United Kingdom. In certain circumstances, personal data that we collect may be transferred to, stored in, or accessed from countries outside the UK or European Economic Area (EEA), for example where our service providers host data or provide support services from other jurisdictions.

Whenever we transfer personal data internationally, we take steps to ensure that an adequate level of protection is in place in accordance with applicable data protection laws. These safeguards may include:

• Ensuring that the destination country has been recognised as providing an adequate level of data protection by the UK government or relevant authorities.
• Using appropriate contractual protections, such as standard contractual clauses or equivalent mechanisms, approved for international data transfers.
• Implementing additional organisational and technical measures, where appropriate, to protect personal data during and after the transfer.

If you would like more information about international transfers and the safeguards we use, you can contact us using the details in section 10.

10. Contact and policy updates

If you have any questions about this Privacy Policy, our data protection practices, or how your personal data is handled, or if you wish to exercise your data protection rights, you can contact us using the details below.

10.1 Contacting CIK GALA LTD about privacy

Data protection contact: CIK GALA LTD
Website: https://cikgala.site/

To help us respond efficiently, please include your name, contact details, and a clear description of your request or question. We may contact you for additional information if needed to verify your identity or clarify your enquiry.

10.2 Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or how we process personal data. Any updates will be posted on this page with an updated "last updated" date, and, where appropriate, we may notify you through additional channels, such as prominent notices on our website or direct communication.

Your continued use of our website or engagement with our services after any changes have been made indicates your acknowledgement of the updated Privacy Policy. We recommend that you review this page periodically to stay informed about how we protect your information.