1. Data Controller
The data controller for this website is Galeno Field Notes, operating from 55 Columbia Road, E2 7RG London, United Kingdom. For data-related enquiries, contact us at:
2. What Data We Collect
We collect the following categories of personal data when you interact with this website:
When you submit the contact form, we collect your name, email address, the subject you selected, and the content of your message. This data is used solely to respond to your enquiry.
When you visit galeno.info, standard server logs may record your IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is retained for up to 90 days and used for site administration purposes.
We use cookies to support site functionality and, where consent is given, to analyse how content is accessed. Full details are in our Cookie Policy.
3. Legal Basis for Processing
We rely on the following legal bases under the UK General Data Protection Regulation (UK GDPR):
- —Legitimate interests — for server log data collected as part of routine site administration.
- —Consent — for analytics and non-essential cookies, where you have indicated your preference via the cookie consent banner.
- —Contractual necessity — for contact form data where you have initiated a communication with us.
4. How We Use Your Data
Personal data collected by this site is used for the following purposes only:
- —Responding to enquiries submitted via the contact form
- —Administering the website and diagnosing technical issues
- —Understanding how site content is accessed, where consent has been given
- —Complying with legal obligations applicable to the publication
We do not sell personal data to third parties. We do not use personal data for automated decision-making or profiling.
5. Data Sharing
We may share data with the following categories of third party only where necessary:
- —Web hosting and infrastructure providers who process data on our behalf under data processing agreements
- —Analytics service providers, where consent has been obtained for analytics cookies
- —Regulatory or law enforcement bodies, where required by law
6. Data Retention
Contact form submissions are retained for a maximum of 12 months, after which they are permanently deleted unless an ongoing correspondence requires retention. Server logs are retained for up to 90 days. Cookie preference records are retained for 12 months from the date of consent.
7. Your Rights
Under UK GDPR, you have the following rights in respect of your personal data:
- —The right to access a copy of the data we hold about you
- —The right to rectification of inaccurate personal data
- —The right to erasure, where no overriding legal basis for retention exists
- —The right to restrict the handling of your data in certain circumstances
- —The right to data portability for data provided on the basis of consent or contract
- —The right to object to handling based on legitimate interests
- —The right to withdraw consent at any time, where consent is the legal basis
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Security
This website is served over HTTPS. We take reasonable technical and organisational measures to protect personal data from unauthorised access, loss, or alteration. No method of transmission over the internet is entirely secure; we cannot guarantee absolute security but we will notify affected individuals and the ICO in the event of a data breach as required by law.
9. Changes to This Policy
This Privacy Policy may be updated from time to time. The date at the top of this page indicates when it was last revised. Continued use of the site following a policy update constitutes acceptance of the revised terms. Where changes are material, a notice will be posted on the homepage.