Latest update: 22.01.2024

Data protection information

Who is the data controller for the processing of your data?

The Data Controller for personal data collected and processed through use of the Galata Fabrica SL (“GALATA”) owned websites (;;;, or mobile applications, as well as those derived from your relationship with GALATA is the company below:

GALATA FABRICA SL Calle Zurbano 45-1 28010 Madrid Spain VAT: B87716528 EORI: ESB87716528

Brands and websites under the names of GALATA FABRICA, STEPGLAM, JACKANDROY, JACKANDROYKIDS are all under “GALATA” entity and regarded as same. User accounts in any of these websites are accepted as Galata User Account.


We also inform you that GALATA has appointed a Data Protection Officer who you may contact and/or raise any issue relating to the processing of your personal data by sending an e-mail to or by sending your query to the postal address above.

What type of personal information does Galata collect and process?

GALATA may collect from your relationship and use of our services, the following data and/or data categories: i) identification and contact data; ii) personal data; iii) financial data, such as credit card data (PAN+CVV2), in compliance with PCI DSS standards, which will be used for payment processing whenever you purchase any of our items or, in the case of returns for transfers, the account number for which we need to process the refund of your purchase; iv) data observed in the purchasing of our products and consumer habits and preferences of our customers; v) user data of the GALATA website or app and browsing, in accordance with the cookies policy.

For what purpose do we process your personal data and what is the lawful basis?

At GALATA we may process your personal data for the following purposes:  


  • Manage your registration, which will involve the creation of a GALATA user account. This account will allow you to centralize any issue relating to your user status, and give you access to certain functions available and reserved for those with said status. For example, having a user account will allow you to store certain information that may be used in future purchases and/or interactions with GALATA. 

Furthermore, the creation of a user account will allow you to participate in the promotional campaigns, in countries where it is available.  The lawful basis for processing your data for this purpose is the consent you gave when creating the account. We inform you that you can withdraw your consent at any moment without the withdrawal affecting the lawfulness of the previous processing. 


  • Process the purchase of items via the different purchasing channels enabled by GALATA. This procedure consists in taking all appropriate steps in order to manage your purchase and, wherever applicable, guarantee the correct delivery of your order, in addition to undertaking any procedure related to the sale of the item, for example, the management and issue of proof of purchase documents such as the simplified e-ticket, the sale or Tax Free invoice and, wherever applicable, managing the return of items. 

To do this, we will be able to send you information about the status of your purchase by e-mail, SMS and/or any other channel available at any moment. 

  • The lawful basis for processing your data for this purpose is the execution of a contract, understanding as such the Conditions of Sale accepted at the moment of purchasing the items. The processing of your data is necessary in order to guarantee the fulfilment of the rights and obligations contained in the Conditions of Sale.
  • With regard to the processing of online purchases, GALATA, as Data Controller, will carry out the corresponding actions for the prevention, detection and control of abuse and fraud in the use of our services, which may result in the existence of automated decision making

Said automated decisions shall consist of the analysis of behaviour in the payment process which, in general terms, will use data relating to the purchasing process and the purchase history, in order to determine whether the transaction may be considered fraudulent. This information will allow us to detect and try to prevent fraudulent practices in payment transactions, allowing us to reject purchases and consequently protect both you, as a data subject (in the case of identity theft), and GALATA as a service provider and data controller.  

  • The lawful basis for the fulfilment of this goal is the legitimate interest of GALATA to analyze all operations that occur in the payment process of the items it sells, in order to guarantee that no financial fraud occurs that may impact negatively either on itself or its customers. In this regard, we consider that there is a general interest for the processing to help generate, improve and maintain public confidence in the financial relationships developed through the payment methods made available by GALATA in its online commerce, in order to prevent public mistrust resulting from fraud or fraudulent activity in the same. 
  • We inform you that, in this case, GALATA has compelling and legitimate grounds to enable the processing of your data for this purpose, for which your right to opposition in accordance with the provisions of article 21.1 of the GDPR (General Data Protection Regulation) shall not apply.  
  • You can obtain more information about said evaluation by making a direct request to our Data Protection Officer through the contact form in our website or the email addresses given above.
  • In cases where you are registered as a user and purchase one of our items via the website or app, we may carry out the following data processing:
    • Save your credit card details for use in future purchases. 
    • The lawful basis for the processing or your data is the express consent given by you for us to save this information for use in future purchases, without prejudice to the legitimate use of your credit card data in the execution of a contract, in line with what is indicated in the previous section. 
    • To show you as a priority recommendations of similar content, in accordance with your purchase history or browsing on our website or app. 
    • The lawful basis for the processing of your browsing data is the express consent given by you when accepting the cookies. Furthermore, in order to analyze your purchase history, after balancing your interests as the affected data subject, and those of GALATA as the data controller, it has been determined that the lawful basis that legitimizes the processing or your data is a legitimate interest, deeming that it is in the interest of all the parties involved that items which may be of interest to the consumer are shown as a matter of priority. In this way, showing items that may reflect the priorities of the user in question as a matter of priority will allow GALATA to offer you a better quality service and a more positive user experience, while giving GALATA a reputational benefit based on the fact that users will have a positive browsing and shopping experience on our website and app.


  • Newsletter:management and sending of information on exclusive promotions and new products adapted to your profile, sending of audiences via digital platforms, and notifications relative to pending garments and accessories in your shopping bag via e-mail, SMS, post or any other communication channel and/or online platform. This includes promotional actions, such as, for example, the management of competitions and prize draws organized by GALATA. In cases where receiving commercial notifications via different channels is accepted, personal data may be used to personalize notifications via online means.
    • the lawful basis for the processing of your data is the express consent you have given. Under no circumstances will the withdrawal of consent affect the lawfulness of the processing based on consent prior to withdrawal. 
  • Management of the alerts service to notify the availability of garments and accessories on the website/app. 
    • The lawful basis for the processing of your data for this purpose is the express consent given by you, which may be withdrawn at any moment without said withdrawal affecting the lawfulness of the processing based on consent prior to withdrawal.
  • Respond to the exercise of rights recognized in the data protection legislation.
    • The legal basis for the processing of your data is the fulfilment of a legal obligation regarding managing the exercise of rights, in accordance with the obligation contained in the GDPR (General Data Protection Regulation).   
  • Attend to queries, requests and potential complaints you may make via the Customer Services channel.
    • Depending on the reason you are contacting GALATA, the lawful basis for the processing of your data may vary. Consequently: 
    • We consider that GALATA has a legitimate interest in resolving and correctly attending to any suggestions, queries and requests you may make via the Customer Services channel on the understanding that, under no circumstances, will your rights and/or freedoms be affected or prejudiced by the fact that we are responding to a request initiated by you. 
    • In cases where this relates to an order that needs to be attended to in order for formalize the purchase, the lawful basis for the processing of your data is the execution of a contact, understanding as such the Conditions of Sale.
    • In cases where your data is processed to attend to a complaint sent via the Customer Services channel, the lawful basis for the processing of your data is the fulfilment of a legal obligation contained in the General Law for the Defence of Consumers and Users. 
  • Following the rendering of one of our services, sending you quality surveys aimed at knowing your opinion and degree of satisfaction with your relationship with GALATA. The information collected from the survey will allow us to create and improve our services and procedures, said experience being of considerable interest to us.
    • The lawful basis for the processing of your data is the legitimate interest. Our legitimate interest consists of being able to guarantee you that our website/app is secure, and to help GALATA understand the needs, expectations and your degree of satisfaction with the brand and therefore improve our services at all times. All these actions will be carried out to improve your degree of satisfaction and guarantee a unique browsing and shopping experience, via aggregated analysis. 
  • Profiling based on consumer behaviour, provided you have previously given your express consent for the sending of notifications adapted to your profile.
    • The lawful basis for processing your data for this purpose is the legitimate interest, given that the sending of commercial notifications adapted to the interests, tastes and preferences is considered to be in the interest of all parties involved. Consequently, being able to adapt the commercial notifications to your user profile will allow GALATA to offer you a better quality service since you will only receive notifications whose content may be of interest to you, thus avoiding the sending of generic notifications which may be excessive or of little interest to the data subjects. This will increase your degree of satisfaction and, in turn, benefit GALATA, since it will be able to send more effective commercial notifications that favour the capture of new customers and gain the loyalty of existing ones, while also improving its commercial image.
    • The profiling algorithm does not formulate recommendations on actions to take (neither in terms of segment nor on an individual basis) and does not apply automated decision-making either, but merely analyses the consumer behaviour of customers and potential customers in order to know their interests, tastes and preferences by predicting the future consumer behaviour of the data subject. Based on this information, a Marketing manager will decide what it the best strategy for said segment, customer or potential customer.  
  • Sending of commercial notifications.
    • The lawful basis for the processing of your data for this purpose is the express consent you given when you create the account. We inform you that you can withdraw your consent at any moment without the withdrawal affecting the lawfulness of the previous processing.

How long do we keep your personal data?

In order to guarantee that the personal data are appropriate, pertinent and limited to what is necessary for the purposes for which they are processed, GALATA will keep your personal data only for a period that is reasonably necessary to fulfil the purpose for which they were collected, given the requirements to respond to issues that are raised or to resolve problems, make improvements, activate services and fulfil the requirements of the applicable legislation. This means that we may keep your personal data for a reasonable time, including after you have stopped using the services of GALATA and/or have stopped using the website/app. After this period, your personal data will be blocked in all GALATA systems for the sole purpose of making them available to the competent authorities in order to attend to any potential administrative or legal responsibilities and the exercise or defence of complaints. Once the blocking period for personal data has passed, they will be permanently deleted.

Who do we share your personal data with?

Your personal data will only be communicated to third parties in order to comply with any legal obligations that may apply in each case, for example, to Public Authorities and/or Bodies whenever required by the applicable tax, employment or Social Security legislation, or any other that may apply.

In cases where you make a purchase on our website or app, your data may be communicated, wherever applicable, to financial institutions and payment service providers, fraud detection and prevention organizations, for example Signifyd, and logistics, transport and goods delivery suppliers. Such communications are strictly necessary in order to guarantee the delivery of your order.

You are also informed that GALATA may contract third parties that will have access to your data as the result of a service provision we have entered into. Such third parties may provide technology, customer service, marketing and advertising services, among others, and in all cases will process your data in accordance with the instructions of GALATA and never for their own aims.

GALATA shall not, under any circumstances, sell your personal data to third parties.

International transfers

International data transfers may occur in cases where the companies that GALATA shares your data with are located outside the European Economic Area. These are lawful, since appropriate guarantees to protect personal data have been established. In cases where the destination country is not covered by an adequacy decision, GALATA will regulate the relationship with the third-party destination country shall by subscribing to the Standard Contractual Clauses adapted by the European Commission, whose contents may be consulted via the following link

Such third-party countries not covered by an adequacy decision of the European Commission principally include the United States of America.

In all cases, third parties sharing certain personal data will have previously accredited the adoption of suitable technical and organizational measures for the correct protection of the same.

Data not collected directly from the data subject

In certain services offered via the website/app, the user may provide personal information to the recipient of the same. In this case, GALATA will also comply with its obligations in accordance with the provisions contained in the data protection legislation, processing them solely for the purpose for which they have been provided to us.

How does GALATA protect your personal data?

The website/app uses data security technologies such as firewalls, anti-automated threat systems, access control procedures and cryptographic mechanisms to prevent any unauthorized access to data and guarantee data confidentiality. GALATA uses the security solutions of the hosting services it acquires. In order to achieve said aims, users accept that GALATA will obtain data for the purpose of authenticating access controls.

Furthermore, all transactions via the website/app will be made via secure payment systems. Confidential payment details are transmitted directly in encrypted format (SSL) to the corresponding entity.

GALATA declares that it has adopted all the technical and organizational measures necessary to guarantee the security and integrity of the personal data it processes, and to prevent the loss, alteration and/or unauthorized use of the same by third parties.

What are your privacy rights in relation to your personal data?

Your rights are set out below.You may exercise them via the e-mail addresses we provide above. In order to process your request to exercise your rights, we may ask you to provide proof of your identity.

Right of accessYou have the right to obtain confirmation whether at GALATA processing personal data that concern you, or otherwise, and to access the personal data GALATA possesses about you.
Right to rectificationYou have the right to request that GALATA rectifies personal data when they are incorrect or for them to be completed when they are incomplete. In cases where you have a user account, you should correct your data directly by accessing your profile page in our website.
Right of erasureYou can request that your personal data is erased when, among other reasons, the data is no longer necessary for the purposes for which they were collected.
Right to restrict processingYou have the right to request the restriction of the processing of your data, in which case we will only keep them for the exercise or defence of legal claims.
Right to data portabilityYou have the right to receive personal data in a structured, commonly used and machine-readable format, and to transmit them to another controller when the treatment is based on consent or the execution of a contract, provided they are transmitted by automated means.
Right to objectYou can object to the processing of your personal details based on the public or legitimate interest pursued by GALATA, including the profiling of data. In this case, GALATA will stop processing the data, except for compelling legal grounds or when necessary for the exercise or defence of possible legal claims. You also have the right to object to the processing of data for direct marketing purposes.
Automated individual decisionsWherever this applies, you have the right not to be subject to a decision based solely on automated processing, including data profiling, which has a legal or similarly significant effect on you. However, it will not be possible to exercise said right in cases where the decision is necessary for the formalization or execution of a contract between you and GALATA; it is authorized by the law applicable to GALATA whenever it establishes the appropriate measures to safeguard your rights, freedoms and legitimate interests; or where it is based on your explicit consent.
Right to submit a complaintYou have the right to lodge a complaint before the competent local Supervisory Authority, which in Spain is the Spanish Data Protection Agency (

Modifications to the privacy policy

This privacy policy will be available at all times. However, in cases where we modify the content of the same in a substantial and significant way, we shall notify you via the website/app or to your e-mail address, in order to comply with the duty of information contained in the GDPR. Consequently, if you wish, you may exercise your rights as a data subject.

Cookies Policy

What are cookies and how are they used?

Cookies are files installed on the user’s computer, phone, tablet or any other device, with the purpose of recording the user’s activities during their browsing time on this website and/or the GALATA mobile application (“Web/App”). Through the use of cookies, it is possible for the server where the Web/App is located to recognize the browser used by the user, allowing, for example, the registered user to access areas and services without having to register on each visit and remember their language, country preferences, etc. on future visits. Cookies are also used to measure audience and traffic parameters, control progress and number of entries.

In relation to the concept of “Cookie”, we also refer to other technologies similar to cookies that, in a similar way, allow storing or retrieving certain information from a device such as, for example, flash cookies, web beacons or bugs, pixels, HTML5 (local storage), and SDK technology for App formats, as well as the use of fingerprinting techniques to identify the device of the interested party.

What does GALATA use cookies for?

During access and navigation on the website or through the use of the mobile app, GALATA may store or record IP addresses, user preferences or the type of device used for the main purposes of (i) compiling statistics related to the number of visits or web traffic; (ii) offering a more personalized browsing experience; and (iii) remembering sign in data, even on different devices, and (iv) displaying advertising, on this page or others, based on browsing habits within our website.

Similarly, we do not store sensitive personal identification information such as your address, your password, etc., in the cookies we use.

GALATA strictly does not sell customer data to third parties in any case.

Who uses the information stored in the cookies?

The information stored in the Web/App cookies is used by GALATA FABRICA, S.L. (“GALATA”), with N.I.F. B87716528:

  • Postal address: Calle Zurbano 45-1 28010 Madrid Spain
  • Email:

Also, some of the cookies that may be installed are not owned by GALATA but by third parties, you can consult the complete list of cookies used by GALATA in the configuration panel which you will find below.

What type of cookies does GALATA use?

Below are the types of cookies used on the GALATA Web/App, based on the type of cookies according to their purpose and the entity that manages them (own and third-party).

Self-managed cookiesThese are those that are created or managed by GALATA, as the person responsible for the Web/App.
Third-party cookiesThese are those that are managed by service providers unrelated to GALATA. These are identified in the configuration panel which you can access from the “configure cookies” button that you will find below.

Strictly necessary cookiesThese cookies are necessary for the website to function and cannot be deactivated in our systems. They are usually configured to respond to actions made by you to receive services, such as adjusting your privacy preferences, signing in to your account, or completing forms. You can configure your browser to block or alert the presence of these cookies, but some parts of the website will not work. These cookies do not store any personally identifiable information.
Preference or customization cookiesThese are those that allow you to access the service remembering predefined characteristics based on a series of criteria such as, for example, the language, the type of browser through which the service is accessed, the regional configuration from where the service is accessed, etc. Not accepting these cookies could generate slow performance or poorly adapted recommendations.
Analysis cookiesThese are those that, treated by us or by third parties, allow us to quantify the number of users and thus carry out the measurement and statistical analysis of the use that users make of the offered service. For this, your navigation on our website is analyzed in order to improve the offer of products or services that we offer you.
Behavioral advertising cookiesThese are those that, treated by us or by third parties, allow us to analyze your browsing habits on the Internet so that we can show you advertising related to your browsing profile.
Social Network CookiesThese are those that are set by a series of social network services, that we have added to the site, to allow you to share our content with your friends and networks.

How to disable cookies in the most commonly used web browsers

You can allow, block or delete the cookies installed on your computer in the settings options of your web browser. If you block them, certain services that require their use may not be available to you. You can access the open source how-to-do information for each browser type through internet search.

If you have accepted the third-party cookies, you can delete them from your web browser options or from the system offered by the third-party itself.

Conservation periods

GALATA will retain the personal data collected only for the specified, provided, and limited period necessary to fulfill the purpose for which they were collected, as well as to comply with the requirements of applicable legislation. Once the intended purpose is fulfilled, your data will be properly blocked for the period during which legal actions may arise and, once the prescription period has passed, they will be properly deleted.

Similarly, the data obtained through the use of cookies accepted by the user will be kept for a period of 13 months and, consequently, once this period has passed, a new consent will be requested when you visit our WEB/APP.

Regarding the third parties identified in the cookie settings panel, you can consult their retention period in their respective privacy policies.

Data transfers to third countries

Generally, data processing is carried out by service providers located within the European Economic Area or in countries that have been declared to have an adequate level of protection.

In the event of international data transfers to countries that do not have a decision of adequacy from the European Commission, GALATA will use the Standard Contractual Clauses adapted by the European Commission as a guarantee for those transfers in compliance with Items 44 to 49 of the 2016/679 Data Protection Regulation. In any case, the third parties with whom personal data is shared will have previously accredited the adoption of adequate technical and organizational measures for the correct protection of the data.

In relation to third parties that manage cookies, you can inform yourself about the transfers to third countries that, where appropriate, they carry out in their corresponding cookie policies.

How to manage your consent preferences

You can configure the categories of optional cookies by clicking on the cookie settings button that appears on the screen when you access our website.