Legal Notice (Imprint)

Imprint

Galaxia Life GmbH

Registered office: c/o Vogelsanger Straße 348, 50827 Cologne (Germany)

Telephone: [●]

Email address: info@galaxialife.de

Managing Director: Euan Andrew Keenan

Commercial Register: Local Court of Cologne

Registration Number: HRB 124404

PRIVACY POLICY

Effective Date: December 2025

The protection of your personal data is particularly important to us. This privacy policy describes how Galaxia Life GmbH, registered office: c/o Vogelsanger Straße 348, 50827 Cologne (“Galaxia Life”, “we” or “us”), as the controller within the meaning of the EU General Data Protection Regulation (“GDPR”), the German Federal Data Protection Act (“BDSG”), and other applicable data protection laws (“Applicable Data Protection Laws”), processes personal data of users (“users” or “you”) of our website www.galaxialife.de (“Website”).

Purposes of Processing, Legal Basis, and Source

  1. Provision of the Website

    1. Each time our website is accessed, our system automatically stores the following information about your visit in so-called server logs:

      (a) Type and version of the web browser you use,

      (b) Type and operating system of the device you use,

      (c) Pages accessed and files requested,

      (d) The website from which you arrived (referrer),

      (e) Your IP address,

      (f) Date and time of access.

    2. The processing of server log data is technically necessary to establish and maintain the connection during your use of the website. The legal basis for processing is our legitimate interest in providing our website (Art. 6(1)(f) GDPR). Processing is essential for the use of our website. Server logs are automatically deleted after seven (7) days.

  1. Contact Form

    1. If you send us inquiries via the contact form provided on our website at https://www.galaxialife.de, the mandatory information requested in the contact form (name, email address, subject) as well as the content you provide in the message field will be stored by us. We process this data to handle your inquiry and any follow-up questions, as well as to prevent misuse of the contact form.

    2. We base this data processing on our legitimate interests (Art. 6(1)(f) GDPR) to process your request and ensure the security of our IT systems. The personal data you provide will be stored as long as necessary to answer your inquiry and will be deleted at the latest after one month. You are not obliged to provide this personal data, but without it, you cannot contact us via the contact form.

Social Media Plugins

  1. Social Media Plugins with Shariff

    1. Our website uses plugins from LinkedIn and Instagram, which are only loaded if you have previously activated the function by giving your consent. Through these plugins, we offer you the opportunity to interact with social networks. To ensure data protection on our website, we use all plugins only in conjunction with the so-called "Shariff" solution. This application prevents the plugins integrated on our website from transmitting personal data (e.g., your IP address) to the respective provider upon first loading the website. Only when you activate the respective plugin by clicking the corresponding button is a direct connection to the provider's server established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited our website with your IP address.

    2. Activating the respective plugin constitutes consent within the meaning of Art. 6(1)(a) GDPR. You can revoke this consent at any time with effect for the future.

  2. Our Presence on Social Networks

    1. We maintain various presences on so-called social media platforms. We operate these presences with the following providers:

  1. For these information services, we use the technical platform and services of the providers. Please note that you use our presences on social media platforms and their functions at your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating). When visiting our presences, the providers of the social media platforms collect, among other things, your IP address and other information stored in cookies on your device. This information is used to provide us, as account operators, with statistical information about interactions with us.

  2. The data processed about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. The information collected is stored on the providers' servers, including outside Europe. In such cases, the provider has submitted to the EU-U.S. Privacy Framework. If the provider is not certified, we have agreed on so-called standard contractual clauses, the purpose of which is to ensure an adequate level of data protection in the third country. We do not know how the social media platforms use the data from your visit to our accounts and interaction with our posts for their own purposes, how long this data is stored, or whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or visit the page as a non-registered and/or non-logged-in user. When accessing a post or the account, the IP address assigned to your device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your device can be used to track your activity on the network. By means of buttons embedded in websites, the platforms can record your visits to these websites and assign them to your respective profile. Based on this data, content or advertising can be tailored to you. If you wish to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies present on your device, and restart your browser.

  3. As the provider of the information service, we only process data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing described in this privacy policy. The legal basis for processing your data on the social media platform is Art. 6(1)(f) GDPR.

  4. To exercise your data subject rights, you can contact either us or the provider of the social media platform. If one party is not responsible for responding or needs to obtain information from the other party, we or the provider will forward your request to the respective partner. For questions about profiling or the processing of your data when using the website, please contact the operator of the social media platform directly. For questions about the processing of your interaction with us on our page, please write to the contact details provided above.

  5. The information the social media platform receives and how it is used is described by the providers in their privacy policies (see link in the table above). There you will also find information about contact options and settings for advertisements. Further information about social networks and how you can protect your data can also be found at www.youngdata.de.

  6. Web Analytics with Google Analytics

    1. When you visit our website, the Google Analytics service is loaded for the statistical evaluation of the use of our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). By using the "anonymizeIp()" extension, we ensure that Google Analytics only transmits a truncated version of your IP address to Google.

    2. By accessing the website and loading the service, Google becomes aware that our website has been accessed via your IP address. Google Analytics uses cookies that are stored on your device, unless you have prohibited the use of cookies in your browser, and which enable an analysis of your use of our website. The information generated by the cookie about your use of the website is transferred to and stored on Google servers in the USA.

    3. We base the use of Google Analytics on our legitimate interests (Art. 6(1)(f) GDPR), which consist in the needs-based design and optimization of our website. In addition, we have concluded a data processing agreement with Google in accordance with the requirements of the German data protection authorities when using Google Analytics. Data transfer to the USA is carried out under the EU-U.S. Data Privacy Framework.

    4. We collect your IP address to enable truncation and subsequent transmission to Google. You are not obliged to provide this personal data; use of our website is possible without providing it. You can prevent the provision of this personal data by adjusting your browser settings or by installing the browser add-on available at:  https://tools.google.com/dlpage/gaoptout?hl=de.

    5. Further information about Google Analytics can be found at http://www.google.com/intl/de_ALL/analytics. Google's privacy policy can be found at https://www.google.com/policies/privacy/.

Other Functions of the Website

  1. Cookies

We use cookies, log files, pixel tags, web beacons, scripts, eTags, and similar technologies to collect and store information that we automatically gather about your device and use of the website. Further information about cookies and how you can control them can be found below.

What is a cookie?

  1. Cookies are text files that contain small amounts of information and are downloaded to your browser or device when you visit a particular web address. Cookies are then sent back to the original web address or to another web address that recognizes the cookie on each subsequent visit. Cookies are widely used to make the website work or work more efficiently and to provide us with information.

  2. Cookies perform many different tasks, such as enabling efficient navigation between pages, storing your login and preferences, and generally improving user-friendliness. Cookies can tell us, for example, whether you have visited or used the website before or whether you are a new visitor or user. Cookies can help us ensure the security of our data and website and detect fraud and hacking attempts on our products and website. For example, cookies can store ticket information that the server can use to verify that the login was performed by you. The encrypted information in the ticket can also be used to prevent various types of attacks, cross-site information theft, and access with disguised identity.

  3. There are two main categories of cookies:

    • First-party cookies, which are sent directly by us to your device.

    • Third-party cookies, which are set by a third party on our behalf.

  4. Cookies can remain on your browser or device for different periods. Some cookies are "session cookies," i.e., they only exist as long as your browser or application is open. These are automatically deleted when you close your browser or application. Other cookies are "persistent cookies," i.e., they remain after your browser or application is closed. They can be used by the website to recognize your device when you visit and use the website again.

  1. How do we use cookies?

We use cookies to:

  1. Verify login information to ensure the security of your account;

  2. Understand the total number of visitors to the website and the types of devices used;

  3. Provide services to you.

  1. What types of cookies do we use?

The types of cookies used by us and our partners in connection with the website can be classified into the following categories: "essential cookies," "functional cookies," and "analytics and measurement cookies”. The following table provides more information on each category and the purposes of the cookies set by us and third parties.

Essential cookies necessary for the website

These cookies are essential to provide you with the website and all features available through this website, such as access to secure areas. Without these cookies, the services you have requested, such as secure login accounts, would not be possible.

Duration: Persistent
First- or third-party cookie: First-party
Cookie data shared with third parties: No

Functional cookies

Functional cookies store information about the choices you make and allow us to tailor the website to you. These cookies mean that, if you continue to use or return to the website, we can offer our website as you have requested. These cookies allow us, for example:

  • to save the settings you have made, such as text size, style, and appearance of the website;

  • to record whether you have read certain prompts to avoid repeated prompts.

Duration: Persistent
First- or third-party cookie: First-party
Cookie data shared with third parties: Yes

Analytics and measurement cookies

We use Google Analytics cookies to analyze how the website is accessed, used, or functions, to provide you with a better user experience, and to maintain, operate, and continuously improve the website. These cookies allow us, for example:

  • to better understand visitors to the website so we can improve how we present our content;

  • to test different design ideas for certain pages or features;

  • to collect information about users of the website, such as their location and which browsers they use;

  • to determine the number of individual users of the website;

  • to improve the website by measuring errors that occur; and

  • to conduct research and diagnostics to improve product offerings and features.

Duration: Google Analytics: Please refer to the Google Analytics cookie policy
First- or third-party cookie: Third-party
Cookie data shared with third parties: Yes

How you can control or delete cookies

  1. You have the right to choose whether or not to accept cookies, and we have explained below how you can exercise this right.

  2. When you use our website for the first time, we will provide you with a notice informing you how we use cookies, why we use them, and how you can change which cookies you accept. You can opt out of non-essential cookies here and for certain non-essential cookies such as "analytics and measurement cookies" here. Please note that we cannot guarantee that you will be able to use our service as well as possible if you do not accept our cookies.

  1. Recipients of Data

    1. External Service Providers

  1. We engage external service providers acting as our data processors to perform certain services for us, such as email marketing, hosting, website, IT, or other services. In providing these services, external service providers may have access to or process your personal data.

  2. Engaged external service providers are contractually obliged, by means of data processing agreements, to implement appropriate technical and organizational security measures to protect the processed personal data and to process such data only in accordance with our instructions.

  1. Other Recipients

  1. We may also disclose your personal data to law enforcement and other authorities, legal advisors, and other external consultants in accordance with applicable data protection law.

  2. The legal bases for this processing are compliance with legal obligations (Art. 6(1)(c) GDPR) to which we are subject, or our legitimate interests (Art. 6(1)(f) GDPR), such as the exercise or defense of legal claims.

  1. Data Transfers to Third Countries

    1. We may transfer your personal data to recipients in third countries outside the European Union (EU) or the European Economic Area (EEA) that do not provide an adequate level of data protection, such as the USA. Recipients in the USA may be certified under the EU-U.S. Data Privacy Framework (DPF) and thus provide an adequate level of data protection from the perspective of EU data protection law. For example, data transfers to Google are carried out on the basis of the EU-U.S. Data Privacy Framework.

    2. If we transfer your personal data to other third countries that do not provide an adequate level of data protection from the perspective of EU data protection law, we rely on appropriate safeguards, such as the EU standard contractual clauses adopted by the European Commission. You can request a copy of the relevant safeguards by contacting us at the contact details provided in section 7.

  2. Data Retention Period, Criteria for Retention

    1. We retain your personal data for as long as necessary for the respective purposes of the data processing described above in section 1. As soon as we no longer process your personal data for these purposes, we will delete it from our systems and records or fully anonymize it so that you can no longer be identified.

    2. Deletion or full anonymization will not take place as long as we are required to retain your data to comply with legal or regulatory obligations. This particularly concerns statutory retention obligations under the German Commercial Code (HGB) or the Fiscal Code (AO), which provide for retention periods of 6 to 10 years, or if we need the data for evidentiary purposes in connection with legal disputes within the limitation period, which is generally three years but can be up to 30 years in individual cases.

  3. Your Rights as a Data Subject and How to Exercise Them

    1. If you have given your consent to the processing of your personal data, you may withdraw it at any time with effect for the future. Such withdrawal does not affect the lawfulness of processing prior to the withdrawal. If you withdraw your consent and there is no other legal basis, we must delete your personal data without undue delay (Art. 17(2)(b) GDPR).

    2. Under applicable data protection law, you as a data subject have the right to access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), and the right to data portability (Art. 20 GDPR). The right of access and the right to erasure may be restricted in certain circumstances (see §§ 34, 35 BDSG). You are also entitled to lodge a complaint with a data protection authority (Art. 77 GDPR). Further information on these rights can be found below in the appendix "Your Rights".

    3. In certain circumstances, you also have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on our legitimate interests (Art. 6(1)(f) GDPR); this also applies to profiling based on this legal basis (Art. 21(1) GDPR). Furthermore, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling to the extent that it is related to such direct marketing (Art. 21(2) GDPR). If you object, we will no longer process your personal data for these purposes.

    4. To exercise your rights, please contact us using the contact details provided in the Contact section.

Contact

If you have any questions about this privacy policy or the processing of your personal data, please contact us at:

Galaxia Life GmbH

Registered office: c/o Vogelsanger Straße 348, 50827 Cologne (Germany)

Telephone: [●]

Email address: info@galaxialife.de

Website: www.galaxialife.de 

The contact details of our Data Protection Officer are as follows: Euan Andrew Keenan

  1. Changes to this Privacy Policy

    1. This privacy policy may need to be amended from time to time, e.g., due to new functions or technologies on our website. In such cases, we will amend or supplement this privacy policy.

We will publish the changes at, for example, www.galaxialife.de/privacy-policy and/or inform you accordingly.

APPENDIX – YOUR RIGHTS

  1. Right of Access

    1. You may have the right to request confirmation from us as to whether we process personal data about you and, if so, the right to access such personal data.

    2. The right of access includes, among other things, the purposes of processing, the categories of personal data we process, and the recipients or categories of recipients to whom we disclose the personal data.

    3. You may also have the right to obtain a copy of the personal data undergoing processing. However, this right is not unlimited, as the rights of other persons may restrict your right to receive a copy.

    4. The right of access is restricted under § 34 BDSG, e.g., if the data

  1. is stored solely because it may not be deleted due to statutory or constitutional retention requirements, or

  2. is used exclusively for data backup or data protection control purposes, and providing the information would require a disproportionate effort and processing for other purposes is excluded by appropriate technical and organizational measures.

  1. Right to Rectification

    1. You may have the right to request the rectification of inaccurate personal data concerning you.

    2. Taking into account the purposes of processing, you have the right to have incomplete personal data completed, including by means of a supplementary statement.

  2. Right to Erasure ("Right to be Forgotten")

    1. Under certain conditions, you have the right to request that we erase personal data concerning you, and we are obliged to erase such personal data.

    2. The right to erasure does not exist under § 35 BDSG, for example, if erasure in the case of non-automated data processing is not possible or only possible with disproportionate effort due to the special nature of the storage, and the data subject's interest in erasure is to be regarded as minor. In this case, processing is restricted instead of erasure. The above exception does not apply if the personal data has been unlawfully processed.

  3. Right to Restriction of Processing

    1. Under certain conditions, you have the right to request that we restrict the processing of your personal data.

    2. In this case, the relevant data will be marked and processed by us only for certain purposes.

  4. Right to Data Portability

Under certain conditions, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us.


Status: January 2026