Privacy addenda by region

Last updated: May 25, 2026

Galeira's baseline privacy policy at /legal/privacy describes what we collect, why, and how to exercise your rights. This index lists region-specific addenda — disclosures we're required to make under your local data-protection law on top of the baseline. These addenda do not replace the main policy; they add to it.

• European Union & EEAGDPR (Regulation 2016/679) + ePrivacy

  Lawful bases, Article 27 representative, supervisory-authority complaints.

• United KingdomUK GDPR + Data Protection Act 2018

  ICO complaints, UK GDPR rep, DPDI Act 2025 changes.

• CaliforniaCCPA + CPRA

  Notice at collection, sale / share, sensitive personal information, automated decision-making.

• VirginiaVCDPA

  Right to access, delete, correct, opt-out of targeted advertising / sale / profiling.

• ColoradoColorado Privacy Act

  Universal opt-out signal, profiling rights, appeals.

• ConnecticutCTDPA

  Connecticut Data Privacy Act, GPC signal, sensitive-data consent.

• UtahUCPA

  Right to access, delete, opt-out of sale and targeted advertising.

• TexasTDPSA

  Texas Data Privacy and Security Act effective July 2024.

• BrazilLGPD (Lei nº 13.709/2018)

  Encarregado de dados (DPO), ANPD complaints, child-data rules.

• CanadaPIPEDA (federal) + provincial laws

  OPC complaints, Quebec Law 25 specifics, provincial overlay.

• AustraliaPrivacy Act 1988 (Cth) + APP

  Australian Privacy Principles, OAIC complaints, 2024 reform highlights.

• IndiaDPDP Act 2023

  Consent manager, Data Protection Board, child-data rules, deemed consent.

• Japan & South KoreaAPPI (Japan) + PIPA (Korea)

  Cross-border transfer notifications, PPC / PIPC complaints, opt-out registers.

EU / UK GDPR Article 27 representative

For data subjects in the EEA and the UK, our Article 27 representative can be contacted at [email protected]. We are working on appointing a named in-region representative; until appointed, this address routes to a person who reads it.

Other jurisdictions

If your jurisdiction isn't listed and you have a data-protection question or request, email [email protected]. We honour data-subject rights globally — the GDPR baseline is what we apply where local law is silent or weaker.

Notarised legal counsel review is in progress per jurisdiction. Email [email protected] if you spot a gap.