Privacy policy

Last updated: 28/06/2025

Graffo (hereinafter “Graffo”, “we”, “us” or “our”) is committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable national data protection laws.

This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our website [graffo.be] (the “Website”) or our services.

For any questions or requests regarding this policy or your personal data, please contact us at:

Email: info@graffo.be

1. Data Controller

Graffo acts as the Data Controller for the processing of your personal data collected via the Website or in connection with our services.

2. Categories of Personal Data Collected

We may collect and process the following categories of personal data:

* Technical Data: IP address, browser type and version, operating system, device information, approximate geographic location, and other data collected via cookies and similar technologies.

* Usage Data: Information about how you use our Website, including which pages you visit, links you click, and the duration and frequency of your visits.

* Identity and Contact Data: Name, delivery address, billing address, email address, phone number.

* Order and Transaction Data: Details of products or services you purchase from us.

* Communication Data: Information you provide when filling in our contact forms, subscribing to our newsletter, or otherwise communicating with us.

3. Sources of Personal Data

We collect personal data in the following ways:

* Directly from you when you fill in forms on our Website (e.g., contact forms, newsletter sign-ups, order forms).

* Automatically through your use of our Website, via cookies and similar tracking technologies.

* Through transactions when you place an order or purchase our services.

For details on our use of cookies, please refer to our Cookie Policy.

4. Purposes and Legal Bases for Processing

We process your personal data only when we have a valid legal basis under the GDPR. These purposes and legal bases include:

Purpose Legal Basis

To operate, maintain, and improve our Website Legitimate interests (Art. 6(1)(f) GDPR)

To analyze usage and generate anonymous statistics Consent via cookie banner (Art. 6(1)(a) GDPR)

To provide and deliver products or services you order Performance of a contract (Art. 6(1)(b) GDPR)

To manage billing and accounting obligations Legal obligation (Art. 6(1)(c) GDPR)

To communicate with you, including responding to inquiries Performance of a contract / Legitimate interests

To send newsletters or marketing communications (including personalized offers) Consent (Art. 6(1)(a) GDPR)

You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Disclosure of Personal Data to Third Parties

We will not sell or rent your personal data.

We may share your personal data with third parties only where necessary for the purposes described above, including:

* Website developers and hosting providers to operate and maintain the Website.

* Payment service providers and banks to process payments securely.

* Professional advisers (e.g., accountants, legal consultants) where necessary for compliance with our legal obligations.

We ensure that such third parties implement appropriate technical and organizational measures to protect your personal data.

6. International Transfers

Your personal data will generally be processed within the European Economic Area (EEA). If we transfer your data outside the EEA, we will ensure adequate safeguards in accordance with the GDPR, such as Standard Contractual Clauses approved by the European Commission.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations (e.g., accounting requirements).

Retention periods may vary depending on the category of data and applicable legal requirements.

8. Your Data Protection Rights

You have the following rights under the GDPR:

* Right of access: Obtain confirmation whether we process your personal data and access to that data.

* Right to rectification: Correct inaccurate or incomplete personal data.

* Right to erasure: Request deletion of your personal data in certain circumstances.

* Right to restriction of processing: Request limited processing in certain cases.

* Right to data portability: Receive personal data in a structured, commonly used, and machine-readable format and have it transferred to another controller.

* Right to object: Object to processing based on legitimate interests or direct marketing at any time.

* Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, please contact us at info@graffo.be. We may request additional information to verify your identity.

9. Complaints

If you believe that your rights under the GDPR have been infringed, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Data Protection Authority (GBA/APD)

Drukpersstraat 35, 1000 Brussels, Belgium

Email: contact@apd-gba.be

Website: https://www.gegevensbeschermingsautoriteit.be

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will publish the updated version on our Website, indicating the date of the last update.