Address
45 Rue de Vaucelles, 1400 Caen
Open 24 hours a day, 7 days a week
Privacy Policy
Privacy Policy for the grahamshoping.fr website
Date d’entrée en vigueur : 01/01/2026
Dernière mise à jour : 11/04/2026
This policy describes how Grahamshop (hereinafter “we,” “our”), as the data controller, collects, uses, stores, and protects the personal data of visitors and customers to its e-commerce site grahamshoping.f, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.
Responsable du traitement
– Raison sociale : ORIVANASHOP LTD
Email:info@grahamshoping.fr
Champ d’application et finalités
Cette politique s’applique aux visiteurs du site, utilisateurs inscrits, clients et prospects. Les finalités principales sont : Fourniture de services e‑commerce et gestion des commandes ;
Traitement des paiements en ligne (Stripe, PayPal) ;
Communication avec les clients (facturation, support, suivi de commande) ;
Envoi d’emails marketing et newsletters (avec consentement) ;
Fonctionnement et amélioration du site (analytics, performance) ;
– Assistance via chatbot IA et amélioration des services d’assistance.
Data collected
Identification and contact information
Last name, first name, mailing address, email address, phone number.
Account credentials (username, encrypted password).
Payment data
Data required for payment: transaction details (amount, date), payment method.
Sensitive card data (full number, CVV) is processed directly by payment providers (Stripe, PayPal) and is not stored by our site when the integration complies with best practices (SDK/hosted checkout). We only retain transaction references and the information necessary for billing.
Technical and browsing data
IP address (anonymized where applicable), browser type, operating system, pages viewed, duration of visit, referral source, cookie IDs, and trackers.
Data related to the AI chatbot
Questions and interactions with the chatbot, conversation logs, and possibly browsing context.
Interactions may be transmitted to the AI service provider (or stored locally) for processing and improvement.
Marketing data
: Communication preferences, purchase history, newsletter consent.
Note: Do not share sensitive information (such as racial background, political views, health information, etc.) via the chatbot or public forms.
Legal Basis and Use of Data
Contract performance: order processing, billing, delivery. (Basis: contract performance)
Consent: sending newsletters, non-essential cookies, marketing features. (Basis: explicit consent)
Legal obligation: retention of accounting/tax documents, compliance with legal obligations. (Legal basis: legal obligation)
Legitimate interest: website security, fraud detection, improving the user experience (following a balanced analysis and notification). (Legal basis: legitimate interest)
Examples of use: sending order confirmations, managing returns, chatbot support, sales follow-ups if consent is given or an existing customer relationship exists in accordance with applicable regulations.
Data Recipients
. Data may be disclosed to the following categories:
Payment service providers: Stripe, PayPal (payment processors). They process payment data as data processors.
Website host and cloud services (Hostinger).
Analytics and performance tool providers: Google Analytics — subject to consent where required.
The website features a chatbot developed and managed by grahamshop. All interactions are archived and processed by grahamshop in accordance with the privacy policy. Conversations with the chatbot may be transmitted to the AI provider for processing, hosting, and model improvement. Depending on the provider, this data may be subject to further processing (enrichment, training). We will inform you of specific conditions and request your consent when necessary. You may choose not to use the chatbot for information you consider sensitive; in this case, please contact customer service.
– Logistics services and carriers: We work with carriers such as Chronopost, La Poste, Collisimo, DHL, and FedEx to ensure your satisfaction.
– Legal and judicial authorities: when disclosure is required by law.
When we engage subcontractors, we enter into contracts with them that comply with the GDPR (data processing clauses, security obligations, and usage restrictions).
Transfers Outside the European Union
Certain service providers (hosting, AI tools, payments) may transfer data to countries outside the EU. We ensure that these transfers are subject to appropriate safeguards: adequacy decisions, standard contractual clauses (SCCs), or other recognized safeguards. For more information on the countries involved and the safeguards, please contact our DPO.
Retention periods
Customer data (account): retained for the duration of the account’s activity.
Billing and accounting data: retained for 10 years (legal retention period in France).
Payment data (transaction references): retained for the period necessary for commercial management and legal obligations: 10 years.
Marketing data (marketing emails): until consent is withdrawn or 3 years after the last contact.
– Logs and technical data: retained for an appropriate period of 6 to 13 months depending on the purpose (security, analytics).
– Chatbot data: retained according to the purpose and terms specified when using the service; anonymization is possible. Specific retention periods available upon request.
These timeframes are approximate; they may be adjusted based on legal requirements or a documented legitimate need.
Cookies and trackers
Types of cookies
Strictly necessary cookies: website functionality, shopping cart, session. (No consent required, but information must be provided)
Performance/analytics cookies: used to measure traffic and improve the website (often subject to consent).
Functional cookies: store preferences (e.g., language).
Marketing/advertising cookies: targeted advertising and cross-site tracking (requires consent).
Management and control
On your first visit, an information banner and a consent manager allow you to accept or decline cookie categories. You can change your preferences at any time via [link to the cookie management center] or through your browser settings (blocking or deleting cookies). Please note that blocking certain cookies may affect the website’s functionality.
Security
We implement appropriate technical and organizational measures to protect your data:
TLS encryption (HTTPS) for all communications between your browser and our servers.
Compliance with PCI-DSS standards when processing payments via our integrations (hosted payment / SDK).
Restricted access to data (access controls, strong authentication for teams).
Pseudonymization and encryption of sensitive data whenever possible.
Regular backups and restore tests.
Logging and monitoring for incident detection.
Confidentiality agreements with our subcontractors and regular audits.
In the event of a personal data breach that is likely to pose a risk to the rights and freedoms of individuals, we will notify the competent supervisory authority (CNIL in France) within 72 hours and, where required, the individuals concerned.
Individual Rights
In accordance with the GDPR, you have the following rights:
– Right of access: to obtain confirmation that your data is being processed and to receive a copy of it.
– Right to rectification: to have inaccurate or incomplete data corrected.
– Right to erasure (“right to be forgotten”): to request the deletion of your data where applicable.
– Right to restriction of processing: to request the suspension of processing in certain cases.
– Right to object: object to the processing of your data on legitimate grounds or to processing for marketing purposes.
– Right to data portability: receive the data you have provided to us in a structured, commonly used, and machine-readable format.
– Right to withdraw consent: where processing is based on consent, you may withdraw it at any time (such withdrawal does not affect the lawfulness of prior processing).
– Right to lodge a complaint with a supervisory authority (in France: CNIL — www.cnil.fr).
Exercising your rights: To exercise your rights, please send a request to grahamshoping.fr or by mail to the address provided, along with proof of identity. We will respond within the legally required timeframe (generally one month, which may be extended in certain cases).
Automated processing and decisions based solely on automated processing
We do not make automated decisions that have legal or significant effects on you without human intervention. If automated processing (profiling) is implemented (e.g., fraud risk scoring), we will clearly indicate this and inform you of the applicable logic and your rights.
Regarding the AI chatbot, automated processing of requests may affect the response provided; you can request human assistance if you feel the response is problematic.
Changes to the Privacy Policy
We may update this policy to reflect changes in our practices or legal obligations. In the event of a substantial change, we will notify you in advance (via a banner or email to registered users). The date of the last update appears at the top of the document.
Contact
Pour toute question relative à la protection des données ou pour exercer vos droits :
– Email :info@grahamshoping.fr
If you have any complaints, you may contact the relevant supervisory authority: Commission Nationale de l’Informatique et des Libertés (CNIL) — www.cnil.fr.