About our privacy policy

Graey cares deeply about your privacy. We therefore only process data that we need for (improving) our services and treat information collected about you and your use of our services with care. We never make your data available to third parties for commercial purposes.

This privacy policy applies to the use of the Graey website and the services accessed thereon. The effective date for the validity of these terms is 15/10/2022, with the publication of a new version the validity of all previous versions will expire. This privacy policy describes what data about you is collected by us, what this data is used for and with whom and under what conditions, if any, this data may be shared with third parties. We also explain to you how we store your data and how we protect your data against misuse, and what rights you have in relation to the personal data you provide to us.

If you have any questions about our privacy policy, please contact our privacy contact, you will find the contact details at the end of our privacy policy.

About data processing

Below you can read how we process your data, where we store it (or have it stored), which security techniques we use and to whom the data can be viewed.

Webshop software MyWebstore

Our online shop is developed with software from MyOnlineStore. Personal data that you make available to us for the purpose of our service is shared with this party. MyOnlineStore has access to your data to provide us with (technical) support, they will never use your data for any other purpose. MyOnlineStore is obliged under the agreement we have with them to take appropriate security measures. MyOnlineStore uses cookies to collect technical information regarding your use of the software, no personal data is collected and/or stored.

Web hosting one.com

We purchase web hosting and email services from One.com. One.com processes personal data on our behalf and does not use your data for its own purposes. However, this party may collect metadata about the use of the services. This is not personal data. One.com has taken appropriate technical and organisational measures to prevent the loss and unauthorised use of your personal data. One.com is bound to secrecy under the agreement.

E-mail and mailing lists

MyWebstore

We send our newsletters and transactional emails using our web store software 'MijnWebwinkel'. All confirmation emails you receive from our website and web forms are sent through MijnWebwinkel's servers. MijnWebwinkel will never use your name and email address for its own purposes. At the bottom of every automated email sent through our website you will see the 'unsubscribe' link. If you click this, you will no longer receive email from our website. This may seriously reduce the functionality of our website! Your personal data is securely transmitted, stored and accessed by MyWebwinkel. MyWebwinkel uses cookies and other Internet technologies that show whether e-mails are opened and read. MijnWebwinkel also processes information about you as a recipient and the subject line of e- mails to improve the quality of service, this data is stored for 30 days. MyWebwinkel reserves the right to use your data to further improve the service and share information with third parties.

one.com

We use the services of one.com for our regular business e-mail traffic. This party has taken appropriate technical and organisational measures to prevent abuse, loss and corruption of your and our data as much as possible. one.com does not have access to our mailbox and we treat all our e- mail traffic confidentially.

Payment processors Shopify

To handle (part of) the payments in our web shop we use the platform of Shopify. Shopify processes your name, address and place of residence and your payment details such as your bank account or credit card number. Shopify has taken appropriate technical and organisational measures to protect your personal data. Shopify shares personal data and information relating to your financial position with credit rating agencies in the case of an application for a deferred payment (credit facility). All the above safeguards regarding the protection of your personal data also apply to those parts of Shopify's services for which they engage third parties. Shopify will not retain your data for longer than permitted under the legal time limits.

Shipping and logistics PostNL

When you place an order with us, our job is to get your parcel delivered to you. We use the services of PostNL to make the deliveries. This requires us to share your name, address and place of residence details with PostNL. PostNL uses this data solely for the purpose of executing the agreement. If PostNL engages subcontractors, PostNL will also make your details available to these parties.

DHL

When you place an order with us, our job is to get your package delivered to you. We use the services of DHL to make the deliveries. This requires us to share your name, address and place of residence data with DHL. DHL only uses this data for the purpose of executing the contract. In the event that DHL engages subcontractors, DHL will also make your data available to these parties.

Invoicing and accounting ExactOnline

EXAMPLE: To keep our records and accounts, we use the services of [SUPPLIER]. We share your name, address and residence details and details relating to your order.
This data is used to administer sales invoices. Your personal data will be transmitted and stored in a protected manner. [SUPPLIER] is bound to secrecy and will keep your data confidential. [SUPPLIER] will not use your personal data for other purposes than those described above.

External sales channels

Purpose of data processing 

General purpose of processing

We use your data exclusively for the purpose of our services. That is, the purpose of the processing is always directly related to the assignment you provide. We do not use your data for (targeted) marketing. If you share data with us and we use this data to contact you - other than at your request - at a later time, we will ask you explicit permission to do so. Your data will not be shared with third parties other than to meet accounting and other administrative obligations. These third parties are all bound to confidentiality by virtue of the agreement between them and us or an oath or legal obligation.

Automatically collected data

Data automatically collected by our website are processed with the aim of further improving our services. These data (e.g. your IP address, web browser and operating system) are not personal data.

Cooperation in tax and criminal investigations

Where appropriate, Graey may be required by law to share your data in connection with government tax or criminal investigations. In such a case, we are forced to share your data, but we will oppose this within the possibilities provided by law.

Retention periods

We keep your data for as long as you are our client. This means that we will keep your client profile until you indicate that you no longer wish to use our services. If you indicate this to us, we will also interpret this as a request to forget. Based on applicable administrative obligations, we are required to retain invoices containing your (personal) data, so we will retain this data for as long as the applicable term runs. However, employees no longer have access to your client profile and documents we have produced in response to your instructions.

Your rights

Under applicable Dutch and European law, as a data subject you have certain rights in relation to personal data processed by or on behalf of us. We explain below which rights these are and how you can invoke these rights. In principle, to prevent misuse, we only send copies and copies of your data to your e-mail address already known to us. In case you wish to receive the data at another e-mail address or by post, for example, we will ask you to identify yourself. We keep records of completed requests; in the case of a forgetting request, we administer anonymised data. You will receive all copies and transcripts of data in the machine-readable data format we use within our systems. You have the right at any time to lodge a complaint with the Personal Data Authority if you suspect that we are using your personal data incorrectly.

Right of inspection

You always have the right to inspect the data we process (or have processed) that relate to your person or can be traced back to that person. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you, at the e-mail address known to us, a copy of all data with a list of the processors holding this data, indicating the category under which we have stored this data.

Right of rectification

You always have the right to have the data we process (or have processed) that relates to your person or can be traced back to you amended. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation at the e-mail address known to us that the data has been adjusted.

Right to restriction of processing

You always have the right to limit the data we process (or have processed) that relates to your person or can be traced to it. You can make a request to this effect to our privacy contact. You will then receive a response to your request within 30 days. If your request is granted, we will send you confirmation at the e-mail address known to us that the data will no longer be processed until you lift the restriction.

Right of transferability

You always have the right to have the data we process (or have processed), which relates to your person or can be traced back to you, carried out by another party. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you, at the e-mail address known to us, copies or transcripts of all data about you that we have processed or have processed on our behalf by other processors or third parties. In all likelihood, we will no longer be able to continue providing services in such a case, as the secure interconnection of data files can no longer be guaranteed.

Right to object and other rights

You have the right to object, where appropriate, to the processing of your personal data by or on behalf of Graey. If you object, we will immediately cease data processing pending the handling of your objection. If your objection is well-founded, we will make copies and/or copies of data that we process (or have processed) available to you and thereafter cease processing permanently. You also have the right not to be subjected to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you believe it does, please contact our privacy contact.

Cookies Google Analytics

Through our website, cookies are placed by the US company Google, as part of the "Analytics" service. We use this service to track and get reports on how visitors use the website.
This processor may be required by applicable laws and regulations to provide access to this data. We have not allowed Google to use the analytics information obtained for other Google services.

Third-party cookies

In case third-party software solutions use cookies, this is mentioned in this privacy statement.

Privacy policy changes

We reserve the right to change our privacy policy at any time. However, you will always find the most recent version on this page. If the new privacy policy affects the way we process data already collected about you, we will notify you by e-mail.

Contact details Graey

Buitenweide 14 5467MP Veghel The Netherlands T (064) 139-1404 E info@graey.nl

Contact person for privacy matters
Lotte van der Heijden