Skip to content
GrafiStore

Schouwburgplein 31

7607 AE, Almelo

info@grafistore.com

+31 (0) 546 85 02 31

(Netherlands)

Privacy Policy

Introduction

We, GrafiStore B.V., are a B2B service provider for the graphic arts industry. We deliver products and services that automate workflows within graphic arts businesses.

Providing these products and services involves processing personal data — for example the names and email addresses of your contact persons, phone numbers, IP addresses and login credentials for your IT environment. Even though our customers are companies, the GDPR (AVG) applies as soon as we process data of identifiable individuals. This statement explains how we handle that data.

Legal basis

We process your personal data on one of the following grounds set out in Article 6 GDPR:

  • Performance of the contract (Art. 6(1)(b)): contact data, project data and the delivery of licences.
  • Legal obligation (Art. 6(1)(c)): invoicing and accounting under the Dutch tax retention obligation.
  • Legitimate interest (Art. 6(1)(f)): logging of account and IP information for support, security and fraud prevention.
  • Vital interest (Art. 6(1)(d)): emergencies in which immediate disclosure of data is required.

What information do we store?

To do business with you we need your company information: company name, contact persons, email addresses and phone numbers. We store this in our CRM software. We have a data-processing agreement in place with that software vendor.

In some cases we retain your personal mobile phone number, usually at your own request or ours when desirable for our collaboration.

We also store information about your IT environment: IP addresses and, where necessary, account credentials needed to log in to systems running our software. This information is indispensable for our service.

All storage of personal data takes place within the European Economic Area (EEA).

Project data and the role of GrafiStore

For data that we process for our own operations (contact persons, invoicing, support) we are the controller.

For data that you provide to us within projects — for example orders in XML or JSON form, PDF files or project documentation that may contain end-customer data — we are a processor. We process that data solely on your instructions and in line with the data-processing agreement we have signed with you. The secured servers and local workstations where this data temporarily resides are secured in accordance with that agreement.

Retention periods

  • CRM and contact data: for the duration of the relationship plus 2 years after the last contact.
  • Project data (as processor): as agreed in the data-processing agreement with the relevant client; by default we delete 90 days after project closure.
  • Invoicing and accounting: 7 years (Dutch tax retention obligation).
  • Logs, IP addresses and account credentials: up to 12 months for security and support purposes.

Recipients of your data

We only share your data with third parties where this is necessary for our services or to comply with a legal obligation. The categories of recipients are:

  • Software vendors (such as Enfocus, Quite, Tilia) when binding a licence to your company.
  • Hosting and CRM providers, both with storage inside the EEA.
  • Accountancy firm and bookkeeper in the context of our statutory administration duties.
  • Competent authorities when required by law.

We do not transfer personal data to countries outside the EEA.

Legal exceptions

In rare situations we disclose data without prior consent — only on the basis of a legal exception. Examples:

  • An acute medical emergency while you are at our premises (Art. 6(1)(d) GDPR, vital interest).
  • An order from a competent authority (Art. 6(1)(c) GDPR, legal obligation).

Outside these cases we never knowingly disclose your data to third parties.

Your rights

Under the GDPR you have the following rights regarding your personal data:

  • Access to the data we process about you (Art. 15).
  • Rectification of inaccurate or incomplete data (Art. 16).
  • Erasure of your data (Art. 17). Note that invoicing data is subject to the 7-year statutory retention period.
  • Restriction of processing (Art. 18).
  • Data portability — receiving your data in a commonly used format (Art. 20).
  • Objection to processing based on legitimate interest (Art. 21).
  • Withdrawal of consent where we rely on consent.

We do not take decisions about you based solely on automated processing or profiling (Art. 22 GDPR).

Please send requests to info@grafistore.com. We respond within one month; for complex requests this period may be extended by two months (Art. 12(3) GDPR). We may ask for additional information to verify your identity. Note: if you ask us to delete data that is required for our collaboration, we may no longer be able to provide that service.

Lodging a complaint

If you disagree with how we handle your data, you may lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens. See autoriteitpersoonsgegevens.nl. You always retain the right to bring the matter before a court.

Data breach notification

If a data breach occurs, we act in accordance with the GDPR:

  • As controller we notify the Autoriteit Persoonsgegevens within 72 hours (Art. 33). Where there is a high risk we also inform the data subjects (Art. 34).
  • As processor — for data we handle on behalf of a client — we notify that client without undue delay (Art. 33(2)).

If you suspect a breach, contact us immediately at info@grafistore.com.

Cookies and external services

Our website currently uses only strictly functional cookies that are necessary for the site to work (session, security token, language preference, shopping cart).

In addition, we load a few external services whose providers may observe your IP address when your browser fetches their files:

  • Google Fonts — for loading the Signika typeface.
  • Cloudflare Turnstile — to protect forms against abuse.
  • YouTube or Vimeo — only on pages where a video is displayed.

We currently do not use any analytics or marketing cookies. Should that change in the future, we will ask for your prior consent through a cookie notice.

Contact and controller

The data controller is:

GrafiStore B.V.
Schouwburgplein 31
7607 AE Almelo
The Netherlands
info@grafistore.com
+31 (0)546 85 02 31

For privacy-related questions please reach us via the contact details above.

Last updated: 26 May 2026 — version 2.0

KVK 97639745BTW NL868151622B01GrafiStore B.V.

Never miss an update?

Get the latest tips on workflow automation straight to your inbox.

By subscribing you agree to our privacy policy.