Privacy Policy

Privacy Policy

The protection of your privacy and Personal Data is an important concern to which each Gravotech entity (also known as, “Gravotech”, or “we” or “us”) pays special attention. The company Gravotech Marking is the data controller of your personal data.

Gravotech is committed to protecting the rights of individuals in compliance with the General Data Protection Regulation (reference EU2016/679) (the “GDPR”) and with the local applicable rules.

This Privacy Policy will inform you about (i) the Personal Data we may collect while visiting our website or during our relationship, how we collect, use, protect and transfer your Personal Data and (ii) how you can control the processing and disclosure of your Personal Data.

What is Personal Data?

Personal Data means any information relating to an identified or identifiable data subject (you).

What Personal Data do we use?

While visiting our Website and during our business relationship, Gravotech may collect and process:

  • Your name, email address, the name of the company you are working for, country of residence, phone number, you provide us with, for example by filling out one of our contact form, by subscribing to our newsletter, by creating a user account or by purchasing our products and services,
  • Your curriculum vitae as well as all information related to your identity, your experiences, and your picture, you may provide us with during the recruitment process,
  • Your bank details you provide us with during your shopping experience and to avoid any fraud,
  • Any information generated by your activity on the Website (user ID, comments and participation to a chat for example) and
  • Any information generated when using our Website (such as IP address, web browser, time and duration of your visitetc.), including through the use of cookies. For more information, please consult our Cookies policy.

What can be the purposes of your Personal Data processing?

If consent is mandatory to proceed, Gravotech will require your consent before collecting your Personal Data and you will be informed about the purpose of such processing on a case by case basis.

Your Personal Data may only be used for specified purposes such as:

  • Managing the Website (hosting, security, optimizing the content, statistics on users’activities)
  • Marketing and communication (managing the leads and customers database, managing information request (via the contact form for example), promoting Gravotech’s business (inscription to the newsletter))
  • Managing the commercial relationship (legal compliance, managing the business relationship, accounting, compliance with contractual obligations)

Should Gravotech need to process your Personal Data for a new processing, you will be prior informed.

What is the basis for processing of your Personal Data?

The legal basis for the processing of your Personal Data are:

  • Your consent (e.g. while subscribing to our newsletter)
  • Legitimate interest (e.g for invoicing purpose)
  • Contract obligations or legal obligations (e.g. execution of contract duties)

Who will receive and may process your personal data?

We (Gravotech Marking and its affiliates), our distributors in charge of communication and marketing management and/or commercial relationship management (as joint controllers), our subcontractor who hosts the website (Microsoft Ireland Operations Ltd.), our subcontractor in charge of database management (SQLI) and our subcontractor in charge of communication (SendinBlue) may receive and process your personal data, for the purposes defined above.

Will your Personal Data be transferred to a third country/region outside the European Union?

We may transfer, on a need-to know basis, your Personal Data within Gravotech Group and to related third parties (including data processor). These companies may be located outside the European Union. This transfer is subject to appropriate safeguards and through the legal framework of our agreements with affiliates or with such third parties.

For how long will your Personal Data be stored?

We process and store your Personal Data as long as it is required to meet our business relationship or statutory obligations. If your Personal Data is no longer required for the performance of our obligations, this will be erased on a regular basis unless further processing is necessary, for instance, for preserving particular evidence under the GDPR, or in the context of legal statutes of limitation.

Unless you use your right to object, the human resources department in charge of the recruitment process will retain your Personal Data for a maximum period of twelve months following collection.


We and our data processors use technical and organizational security measures in order to protect the data we have under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorized persons.

What are your rights and how to exercise them?

You may at any time exercise your rights:

  • To access: you have the right to know what the Personal Data are concerning you and as to whether or not your Personal Data is being processed by us (Article 15 of the GDPR),
  • To rectification of your Personal Data: you have the right to change any inaccurate Personal Data concerning you (Article 16 of the GDPR),
  • To erasure: you have the right for your Personal Data to be erased (Article 17 of the GDPR),
  • To restriction of the processing when applicable (Article 18 of the GDPR),
  • To data portability (Article 20 of the GDPR),
  • To object when applicable (Article 21 of the GDPR) and
  • To withdraw consent (Article 7 of the GDPR).

To this effect, please contact Gravotech either by email at the following address: dataprotection.fr@gravotech.com or by writing to the address below, enclosing a copy of an appropriate document evidencing your identity.

Gravotech Marking

466, rue des Mercières

69140 Rillieux-La-Pape


Can I ask for assistance to the competent authorities?

In case of dispute or for any question, you have the possibility to lodge a claim with your national Data Protection Authority, such as the CNIL in France.