Graff International SHPK – Privacy Policy

Last updated: 30 October 2025

 

Data Controller:
Graff International SHPK
Address: Rruga Milto Tutulani, nd.4, hyrja 6, apartamenti 12, Tirana 1001 – Albania
Tax ID (NIPT): M42214054C
Email: privacy@graff-international.com

⸻

1. What Data We Collect

We may collect and process the following types of personal and business data:
    • Identification data: name, surname, role, company name
    • Contact data: email, phone number, address
    • Commercial and financial data: invoices, payment information, IBANs, pro forma invoices
    • Business documentation: price lists, contracts, logistics/customs records, communication records
    • Digital correspondence via email and messaging services

⸻

2. Why We Process Your Data

We process your data for the following legitimate and contractual purposes:
    • Managing commercial, supplier, and client relationships
    • Processing import/export transactions and logistics
    • Issuing invoices, handling payments, and accounting compliance
    • Fulfilling regulatory and tax obligations
    • Responding to business inquiries and ongoing collaborations
    • Ensuring operational communication and follow-up with partners

⸻

3. Legal Basis for Processing

We rely on one or more of the following legal bases:
    • Contractual necessity (Art. 6.1.b GDPR)
    • Legal obligations (Art. 6.1.c GDPR and Albanian Law No. 9887/2008)
    • Legitimate interest (Art. 6.1.f), such as fraud prevention and internal coordination
    • Explicit consent, where required (Art. 6.1.a)

⸻

4. How We Store and Protect Your Data

Data is processed using secure platforms and standard business communication tools (e.g. email, messaging, cloud storage) with access control and confidentiality practices.

We apply:
    • Encryption in communications where supported
    • Limited access to authorized personnel
    • Password-protected accounts and backups
    • Confidentiality agreements with collaborators and partners

We do not sell your data to third parties.

⸻

5. Data Sharing
• IT and communication service providers:  

In particular, we use **Zoho Corporation B.V. (The Netherlands)** for customer relationship management and communication services. A Data Processing Agreement (DPA) has been signed to ensure that personal data is handled lawfully, securely, and transparently.

We may share data with:
    • Customs and logistics service providers
    • Banks and financial institutions
    • Legal, accounting, and compliance consultants
    • Public authorities when legally required
    • Partner companies within commercial agreements

Where applicable, data is shared under contractual guarantees and confidentiality clauses.

 

Use of Google reCAPTCHA
We use Google reCAPTCHA on our website to protect forms against abuse and spam. reCAPTCHA analyzes user behavior (e.g. mouse movements, IP address, time spent on the site) to determine whether an action is carried out by a human or automated process. This data is transmitted to Google LLC and processed according to Google’s Privacy Policy (https://policies.google.com/privacy) and Terms of Service (https://policies.google.com/terms). By using our forms, you consent to this verification process.

⸻

6. International Transfers

Data may be processed or accessed by partners or platforms located outside the European Economic Area. In such cases, we rely on standard contractual clauses or equivalent safeguards to ensure data protection.

⸻

7. Retention Period

We retain data only as long as necessary to fulfill the stated purposes:
    • Up to 10 years for financial and tax records
    • For the duration of commercial or contractual relationships
    • For specific timeframes required by law or mutual agreement

⸻

8. Your Rights

As a data subject, you have the right to:
    • Access your personal data
    • Request rectification or deletion
    • Restrict or object to processing
    • Request data portability
    • File a complaint with a data protection authority, such as the 
      Komisioneri për të Drejtën e Informimit dhe Mbrojtjen e të Dhënave Personale in Albania,
      or with the appropriate authority in your country

For any requests, contact: privacy@graff-international.com

⸻

9. Disclaimer

The information contained on this website is provided for general informational purposes only. While Graff International SHPK makes every effort to ensure the accuracy and timeliness of the content, no guarantee is given regarding its completeness or suitability for any particular purpose. The company assumes no liability for any direct or indirect loss or damage arising from the use of this website or the information contained herein. Links to third-party websites are provided solely for convenience; Graff International SHPK has no control over their content or data-protection practices and therefore declines any responsibility for them.

⸻

10. Updates

This privacy policy may be updated over time to reflect legal or operational changes. The most recent version is always available at this URL.

 

 

© 2025 Graff International SHPK