Back to home
K2 GRAFIC · LEGAL

Privacy Policy

How SARL K2 GRAFIC collects, uses, stores and protects personal data of business buyers and individual renters — in line with the GDPR, the French Loi Informatique et Libertés n° 78-17, and the French Code de la Consommation.

Last updated: 22 April 2026 · Version 4.0

Data controller
Legal name
SARL K2 GRAFIC
Director (gérant)
SIEUZAC Jean-Louis
Registered office
1 Rue Vital Carles, 33000 Bordeaux, France
RCS Bordeaux
404 776 734
SIRET
404 776 734 00042
Intra-EU VAT
FR18 404 776 734
NAF / APE code
4651Z — Wholesale of computers & peripherals
Share capital
490,200 EUR
Track record
10+ years in your service

1. Scope & who we serve

This Privacy Policy applies to personal data processed by SARL K2 GRAFIC (hereafter 'K2 GRAFIC', 'we', 'us') via the website www.k2grafic.com, our sales channels, rental counter, email, and phone lines. We serve two distinct populations: (i) professional buyers — companies, integrators, event agencies, freelancers — for wholesale PURCHASE of IT and AV equipment; (ii) individual renters — consumers, hobbyists, students, event organisers — for RENTAL of equipment from our catalogue. Wholesale purchase is restricted to businesses with a valid SIRET or intra-EU VAT number. Rental is open to any natural or legal person aged 18 or over.

2. Legal framework

We comply with: Regulation (EU) 2016/679 (GDPR); French Law n° 78-17 of 6 January 1978 relating to data processing, files and freedoms ('Loi Informatique et Libertés'); French Code de la Consommation (articles L221-1 and following) for consumer rentals; French Code de Commerce (articles L123-22 and following) for B2B record-keeping; ePrivacy framework as transposed under article 82 of the Loi Informatique et Libertés (cookies); EU Consumer Rights Directive 2011/83/EU; and sectoral rules on electronic invoicing (article 289 Code général des impôts).

3. Categories of data we collect

FOR BUSINESS BUYERS: company name, legal form, SIRET / SIREN, intra-EU VAT, NAF code, registered address, billing/delivery address, representative name, professional email, professional phone, job title, IBAN/BIC for direct debits, purchase history, credit references, dispute history. FOR INDIVIDUAL RENTERS: full name, date of birth (to confirm legal majority), postal address, email, mobile phone, copy of a valid government ID (passport, French CNI or EU equivalent) retained only for the rental period, security deposit card imprint or pre-authorisation, rental history, damage reports. FOR EVERY VISITOR: IP address, user-agent, pages viewed, cookie identifiers, language preference, date and time of visit.

4. Purposes and legal basis (GDPR Art. 6)

Performance of contract (Art. 6.1.b): processing your quote, order or rental agreement, billing, delivery, after-sales support. Compliance with legal obligation (Art. 6.1.c): accounting records under article L123-22 Code de Commerce (10-year retention), French tax records under article L102B LPF (6 years), EU VAT reporting (6 years), invoicing rules under CGI article 289. Legitimate interest (Art. 6.1.f): fraud prevention, credit risk scoring for Net 30/60/90 accounts, identification of renters, protection of our assets and premises, aggregated analytics to improve the service, response to your inquiries. Consent (Art. 6.1.a): marketing emails, non-essential cookies, optional marketing SMS. You can withdraw consent at any time without affecting past processing.

5. Retention periods

Identification documents for rentals: deleted within 30 days of contract closure and deposit release. Commercial contracts, invoices and purchase orders: 10 years from closing of the fiscal year (article L123-22 Code de Commerce). Tax records: 6 years (article L102B Livre des procédures fiscales). Inquiry forms from the website with no follow-up: 3 years from last contact (CNIL recommendation on prospect data). Marketing database: until unsubscribe or 3 years of inactivity, whichever comes first. Website access logs: 12 months maximum. Video surveillance at our Bordeaux warehouse: 30 days rolling.

6. Recipients and processors

Internal K2 GRAFIC departments (sales, logistics, accounting, support) on a need-to-know basis. External processors bound by Data Processing Agreements under GDPR Art. 28: payment service providers (Stripe, Adyen), banking partners for direct debits (SEPA mandate), credit-insurance providers (Allianz Trade, Atradius) for Net 30/60/90 accounts, logistics carriers (DHL Express, Chronopost, UPS, GLS, Schenker) for delivery-data transmission under the DAP Incoterm, cloud infrastructure (EU-hosted), accounting software (EU-hosted), CRM (EU-hosted). Public authorities when legally required: French tax administration (DGFIP), French customs (Douanes), judicial authorities on valid request.

7. International transfers

All primary storage of personal data takes place within the European Economic Area (EEA). Where a sub-processor or carrier transfers data outside the EEA (e.g. delivery to a Swiss or UK address), we rely on (i) adequacy decisions where available, (ii) Standard Contractual Clauses (SCCs) adopted by the European Commission under Implementing Decision (EU) 2021/914, or (iii) your explicit consent for occasional transfers linked to a specific delivery. A copy of the SCCs is available on request.

8. Your rights (GDPR articles 15 to 22, LIL articles 48 to 56)

Right of access, right of rectification, right of erasure ('right to be forgotten'), right to restriction of processing, right to data portability (for data processed on the basis of consent or contract), right to object to processing based on our legitimate interest, right to object to direct marketing at any time, right not to be subject to fully automated decisions with legal effect. You can also give instructions for the fate of your data after your death (article 85 LIL). We respond within 30 days; this period can be extended by two months for complex requests.

9. How to exercise your rights

Email privacy@k2grafic.com with a scanned copy of an ID document. Postal mail: SARL K2 GRAFIC — Data Protection — 1 Rue Vital Carles, 33000 Bordeaux, France. Phone: +33 9 39 24 60 21 (France/Europe) or +1 878 768 6566 (outside EU). Our Data Protection Officer (DPO) handles every request personally; no support ticket, no chatbot.

10. Right to lodge a complaint

If you consider that our processing infringes the GDPR, you can lodge a complaint with the French data protection authority — the CNIL: Commission Nationale de l'Informatique et des Libertés, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France — www.cnil.fr. Residents of other EU member states may also contact their local supervisory authority. We encourage you to contact us first so we can resolve the issue quickly.

11. Security

TLS 1.2+ encryption on all transport; AES-256 encryption at rest for sensitive fields; role-based access control with quarterly reviews; physical security at the Bordeaux warehouse (CCTV, access badges, alarm); separation of test and production environments; quarterly penetration testing; incident response plan with 72-hour notification to the CNIL under GDPR article 33.

12. Minors

Our services are intended for adults. We do not knowingly process personal data of minors under 16 without verifiable parental consent (article 7-1 LIL). Rentals are only concluded with customers aged 18 or over. Any data inadvertently collected from a minor will be deleted on discovery.

13. Cookies

Cookies and similar tracers are subject to separate rules under article 82 of the Loi Informatique et Libertés. See our Cookie Policy for categories, retention periods and how to withdraw consent.

14. Updates

We may update this Policy to reflect changes in law or our practices. Material changes are communicated by email at least 30 days before they take effect. The 'Last updated' date at the top of this page always reflects the most recent version.

SARL K2 GRAFIC — 1 Rue Vital Carles, 33000 Bordeaux, France

privacy@k2grafic.com · +33 9 39 24 60 21 · +1 878 768 6566