Privacy Policy

Grain de Sail attaches particular importance to the protection of your personal data and undertakes to process it in a transparent, confidential, and secure manner.

The purpose of this policy is to inform you about how your data is collected, used, and protected when you browse the website.

https://graindesail.com

1. Introduction

Grain de Sail attaches particular importance to the protection of your personal data and undertakes to process it in a transparent, confidential, and secure manner.

The purpose of this policy is to inform you about how your data is collected, used, and protected when you browse the https://graindesail.com website.

2. Data controller

The data controller is:

Grain de Sail SAS

Address: 4 Route du Bas de la Rivière, 29600 MORLAIX

Email: [contact@graindesail.com]

Company registration number: 538 866 740 R.C.S. Brest

Legal representative: Jacques Barreau

3. Personal data collected

a) Data provided directly by you

Last name, first name
Mailing address and shipping address
E-mail address
Phone number
Order and payment information (excluding complete bank details, which are processed by certified service providers)
Messages sent via the contact form or online chat (Crisp)

b) Automatically collected data

Technical information: IP address, browser, operating system
Browsing and interaction data (via Google Analytics 4, managed by Google Tag Manager)
Cookies necessary for the functioning of the site and for audience measurement

4. Purposes of processing

Your data is processed for the following purposes:

Manage your orders and deliveries;
Create and manage your customer account;
Process your requests via the contact form, Crisp chat, as well as requests relating to your GDPR rights via the dedicated form (“Your personal data – GDPR”);
Analyze website traffic and improve the user experience;
Send you communications about our products and offers, if you have consented to this.

5. Legal basis for processing

The treatments performed are based on:

Contract fulfillment: order and customer account management;
Consent: newsletter subscription, storage of non-essential cookies;
Legitimate interest: site improvement, performance analysis, responding to messages via Crisp.

6. Recipients of the data

Your data may only be transmitted to:

Our technical service providers: website host, payment service provider (Payline), carriers (Chronopost and GLS), customer support tool (Crisp);
Our analytics providers: Google Analytics 4 (via Google Tag Manager);
Our internal departments: customer service, logistics, marketing.

The data collected on the graindesail.com website is hosted on servers located within the European Union.

The physical infrastructure (servers) is provided by OVH SAS, headquartered at 2 rue Kellermann, 59100 Roubaix, France.

The administration, configuration, and operational management of these servers are handled internally by Grain de Sail.

Certain technical or analytical data may be transferred outside the European Union, in particular to the United States, via Google Analytics 4 and Google Tag Manager tools.

These transfers are governed by the European Commission’s standard contractual clauses, ensuring a level of protection equivalent to that required by European regulations.

7. Cookies and audience measurement tools

The site uses different types of cookies:

a) Necessary cookies

They ensure the proper functioning of the site (shopping cart management, customer session, security).

b) Analytical cookies (subject to consent)

We use Google Analytics 4 via Google Tag Manager to measure the performance of the website.

The data is anonymized and stored for a maximum period of 13 months.

c) Chat cookies

The Crisp instant messaging service installs a cookie to identify returning visitors and track their conversations.

You can manage your preferences at any time via the cookie management banner displayed when you first visit the site.

8. Data retention period

Data type	Shelf life
Customer account data	3 years after the last contact
Order data	10 years (legal accounting obligation)
Contact details (form or chat)	3 years after the last exchange
Analytical data (cookies)	13 months maximum

9. Data security

Grain de Sail implements all necessary technical and organizational measures to ensure the security, confidentiality, and protection of your data against unauthorized access, loss, or alteration.

Connections to the site are protected by HTTPS protocol, and partner service providers are selected for their compliance with the GDPR.

10. Your rights

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

Right of access and rectification;
Right to erasure (“right to be forgotten”);
Right to restriction of processing;
Right to data portability;
Right to object;
Right to withdraw your consent at any time.

To exercise these rights, contact us at the following address:

contact@graindesail.com

You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

11. Policy changes

This policy may be updated at any time to reflect changes in our practices or regulations.

The applicable version is the one published on the website on the date of your visit.

Last update: November 2025