Graded Market
Back home

Privacy Policy

How we handle your data — in plain language, GDPR-compliant.

Last updated: 9 April 2026

1. Data controller

CEDAYA, 117, rue de Charenton, 75012 Paris, France — operator of the Graded Market marketplace — is the data controller for personal data processed on gradedmarket.eu. You can reach our Data Protection Officer at dpo@gradedmarket.eu.

2. What we collect

  • Account data: name, email, password hash, billing and shipping address.
  • Seller KYC data: identity documents and beneficial ownership information, processed by Stripe Connect on our behalf.
  • Transaction data: orders, invoices, tracking numbers and dispute history.
  • Usage data: device type, IP address, pages viewed and favourite lists.

3. Why we process it

We process your data to operate the marketplace (contractual necessity, Art. 6(1)(b) GDPR), to comply with tax, accounting and anti-fraud obligations (legal obligation, Art. 6(1)(c)), and to improve the service and communicate with you (legitimate interest, Art. 6(1)(f)). Marketing emails are sent only with your consent and can be unsubscribed at any time.

4. Who we share it with

We share data only with processors necessary to run the service: Stripe (payments & KYC), our hosting provider in the EU, email delivery, and shipping carriers chosen by sellers. We never sell your data.

5. Transfers outside the EEA

Our infrastructure is hosted in the European Union. Where a processor (e.g. Stripe) operates internationally, transfers outside the EEA are covered by Standard Contractual Clauses and supplementary safeguards as required by the GDPR.

6. How long we keep it

Account data is kept while your account is active and for up to three years after deletion to resolve disputes. Invoices and accounting records are kept for ten years as required by French law.

7. Your rights

You have the right to access, rectify, delete, restrict, port, and object to the processing of your personal data. You can exercise these rights by emailing dpo@gradedmarket.eu. You may also lodge a complaint with the French CNIL or your local data protection authority.

8. Security

We use encryption in transit (TLS), encryption at rest for sensitive fields, hashed passwords, least-privilege access, and continuous monitoring. In the event of a data breach affecting your rights, we'll notify you and the regulator within 72 hours.

Questions? Contact us at legal@gradedmarket.eu.