Privacy pursuant to art. 13 of Legislative Decree N. 196/2003 (as amended by Legislative Decree 10 August 2018, N. 101) and Article 13 of EU Regulation no. 2016/679.
Pursuant to art. 13 of the legislative decree n. 196/2003, as amended by Legislative Decree 10 August 2018 N. 101 (hereinafter "Privacy Code") and art. 13 of the EU Regulation n. 2016/679 (hereinafter, "GDPR"), which provide provisions for the protection of persons and other subjects regarding the processing of personal data, we wish to inform you that the personal data you have communicated to Chrysos S.p.A, as Data Controller, Via Albertoni, 10 - 36060 Romano d’Ezzelino (Vicenza) - Italy - vat: 01917760249, due to the commercial relations and contractual agreements between our companies, will be processed in compliance with the aforementioned law and the related confidentiality obligations.
- Object of the treatment
This information refers exclusively to the processing of personal data, identified and non-sensitive (by way of example but not limited to: name, surname, business name, telephone number, e-mail address (hereinafter only "Data")) performed by Chrysos S.p.A in scope of its commercial and contractual relationships with customers and suppliers.
Chrysos S.p.A will process the Data exclusively for the purposes and within the limits indicated in this communication.
- Purposes of data processing
The data processing is finalized, for the fulfilments required by law, to the correct and complete execution of commercial and contractual relationships between.
More specifically, your data are processed for the following service purposes:
- to allow contacts by Chrysos S.p.A for possible commercial agreements;
- to process a contact request for the aforementioned purposes;
- to send e-mails regarding the aforementioned commercial relationships and / or in any case concerning the respective social activities for the purposes of commercial agreements;
- to send e-mails and / or communications of changes of the data and/or of the references of Chrysos S.p.A
- Methods of data processing
The processing can be executed with or without the aid of electronic or automated tools, in compliance with the provisions of art. 32 of the GDPR 2016/679 and Annex B of the Privacy Code (articles 33-36 of the Privacy Code) regarding security measures.
The processing is carried out by the data controller and / or by the persons in charge of the processing, and in any case by persons specifically appointed and in compliance with the provisions of art. 29 GDPR 2016/679.
Please note that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 GDPR 2016/679, subject to your free and explicit consent where required, your data will be kept for the period of time necessary to achieve the purposes are collected and processed.
- Provision of data
It is specified that for data collected and used for needs related to the execution of activities / services / supplies inherent in a contractual relationship or to respond to direct requests by the interested party or compliance with legal obligations, consent is not required. Failure to communicate the above data will therefore entail the impossibility of proceeding with the contractual relationship. For the data collected and used for the legitimate interest of the Data Controller, your consent is not required (letter f article 6 GDPR).
The communication of personal data referred to above is optional, but strictly necessary for the purposes of carrying out the activities referred to in point 2. Any refusal to provide data will make it impossible to fulfill the activities referred to in point 2.
- Data communication
We inform you that the data collected may be known to the persons in charge of processing and may be communicated for the purposes referred to in point 2 to external collaborators, persons operating in the judicial sector, counterparties and their lawyers, arbitration boards and, in general, to all those public and private subjects to whom communication is necessary for the correct fulfillment of the purposes indicated in point 2 and for the fulfillment of legal obligations.
- Data dissemination
The data are not subject to disclosure or to undetermined communication without your explicit consent, outside the hypothesis referred to in the preceding paragraph.
- Data transfer abroad
The management and storage of data will take place in Europe, on servers located in Europe of the Owner and / or third-party companies specifically appointed for this purpose and who will be appointed as Data Processors in this case.
The data will not be transferred to non-EU countries.
- Rights of the interested party
We inform you that, at any time, you can exercise, pursuant to art. 7 of the Privacy Code and articles from 15 to 22 of EU Regulation 2016/679, the exercise of specific rights, including:
- request confirmation of the existence of your data and their availability in an intelligible form;
- obtain information on the origin of the data, the categories of personal data, the purposes and methods of processing, the logic applied to processing, information on the holder and recipients to whom the data may be communicated and, when possible, the retention period;
- obtain the updating, rectification and integration of data, cancellation, limitation of processing;
- obtain data portability, ie receive them from a data controller, in a structured format, commonly used and readable by automatic device, and transmit them to another data controller without impediments;
- oppose to the processing at any time, also in case of processing for both indirect and direct marketing purposes, market research and profiling, without prejudice to cases of mandatory processing of data expressly provided for by the applicable laws;
- oppose to an automated decision-making process concerning individuals, including profiling;
- file a complaint with a supervisory authority pursuant to art. 77 GDPR. For Italy, the competent authority is the Guarantor for the protection of personal data, reachable via the contact details shown on the website www.garanteprivacy.it;
- revoke the consent at any time, without prejudice to the lawfulness of the processing of the consent given prior to the revocation, and without prejudice to the cases of obligatory processing of data expressly provided for by the laws in force.
You can exercise your rights by sending a specific written request to the Data Controller Chrysos S.p.A. Requests will be processed without undue delay and, in any case, within one month of the application; only in case of particular complexity and in the number of requests can this term be extended by a further 2 (two) months.
- Data controller.
Data controller is Chrysos S.p.A, Via Albertoni, 10 - 36060 Romano d’Ezzelino (Vicenza) - Italy - vat: 01917760249.