Chrysos S.p.A, with registered office in 36060 Romano d’Ezzelino (VI), Via Albertoni 10, share capital Euro 3,000,000.00 i.v., Tax Code and VAT No. 01917760249, Registered at Reg. Enterprises of Vicenza at no. 193668 R.E.A. (hereinafter also the “Owner”) takes care of the rights of each user of the site in privacy matters and conforms its corporate structure to the dictates of the Regulation (EU) 2016/679 (henceforth also just the “GDPR”). With what follows we therefore intend to give you Information on how we process personal data collected on this site.
Type of data collected
On the site they can be collected (if the user, who is under no obligation to do so, provides them):
– Biographical data provided by filling out forms;
– Data of any transactions including Debit/Credit Card Information;
– Personal data that may be contained in communications or messages sent by users of the Site for any purpose;
– Data i digital character such as the user’s IP address and other device identifiers, the system operating system and browser type, and information regarding the pages visited, collected through Cookies or other tracking technologies; and
– Personal data collected from third parties, such as data the site user agrees to share on social publicly accessible networks (e.g., Facebook, Instagram, etc.) and/or that we may collect from other databases.
Providing the above data (henceforth the “Data”) is necessary in order to provide the services Sales, after-sales service, and any other services from which you may benefit browsing the site. Refusal or failure to provide the Data or part of the Data may imply the inability of the Owner to provide the service promised by the site and therefore the exoneration of the same Holder from any liability in this regard. The Data from time to time requested in the site will be those strictly necessary to provide the service to which they refer specified that in the site will be specified when the provision of a Data is a prerequisite for the performance of a given service.
Use of Data
Any processing of Data must be done on the basis of a lawful “justification” (or basis Legal) for treatment. The Data are used by us:
– when the processing is necessary for entering into a contract with the user of the site or for to fulfill the obligations related to the same contract;
– as the processing is necessary to enable us to fulfill our obligations under the law;
– when the processing constitutes a legitimate interest of the Controller always in the balancing of those interests with those of the user of the specified site that interests may include, for example, the use of Data for the conduct and development of business activities with current customers or potential and users of the Internet Site and in the preparation, exercise or defense of legal actions; or
– when the processing is based on consent collected from the ‘user of the site; to be more clear will always be subject to the express consent of the user of the site the performance of operations related to to interactions between data on the site and data that you agree to share with us on social networks or sending marketing communications concerning news, information and updates about our products and services, offers, promotions and special events, and other communications that may be of interest to the user of the site.
Disclosure of Data
The Data Controller will be entitled to disclose the Data to its related companies, employees, consultants and collaborators, already expressly entrusted with the processing of Data, who are called upon to assist the Holder in the execution of the services offered by the specified site such persons will guarantee to the Data the same legal protection guaranteed by the Owner.
Data collected will not be transferred to other countries. The Holder will have the authority to respond to requests related to the Data where required by law or when it considers that communication is necessary for the protection of their rights and/or to comply with legal proceedings, to court orders, requests from regulatory authorities, or other possible legal actions.
We have taken and will take security measures to protect Personal Data to deal with hazards such as accidental or unlawful destruction, accidental loss, alteration, unauthorized communication or access. To best protect Data outside the limits of the our control, the devices used by the site user must be protected (with antivirus systems updated) and the user’s Internet service provider shall take appropriate measures for the Security of Data transmission over the network (such as firewalls and spam filters).
Period of Data Retention
Data are kept for the period necessary to perform the services that the user of the site requires specified moreover that it is our practice to keep the Data for five years after the conclusion since the last contact, unless laws provide otherwise. It is understood that that part of the Data which must be retained to meet legal obligations or to meet the possibility of any complaints or requests will be retained for as long as necessary.
Rights of the data subject
Any user of the site who gives his or her Data may exercise the following rights at any time
Addressing the contact details given in the epigraph right of access.
Every user of the site has the right
(a) to obtain confirmation from the Data Controller as to whether or not any of its Data is being processed;
(b) where the Data is transferred to a third country or international organization, be informed of the existence of adequate safeguards related to the transfer;
(c) obtain clear information about the processed Data concerning him/her.
Right of rectification.
Any user of the site will be able to obtain from the Data Controller the rectification of Data concerning him/her that are found to be inaccurate as well as, taking into account the purposes of processing, the integration of the same, if are incomplete by providing a supplementary statement.
Right to cancellation.
Any user of the site has the right to request from the Data Controller the deletion of Data concerning him/her if there is one of the grounds stipulated in Art. 17 of the GDPR as may be, by way of example, the if the Data are no longer necessary with respect to the purposes for which they were collected or otherwise processed or if the consent on which the processing of the Data is based has been revoked and not there is any other legitimate reason for retaining the Data.
Right to limitation of processing.
Every user of the site has the right to obtain the restriction of the processing of Data concerning him or her if any of the cases provided for in Art. 18 of the GDPR, including, for example the contestation about the accuracy of the Data or opposition to processing, pending appropriate
Verifications by the Controller regarding the prevalence of the grounds for legitimate processing same.
Right to Data Portability.
Every user of the site has the right to request to receive Data concerning him or her be to him or her provided in a structured, commonly used, machine-readable format or that are transmitted by the Owner directly to another party of which each user will take care to specify the details necessary for proper identification.
Right of opposition.
Any user of the site, at any time, has the right to object to the processing of Data concerning him or her if it considers that the processing is taking place in a manner contrary to the principles of law or the GDPR.
Right to file a complaint with the Data Protection Authority.
Any user of the site, at any time, has the right to file a complaint with the Data Protection responsible for asserting one’s privacy rights and personal data protection.