1. (A) INFORMATION REGARDING THE SITE’S PRIVACY POLICY

This is to provide you with the following basic information pursuant to Art. 13 LD. 30.06.2003 n. 196 (hereinafter, “Privacy Code”) and Art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) regarding the processing of your personal data by Chimera Gold s.r.l. in connection with your navigation on our site and use of the services offered.

 

  1. (B) DATA PROCESSING
  1. Subject of treatment

 

The Data Controller processes personal, identifying and non-sensitive data (including but not limited to, first name, last name, company name, address, telephone, e-mail – hereinafter, “personal data” or also “data”) that you provide when registering on the website www.chimeragold.com of the Owner (hereinafter, “Site”), participation in opinion and approval surveys, filling out registration forms through the Site for events or webinars organized by the Owner, online request for clarification or support requests, and sending newsletters.

 

  1. Purpose of processing

Your personal data are processed:

 

  1. A) without your express consent (Art. 24 lett. a), b), (c) Privacy Code and Art. 6 lett. (b), (e) GDPR), for the following Service Purposes:

 

  • Operate and maintain the Site;
  • To enable you to take advantage of any Services you may have requested;
  • Participate via the Site in initiatives organized by the Owner (e.g., events);
  • Process a contact request;
  • Fulfill obligations under the law, a regulation, EU legislation or an order of the Authority;
  • Prevent or detect fraudulent activity or abuse detrimental to the Site;
  • Exercise the rights of the Owner, such as the right to exercise a right in court.

 

In the above cases, the legal basis for the processing of your personal data is to execute a contract with you or to provide the service you have specifically requested, or to comply with a legal obligation or to protect our legitimate interest.

 

  1. B) Only with your specific and separate consent (Articles 23 and 130 Privacy Code and Article 7 GDPR), for the following Other Purposes:

 

  • To send you opinion and approval surveys, newsletters and/or invitations to events via e-mail or to register you for events to which the Owner is a party or which it organizes.

 

  1. Method of treatment

 

The processing of your personal data is carried out by means of the operations specified in Art. 4 Privacy Code and Art. 4 n. 2) GDPR and namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing.

 

  1. Storage time of processed data

 

The Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for no longer than 10 years after the termination of the relationship for the Service Purposes.

 

  1. Security measures

 

The Owner has taken a wide variety of security measures to protect your data against the risk of loss, misuse or alteration. In particular: it has taken the measures set forth in Articles 32-34 Privacy Code and Art. 32 GDPR; uses data encryption technology and secure data transmission protocols.

 

  1. Data access

 

Your data may be made accessible for the purposes set forth in Art. 2.A) and 2.B):

 

  • to employees and collaborators of the Owner, in their capacity as appointees and/or internal data processors;
  • to third-party companies or other entities that perform outsourced activities on behalf of the Controller, in their capacity as data controllers.

 

  1. Disclosure of data

 

Without your express consent (ex art. 24 lett. a), (b), (d) Privacy Code and Art. 6 lett. (b) and (c) GDPR), the Controller may disclose your data for the purposes set forth in Art. 2.A) to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom communication is obligatory by law for the fulfillment of the said purposes. Your data will not be disseminated.

 

  1. Data Transfer

 

The management and storage of personal data will take place in Europe, on servers located in Italy and/or abroad of both the Data Controller and/or third party companies appointed and duly appointed as Data Processors.

 

  1. Nature of data provision and consequences of refusal to respond

 

The provision of data for the purposes of Art. 2.A) is mandatory. In their absence, we will not be able to guarantee you either registration on the Site or the Services of Art. 2.A).

The provision of data for the purposes of Art. 2.B) on the other hand is optional. You can then decide not to provide any data or to later deny the possibility of processing data already provided: in that case, you will not be able to receive e-mail invitations to events, newsletters, and opinion and liking surveys. In any case, you will continue to be entitled to the Services referred to in Art. 2.A).

 

  1. Rights of the data subject

 

In your capacity as a data subject, you have the rights set forth in Art. 7 Privacy Code and Art. 15 GDPR and specifically the rights to:

 

  • i. Obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and their communication in intelligible form;
  • ii. Getting the indication: (a) of the origin of personal data; (b) of the purposes and methods of processing; (c) of the logic applied in the case of processing carried out with the aid of electronic instruments; (d) of the identification details of the owner, managers and designated representative under Art. 5, paragraph 2 Privacy Code and Art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, as managers or appointees;
  • iii. obtain: (a) the updating, rectification or, when you have an interest, the integration of data; (b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; (c) certification that the transactions referred to in subparagraphs. (a) and (b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the right protected;
  • iv. Oppose in whole or in part: (a) for legitimate reasons to process personal data about you, even if relevant to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by means of e-mail and/or through traditional marketing methods by means of telephone and/or paper mail. It should be noted that the data subject’s right to object, set forth in the preceding paragraph (b), for the purpose of direct marketing by automated means is extended to traditional methods and that, in any case, the possibility for the data subject to exercise the right to object even in part remains unaffected. Therefore, the data subject may choose to receive only communications by traditional means or only automated communications or neither type of communication.

Where applicable, you also have the rights under Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.

 

  1. Ways of exercising rights

 

You may at any time exercise your rights under 10) above by sending:

 

  • a registered letter with return receipt to Chimera Gold srl, via la chianicella 7 52100 arezzo
  • an e-mail to privacy@chimeragold.com

 

  1. Minors

 

This Site and the Owner’s Services are not intended for minors under the age of 18, and the Owner does not intentionally collect personal information referring to minors. In the event that information about minors is unintentionally recorded, the Owner will delete it in a timely manner upon the users’ request.

 

  1. Owner, manager, and appointees

 

The Data Controller is Chimera Gold srl with registered office in arezzo CF 02208430518 (hereinafter, “Data Controller”), E-mail privacy@chimeragold.com

The updated list of data processors and processors is kept at the Data Controller’s office.

 

 

  1. Amendments to this Notice

 

This Notice is subject to change. We recommend, therefore, that you check this Policy regularly and refer to the most up-to-date version. The updated version of the privacy policy, in each case, is posted on this page, indicating the date of its last update.

 

Last updated on May 24, 2018.