Privacy pursuant to art. 13 of Legislative Decree N. 196/2003 (as amended by Legislative Decree 10
August 2018, N. 101) and Article 13 of EU Regulation no. 2016/679.
Pursuant to art. 13 of the legislative decree n. 196/2003, as amended by Legislative Decree 10
August 2018 N. 101 (hereinafter “Privacy Code”) and art. 13 of the EU Regulation n. 2016/679
(hereinafter, “GDPR”), which provide provisions for the protection of persons and other subjects
regarding the processing of personal data, we wish to inform you that the personal data you have
communicated to Chrysos S.p.A, as Data Controller, Via Albertoni, 10 – 36060 Romano d’Ezzelino
(Vicenza) – Italy – vat: 01917760249, due to the commercial relations and contractual agreements
between our companies, will be processed in compliance with the aforementioned law and the
related confidentiality obligations.
- Object of the treatment
This information refers exclusively to the processing of personal data, identified and non-sensitive
(by way of example but not limited to: name, surname, business name, telephone number, e-mail
address (hereinafter only “Data”)) performed by Chrysos S.p.A in scope of its commercial and
contractual relationships with customers and suppliers.
Chrysos S.p.A will process the Data exclusively for the purposes and within the limits indicated in
- Purposes of data processing
The data processing is finalized, for the fulfilments required by law, to the correct and complete
execution of commercial and contractual relationships between.
More specifically, your data are processed for the following service purposes:
to allow contacts by Chrysos S.p.A for possible commercial agreements;
to process a contact request for the aforementioned purposes;
to send e-mails regarding the aforementioned commercial relationships and / or in any case
concerning the respective social activities for the purposes of commercial agreements;
to send e-mails and / or communications of changes of the data and/or of the references of
- Methods of data processing
The processing can be executed with or without the aid of electronic or automated tools, in
compliance with the provisions of art. 32 of the GDPR 2016/679 and Annex B of the Privacy Code
(articles 33-36 of the Privacy Code) regarding security measures.
The processing is carried out by the data controller and / or by the persons in charge of the
processing, and in any case by persons specifically appointed and in compliance with the provisions
of art. 29 GDPR 2016/679.
Please note that, in compliance with the principles of lawfulness, purpose limitation and data
minimization, pursuant to art. 5 GDPR 2016/679, subject to your free and explicit consent where
required, your data will be kept for the period of time necessary to achieve the purposes are
collected and processed.
- Provision of data
It is specified that for data collected and used for needs related to the execution of activities /
services / supplies inherent in a contractual relationship or to respond to direct requests by the
interested party or compliance with legal obligations, consent is not required. Failure to communicate
the above data will therefore entail the impossibility of proceeding with the contractual relationship.
For the data collected and used for the legitimate interest of the Data Controller, your consent is not
required (letter f article 6 GDPR).
The communication of personal data referred to above is optional, but strictly necessary for the
purposes of carrying out the activities referred to in point 2. Any refusal to provide data will make it
impossible to fulfill the activities referred to in point 2.
- Data communication
We inform you that the data collected may be known to the persons in charge of processing and may
be communicated for the purposes referred to in point 2 to external collaborators, persons operating
in the judicial sector, counterparties and their lawyers, arbitration boards and, in general, to all those
public and private subjects to whom communication is necessary for the correct fulfillment of the
purposes indicated in point 2 and for the fulfillment of legal obligations.
- Data dissemination
The data are not subject to disclosure or to undetermined communication without your explicit
consent, outside the hypothesis referred to in the preceding paragraph.
- Data transfer abroad
The management and storage of data will take place in Europe, on servers located in Europe of the
Owner and / or third-party companies specifically appointed for this purpose and who will be
appointed as Data Processors in this case.
The data will not be transferred to non-EU countries.
- Rights of the interested party
We inform you that, at any time, you can exercise, pursuant to art. 7 of the Privacy Code and articles
from 15 to 22 of EU Regulation 2016/679, the exercise of specific rights, including:
request confirmation of the existence of your data and their availability in an intelligible form;
obtain information on the origin of the data, the categories of personal data, the purposes
and methods of processing, the logic applied to processing, information on the holder and
recipients to whom the data may be communicated and, when possible, the retention period;
obtain the updating, rectification and integration of data, cancellation, limitation of
obtain data portability, ie receive them from a data controller, in a structured format,
commonly used and readable by automatic device, and transmit them to another data
controller without impediments;
oppose to the processing at any time, also in case of processing for both indirect and direct
marketing purposes, market research and profiling, without prejudice to cases of mandatory
processing of data expressly provided for by the applicable laws;
oppose to an automated decision-making process concerning individuals, including profiling;
file a complaint with a supervisory authority pursuant to art. 77 GDPR. For Italy, the
competent authority is the Guarantor for the protection of personal data, reachable via the
contact details shown on the website www.garanteprivacy.it;
revoke the consent at any time, without prejudice to the lawfulness of the processing of the
consent given prior to the revocation, and without prejudice to the cases of obligatory
processing of data expressly provided for by the laws in force.
You can exercise your rights by sending a specific written request to the Data Controller Chrysos
S.p.A. Requests will be processed without undue delay and, in any case, within one month of the
application; only in case of particular complexity and in the number of requests can this term be
extended by a further 2 (two) months.
- Data controller.
Data controller is Chrysos S.p.A, Via Albertoni, 10 – 36060 Romano d’Ezzelino (Vicenza) – Italy – vat: