INFORMATION ON DATA PROCESSING, EUROPEAN REGULATION NO. 679/2016, FOR CUSTOMERS AND SUPPLIERS
The company CHIMICA HTS SRL, with registered office in Pianiga 30030 Friuli Venezia Giulia 65, Fiscal Code and VAT Number 03725900280, as “Data Controller”, informs you, pursuant to Articles 13 and 14 of European Regulation no. 679/2016 (hereafter “EU Regulation”), that your data will be processed as indicated below:
Subject of processing
The Data Controller informs you that your personal and identification data (for example, name, surname,
company name, address, telephone number, email address, bank and/or payment details, public or private
IP addresses, etc.), hereafter called “personal data” or even simply “data”,
also acquired verbally, directly or through third parties in the past, as well as in the future, may
undergo processing in full compliance with the EU Regulation. The Data Controller processes data
legally, and specifically for the implementation of a contract of which you are part, or for the
implementation of pre-contractual measures (e.g. preparation of an offer, etc.)requested by you (Art. 6
of the EU Regulation). The processing of data implies any operation or set of operations concerning the
collection, recording, organisation, storage, consultation, elaboration, modification, selection,
extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data.
Legal basis and purposes of processing
Legal basis: EU Regulation no. 679/2016
2A) Without your express consent (Art. 6 Letters b), c) and e) of the EU Regulation, for the following
purposes:
• Fulfil pre-contractual, contractual and tax obligations arising from existing relationships with
you;
• Fulfil obligations imposed by law, by a regulation, by EU legislation or by order of the
Authorities (for example, anti-money laundering);
• Exercise the rights of the Data Controller, for example the rights to legal defence;
• For the keeping of general accounts;
• For administrative purposes (invoicing, document management, etc.);
• For credit management;
• For statistical and quality control analysis;
• For insurance operations;
• For technical assistance.
Specifically, your details will be processed for purposes connected with the fulfilment of the following
requirements, related to legislative or contractual obligations:
• Technical and functional access to the website;
• Advanced navigation or personalised content management purposes;
• Navigation and user statistics and analysis.
2B) Only with prior specific and clear consent (Art. 7 of the EU Regulation), for the following
commercial and/or marketing and/or profiling purposes:
• The sending, by email, post and/or text message and/or phone, of newsletters, commercial
communications and/or advertising material about products and services offered by the Data Controller
and/or monitoring of the level of satisfaction on the quality of what was done at your request;
• The sending, by email, post and/or text message and/or phone, of commercial and/or promotional
communications of third parties (for example, business partners).
Methods of data processing
The processing of your data is carried out by means of the operations indicated in Art 4 no. 2) of the
EU Regulation, namely: the collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making
available, alignment or combination, restriction, erasure or destruction, blocking. Your personal data
is processed in both in paper and electronic and/or automated form (in any case suitable for ensuring
the safety and confidentiality of data).
Duration of data retention and other information
The Data Controller will process personal data for the time necessary to fulfil the above purposes and
in any case not beyond the date provided for by the law for the discontinuation of the relationship for
the purposes under the existing relationship. Personal data processed for marketing and commercial
purposes is stored in compliance with the principle of proportionality and in any case until the
processing purposes have been pursued or until the person concerned revokes specific consent. More
specifically, the Data Controller will keep the data for no longer than 3 years after collecting the
data.
The personal data provided by you will be processed “in a lawful manner according to the
principles of correctness and transparency”, protecting your privacy and rights.
Access to data
For the purposes under points 2.A) and 2.B) above, your data may be made accessible:
• To members, employees and collaborators of the Data Controller in Italy and abroad, in their
capacity as persons in charge and/or internal data processing managers and/or system
administrators;
• To third-party companies or other entities that carry out outsourcing activities on behalf of the
Data Controller, in their capacity as external data processing managers (including: associated firms,
lawyers, data processing companies, certification boards, accounting/tax consultants and in general any
other body responsible for verifying and checking the proper fulfilment of the purposes indicated above,
credit institutions, professional firms, consultants, insurance companies for the provision of insurance
services, financial offices, municipal authorities and/or municipal offices, consultants and service
companies and workplace safety companies who in turn may disclose the data, or provide access to the
data in the context of their members, users and related assignees for specific market research. The data
collected and processed may also be disclosed, in Italy and abroad, to subcontractors, suppliers, for
the management of information systems, to transporters, freight forwarders and customs agents).
For the sake of brevity, the detailed list of the above entities is available at our offices and is at
your disposal.
Data communication
Without the need for express consent (Art. 6, letters b) and c) of the EU Regulation), the Data
Controller may communicate your data for the purposes referred to in paragraph 2.A) above to supervisory
bodies, judicial authorities, insurance companies for the provision of insurance services, as well as
those parties to whom disclosure is mandatory by law to achieve the above- indicated purposes.
These parties will process the data in their capacity as independent data controllers. During and after
browsing, your data may be disclosed to third parties, in particular to:
• Google: Advertising Service, Advertising Coverage, Analytics/Measurement, Content
Personalisation, Optimisation;
• Google Analytics: Advertising Coverage, Analytics/Measurement, Optimisation. Your data will not
be disclosed.
Data transfer
Personal data is stored on devices located at the premises of the Data Controller or at providers within
the European Union. In any case, it is understood that the Data Controller, if necessary, will also have
the right to move data to non-EU countries. In this case, the Data Controller hereby ensures that the
transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to
the stipulation of the standard contractual clauses provided by the European Commission.
As regards the data present on its devices, and any data present at the provider, the Data Controller
has implemented appropriate technical and organisational measures to ensure a suitable level of
security, in full compliance with the provisions of Art. 32 of the EU Regulation.
Navigation: Your browsing data may also be transferred, limited to the purposes indicated above, to the
following territories: – EU countries, – United States.
Cookie management: If you have doubts or worries concerning the use of cookies, you can always prevent
them from being set or read, for example by modifying your browser’s privacy settings to block
certain types of cookies.
Since each browser, and often different versions of the same browser, also differ significantly from
each other, if you prefer to act independently through the preferences of your browser, you can find
detailed information on the necessary procedure in your browser guide and in the Privacy Policy and
Cookie Policy in the footer of our website.
Nature of data provision and consequences of refusal to answer
The provision of data for the purposes under point 2.A) above is mandatory. Without this data, we cannot
guarantee the services as indicated in point 2.A).
Instead, the provision of data for the purposes under point 2.B) is optional. You may therefore decide
not to provide any data and subsequently deny the possibility of processing data already provided. In
this case, you will not receive newsletters, commercial communications and advertising material and/or
anything else related to the services offered by the Data Controller.
You will still have the right to the services under point 2.A).
Rights of the interested party
As an interested party, you have the rights pursuant to Art. 15 of the EU Regulation as set out below
and precisely:
1. The right to obtain from the Data Controller confirmation of whether or not your personal data is
being processed, and in this case, to obtain access to the personal data and the following
information:
a. The purposes of processing;
b. The categories of personal data concerned:
c. The recipients or categories of recipients to whom the personal data has been or will be disclosed, in
particular if the recipients are from third countries or
international organisations;
d. Where possible, the retention period of the personal data or, if this is not possible, the criteria
used to determine this period;
e. The existence of the right of the concerned party to ask the Data Controller to rectify or erase the
personal data or restrict processing of the personal data concerning you or oppose their
processing;
f. The right to lodge a complaint with a supervisory authority (the Data Protection Authority);
g. If the data is not collected from the interested party, all information available regarding their
origin;
h. The existence of an automated decision-making process, including profiling under Art. 22, Paragraphs
1 and 4 of the EU Regulation, and, at least in these cases, significant information about the logic
used, as well as the importance and expected consequences of this processing for the interested
party.
2. If your personal data is transferred to a third country or an international organisation, you have
the right to be informed of the existence of adequate guarantees pursuant to Art. 46 of the EU
Regulation concerning the transfer of data.
3. Upon your request, the Data Controller will provide you with a copy of your personal data being
processed.
If you request further copies, the Data Controller may charge you a reasonable fee based on
administrative costs. If you submit the request by electronic means, and unless you specify otherwise,
the information will be provided to you in a commonly-used electronic format.
4. The right to obtain a copy pursuant to paragraph 3 shall not adversely affect the rights and freedoms
of others.
Moreover, where applicable, you have the rights pursuant to Articles 16 to 21 of the EU Regulation and
precisely have:
• The right to rectify personal data;
• The right to be forgotten (right to erasure);
• The right to restriction of processing;
• The right to data portability;
• The right to object;
• The right to complain to the Privacy Authority.
You also have the right to revoke at any time consent already given without prejudice to the lawfulness
of processing based on the consent given prior to revocation.
Personal data not obtained from the interested party
It may happen that CHIMICA HTS S.r.l. is not the Data Controller to whom you have given your personal
data, but is the co-owner of data processing or is responsible for external processing, and therefore
your data has ultimately come into the possession of CHIMICA HTS S.r.l. due to a contract that regulates
the parties. In this case, it should be noted that the undersigned company will do everything possible
to ensure that you have been informed and have given consent to processing. You can ask CHIMICA HTS
S.r.l. at any time about how your data was acquired.
Data Controller and Persons in Charge
Below we provide you with information that we are required to bring to your knowledge, not only to
comply with legal obligations, but also because transparency and fairness towards people who visit our
website is a fundamental part of our business.
Data Controller. The Data Controller of your personal data is CHIMICA HTS S.r.l., which can be contacted
for any information or request at the email address info@chimicahts.it
Data Processing Manager. The External Manager in charge of GDPR coordination and functionality on behalf
of CHIMICA HTS S.r.l. is Mr Zago Fabrizio, who can be contacted for any information or request at the
email address info@chimicahts.it
The updated list of other external processing managers is kept at the premises of the Data
Controller.
Persons in Charge. The updated list of persons in charge of processing is kept at the premises of the
Data Controller