Privacy Policy for www.chimontgroup.com

The website www.chimontgroup.com collects some of the personal data from the users that visit this website.

In accordance with the commitment and the attention we have for personal data, and according to the clauses 13 and 14 of EU GDPR, www.chimontgroup.com provides information about ways, ends, communication field and spread of users’ personal data and rights.

Owner of the processing of the personal data:
Company CHIMONT INTERNATIONAL S.P.A.

Street Barsanti 32 / Zip code 56020 / Place Capanne – Montopoli Valdarno / CF-PIVA 01410250508
Email:info@chimontgroup.it

Telephone: +39 0571 447011

Types of collected data
www.chimontgroup.com collects data from the users, automatically or from other sources. The types of collected data are: technical navigation data, usage data, email, name, last name, telephone number, province, country, zip code, city, address, business name, state, cookies, and oher types of data. Further details about collected data are given in the next paragraphs of this privacy policy. Personal data are provided intentionally through the filling of forms, or, in case of usage data, such as navigation statistics, they are collected automatically when visiting the website www.chimontgroup.com.

Requested data of forms are divided into mandatory and optional; in each form both types are indicated separately. In case of the user preferring not to communicate the mandatory data, www.chimontgroup.com retains the right not to provide its services. In case of the user preferring not to provide the optional data, the services will be given in any case by www.chimontgroup.com.

www.chimontgroup.com uses statistics tools to track the users’ navigation, and the analysis is made through the log. It doesn’t use cookies directly, but it can use it through other sources.

All the cookies used are described at Cookie Policy (https://www.chimontgroup.com/Cookie-Policy.htm) and also later in this privacy policy.

The user that gives, posts, spreads, shares or gets personal data from other sources through www.chimontgroup.com takes the full responsibility of them. The user frees the website owner from all the direct responsabilities and towards third party, guaranteeing to have the rights to communicate, publish and spread them. www.chimontgroup.com doesn’t provide services to minors (under 18). In case of requests made for minors, their parents, or their tutors, have to fill the data forms.

Modes, places and times of collected data
Modes of collected data processing
The owner developed an appropriate computer system, in order to guarantee suitable security measures, made in order to prevent any unauthorized access, distribution, modification or cancellation of personal data. The same system makes copies every day, according to the importance of the data.

The process is made by our authorized employees, through automated tools, with respect for the current legislation and according to the principles of decency, frankness, protection of the privacy of the user and their rights, as long as they use the website services. Our computer system has been structured in order to prevent the loss of data, illegal or not proper usage, and unauthorized accesses.

The user has the right to get information regarding the security measures, taken by the owner to protect the data.

Accesses to the data in addition to the owner
The internal staff (such as administrative, commercial, marketing and legal staff) and the external one (such as computer services, webfarm, marketing companies) have access to the data collected by www.chimontgroup.com. If necessary, the owner elects the them as the responsible of the processing.

In case of registration of domain names, the users’ data will be communicated to the IIT-Register, for the performance of the contract and in order to start the technical, administrative, statistic, accounting and research related activities. The communicated data will be the one strictly necessary to the requested action. The communication of the said data is mandatory, in order to be able to perform the services offered to the user. The data won’t be used and communicated to third party for marketing activities and direct sales. The data won’t be spread to third party without the previous and specific consent of the user. However, they can be at the legal authority disposal, if they’re requested to.

The user can ask the owner of the processing for the updated list of the people responsible for the processing.

Communication of unwanted accesses to the Authority Responsible of the Privacy
The said computer system is controlled and monitored every day by technicians and systems engineers. Nevertheless, even if considered quite unlikely, it might be happen that someone tries to access. If this happens, the owner is committed, as the GPDR, to communicate it to the authority responsible of the privacy, within the period stipulated by the law.

Places where data are stored
Personal data are stored and processed in the place of business of the owner, as well as inside the servers that host the website www.chimontgroup.com , or inside the servers that create the security copies. The personal data of the user can be stored in Italy, Germany and Netherlands, anyway in European Union nations. The personal data of the user will be never taken or copied outside the European territory.
Data transfer to other countries or international organizations: in case of domain name registration, the user’s data can be transferred into extra EU countries, with respect for current legislation.

Conservation times of collected data
In case of data collected in order to provide a service to the user (whether it’s free or purchased), they are kept for the 24 following months after the end of the service. Or until the consent is revoked.

In case of the owner being forced to keep the personal data according to a legal obligation or because of an authority order, the owner can keep the data for a longer time, necessary for the obligation.

At the end of the conservation period, the personal data will be cancelled. After the deadline, it won’t be possible anymore to access to the personal data, ask for their cancellation and portability.

Consequences in case of refusal when registering a domain name
The collected information will be processed for administrative and accounting purposes, rights protection, and all the other purposes connected to the registration, management, protest, transfer and cancellation of the domain name, as well as to fulfill the legal obligations, rules or community legislation, and communicated to third party for other activities, sometimes necessary to complete the said purposes. The collection of personal data, provided by the user, is necessary to perform the services. If personal data are not provided properly, the service will be no longer available. The Whois service doesn’t let the view of any data connected to a domain name contacts (registrant, admin e tech), in case of the domain name being registered by a natural person and they did not expressed the consent for the publication of the data (field consentForPublishing with value "false". The consent for the spread of personal data is not expected when data need to be published for legal obligation, under art. 40, subparagraph 2, lett.B of the decree law of december 6th 2011, n. 201, converted, with modifications, by the law 22 of December 2011, n. 214); the legal persons, institutions or associations are no longer qualified as interested, therefore that said categories can no longer receive the report and the potential consent, expected by Reg. UE 2016/679. The fisical persons, whose data are processed in conjunction with the activities related to this contract, are still qualified, even when data are provided by persons that are no longer qualified, with the application of obligation and possible consent of the said persons.

Legal basis of collected data processing
The owner obtains users’ personal data in the following cases:
The processing is necessary:
- if the user has intentionally accepted the processing for one or more purposes;
- to give the user an estimate;
- to provide a contract to the user;
- to provide a service to the user;
- in order for the owner to fulfil a legal obligation;
- in order for the owner to fulfil a public interest task;
- in order for the owner to exercise public authority;
- in order for the owner or third party to pursuit personal interests.

The user can ask anytime clarifications on the legal basis of the processing, to the owner of the data processing.

Purposes of the collected data processing
The user’s data are collected by the owner for the following purposes:

- providing technical and sales information;
- providing the users free trials of a service;
- providing estimates to users;
- orders;
- invoicing;
- sending notification of expiry about services;
- sending notifications of data removal;
- sending newsletter;

Possibly data can be processed also for:
contacting the user, statistics, users’ behaviours analysis, recording of sessions, viewing the contents, interaction with external applications, protection from spam, handling of payments, interactions with social network, advertising.

The user can ask anytime for clarifications about each processing to the owner.

Details on collection and usage of personal data
Contacting the user
Contact forms
The user can fill the contact/information request forms, entering their own data, and giving the permission to their usage in order for them to be fulfilled.
The personal data that might be collected are: ZIP CODE, city, last name, email, address, country, name, telephone number, province, business name.

Newsletter or SMS
The user can subscribe to the newsletter of the website www.chimontgroup.com. Technical, informative, commercial and promotional newsletters can be sent to the email address provided by the user. The subscription is made with a double opt-in.
An e-mail is sent to the user (to the provided e-mail address) with an internal link that the user has to click on to confirm that the address is correct.

The same service can be done with SMS.

Personal data that might be collected: ZIP CODE, city, last name, email, address, country, name, telephone number, province, business name.

The collected data and their usage by third party are regulated by their own Privacy Policy, that we kindly ask you to look at.

Heat mapping and sessions registration
Heat mappings and session registrations are services used to determine the areas in a website where the mouse cursor is moved and the areas that can be clicked, in order to identify the more important ones. They analyze the web traffic and the user’s behaviour. They can register the sessions in order for them to be later analized.

The collected data and their usage by third party are regulated by their own Privacy Policy, that we kindly ask you to look at.

Statistics
These services are used by the owner to analyze the web traffic of the users on www.chimontgroup.com.

The collected data and their usage by third party are regulated by their own Privacy Policy, that we kindly ask you to look at.

Google Analytics
Service provider: Google, Inc.
Service purposes: provided web analysis service. This service collects personal data of the user to monitor and analyze the website www.chimontgroup.com, it generate reports e uses them also for other Google services. Google can use the collected data to customize its own advertising.
Collected personal data: cookies, usage data
Data processing place: United States
Privacy Policy (https://policies.google.com/privacy?hl=it)
Opt-Out (https://tools.google.com/dlpage/gaoptout?hl=it)
Privacy Shield Participant

Viewing contents from external websites
These services are used to view external website contents inside the website, with possibile interaction.
Even though the user doesn’t use this service, it might happen that it collects web traffic data.
The collected data and their usage by third party are regulated by their own Privacy Policy, that we kindly ask you to look at.

Google Fonts
Service provider: Google, Inc.
Service purposes: this service views the external fonts on the website
Collected personal data: data specified in the privacy policy of this service
Data processing place: United States
Privacy Policy (https://policies.google.com/privacy?hl=it)
Privacy Shield Participant

Widget Video YouTube
Service provider: Google, Inc.
Service purposes: this service helps to view and interact with external videos inside the website
Collected personal data: cookies, usage data
Data processing place: United States
Privacy Policy (https://policies.google.com/privacy?hl=it)
Privacy Shield Participant

Rights of the user
The user has all the rights provided by the clause 12 of EU GDPR, such as the right to control, modify, complete (correct) and delete all the personal data, logging-in the restricted area. Once all the data are deleted, the personal account will be removed.

In detail, the user has the right to:
- know if the owner has the personal data of the user (clause 15 Access right);
- modify or complete (correct) the incorrect or incomplete personal data (clause 16 Correction right);
- ask for the cancellation of one or more collected personal data, if there is a reason to, established by the GDPR (Cancellation right, 17);
- limit the processing just to some of the personal data, or revoke completely the treatment consent, if there is a reason to, established by the guidelines (clause18 Processing limitation right);
- receive a copy of all personal data owned by the owner, in a common format, and readable also from automatic devices (clause 20, Portability right);
- take fully or partially position against the data processing for marketing purposes, such as commercial offers (clause 21 Right to object). Please note that users can object against the data processing for marketing purposes, without giving any explanation;
- take position against the data processing for profiling purposes (c.d. Consent).

How users can exercise their rights
The users can exercise their rights given above, communicating the request to the owner of the processing REMO PETROSELLI to the following contact details: info@chimontgroup.it; tel. +39 0571447011.

The request of exercising a right has no costs. The owner is committed to process the requests as soon as possibile, anyway within one month.

The user has the right to file a complaint to the Authority Responsible of the Privacy for the Protection of Personal Data. Contacts: garante@gpdp.it, http://www.gpdp.it (http://www.gpdp.it).

Cookie Policy
Please, refer to the details of the Cookie Policy (https://www.sitoper.it/Cookie-Policy.htm).

Further information about data processing
Defence in court proceedings
In case of appeal to the court for a violation made by the user regarding the use of www.chimontgroup.it or its related services, the owner has the power to reveal the user’s personal data. Besides, he has to provide said data on public authorities request.

Request of specific reports
The user has the right to ask www.chimontgroup.it for specific reports about the services of the website and/or the collection and usage of personal data.

Collection of data for system log and maintenance
www.chimontgroup.it and/or third party services (if existing) might collect users’ personal data, such as the IP address, in the form of system log. The collection of these data is connected to the website functioning and maintenance.

Information not included in this policy
The user has the right to ask the owner anytime for further information, not included in this Policy, about the data processing. The owner can be reached out by the contact details.

Support for "Do Not Track" requests
"Do Not Track" requests are not supported by www.chimontgroup.it.
The user can look at the Privacy Policy of the third-party services mentioned above in order to find out which ones support this type of requests.

Modifications to this Privacy Policy
The owner has the right to modify this document, by notifying the users in this webiste page, or, if expected, through the contact details he owns. The user is therefore invited to consult this website page periodically. To be sure about the actual modification, please look at the “last modification date” at the end of this Policy.
The owner will collect again the users’ consents, if the modifications concern something that consent is necessary for.

Definitions and legal references
Personal data (or data, or user’s data)
Personal data are the information that indentify or help to identify a natural person, directly or indirectly, and they can provide information about their characteristics, habits, lifestyle, personal relationships, health, economic situation, etc.

Source: website of the Authority Responsible of the Privacy (http://www.garanteprivacy.it).

Usage data
Usage data are the information collected automatically while visiting www.chimontgroup.it, both from the website itself and third-party applications included in the website. The IP address, the device details, the browser (including the geographic location) that the user uses to visit the website, the viewed pages and the duration of each visit of the pages are examples of usage data.

User
The person that uses the website www.chimontgroup.it.
The user corresponds to the person concerned, unless it’s otherwise specified.

Person concerned
The person concerned is the natural person that personal data refers to. Therefore, if a processing concerns, for example, the address, the ZIP CODE, etc, of Mario Rossi, this person is the person concerned (clause 4, paragraph 1, point 1, of the UE guidelines 2016/679 http://www.garanteprivacy.it/regolamentoue).

Source: website of Authority Responsible of the Privacy (http://www.garanteprivacy.it).

Responsible of the processing (or responsible)
The responsible is the natural or legal person that the owner entrust for specific tasks of data processing management and control, even outside the business (clause 4, paragraph 1, point 8, of the UE guidelines 2016/679 http://www.garanteprivacy.it/regolamentoue). This guidelines inserted the possibility for the responsible to designate, under certain circumstances, another person, the "sub-responsible" (clause 28, paragraph 2).

Source: website of Authority Responsible of the Privacy (http://www.garanteprivacy.it).

Owner of the processing (or owner)
The owner is the natural person, the public authority, the business, the public or private institution etc, that make decisions about the purposes and modes of the data processing (clause 4, paragraph 1, point 7, of the UE guidelines 2016/679 http://www.garanteprivacy.it/regolamentoue).

Source: website of Authority Responsible of the Privacy (http://www.garanteprivacy.it).

www.chimontgroup.it (or website)
The website that collects and processes the users’ personal data.
European Community (or EU)
All the references connected to the European Community are extended to every member states of the European Union and the European Economic Space, unless where it’s otherwise specified.

Cookies
All the data collected inside the user’s device.

Legal references
This Privacy Policy is drafted according lots of legal guidelines, including the clauses 13 and 14 of the EU guidelines 2016/679. This policy concerns exclusively www.chimontgroup.it, unless it’s otherwise specified.

Last modification date: 29/05/2018
Date ©