CIEL INDUSTRIES PRIVACY POLICY, PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679

CIEL Industries LLC: (hereinafter referred to as CIEL Industries) with its registered office in Minneapolis, MN, USA 55421, is the data controller pursuant to article 4, paragraph 1, and article 24 of EU Regulation 2016/679, hereinafter referred to as GDPR.  As the controller of our customer’s submitted personal data, CIEL Industries, in compliance with the obligations set forth in GDPR article 13, provides this policy detailing the purposes and means of processing personal data.

Definitions:

Personal Data – Per GDPR article 4, paragraph 1, personal data is defined as ‘any information concerning an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, with reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements that are characteristic of his or her physical, physiological, genetic, mental, economic, cultural or social identity’;

Processing of personal data – Per GDPR article 4 paragraph 2, processing of personal data is defined as ‘any operation or set of operations, carried out with or without the help of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as the collection, recording, organization, structuring, storage processing, selection, limitation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction’.

1. Data Controller and contact details
   The data controller, as defined by GDPR article 24, is CIEL Industries, with its registered office in Minneapolis MN 55421 USA. Telephone +1 7633337252, e-mail address: privacy@ciel-ind.com.

2. Data processed
   1. Navigation data
      
      The computer systems and software used to operate the CIEL Industries website acquires during normal operation some personal data whose transmission is implicit in the communication protocols of the Internet.
      
      This information is not collected to be associated with identified interested parties, but could, through process and associations, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters in regards to the operating system and computer environment.
      
      This data is used for the sole purpose of obtaining anonymous statistical information on the use of the CIEL Industries site and to check its correct functioning. It could also be used to ascertain responsibility in case of hypothetical computer crimes against the site. This data is deleted immediately after processing.

2. Data provided voluntarily by the user
   
   The optional, explicit, and voluntary sending of electronic mail (email) to the addresses indicated on this site, as well as the completion of contact form(s) or the transmission of data through other sections of the site, involves the subsequent acquisition of the sender’s address necessary to respond to requests, and any other personal data entered by the user.

3. Purposes of the treatment and legal basis
   1. Personal data, subject to processing, is used for the following purposes:
      1. To respond to customer specific requests
      2. To subject the customer to necessary and explicit content, informative messages, commercial, promotional, and advertising communications on the products and services offered by CIEL Industries, sent via email, post, sms, mms, telephone contact, newsletters, in accordance with the principles required by the GDPR
      3. To fulfill legal and/or regulatory obligations of a fiscal, administrative, and accounting nature
      4. To fulfill pre-contractual, contractual, and fiscal obligations relating to the conclusion and/or execution of contracts to which customers are a party
      5. To protect customer credit
   2. The processing of personal data complies with GDPR article 6, paragraph 1, letters (b) and (c), for the purposes referred to in sections 3.1.1, 3.1.3, and 3.1.4 of this policy, and article 6, par. 1 letter (a) of the GDPR for the purposes referred to in section 3.1.2 of this policy.
4. Nature of conferment
   For the purposes referred to in sections 3.1.1, 3.1.3, 3.1.4, and 3.1.5, of this policy, the provision of data is necessary to respond to requests and/or perform the services requested of CIEL Industries. Any refusal will make it impossible to provide the same. To carry out the processing referred to in sections 3.1.1, 3.1.3, 3.1.4, and 3.1.5 of this policy, it is not necessary for CIEL Industries to obtain the consent of the interested party.
   
   For the purposes referred to in section 3.1.5 of this policy, the provision of data is optional and there are no consequences in case of refusal to provide such data, except for the impossibility for the data controller to carry out related activities.

5. Treatment modalities
   Data treatment is completed through paper, computer, and telematics with the help of electronic means by authorized internal subjects and/or third parties according to logics strictly related to the purposes of the present requirement. The data is stored in electronic and/or paper archives in such a way as to assure the security and confidentiality of the data. The processing of personal data is carried out in accordance with the principles which inspired the GDPR.

6. Recipients of data
   Per article 4, section 9 of the GDPR, the data recipient is defined as ‘the natural or legal person, service or other body receiving communications of personal data, whether they are third parties or not. Public authorities that receive communications of personal data in the context of a specific investigation in accordance with Local, State, federal, EU or Member State law shall not be considered recipients. The processing of data by such public authorities shall be in accordance with the applicable data protection rules according to the purposes of the processing.
   
   It should be noted that, in relation to the purposes indicated above, personal data may be communicated to recipients in a collaboration relationship with CIEL Industries, or for the fulfillment of legal obligations. These recipients are bound to absolute confidentiality with regard to information they may become aware of. Below are listed the categories of recipients.
   
   • Authorities, public administrators, and supervisory and control bodies for their institutional purposes.
   • Employees and/or collaborators of the data controller, including associated companies, subjects, consultants, and professional firms who collaborate with the data controller for the achievement of the purposes indicated above, and/or including the fulfilment of legal obligations.
   • Subjects who provide services for the management of CIEL Industries computer system.
   • Qualified professionals for the purpose of studying and solving possible legal and contractual problems.
   • Banks or similar organizations.

7. Place of data processing and possible transfer of data outside the EU
   The data processing activity involves the transfer of data to a state that does not belong to the EU or the EEA. The data controller guarantees that the transfer, if necessary, will be carried out under the specific conditions provided for in article 44 of the GDPR.

8. Dissemination and communication of data
   Personal data is not subject to dissemination or transfer. Communication to third parties, other than owners and managers, internal or external to the organizational structure of CIEL Industries, identified and appointed under articles 24 and 28 of the GDPR, is provided only where required.
   
   In all cases, the processing by third parties will be in accordance with the principles of fairness, proportionality, and necessity, as well as in compliance with applicable laws.

9. Conservation times
   Data will be stored in compliance with the principle of proportionality for a period not exceeding 10 years, and only for the fulfilment of the purposes set out in section 3.1 of this policy.

10. Data security
    The data controller adopts adequate technical and organizational measures to protect data in order to prevent the loss of data, unlawful or incorrect use, and unauthorized access.

11. Rights of the interested party
    Pursuant to GDPR article 13, paragraph 2, letter (b) in regards to the processing of personal data, in order to ensure a fair and transparent treatment, the following rights may be exercised:

1. Right of access by the data subject (reference article 15 GDPR): To obtain from the data controller information on the existence or otherwise of processing of data concerning the subject as well as access to their personal data and information on the purposes of processing, the recipients, or categories of recipients, to whom the data is/was transmitted
2. Right to rectification (reference article 16 GDPR), right to erasure (reference article 17 GDPR), and right to restriction of processing (reference article 18 GDPR): To request from the data controller the rectification and erasure of personal data and the restriction of processing
3. Right to portability (reference article 20 GDPR): To receive in a structured, commonly used and machine-readable format the personal data provided to the data controller, and the right to transmit such data to another controller, provided that this operation is technically feasible
4. Right of opposition (reference article 21 GDPR): To oppose the processing of personal data.
5. To exercise your rights per GDPR article 13, paragraph 2, letters (b) and (e), you may write to CIEL Industries LLC, Minneapolis MN, 55421 USA at the following e-mail address: privacy@ciel-ind.com.

12. Right to complain or appeal
    Pursuant to GDPR article 13, paragraph 2, letter (d), CIEL Industries states, if it is considered that the processing of customer data violated European regulations, or the Code on the protection of personal data, a complaint may be lodged with the privacy guarantor, per article 77 GDPR or, alternatively, appeal to the judicial authority.

13. Changes and updates
    This information is updated as of 12/03/2022. CIEL Industries may make changes and/or additions as a result of changes and/or additions to the law.