NOTIFICATION PURSUANT TO ARTICLES 13-14 OF THE GDPR (GENERAL DATA PROTECTION REGULATION) 2016/679
In compliance with the new regulations on the General Data Protection Regulation (GDPR), the processing of personal data on the part of ChoralChain Inc. will be based on principles of correctness, lawfulness, transparency and protection of privacy and rights of the data Subject.
As provided by the EU Regulation 679/2016 (GDPR), art. 13 in particular, the information required by the law for the processing of personal data is provided to the interested subjects as described below.
All personal data (name, surname, identification documents and copies of the same, phone number,
e-mail address, etc.) will be processed for the following intents only:
- contractual obligations for activities related and instrumental to the execution of the contract itself and other contractual obligations, by-laws or general rules provided for in the execution of the services performed
by ChoralChain Inc.
- search and recruitment of personnel
- information and communication pertaining to the services provided by ChoralChain Inc.;
- processing connected to VAT regulations (VAT tax register, etc.).
ChoralChain Inc. does not require the interested party to provide any "special data" as defined by the GDPR (article 9), i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, or biometric data which would uniquely identify a natural person, or data concerning health, sex life or sexual orientation of a person. In the event that the service requested to ChoralChain Inc. requires the processing of such data, the interested party will receive prior notice and will be asked to give explicit consent.
Please note that the conferral of data for the purposes of treatment as described above is mandatory and its failure, partial or incorrect conferment may result in the impossibility of carrying out the service and preclude ChoralChain Inc. to fulfil their contractual obligations.
The treatment of personal data will be carried out manually and/or by means of computerized and telematic tools with organizational and processing logics strictly related to the purpose of the treatment itself and “ in any case“ in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with organizational and physical measures and logics provided for by the current regulations.
The data may be disclosed to third parties, whether national, European or International, whose intervention in the processing is necessary to provide the services required or because of contractual, tax or regulatory obligations. Personal data can also be processed by employees or partners of our organization, as well as our Group companies or companies that perform outsourcing activities, including managing websites or cloud services, external suppliers, professionals and consultants, in compliance with the requirements of the GDPR. All our employees and collaborators have to sign a deontology and confidentiality agreement. ChoralChain Inc. requires that all their suppliers and people involved in the processing of personal data fully respect the same security measures as those adopted towards the interested party, thus narrowing the scope of action of the Data Treatment Manager to the treatment related to the requested service only.
The Subject personal data are stored on paper, computer and electronic archives located in countries where the GDPR (EU countries) applies. Personal data will not be disseminated, nor will be transmitted to third parties for advertising or marketing purposes without the explicit consent of the interested party. Automated decision-making processes for personal data shall not be used.
Personal data are kept for the period necessary to perform the service and will not, in any case, exceed a10 year period unless legally required.
The data Subject may, at any time, exercise their rights to:
- access their personal data;
- obtain the rectification or erasure of personal data or the restriction of processing;
- oppose the treatment;
- request data portability;
- retract consent, if so provided: the retraction of consent, however, does not affect the lawfulness of any data processing carried out on the basis of the consent given prior to its retraction;
- submit a complaint to the Privacy Guarantor.
The aforementioned rights can be exercised in writing by sending a PEC (CERTIFIED E-MAIL) to the following address: firstname.lastname@example.org or by registered letter to ChoralChain Inc.,101 Hudson Street, Suite 2100, Jersey City, NJ 07302, United States.
The Data Controller is ChoralChain Inc., with registered offices in 101 Hudson Street, Suite 2100, Jersey City, NJ 07302,