Privacy Statement

1. Introduction

Chimera Tech Holdings plc (“we” or “us” or “our”) and our subsidiaries are committed to protecting and respecting your privacy.

This policy statement (together with our terms of use and any other documents referred to on it) sets out the basis on which:

• we acting as a Data Controller, collect any personal data from you; and
• you provide any personal data to us as a Data Processor; and
• we will process personal data.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting us at www.chimera-tech.com you are accepting and consenting to the practices described in this policy.

For the purpose of the Data Protection Act 1998 (the “Act”) and the Regulation (EU) 2016/679 (General Data Protection Regulation) (“GDPR”), the data controller is Chimera Tech Holdings plc of 24 Dublin Street Edinburgh, Scotland EH1 3PP.

Our nominated representative for the purposes of the Act and GDPR is our Data Protection Officer, who can be contacted on 0344 874 1000 or at DPO@chimera-tech.com

2. Information we collect from you

We will collect and process the following data about you:

2.1 Information you give us

This is information about you that you give us by filling in forms on our Website www.chimera-tech.com (“our Website”) or by corresponding with us by phone, e-mail or otherwise. It includes (without limitation) information you provide when you register to use our Website, subscribe to our service, search for a product, place an order on our Website, participate in discussion boards or other social media functions on our Website, enter a competition, promotion or survey, and when you report a problem with our Website. The information you give us may include (without limitation) your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph.

2.2 Information we collect about you

With regard to each of your visits to our Website we may automatically collect the following information:

• technical information, including the Internet Protocol (“IP”) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
• information about your visit, including the full Uniform Resource Locators, clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.

2.3 Information we receive from other sources

This is information we receive about you from a third party, Data Controller with whom we are contracted to provide a service them.

It may also include information that we receive from other third parties (who are Data Controllers in their own right) including, for example, business partners, sub-contractors, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies.

2.4 Types of information we may collect and or process

The personal information we collect might include your name, address, email address, IP address, and information regarding the web pages accessed and when it was accessed. If you contact us to register a service request, the information collected may include your name, your organisation, your office address, email address, IP address, and information regarding your service requirement.

3. Cookies

Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our Website. For detailed information on the cookies we use and the purposes for which we use them, see paragraph 6; ‘How we use cookies’ below.

4. Uses made of the information

We use information held about you in the following ways:

4.1 Information you give to us

We will use this information:

• to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
• if you explicitly request us to provide you with information about other goods and services, we offer that are similar to those that you have already purchased or enquired about;
• if you explicitly agree that we provide you, or permit selected third parties to provide you, with information about goods or services we feel may be of interest to you;
• if you explicitly request us to notify you about changes to our service;
• to ensure that content from our Website is presented in the most effective manner for you and for your computer;
• to comply with your rights under both the Act and GDPR.

4.2 Information we collect about you

We will use this information:

• to administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our Website to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in the interactive features of our service, when you choose to do so;
• as part of our efforts to keep our Website safe and secure;
• to measure or understand the effectiveness of the advertising we direct to you and others, and to deliver relevant advertising to you;
• to make suggestions and recommendations to you and other users of our Website about goods or services that may interest you or them;
• keeping relevant records of our customers;
• to update our product offering.

Where we have received your explicit permission, we may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address(es) which you have provided. If you wish to unsubscribe to this service please email unsubscribe@chimera-tech.com or via the UNSUBSCRIBE LINK.

4.3 Information we receive from other sources

We will usually combine this information with information you give to us and information we collect about you. We will usually use this information and the combined information for the purposes set out above (depending on the types of information we receive).

4.4 How long is your information retained?

To ensure that personal data is kept for no longer than necessary, we have put in place an Archiving Policy for each area in which personal data is processed and will review this process annually.

The archiving policy shall consider what data should/must be retained, for how long, and why. Where consent is relied upon as a lawful basis for processing data, evidence of explicit opt-in consent shall be kept with the personal data and retained in accordance with the requirements of relevant UK Legislation and Regulation, which could for example be:

• Investigatory Powers Act 2016
• Companies Act 1985
• Taxes Management Act 1970
• Finance Act 1998
• Sex Discrimination Act 1975
• Race Relations Act 1976
• Disability Discrimination Act 1995
• The Working Time Regulations 1998
• Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995
• Limitation Act 1980
• Limitation Act 1980 (for England & Wales)

4.5 Securing Your Data

We shall ensure that personal data is stored securely using best practice and in an environment that is maintained in accordance with our ISO 27001 and PCI-DSS certification.

Access to your personal data shall be limited to personnel who require access to provide a contracted product or service and appropriate security will be in place to avoid unauthorised sharing of information.

When personal data is deleted this will be done safely and in such a manner that the data is irrecoverable.

Where data cannot be deleted, it will be anonymised to prohibit the identification of the data subject.

Appropriate back-up and disaster recovery solutions shall be in place.

5. Disclosure of your information

Your explicit agreement allows us to share your personal information with:

• any member of our group, which means our subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
• selected third parties including:
• business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
• analytics and search engine providers that assist us in the improvement and optimisation of our Website;
• credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.

Should we disclose your personal information to third parties we confirm that your personal data shall not be transferred to another entity, country or territory, unless reasonable and appropriate steps have been taken to establish and maintain the required level of data security and that:

• personal data may be communicated to third persons only for reasons consistent with the purposes for which the data were originally collected or other purposes authorised by law;
• all transfers of personal data to third parties for further Processing shall be Subject to written agreements, or under our Intra Group Data Transfer Agreement for internal Data transfers;
• EU personal data shall not be transferred to a country or territory outside the European Economic Area unless the transfer is made to a country or territory recognised by the EU as having an adequate level of data security or to the United States under the EU-US Privacy Shield, and only if the US company is registered under the EU-US Privacy Shield.

Subject to the provisions of the above, personal data may be transferred where any of the following apply:

• the data subject has given Consent to the proposed transfer;
• the transfer is necessary for the performance of a contract between the data subject (personally or via his/ her employing company as our client) and us;
• the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between us and a third party;
• the transfer is necessary or legally required on important public interest grounds, or for the establishment, exercise, or defence of legal claims;
• the transfer is required by law;
• the transfer is necessary to protect the vital interests of the data subject.

Your personal data may also be shared

• in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
• if our or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Website Terms of Use or our Chimera Tech Standard Terms and Conditions for the Supply of IT Services or our Standard Terms and Conditions for the Purchase by Chimera Tech of Goods and Services and other agreements; or to protect our rights, property, or safety or the rights, property or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

5.1 Your rights

As the data subject, your rights are set out in Chapter 3 of GDPR and includes the rights to:

• access your personal data;
• be provided with information about how your personal data is processed;
• be provided with the information of the personal data obtained from someone other than the data subject;
• have your personal data corrected;
• have your personal data erased in certain circumstances, (“the right to be forgotten”);
• object or restrict how your personal data is processed;
• have your personal data transferred to yourself or to another business in certain circumstances.

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.  You can also exercise the right at any time by contacting our Data Protection Officer, who can be contacted on 0344 874 1000 or at DPO@chimera-tech.com.

Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

5.2 Changes to our Privacy Policy or Statement

Any future changes that we make to our Privacy Policy will be posted on this page. Please check back frequently to see any updates or changes to our Privacy Policy.

5.3 Contact

Questions, comments and requests regarding this Privacy Policy should be addressed to our Data Protection Officer, who can be contacted on 0344 874 1000 or at DPO@chimera-tech.com.

6. How we use cookies

A cookie is a small file which is placed on your computer’s hard drive. By using our Website, you agree to allow cookie files to be added to your computer which helps us to analyse web traffic but also allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our Website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.

Overall, cookies help us provide you with a better Website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

We may use the following third-party services that relates to cookie use on our Website:

• Google Analytics
• Google Analytics for Display Advertising
• Google Display Network Impression Reporting
• Google Analytics Demographics and Interest Reporting
• Google Maps
• DoubleClick Campaign Manager
• YouTube
• AddThis
• Pardot

Most Internet browsers will automatically accept cookies, however if you do not wish to accept cookies you can modify your browser settings to turn off the functionality. Please be aware that declining use of cookies may result in limited functionality of certain aspects of the Website.

Should you have any questions or concerns with how we utilises cookies then please do not hesitate to contact us.