Chrysalis Logo

Privacy Policy

Our privacy policy and personal data protection

Privacy and Cookie Policy of Chrysalis Official

Effective Date: September 28, 2025

This Privacy Policy (hereinafter "Policy") describes how Chrysalis Official, part of the Exagon Industries Ltd group (hereinafter "we", "our" or "Chrysalis Official"), collects, uses, and shares personal information relating to customers, business partners, suppliers, and individuals working for them. This Policy applies to personal information collected through the website chrysalisofficial.com and any related services, and explicitly references that Chrysalis Official is managed and controlled by Exagon Industries Ltd, located at Claire Causeway, Crossways Business Park, Dartford Kent DA2 6QA, United Kingdom.

Please note that this Policy does not apply when Chrysalis Official acts as a data processor on behalf of clients (e.g., in dedicated IT services or apps). In such cases, specific policies provided by the clients may apply. For authorized users of such services, this Policy may apply when data is processed for Chrysalis Official's own interests as a data controller.

Chrysalis Official is committed to complying with all applicable data protection laws globally, including but not limited to:

  • Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR) and the UK GDPR.
  • California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other U.S. state privacy laws where applicable.
  • Federal Law of the Russian Federation No. 152-FZ "On Personal Data".
  • United Arab Emirates Federal Decree-Law No. 45/2021 on the Protection of Personal Data.
  • Other relevant international, federal, state, or local data protection laws in jurisdictions where we operate or process data, such as those in the USA, Russia, UAE, and beyond.

This Policy is designed to provide a comprehensive framework that ensures compliance across all markets, with jurisdiction-specific provisions where necessary to address unique requirements. If you are located in a specific jurisdiction, additional rights or notices may apply as outlined below.

1. Data Controller

The data controller of personal data is Exagon Industries Ltd, as the controlling entity of Chrysalis Official, located at Claire Causeway, Crossways Business Park, Dartford Kent DA2 6QA, United Kingdom.

Contacts: For any privacy-related questions, use the contact form available on the site or send an email to privacy@exagongroup.com.
Data Protection Officer (DPO): Appointed pursuant to Art. 37 GDPR (and equivalent requirements under other laws), contactable at the address above.

In case of specific processing for Chrysalis Official, the controller may be indicated separately (e.g., in contracts or data collection forms on the site). For processing involving residents of Russia or UAE, Exagon Industries Ltd acts as the controller, with local representatives if required by law.

2. Types of Personal Data Collected

We collect the following categories of personal data (which may include "personal information" as defined under CCPA or equivalent terms under other laws), depending on interactions with the chrysalisofficial.com site or our services:

  • Identifying and contact data: Name, surname, email address, telephone number, postal address, job position.
  • Navigation and technical data: IP address, browser type, device settings, access data (username, password), cookies and similar technologies (see Cookie Policy section).
  • Data related to requests or orders: Information provided in contact forms, support requests, product/service orders (e.g., payment details, if applicable).
  • Data of physical visitors: Name, identifiers, company contacts for access to premises (if relevant for events or visits).
  • Marketing data: Preferences, interactions with events, surveys, newsletter registrations.
  • Sensitive data (or "special categories" under GDPR, "sensitive personal information" under CCPA): Not collected intentionally, except where necessary for legal obligations (e.g., for health reasons in physical events) and only with explicit consent or other lawful basis as required by applicable law.

We do not collect data from minors without the consent of parents/guardians (or equivalent verification under laws like COPPA in the USA). If such data is detected, it will be deleted immediately. We do not "sell" or "share" personal information as defined under CCPA unless explicitly disclosed and with opt-out options.

3. Purposes of Processing and Legal Basis

Personal data is processed for the following purposes, with legal bases tailored to applicable laws (e.g., Art. 6 GDPR, legitimate business purposes under CCPA, consent under Russian/UAE laws):

  • Access and use of the site/online services: To provide access, personalize the experience, ensure security (e.g., fraud detection). Legal basis: Performance of a contract or pre-contractual measures (GDPR Art. 6(1)(b)); legitimate interest (GDPR Art. 6(1)(f), CCPA business purposes); consent where required.
  • Response to requests, orders, or support: Management of inquiries, order fulfillment, satisfaction surveys. Legal basis: Performance of a contract (GDPR Art. 6(1)(b)); necessary for business operations.
  • Management of relationships with customers, prospects, partners, and suppliers: Contracts, deliveries, support, invoicing. Legal basis: Performance of a contract (GDPR Art. 6(1)(b)); legal obligations (GDPR Art. 6(1)(c), tax laws in Russia/UAE/USA).
  • Security and video surveillance: For access to premises, security, and regulatory compliance. Legal basis: Legitimate interest (GDPR Art. 6(1)(f)); legal obligations.
  • Marketing and analysis: Sending promotional communications, aggregate analysis for business intelligence. Legal basis: Consent (GDPR Art. 6(1)(a), Russian/UAE laws); opt-in/opt-out as per CCPA for sharing.
  • Legal compliance: Tax obligations, audits, defense in court. Legal basis: Legal obligations (GDPR Art. 6(1)(c), equivalent under other laws).

We process data only to the extent necessary and minimize collection to align with global standards.

4. Recipients of the Data

The data may be shared with:

  • Companies of the Exagon Industries Ltd group (including global subsidiaries in the USA, Russia, UAE, and other regions) for internal purposes, subject to intra-group agreements ensuring equivalent protection.
  • Third-party suppliers (e.g., hosting, IT, logistics) bound by data processing agreements (GDPR Art. 28, equivalent under CCPA service provider contracts).
  • Selected partners for product/service delivery, only with consent or lawful basis.
  • Public, judicial, or governmental authorities for legal obligations (e.g., under Russian localization requirements or UAE regulatory reporting).
  • In case of business transactions (e.g., mergers), to potential buyers with protection guarantees.

5. International Data Transfers

As a global organization targeting markets including the USA, Russia, and UAE, data may be transferred to subsidiaries or suppliers in non-EU/EEA countries, including those without adequacy decisions. We adopt appropriate safeguards pursuant to GDPR Chapter V, CCPA requirements, Russian Law 152-FZ (e.g., data localization where required), UAE Law 45/2021, and other laws:

  • Standard Contractual Clauses (SCC) approved by the EU Commission or UK equivalents.
  • Binding Corporate Rules (BCR) for intra-group transfers.
  • EU-U.S. Data Privacy Framework (DPF) or successor frameworks for transfers to the USA.
  • Consent or other derogations where applicable.
  • For Russia: Compliance with data localization rules (storage in Russian databases for Russian residents' data).
  • For UAE: Ensuring transfers align with adequacy or contractual protections.

For details on specific transfers, contact the DPO.

6. Retention Period

  • Contract data: Up to 10 years after termination for tax/legal obligations (longer if required by Russian or UAE laws).
  • Marketing data: Until consent is withdrawn or 24 months from the last interaction.
  • Navigation data: Up to 6 months, unless legal obligations (e.g., longer retention for security under certain laws).

At the end, data is anonymized or securely deleted.

7. Security Measures

We adopt physical, administrative, and technical measures to protect data from unauthorized access, loss, or alteration (e.g., encryption, firewalls, regular audits), aligned with standards like ISO 27001 and requirements under GDPR, CCPA, Russian, and UAE laws. Suppliers are required to meet equivalent standards.

8. Data Subjects' Rights

You have rights under applicable laws, including:

  • Under GDPR/UK GDPR: Access, rectification, erasure, restriction, objection, portability, withdrawal of consent (Arts. 15-22).
  • Under CCPA/CPRA (for California residents): Right to know, delete, correct, opt-out of sale/sharing, limit sensitive data use, non-discrimination.
  • Under Russian Law 152-FZ: Access, correction, blocking, destruction, consent withdrawal.
  • Under UAE Law 45/2021: Access, rectification, erasure, restriction, objection, portability.
  • Generally: Lodge a complaint with supervisory authorities (e.g., UK ICO, California AG, Russian Roskomnadzor, UAE Data Office).

Exercise rights via the contact form or email to the DPO. We respond within timelines required by law (e.g., 1 month under GDPR, 45 days under CCPA). For CCPA requests, use privacy@exagongroup.com or a toll-free number if available.

9. Integrated Cookie Policy

The chrysalisofficial.com site uses cookies and similar technologies (e.g., pixels, local storage) to improve the user experience, in compliance with global standards including ePrivacy Directive (EU), CCPA opt-out requirements, and consent rules under Russian/UAE laws.

Types of Cookies:

  • Technical/necessary: Essential for operation (e.g., session, authentication). No consent required, but notice provided.
  • Analytical: For aggregate statistics (e.g., Google Analytics with anonymized IP). Basis: Legitimate interest; opt-out available.
  • Profiling/marketing: For personalized advertising (e.g., third parties like Google Ads). Basis: Explicit consent; opt-out for sharing under CCPA.
  • Third-party: Provided by partners (e.g., social media plugins). See their policies.

Consent Management: On first access, a banner requests granular consent (or opt-out options for regions like USA). You can modify preferences at any time via the "Manage Cookies" link in the footer. Without consent, only technical cookies are active. For CCPA, we honor "Do Not Sell/Share My Personal Information" signals.

Cookie List (non-exhaustive example):

  • _ga (Google Analytics): Duration 2 years, analytical.
  • NID (Google): Duration 6 months, profiling.

To block cookies, configure your browser (e.g., Chrome: Settings > Privacy). Note: This may limit functionality. We comply with global signals like Global Privacy Control (GPC).

10. Changes to the Policy

We may update this Policy to reflect changes in practices or regulations. Updated versions will be published here with the effective date. For substantial changes, we will notify via email, site banner, or other means as required by law (e.g., 30 days notice). Continued use implies acceptance.

For any clarification, contact us via the dedicated form. Chrysalis Official, managed by Exagon Industries Ltd, prioritizes your privacy and is committed to maximum data protection across all jurisdictions.

We use cookies to enhance your experience, analyze usage, and for marketing. You can accept all, reject non-essential, or customize your choices. See our “Privacy Policy” and “Cookies Policy”.