VerdeChrome Privacy Policy

Last Updated: March 31, 2026


1. General

This Privacy Policy applies to VerdeChrome (hereinafter referred to as “the Company”, “we”, “us”, “our”), the owner and operator of the website www.chromeoxidegreen.com. We provide chrome oxide green pigments and related industrial products to global customers, including users and business partners within the European Economic Area (EEA). This policy explains how we collect, use, store, and protect personal data in full compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and other applicable data protection laws and regulations worldwide.


2. Data Controller

Data Controller: VerdeChrome
Website: www.chromeoxidegreen.com
Contact for Privacy Matters: privacy@chromeoxidegreen.com
For any inquiries, requests, or complaints related to personal data processing, please contact us via the above email address, and we will respond within a reasonable timeframe as required by GDPR.


3. Information We Collect

We only collect personal data that is necessary for conducting business communications, providing products and services, and complying with legal obligations. The personal data we collect includes, but is not limited to:
  • Personal identification information: Name, job title, and professional contact details (email address, telephone number).
  • Business-related information: Company name, company address, inquiry content, product requirements, quotation records, order details, and contract-related information.
  • Technical information: IP address, browser type and version, device information (model, operating system), access logs, and cookie data (for website optimization, traffic analysis, and security protection).
We do not collect any sensitive personal data (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, health data) unless explicitly required by law or with your express consent.


4. Purpose of Data Processing

We process your personal data solely for legitimate purposes that are necessary for our business operations and compliant with GDPR. The main purposes include:
  • Responding to your inquiries, requests for product information, and quotations related to chrome oxide green pigments.
  • Providing products, samples, technical support, and after-sales services as requested.
  • Fulfilling contractual obligations, including order processing, delivery arrangements, and payment verification.
  • Ensuring the security and stability of our website, preventing fraud, unauthorized access, and other malicious activities.
  • Optimizing our website and services based on user access data and feedback.
  • Complying with applicable legal obligations, including tax, customs, trade compliance, and other regulatory requirements.

5. Legal Bases for Processing (GDPR Compliance)

For users located in the EEA, our processing of personal data is based on the following legal bases as set out in Article 6 of GDPR:
  • Article 6(1)(b) GDPR: Performance of a contract to which you are a party, or taking pre-contractual measures at your request (e.g., processing your inquiry to provide a quotation, fulfilling an order).
  • Article 6(1)(f) GDPR: Pursuit of our legitimate interests, provided that such interests do not override your fundamental rights and freedoms. Our legitimate interests include improving our products and services, ensuring website security, and conducting legitimate business operations.
  • Article 6(1)(c) GDPR: Compliance with a legal obligation to which we are subject (e.g., retaining data for tax and accounting purposes).

6. Data Sharing and Third-Party Recipients

We strictly prohibit the sale, rental, or disclosure of your personal data to any third party for commercial purposes. We may only share your personal data with the following categories of third parties, all of whom are required to comply with GDPR and other applicable data protection laws:
  • Logistics, freight, and customs agents: To fulfill order delivery and customs clearance obligations.
  • IT service providers: To maintain and optimize our website, servers, and data management systems (e.g., website hosting, data backup services).
  • Legal and regulatory authorities: When required by law, court order, or regulatory directive (e.g., responding to a request from a competent data protection authority).
We ensure that all third-party recipients enter into a data processing agreement (DPA) with us, which includes obligations to protect personal data, implement appropriate security measures, and only process data in accordance with our instructions.

7. International Data Transfers

As we serve customers worldwide, your personal data may be transferred to countries outside the EEA. To ensure that such transfers comply with GDPR, we implement the following safeguards:
  • Using the Standard Contractual Clauses (SCCs) approved by the European Commission (Commission Implementing Decision (EU) 2021/914) for transfers to countries that have not been deemed to provide an adequate level of data protection by the European Commission.
  • Ensuring that all third-party recipients outside the EEA implement equivalent data protection measures to those required by GDPR.
Upon request, we can provide a copy of the SCCs or other relevant transfer mechanisms used.

8. Data Retention Period

We retain your personal data only for the shortest period necessary to fulfill the purposes for which it was collected, or as required by applicable law. The retention period is determined based on the following criteria:
  • For business-related data (e.g., inquiries, orders, contracts): Retained for the duration of the business relationship plus 7 years (to comply with tax and accounting obligations).
  • For technical data (e.g., IP address, access logs): Retained for 12 months from the date of collection, unless longer retention is required for security or legal purposes.
After the retention period expires, your personal data will be securely deleted or anonymized (such that it can no longer identify you) in accordance with our data destruction procedures.

9. Your Rights Under GDPR

If you are located in the EEA, you have the following rights under GDPR, which you can exercise by contacting us at privacy@chromeoxidegreen.com:
  • Right of Access: Request a copy of the personal data we hold about you, including details of how it is processed and shared.
  • Right of Correction: Request correction of any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (“Right to be Forgotten”): Request the erasure of your personal data if it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent (where applicable).
  • Right to Restriction of Processing: Request that we restrict the processing of your personal data (e.g., if you dispute the accuracy of the data).
  • Right to Object: Object to the processing of your personal data based on our legitimate interests, unless we can demonstrate compelling legitimate grounds for the processing that override your rights and freedoms.
  • Right to Withdraw Consent: If processing is based on your consent, you may withdraw your consent at any time (this will not affect the lawfulness of processing before withdrawal).
  • Right to Data Portability: Request that we provide your personal data in a structured, commonly used, and machine-readable format, or transmit it directly to another data controller (where technically feasible).
  • Right to Lodge a Complaint: Lodge a complaint with the competent data protection authority in your country of residence if you believe we have violated GDPR.
We will respond to your request within one month of receipt, and may extend this period by a further two months in complex cases (we will inform you of any such extension and the reason for it).

10. Cookies and Similar Technologies

We use cookies and similar technologies (e.g., web beacons) to analyze website traffic, improve user experience, and ensure website functionality. Cookies are small text files stored on your device when you visit our website.
You can manage or disable cookies through your browser settings. However, please note that disabling certain cookies may affect the functionality of our website (e.g., preventing you from accessing certain features or receiving personalized content).
For more details on the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy (available on our website).

11. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, disclosure, alteration, or destruction. These measures include:
  • Encryption of personal data (both in transit and at rest).
  • Access controls to ensure only authorized personnel can access personal data.
  • Regular security audits and updates to our systems and software.
  • Training for employees on data protection and GDPR compliance.
In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify the competent data protection authority within 72 hours of becoming aware of the breach, and will notify you if necessary.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in applicable laws, our business operations, or data processing practices. Any significant changes will be posted on this page, with the “Last Updated” date revised accordingly. We encourage you to review this policy regularly to stay informed about how we protect your personal data.

13. Contact Us

VerdeChrome
Website: www.chromeoxidegreen.com
Privacy Contact: privacy@chromeoxidegreen.com