pursuant and for the effects of art. 13, of UE Regulation 2016/679
regarding the protection of personal data with regard to the processing of personal data,
as well as the free movement of such data and that repeals directive 95/46/CE
This notice is made in accordance with Law No. 190 of July 18, 2018, of art. 13 of EU Regulation no. 2016/679 (“European General Regulations on the protection of personal data”), as well as Law no. 506/2004 concerning the processing of personal data and the protection of privacy in the field of electronic communications. To this end, it specifies that the legal basis of data processing is that relating to Romanian legislation.
Holder: NANOMID EMEA S.R.L., represented by Mr. Marco Nanì, the Administrator, (VAT/TIN: RO39415291) with registered office at Ion Vidu Street No.15, Ap.1 - Judet Timis - 300225 - Municipiul Timisoara – ROMANIA, informs in accordance to art. 13, EU Regulation no. 2016/679 (hereafter, "GDPR") that your data will be processed in the ways and for the purposes listed below:
The Holder cares about the protection of your personal data and complies with applicable data protection laws (Law No. 190/18 and GDPR 2016/679). Your personal data is treated confidentially and is transferred to third parties only as provided in this Policy, or with your consent. We process personal data that you provide to us when using the website and/or after registering on the website and/or during the purchase process of nanomid products and during the performance of related contractual relationships.
In particular, we process:
Your personal data is processed:
A) without your express consent (art. 24, lett. a), b), c), Privacy Code and art. 6, lett. b), e), GDPR), for the following Service Purposes:
B) Only with your specific and unambiguous consent (articles 23 and 130, Privacy Code and art. 7, GDPR), for the following Marketing Purposes:
The provision of your data for the purposes described in point 2 is necessary.
Without this provision, we cannot guarantee your registration on the Site, nor can we proceed with the sale of any product on our site.
The provision of Data for the purposes described at point 2, letter b), is optional. You can therefore choose not to provide any data or revoke our ability to process data previously provided. In this case, you will no longer receive our newsletters, but you will continue to receive our services and maintain the right to register on the site.
The processing of your personal data is carried out through the operations indicated in Art. 4, Privacy Code and Art. 4, No. 2), GDPR and specifically: collection, recording, organization, preservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The processing of your Data will be based on the principles of correctness, lawfulness and transparency and can also be carried out through automated methods to store, manage and transmit them and will be carried out through suitable tools, as far as reason and the state of the art, to ensure safety and secrecy by using suitable procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination.
The Controller will process personal data for the duration of the contract and for no longer than 2 years from the collection of data for Marketing Purposes. After this storage period, the data will be destroyed or made anonymous.
The personal data processed by the Controller will not be disseminated, that is, knowledge will not be given to undetermined subjects, in any possible form, including that of making them available or simple consultation. However, they may be communicated to workers employed by the Controller and to some external subjects who collaborate with them. In particular, your data may be made accessible to:
Your data may also be communicated, strictly necessary, to subjects entitled to access it by virtue of legal provisions, regulations, community regulations.
Without your express consent (ex art. 24 lett. a), b), d), Privacy Code and art. 6 lett. b), c), GDPR), the Controller may communicate your data for the purposes indicated to Supervisory Bodies, Judicial Authorities, and all other subjects to whom communication is required by law for the fulfillment of the aforementioned purposes.
The management and storage of personal data will take place on the Controller's servers and/or those of third-party companies appointed and duly identified as Responsible for processing, located within the European Union, or in accordance with artt. 45 and following, GDPR. Currently, the servers are located within the European Union. The data will not be transferred outside the European Union. However, should it become necessary to move the servers' location, within Italy and/or European Union and/or outside the EU, such relocation will always respect artt. 45 and following, GDPR. In this case, moreover, the Controller assures from now on that the extra-EU data transfer will happen in line with the applicable legal provisions, stipulating, if needed, agreements that ensure an adequate level of protection and/or adopting the standard contract clauses established by the European Commission.
The IT systems and software procedures used for the website operation can acquire some personal data during their regular activity, whose transmission is implicit in the use of Internet communication protocols. These pieces of information are collected not to associate them with identified parties, but by their nature could, through processing and association with data held by third parties, allow users to be identified (for instance, parameters related to the operating system and user's IT environment). This data is used by the Controller exclusively to derive anonymous statistical information about the use of the Site and to check its proper functioning, and they are deleted immediately after processing. Such data can also be used to ascertain responsibility in case of potential cyber crimes against the Site.
In your capacity as the data subject, you hold the rights set forth in art. 15, GDPR, specifically:
You have the right to ask the Owner for access to the data concerning you, their rectification or deletion, the integration of incomplete Data, the limitation of processing; to receive the Data in a structured format, commonly used and readable by automated devices; to revoke any consent given regarding the processing of your sensitive data at any time and to wholly or partially object to the use of the Data; to propose a complaint to the Authority, as well as to exercise the other rights recognized by the applicable regulations. You can exercise your rights at any time by sending: an email to the address: [email protected]
If the subject providing the data is under 16 years of age, such processing is legal only and insofar as, such consent is given or authorized by the holder of parental responsibility for whom the identification data are acquired.
NANOMID EMEA S.R.L., represented by the administrator, Mr. Marco Nanì, (VAT/Tax Code: RO39415291) headquartered at Street Ion Vidu n°15, Apt. 1 - Judet Timis - 300225 - Municipiul Timisoara – ROMANIA. Mr. Marco Nanì can be contacted via email at: [email protected]. The updated list of those responsible and in charge of the processing is kept at the headquarters of the Holder of processing.
Cesare Tallarico – mail: [email protected]
The personal data protection authority to which you can file any complaints is:
Autoritatea Naționala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (in English: National Supervisory Authority for Personal Data Processing)
This Policy may be subject to changes. Therefore, it is recommended to periodically check this Policy and refer to the most updated version.
By registering, using, and purchasing the products available on the nanomid site, the user unequivocally expresses their consent to the data processing in compliance with this policy.