Log in


pursuant and for the effects of art. 13, of UE Regulation 2016/679
regarding the protection of personal data with regard to the processing of personal data,
as well as the free movement of such data and that repeals directive 95/46/CE

This notice is made in accordance with Law No. 190 of July 18, 2018, of art. 13 of EU Regulation no. 2016/679 (“European General Regulations on the protection of personal data”), as well as Law no. 506/2004 concerning the processing of personal data and the protection of privacy in the field of electronic communications. To this end, it specifies that the legal basis of data processing is that relating to Romanian legislation.

Holder: NANOMID EMEA S.R.L., represented by Mr. Marco Nanì, the Administrator, (VAT/TIN: RO39415291) with registered office at Ion Vidu Street No.15, Ap.1 - Judet Timis - 300225 - Municipiul Timisoara – ROMANIA, informs in accordance to art. 13, EU Regulation no. 2016/679 (hereafter, "GDPR") that your data will be processed in the ways and for the purposes listed below:

1. Subject of the Processing

The Holder cares about the protection of your personal data and complies with applicable data protection laws (Law No. 190/18 and GDPR 2016/679). Your personal data is treated confidentially and is transferred to third parties only as provided in this Policy, or with your consent. We process personal data that you provide to us when using the website and/or after registering on the website and/or during the purchase process of nanomid products and during the performance of related contractual relationships.

In particular, we process:

  • your personal, identifying and non-sensitive data (in particular, name, surname, tax code, VAT, email, telephone number – hereafter, “personal data” or also “data”) that you provide directly, through registration to the website and/or the request to utilize individual services and products purchased through the nanomid website;
  • data not directly provided by you – which is nevertheless collected to the extent provided for by art. 14, paragraph 5, GDPR – the transmission of which is connected to the use of Internet communication protocols (for example, page accesses, amount of transferred data, message of status for successful accesses, session ID numbers, IP addresses, URL addresses, etc.). Such data allows to retrace your visits path to the site.

2. Purpose of the Processing

Your personal data is processed:

A) without your express consent (art. 24, lett. a), b), c), Privacy Code and art. 6, lett. b), e), GDPR), for the following Service Purposes:

  • processing a contract request or a pre-contractual request;
  • implementing pre-contractual measures adopted at your request;
  • processing internal statistics;
  • fulfilling tax obligations resulting from existing relationships;
  • complying with obligations required by law, a regulation, community legislation or an Authority's order;
  • preventing or detecting fraudulent or harmful abuses for the website;
  • pursuing a legitimate interest of the Data Controller or of third parties, within the limits and conditions referred to in art. 6, letter f), GDPR;
  • exercising the rights of the Data Controller, (for example, the right to defend in court);

B) Only with your specific and unambiguous consent (articles 23 and 130, Privacy Code and art. 7, GDPR), for the following Marketing Purposes:

  • send newsletters, commercial communications and/or advertising material about products and/or services, different and/or dissimilar from those already purchased, offered by the Data Controller via email.

3. Nature of Personal Data Provision

The provision of your data for the purposes described in point 2 is necessary.
Without this provision, we cannot guarantee your registration on the Site, nor can we proceed with the sale of any product on our site.
The provision of Data for the purposes described at point 2, letter b), is optional. You can therefore choose not to provide any data or revoke our ability to process data previously provided. In this case, you will no longer receive our newsletters, but you will continue to receive our services and maintain the right to register on the site.

4. Processing Methods

The processing of your personal data is carried out through the operations indicated in Art. 4, Privacy Code and Art. 4, No. 2), GDPR and specifically: collection, recording, organization, preservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The processing of your Data will be based on the principles of correctness, lawfulness and transparency and can also be carried out through automated methods to store, manage and transmit them and will be carried out through suitable tools, as far as reason and the state of the art, to ensure safety and secrecy by using suitable procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination.

5. Data Retention Period

The Controller will process personal data for the duration of the contract and for no longer than 2 years from the collection of data for Marketing Purposes. After this storage period, the data will be destroyed or made anonymous.

6. Data Access

The personal data processed by the Controller will not be disseminated, that is, knowledge will not be given to undetermined subjects, in any possible form, including that of making them available or simple consultation. However, they may be communicated to workers employed by the Controller and to some external subjects who collaborate with them. In particular, your data may be made accessible to:

  • employees and collaborators of the Controller;
  • consultants authorized to manage the site and provide the related services (for example: customer services, complaint service, legal office etc.), in their capacity as internal data process Controllers and/or data process Managers and/or system Administrators;

Your data may also be communicated, strictly necessary, to subjects entitled to access it by virtue of legal provisions, regulations, community regulations.

7. Data Communication

Without your express consent (ex art. 24 lett. a), b), d), Privacy Code and art. 6 lett. b), c), GDPR), the Controller may communicate your data for the purposes indicated to Supervisory Bodies, Judicial Authorities, and all other subjects to whom communication is required by law for the fulfillment of the aforementioned purposes.

8. Data Transfer

The management and storage of personal data will take place on the Controller's servers and/or those of third-party companies appointed and duly identified as Responsible for processing, located within the European Union, or in accordance with artt. 45 and following, GDPR. Currently, the servers are located within the European Union. The data will not be transferred outside the European Union. However, should it become necessary to move the servers' location, within Italy and/or European Union and/or outside the EU, such relocation will always respect artt. 45 and following, GDPR. In this case, moreover, the Controller assures from now on that the extra-EU data transfer will happen in line with the applicable legal provisions, stipulating, if needed, agreements that ensure an adequate level of protection and/or adopting the standard contract clauses established by the European Commission.

9. Navigation Data

The IT systems and software procedures used for the website operation can acquire some personal data during their regular activity, whose transmission is implicit in the use of Internet communication protocols. These pieces of information are collected not to associate them with identified parties, but by their nature could, through processing and association with data held by third parties, allow users to be identified (for instance, parameters related to the operating system and user's IT environment). This data is used by the Controller exclusively to derive anonymous statistical information about the use of the Site and to check its proper functioning, and they are deleted immediately after processing. Such data can also be used to ascertain responsibility in case of potential cyber crimes against the Site.

10. Cookies

While using the nanomid site, cookies are stored on your computer. Cookies are small text files saved on your computer which provide us with certain information. They are widely used in order to make websites work, or work more efficiently, as well as to enhance user experience and provide certain information to the site owners. Our site uses cookies that remain on your computer for different periods. Some expire at the end of each session, and some stay longer so that when you return to our Site, you can have a better user experience. Web browsers allow you to exercise some control over cookies through browser settings. Most browsers enable you to block cookies or to block cookies from specific sites. Browsers can also help you to delete cookies when you close your browser. However, you should bear in mind that this may mean any opt-outs or preferences set on the site will be lost. We encourage you to refer to your browser's technical information for instructions. If you choose to disable cookie setting or refuse to accept a cookie, some parts of the service may not work correctly or may be considerably slower.

11. Rights of the Data Subject

In your capacity as the data subject, you hold the rights set forth in art. 15, GDPR, specifically:

  • to obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
  • to obtain indication of: a) the origin of personal data; b) the purposes and methods of processing, including through profiling; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the holder, the managers, and the designated representative (DPO) under Art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom personal data can be communicated or who can learn about them as designated representatives in the territory of the State, managers or agents;
  • to obtain: a) the updating, rectification or, when interested, integration of data; b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including those for which preservation is unnecessary relative to the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) were brought to the attention, also concerning their content, of those to whom the data has been communicated or disseminated, except where such fulfillment proves impossible or involves a use of means clearly disproportionate to the protected right;
  • to object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if relevant to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, via automated calling systems without human intervention, by email, and/or through traditional marketing methods, by phone, and/or paper mail. It should be noted that the data subject's right to object, as mentioned above, to direct marketing purposes extends to traditional methods, and nonetheless, the data subject's right to object can still be partly exercised. Therefore, the data subject can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication. Where applicable, you also have the rights under articles 16 to 21 GDPR (Right to rectification, right to be forgotten, right to limitation of processing, right to data portability, right to opposition), as well as the right to complain to the Guarantor Authority.

12. Method of Exercising Rights

You have the right to ask the Owner for access to the data concerning you, their rectification or deletion, the integration of incomplete Data, the limitation of processing; to receive the Data in a structured format, commonly used and readable by automated devices; to revoke any consent given regarding the processing of your sensitive data at any time and to wholly or partially object to the use of the Data; to propose a complaint to the Authority, as well as to exercise the other rights recognized by the applicable regulations. You can exercise your rights at any time by sending: an email to the address: [email protected]

13. Minors

If the subject providing the data is under 16 years of age, such processing is legal only and insofar as, such consent is given or authorized by the holder of parental responsibility for whom the identification data are acquired.

14. Holder, Responsible and Assignees

NANOMID EMEA S.R.L., represented by the administrator, Mr. Marco Nanì, (VAT/Tax Code: RO39415291) headquartered at Street Ion Vidu n°15, Apt. 1 - Judet Timis - 300225 - Municipiul Timisoara – ROMANIA. Mr. Marco Nanì can be contacted via email at: [email protected]. The updated list of those responsible and in charge of the processing is kept at the headquarters of the Holder of processing.

15. DPO – Data Protection Officer

Cesare Tallarico – mail: [email protected]


The personal data protection authority to which you can file any complaints is:

Autoritatea Naționala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (in English: National Supervisory Authority for Personal Data Processing)

  • Address: 28-30 G-ral Gheorghe Magheru Bld., District 1, post code 010336, Bucharest, Romania
  • Website: dataprotection.ro

17. Changes to this Policy

This Policy may be subject to changes. Therefore, it is recommended to periodically check this Policy and refer to the most updated version.


By registering, using, and purchasing the products available on the nanomid site, the user unequivocally expresses their consent to the data processing in compliance with this policy.