Privacy Policy for Customers and Suppliers

privacy policy for customers and suppliers

The EU Regulation 2016/679 imposes the obligation to inform the interested party about the various fundamental elements (specified in Articles 13 and 14), with reference to the processing of the Personal Data concerning him. As far as the undersigned Company is concerned, it is fully fulfilled by informing you that:

Data controller and data protection officer

The Data Controller is “nimax s.p.a“,

Via dell’Arcoveggio, 59/2 – 40129 Bologna (BO)

Tel. +39 051-4199111

e-mail: nimax@nimax.it 

To date, no data protection officer has been appointed, resulting in this Organization exempt from the requirements set out in art. 37 of the G.D.P.R.

Purpose and legal basis of the processing

The purposes of the processing are of a dual nature, and concern:

  • the execution of the pre-contractual and contractual relationship between the parties (pursuant to Art. 6, par. 1, letter “b” of the aforementioned Regulation);
  • the fulfillment of all legal obligations relating to it and attributable to the Data Controller (pursuant to Art. 6, paragraph 1, letter “c” of the aforementioned Regulation);

They may also relate to the legitimate interest of the Data Controller (pursuant to art. 6, par. 1, letter “f” of the aforementioned Regulation).

Methods of processing and nature of the provision of data

Your personal data will be processed with the aid of paper and electronic media. The provision of your personal data is optional; in their absence, however, it is impossible for the undersigned Company to fulfill the aforementioned contractual and regulatory obligations. Failure to communicate your personal data therefore prevents the contractual relationship from being perfected.

Categories of recipients

Your personal data may be disclosed to:

1) Personnel of the undersigned Company authorized to process;

2) Companies and professional partners to assist in technical-operational activities;

3) Companies and professional offices to support management, administrative and legal activities;

4) Companies and consultants for technical-IT and organizational services;

5) Banking and insurance institutions that provide functional services for the purposes indicated above;

6) Judicial or administrative authorities, for the fulfillment of legal obligations.

These suppliers operate as external data processing managers, appropriately appointed pursuant to Art. 28 of EU Regulation 2016/679.

Dissemination of data

Your personal data will not be disclosed, with this term meaning giving them knowledge to indeterminate subjects in any way, including by making them available or consulting.

Retention period

Your personal data will be kept for the period necessary to process contractual requests and, subsequently, for 10 years from the registration of the last accounting movement attributable to you. Legal obligations that may determine an extension are reserved.

Google Analytics

Based on what was established by the Italian Data Protection Authority, on 05/09/2022, the Google Universal Analytics script was removed from the nimax.it website.

Currently, to collect data on site visitors for statistical and marketing purposes, nimax.it uses the latest version of Google Analytics: GA4.

At the moment, the Data Protection Authority has not yet expressed an opinion on the compliance of GA4 with the GDPR.

However, according to what Google has stated, compared to its predecessors, GA4 should have characteristics that make it GDPR-compliant, as it:

  • Processes all data from end-user devices within the EU on servers located in the EU.
  • Processes IP addresses for geolocation purposes but no longer stores IP addresses; it uses them in a volatile manner without recording them in its systems.
  • Allows the deactivation of Google Signals to prevent linking with Google accounts.
  • Allows configuring the granularity of geographic and device data collected (e.g., screen resolution, which requires consent).

If, in the future, the Data Protection Authority identifies non-compliance of GA4 with the GDPR, nimax.it will comply with the directives established by the Authority.

Rights of interested parties

The rights provided by the aforementioned Regulation are recognized in Articles 15 to 22, summarized below.

You have the right to:

  • request access to your personal data and information relating to them, as well as the correction of inaccurate ones or the integration of incomplete ones;
  • request the cancellation of personal data concerning you (upon the occurrence of one of the conditions indicated in Art. 17, paragraphs 1 and 3) or the limitation of their use (Art. 18);
  • oppose the processing of your personal data and withdraw consent at any time you wish (limited to cases in which the processing is based on your consent for one or more specific purposes);
  • lodge a complaint with a supervisory authority (Authority for the protection of personal data – garanteprivacy.it).

You can exercise these rights by contacting the Data Controller directly through the previously indicated contact channels.