Privacy Policy for Users

Premise

“nimax s.p.a” considers the privacy of its users to be of fundamental importance and ensures that the processing of personal data is carried out in compliance with the rights and fundamental freedoms, as well as the dignity of the data subject, with particular reference to confidentiality, personal identity, and the right to personal data protection. To this end, “nimax s.p.a” has adopted and implemented a Privacy Policy concerning the management of its website (and all the services contained therein) regarding the processing of users’ personal data.

We therefore ask you to read the following information and to check it periodically carefully, in order to verify any updates or revisions that may become necessary.

EU Regulation 2016/679 imposes the obligation to inform data subjects about the various fundamental elements (specified in Articles 13 and 14) concerning the processing of personal data that pertains to them. Regarding the undersigned Company, we fully comply by informing you that:

Data Controller

The Data Controller is “nimax s.p.a”,

Via dell’Arcoveggio, 59/2 – 40129 Bologna (BO)

Tel. 051-4199111

e-mail: privacy@nimax.it

Purpose of Processing

Any data acquired, always in compliance with current legislation, will be processed for institutional purposes, connected and/or instrumental to providing access to this site, including any additional services requested by the user, in particular:

1. to execute the requested service (such as, for example, access to the site with all its functionalities or subscription to the newsletter). To this end, the data may be communicated to third parties whose collaboration “nimax s.p.a” may and/or must use to carry out the aforementioned purposes. It is still possible to consult the site without providing any personal data, although some functionalities may not be available, and some services may not be provided;
2. for operational and managerial needs internal to “nimax s.p.a” and related to the services offered;
3. to fulfill, in general, legal obligations.

Types of Data Processed

– Browsing Data –

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

– Data Provided Voluntarily by the User –

The optional, explicit, and voluntary sending of personal data to this site, through the appropriate fillable forms, as well as other indicated contact channels, entails the subsequent acquisition of the sender’s email address, necessary to respond to requests, and any other personal data communicated based on the requested service.

Processing Methods and Retention Period

Your personal data will be processed using digital or paper supports, always in full compliance with the principles of security and confidentiality. Your personal data will be retained for the period necessary to fulfill the purposes for which they were collected or until your explicit request for deletion (see the paragraph “Rights of Data Subjects”). Throughout the retention period, your personal data will always be stored in compliance with applicable regulations.

Disclosure of Personal Data

Your personal data will not be disclosed, meaning they will not be made known to unspecified subjects in any way, including by making them available or consulting them. It is also guaranteed that the processing is carried out by minimizing the use of personal and identification data, limiting their use to cases where they are strictly necessary to achieve the purposes for which they were collected.

“nimax s.p.a” also guarantees the adoption and compliance with specific security measures to prevent data loss and any unlawful or incorrect use of the same.

Scope of Application

The management methods reported below refer to this site concerning the processing of personal data of users who consult it and interact with the services and web pages accessible electronically from the address:

https://www.nimax.it

corresponding to the homepage of the site.

The information is provided exclusively concerning the site in question and its parts and is not extendable to other sites or pages not belonging to the site itself (including those that can be consulted by the user through direct links from this site).

In particular, this site contains links to some social sites: LinkedIn, Facebook, YouTube. This information is not extendable to those sites either; by entering them, the user releases the Data Controller from any responsibility. To consult the privacy policy of those companies, the user is requested to visit the related sites:

LinkedIn: https://it.linkedin.com/legal/privacy-policy?_l=it_IT

Facebook: https://www.facebook.com/privacy/

YouTube: https://support.google.com/youtube/answer/2801895?hl=it&ref_topic=9386940

Google Analytics

Based on what was established by the Italian Data Protection Authority, on 05/09/2022, the Google Universal Analytics script was removed from the nimax.it website.

Currently, to collect data on site visitors for statistical and marketing purposes, nimax.it uses the latest version of Google Analytics: GA4.

At the moment, the Data Protection Authority has not yet expressed an opinion on the compliance of GA4 with the GDPR.

However, according to what Google has stated, compared to its predecessors, GA4 should have characteristics that make it GDPR-compliant, as it:

• Processes all data from end-user devices within the EU on servers located in the EU.
• Processes IP addresses for geolocation purposes but no longer stores IP addresses; it uses them in a volatile manner without recording them in its systems.
• Allows the deactivation of Google Signals to prevent linking with Google accounts.
• Allows configuring the granularity of geographic and device data collected (e.g., screen resolution, which requires consent).

If, in the future, the Data Protection Authority identifies non-compliance of GA4 with the GDPR, nimax.it will comply with the directives established by the Authority.

Rights of Data Subjects
According to Articles 15-22 of EU Regulation 2016/679, individuals whose personal data is processed have the right to:

• Obtain confirmation of whether or not such data exists, request access to their personal data and related information, as well as the correction of inaccurate data or the completion of incomplete data.
• Request the deletion of their personal data (if one of the conditions specified in Article 17, paragraphs 1 and 3, is met) or the restriction of its processing.
• Object to the processing of their personal data and withdraw consent at any time (limited to cases where processing is based on explicit consent for one or more specific purposes).
• File a complaint with a supervisory authority (Data Protection Authority – www.garanteprivacy.it).

You may exercise these rights by directly contacting the Data Controller using the contact channels previously indicated in the “DATA CONTROLLER” section.