Privacy Policy for Customers and Suppliers

The EU Regulation 2016/679 imposes the obligation to inform the interested party about the various fundamental elements (specified in Articles 13 and 14), with reference to the processing of the Personal Data concerning him. As far as the undersigned Company is concerned, it is fully fulfilled by informing you that:

Data controller and data protection officer

The Data Controller is “nimax s.p.a“,

Via dell’Arcoveggio, 59/2 – 40129 Bologna (BO)

Tel. +39 051-4199111


To date, no data protection officer has been appointed, resulting in this Organization exempt from the requirements set out in art. 37 of the G.D.P.R.

Purpose and legal basis of the processing

The purposes of the processing are of a dual nature, and concern:

  • the execution of the pre-contractual and contractual relationship between the parties (pursuant to Art. 6, par. 1, letter “b” of the aforementioned Regulation);
  • the fulfillment of all legal obligations relating to it and attributable to the Data Controller (pursuant to Art. 6, paragraph 1, letter “c” of the aforementioned Regulation);

They may also relate to the legitimate interest of the Data Controller (pursuant to art. 6, par. 1, letter “f” of the aforementioned Regulation).

Methods of processing and nature of the provision of data

Your personal data will be processed with the aid of paper and electronic media. The provision of your personal data is optional; in their absence, however, it is impossible for the undersigned Company to fulfill the aforementioned contractual and regulatory obligations. Failure to communicate your personal data therefore prevents the contractual relationship from being perfected.

Categories of recipients

Your personal data may be disclosed to:

1) Personnel of the undersigned Company authorized to process;

2) Companies and professional partners to assist in technical-operational activities;

3) Companies and professional offices to support management, administrative and legal activities;

4) Companies and consultants for technical-IT and organizational services;

5) Banking and insurance institutions that provide functional services for the purposes indicated above;

6) Judicial or administrative authorities, for the fulfillment of legal obligations.

These suppliers operate as external data processing managers, appropriately appointed pursuant to Art. 28 of EU Regulation 2016/679.

Dissemination of data

Your personal data will not be disclosed, with this term meaning giving them knowledge to indeterminate subjects in any way, including by making them available or consulting.

Retention period

Your personal data will be kept for the period necessary to process contractual requests and, subsequently, for 10 years from the registration of the last accounting movement attributable to you. Legal obligations that may determine an extension are reserved.

Rights of interested parties

The rights provided by the aforementioned Regulation are recognized in Articles 15 to 22, summarized below.

You have the right to:

  • request access to your personal data and information relating to them, as well as the correction of inaccurate ones or the integration of incomplete ones;
  • request the cancellation of personal data concerning you (upon the occurrence of one of the conditions indicated in Art. 17, paragraphs 1 and 3) or the limitation of their use (Art. 18);
  • oppose the processing of your personal data and withdraw consent at any time you wish (limited to cases in which the processing is based on your consent for one or more specific purposes);
  • lodge a complaint with a supervisory authority (Authority for the protection of personal data –

You can exercise these rights by contacting the Data Controller directly through the previously indicated contact channels.

Scroll to top