NTP Nano Tech Projects S.r.l. (“Company”) considers the users’ privacy to be a very serious matter and commits itself to respect it in accordance with the applicable regulations (Regulation EU 2016/679 – hereinafter referred to as “Regulation”). This document (“Privacy Policy”) provides information on the processing of personal data if collected by the Company through its website (“WebSite”) and therefore constitutes information to the interested parties in accordance with the aforementioned regulations. In the sections of the website, where the personal data of the user is collected, a specific privacy policy is published that in any case the present Privacy Policy integrates.

1. Data Controller

The responsible of the data processing is NTP Nano Tech Projects S.r.l.,located in Via Circonvallazione n.11/A, 61048 Sant’Angelo in Vado (PU) (“Controller”) contacted at the following address:

2. Which data do we process

Subject of the process may be common personal data that are provided by the user when he interacts with the functionality of the website, including browsing data or he requests to use the services offered by the website (registration to any reserved areas/services and other initiatives, use of any App, requests for information and reports also via contact forms etc.) as well as data collected through cookies as specified in the Cookie Policy.

3. Why we process your personal data and how

With data subject’s consent the Company can process common personal data to allow the use of services and features presented on the site and optimize the operation, to make statistics on visits, to handle requests and reports received through the site, for registration to any reserved areas or initiatives, in accordance with Art.6.1(a) of the regulation. The Company can deal personal data to fulfil obligations arising from laws, regulation, community legislation: the legal basis of processing for this purpose is Art.6.1(c) of the Regulation. The sensitive and common user’s data could be process for the management and the obligations related to reports of adverse events, according to the article. 9.2 (a)(g)(i) of the Regulation. Finally, the user’s sensitive and/or common personal data may be process by the company in order to protect their rights in Court or for application of the Company Code of Conduct and Ethic Code. All user data, if collected, are also process with paper and automated tools that are suitable to guarantee security and confidentiality.

4. Navigation data

The browsing data are normally deleted after the processing in anonymous form but they could be stored and used by the Company to ascertain and identify the authors of any informatic crimes committed against the website or through the website. Except this eventuality and what is specified in the Cookie Policy section, the browsing data described above are temporarily stored in compliance with the applicable law.

5. Links to the other websites

The website may contain links to other websites (third party websites). The Company doesn’t carry out any access or control on cookies, web beacon and other user tracking technologies used by third party websites to which the user can access from the Company website; the Company doesn’t carry out any controls on contents and materials published by or obtained through third-party websites, nor on relative methods of processing of user personal data, and expressly declines any related responsibility on such eventualities. The user is required to verify the privacy policy of third party sites accessed through the website and to get informed about the conditions applicable to the processing of his personal data. The present privacy policy applies only to the website as above defined.

6. How to store data and how long

In accordance with the art. 5.1 (c) of the Regulation, the information systems and the informatic programs used by the Company are configured as to minimize the use of personal and identification data; these data are processed only to the extent necessary to achieve the purposes indicated in this Policy; the data will be stored just for the time period needed to achieve the objectives pursued and, in any case, the criterion used to determine the conservation period is based on compliance with the terms permitted by applicable laws and the principles of minimization of processing, limitation of conservation and rational management of archives.

7. How we ensure the security and the quality of personal data

The Company protects the security of user personal data and complies with the security requirements of the applicable legislation in order to avoid data loss, illegal use of data and unauthorized access to them. The Company uses technologies for security and procedures to promote the protection of user’s personal data; for ex. personal data are stored on secure server that are located in places with secure and controlled access. The user can help the Company to update and keep correct his personal data communicating any changes that are relatives of his address, qualification, contact information etc.

8. Who can access the data

The personnel of the Company belonging to the categories of administrative, IT technicians, product managers and other subjects, who need to process users’ data in the performance of their tasks, are authorized to process the user’s data, although it could happen in rare and very circumstantial cases. The data may be communicated even in non-EU countries (“Third Countries”) for the same purposes and / or for administrative-accounting purposes. Furthermore, the data can be communicated, even in Third Countries, to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent collaborators, also in associated form; third parties and suppliers of which the Controller uses for the provision of commercial, professional and technical services that are functional to the management of the website and related functionalities (e.g. IT service and Cloud Computing providers), in pursuit of the purposes specified above and to the services requested by the user; (iii) third parties in the case of mergers, acquisitions, sale of company or business unit, audits or other extraordinary transactions; (iv) the Company Supervisory Responsible for the pursuit of supervisory activities and the application of the Company Code of Conduct. He will receive only the data necessary for the relevant functions and will use them only for the purposes indicated above and to process them in compliance with the applicable privacy legislation. he data can also be communicated to the legitimate subjects according to the applicable legislation. With the exception of the aforementioned, the data are not shared with third parties, physical or legal persons, who do not perform any commercial, professional or technical function for the Controller and will not be disclosed. The subjects who receive the data could process them as Controllers, Responsible or authorized to process, depending on the specific case, for the purposes indicated above and in compliance with the applicable privacy law. Regarding the possible transfer of data to Third Countries, including countries that may not guarantee the same level of protection as the Privacy Law, the data Controller shall inform that the processing will take place according to one of the methods permitted by the Regulation, such as for example the user’s consent, the adoption of standard clauses approved by the European Commission, the selection of subjects adhering to international programs for free circulation of data, (e.g. EU-USA Privacy Shield) or operating in countries considered as safe place by the European Commission.

9. Users’ rights

User may exercise, at any time, the rights recognized by the arts. 15-22 of the Regulation, including the right to obtain confirmation of the existence or not of personal data relating to himself; verify its content, origin, accuracy, location (also with reference to any third countries); request a copy; request the rectification and, in the cases provided for by applicable law, the limitation of processing, cancellation, opposition for direct contact activities, direct marketing (also limited to some means of communication). In the same way, the user will always withdraw his consent and/or raise observations on specific uses of the data regarding particular personal situations deemed incorrect or not justified by the current relationship or to propose a claim of an authority Control to the guarantor for the protection of personal data. For any request relating to the processing of personal data by the company, in order to exercise the rights recognized by the applicable law, as well as to know the updated list of the subjects to which the data is accessible, the user can contact the Controller to the contact details indicated above.