Privacy policy

Nephris applies maximum clarity on how we use your personal data.

The following describes how to manage the website, with reference to the processing of personal data of users who consult it.

This information is also provided pursuant to art. 13 of Regulation (EU) 2016/679 “Protection of individuals with regard to the processing of personal data, as well as the free movement of such data” (in short GDPR) and legislative decree no. 196 of 30 June 2003, as amended and supplemented by Legislative Decree no.  101 of 10.08.2018 to those who interact via the web with Nephris, through its official website.

During the consultation of the site may, in fact, be collected information relating to users who constitute personal data pursuant to the Privacy Code. This information is provided exclusively for the mentioned site and does not concern any other sites accessible by the user through the links on the same.

Data Controller

The data controller is Società Nephris S.r.l., with registered office in Via Vincenzo Gioberti, 8, 20123 Milan (hereinafter also:  “Company”).

Data Processors

The Data Controller may appoint other subjects “Data Processors” (hereinafter the “Data Processors”), internal or external, as well as persons authorized to carry out processing operations.

Internal and external Processors of personal data have been appointed for the various processing purposes.

The complete list of Data Processors can be requested at the email address: info@nephris.com.

Place of data processing

The processing of data related to the web services on this website is carried out at Company’s premises indicated above and is performed by employees and consultants duly appointed as Persons in charge of processing (Incaricati del trattamento), and external maintenance and management staff, duly appointed as Data Processors (Responsabili del trattamento).

Types of data processed

Navigation data.

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified subjects, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful,  error, etc.) and other parameters relating to the operating system and the user’s computer environment.

These data are used for the sole purpose of checking the correct functioning of the site and are deleted within a maximum of six months following the collection; except in the case in which they must be used to ascertain responsibility in the event of computer crimes against the site: in this case, the information will be kept available to the Authority for the time necessary to guarantee the Company the exercise of its rights of defense.

Data provided voluntarily by the user.

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the subsequent acquisition of the e-mail address and any other personal data included in the electronic communication, as well as the data of the sender / user, necessary to respond to requests or to provide the service.

Specific synthetic information will be provided for particular services.

Cookie

The Company uses IT techniques for the direct acquisition of personal identification data of the user. For the types of cookies used, please read the so-called “cookie policy“, available below.

Optional provision of data

Unless specified for surfing data, the user is free to provide personal information in the application forms or otherwise indicate them in order to request any information packs or other communications. Failure to provide personal information may, however, make it impossible to fulfill the request.

Processing methods

Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures have been adopted to prevent the loss of data, illicit or incorrect use and unauthorized access.

Purpose of the processing – communication and dissemination of data

The personal data provided by users who request dispatch of informative material are used for the sole purpose of providing the service or provision requested and may be known by employees and collaborators of the Company, duly appointed as Data Processors, as well as by third parties who provide ancillary or instrumental services to the Company’s activity, appointed as Data Processors.

Outside of these cases, the data will not be communicated, except where this is necessary to fulfill requests from the Judicial Authority or Public Security. The data collected will in no case be disseminated.

Rights of the interested parties

The subjects to whom the personal data refer have the right, pursuant to Regulation (EU) 2016/679 (GDPR) and Legislative Decree no. 101 of 10.08.2018 to obtain, at any time, confirmation of the existence or otherwise of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or correction. Pursuant to the same article, you have the right to request cancellation, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose, in any case, for legitimate reasons, to their treatment.

Requests should be addressed to the internal Manager of the processing by email  at: info@nephris.com.

 

Date of last update: October 2021