Privacy policy

Privacy policy

Version 2022

This information notice is prepared in accordance with Articles 13 et seq. of the EU Regulation 2016/679 (hereinafter also GDPR) and contains important information on the processing of your Personal Data. The data controller informs you that it will process your Personal Data in compliance with the Privacy, Personal Data Protection Regulations and the principles of lawfulness, fairness, transparency, purpose limitation and storage, data minimisation, accuracy, integrity, confidentiality.
Therefore, in relation to the above, the data controller provides the following information.


The data controller is AMBRA s.r.l., Strada del Petriccio e Belriguardo 35, 53100 Siena (SI), Medicinal Research Center – Toscana Life Sciences Foundation, 0577 381421, P. IVA 01504290527, in the person of its legal representative.


The Personal Data you provide through the Website will be processed by the Controller for the following purposes:
2.1. Website navigation. Art. 6(1)(f) and recital 47 of the GDPR: processing is necessary for the purposes of pursuing the legitimate interests of the data controller or a third party, provided that the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data are not overridden, having regard to the reasonable expectations of the data subject based on his or her relationship with the data controller. Activities strictly necessary for the operation of the website and the provision of the platform navigation service, therefore, the provision is necessary.
2.2. Contact request via the Contact form. Art. 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject’s request. The provision of personal data necessary for the provision of the services requested by the Data Subject is necessary. Failure to provide the data will make it impossible to obtain what has been requested or to use the services of the data controller.
2.3. Organisational management of the contractual relationship, including payments and invoicing. Art. 6 para. 1 lit. b GDPR: the performance of a contract to which the data subject is a party.
2.4. Fulfilment of legal, accounting, administrative and tax obligations. Art. 6 par. 1 lett. c GDPR: the fulfilment of legal obligations to which the data controller is subject.
2.5. Soft-spam activity. In the context of a purchase via the Website, in order to allow the direct offer by the Data Controller of products similar to what has already been purchased, provided that you do not object to such processing in the manner set out in this Policy. The legal basis of the processing is the legitimate interest of the Data Controller, which may be deemed equivalent to the interest of the data subject in receiving “soft-spam” communications pursuant to Section 130, paragraph 4, of Legislative Decree No. 196/2003, as amended.


The processed data will not be disclosed to third parties. The following may become aware of your data, in relation to the purposes of processing set out above: a) subjects who may access the data by virtue of legal provisions provided for by the law of the European Union or by the law of the Member State to which the data controller is subject; b) subjects appointed by the data controller as authorised processors pursuant to Art. 29 GDPR and Art. 2-quaterdecies of Legislative Decree 196/2003 and subsequent amendments and additions; c) persons who process data on behalf of the data controller who have been appointed, by contract or other legal act, as data processors pursuant to Art. 28 GDPR.


The management and storage of personal data will take place on servers located within the European Union and, therefore, your personal data will not be transferred to countries outside the European Economic Area. However, should it be necessary to move the location of the servers, the data controller ensures that the transfer of data outside the European Economic Area will take place in accordance with the law and by entering into agreements, if necessary, that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.


Your personal data will be kept for the period necessary to pursue the purposes related to the point entitled “PURPOSES OF THE PROCESSING” of this policy. Specifically, they will be processed for a period of time equal to the minimum necessary pursuant to Recital 39 of the GDPR, without prejudice to a further retention period that may be imposed by law pursuant to Recital 65 of the GDPR.


You, or a person delegated in writing, may exercise the following rights: a) the right of access under Art. 15 of EU Reg. 2016/679; b) the right of rectification under Art. 16 of EU Reg. 2016/679; c) the right to be forgotten under Art. 17 of the EU Reg. 2016/679; d) the right to restriction of processing when one of the cases provided for in Art. 18 of the EU Reg. 2016/679 is applicable; e) the right to request certification that the operations carried out pursuant to Articles 16, 17 and 18 of the EU Reg. EU 2016/679 have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves a manifestly disproportionate use of means compared to the protected right; f) the right to data portability provided for by Art. 20 of EU Reg. 2016/679; g) the right to object to the processing of personal data provided for in Art. 21 of EU Reg. 2016/679; h) the right to withdraw consent at any time, as provided for in Art. 7 of EU Reg. 2016/679.


In addition to the above, you may exercise: a) the right to lodge a complaint pursuant to Art. 77 GDPR; b) the right to lodge a judicial appeal pursuant to Art. 79 GDPR.

Should you wish to exercise your rights as provided for by law or consult the list of data processors, you may contact one of the contacts listed in point 1 of the information notice entitled “DATA CONTROLLER”.
In any event, the data controller remains available at all times for any need and, in the event that the processing should be modified with respect to what has been described above, the controller will immediately provide updated information.

Residual Solvent Analysis

Residual solvents are defined as volatile organic chemicals used or produced in the manufacture of pharmacological substances or excipients or in the preparation of pharmaceutical products.

Quantitative analysis of terpenes GC-FID

Terpene analysis is used to determine the terpene profile of the sample and the intensity of the aroma itself. Terpene analysis is done on 13 terpenes in GC-FID gas chromatography for a unique characterisation of the superior quality product.

Quantitative tetrahydrocannabinol GC-FID analysis

THC analysis in GC-FID, i.e. gas chromatography with flame ionisation detector.

Quantitative tetrahydrocannabinol analyses are prescribed by law and are carried out according to tests in line with national and international quality control, so that the product can be traded internationally and comply with all applicable regulations.

Microbiological analyses

Microbiological analyses are carried out to verify the wholesomeness of the product. The organisms that can be detected are aerobic mesophilic bacteria, yeasts and moulds as well as Escherichia coli, Staphylococcus aureus, Pseudomonas aeruginosa and Enterobacteriaceae.

Quantitative analysis of phytocannabinoids HPLC-UV

The analysis of cannabinoids is also done in HPLC-UV, i.e. high-performance liquid chromatography, which makes it possible to split two or more compounds and get accurate and timely results. We are well aware that sometimes it can take quite a long time to get this kind of analysis.

The aim is to provide a timely and accurate description of the sample we receive through the determination of 12 cannabinoids, plus the values of CBD, CBG, total THC and the percentage of residual moisture in the sample.

Dioxin and PCB analysis

Toxic chemicals persist in the environment and accumulate in the food chain.

Long-term exposure causes a range of harmful effects on the nervous, immune and endocrine systems.

Polycyclic aromatic hydrocarbons analysis

(PAH) are a large group of organic compounds, mostly non-volatile, which in indoor air are found partly in the vapour phase and partly adsorbed on particulate matter.

The main sources are combustion sources.

Phenol and polyphenol analysis

The most widespread polyphenols in nature are flavonoids, tannins, lignins, anthraquinones and melanins.

They are produced by plants, bacteria, fungi and animals. Very important in pharmacology and food.

Aflatoxin analysis

Since aflatoxins are known to have genotoxic and carcinogenic properties, consumer exposure through food must be kept as low as possible.

Ochratoxin analysis

Ochratoxins are a group of structurally related metabolites produced by certain fungi; occasionally they can also be isolated from very common species such as Aspergillus Niger.