Frequently asked questions

We answer all the questions you have about how Nymiz and data anonymization works.

General Information / Data Protection

I have questions about contracting a plan. Will I receive personalized attention?

Yes. Information is available on the website, these FAQs and demo video explain how Nymiz works. But if you need personalized attention, we have a chat channel and a customer service line. If it is outside office hours, we will ask for your information to get in touch with you as soon as possible.

Is there the possibility of both individual and collective Webinars?

Yes. There are planned webinars to explain the solution and clarify any questions you may have about the solution and its scope. More information on the Nymiz website.

What is personal data?

Personal data is defined as any information related to an identified or identifiable natural person, that includes an image, voice, biometric information, an IP address, that is, any data that allows us to identify someone.

These are also personal data:
Name and surname, address, email address, ID, geolocation data, etc.

I have heard this many times: “I only have a blog without forms to monetize through ads, it does not collect any personal data.”
Well, it does collect personal information, because advertising cookies collect user data and “chase” them to show them ads linked to their searches; therefore, there is a processing of personal data subject to the GDPR and the new LOPD, although there is no form.

What is anonymization? And pseudonymization? What does it mean if it is reversible or irreversible?

The objective of the anonymization process is to eliminate or minimize the risks of re-identification of anonymized data whilst maintaining the veracity of the data processing treatment, this allows for avoidance of identification of individuals, guaranteeing that any operation or proceesing of anonymized data can be carried out subsequently wihtout any distortion of the real data.

With regards to pseudoanonymization, according to the GDPR, “any information, without including denominative data of a subject, which permits identification of them through additional information, when separately identified and subject to the technical and organizational mesaures destined to guarantee that the personal data cannot be attributed to an identified or identifiable physical person.”


Original text
Carlos García Atalvio, with NIF 122345678Z, resident in Almagrón street, in Alcalá de Henares, Madrid, works at Nymiz Software Company. S.L. Born on June 12, 1980 in Madrid.

Carlos García Atalvio is a specialist in Artificial Intelligence.

Anonymized text
*********************, with NIF **********, resident in ************ ********************************, works at *************** *******. S.L. Born on ******************* in ******.

********************* is a specialist in Artificial Intelligence.

Pseudonymized text with “Substitution”
PER_0001, with NIF IDE_0001, resident in ADD_0001, works in ORG_0001. S.L. Born on DAT_0001 in LOC_0001.

PER_0001 is a specialist in Artificial Intelligence.

Who does the GDPR apply to?

The GDPR applies in the following cases:

  • If your company or entity processes personal data as part of the activities of one of its branches established in the European Union (EU), regardless of where the data is processed, or
  • or your company is established outside the EU and offers products or services (paid or free) or observes the behavior of people in the EU.

If your company is a small or medium-sized company (SME) that processes personal data as described above, it must comply with the Regulation. However, if the processing of personal data does not constitute the main part of your business and your activity does not involve risks for people, you will not be subject to some obligations of the GDPR \[such as the appointment of a data protection officer (DPD)] . It should be noted that “main activities” must include activities in which data processing forms an inseparable part of the activity of the controller or processor.

For more information, we recommend that you visit the website of the Spanish Agency for Data Protection (AEPD) at

Is it suitable for any company or business?

The tool is suitable for any activity provided that it works with documentation or files that include sensitive personal data.

What role do you play in protecting my content?

Personal data is very sensitive information that is subject to the General Data Protection Regulation (GDPR), which is the European regulation on the protection of natural persons with regard to the processing of their personal data and the free circulation of these. Furthermore, this sensitive data is exposed to security breaches that are occurring with increasing frequency and damage. To help in both situations, Nymiz was born, allowing the anonymization and / or pseudonymization of all personal data.

Who is responsible for the possible sanctions that may be imposed on my company?

They are subject to the sanctioning regime:

  • Those responsible for the processing.
  • Those in charge of the processing.
  • The representatives of those responsible or those in charge of the processing not established in the territory of the European Union.
  • Accredited entities for the supervision of codes of conduct.
  • The certification bodies.

Unlike what happens with the previous subjects, the Data Protection Officer (the new figure introduced in the current applicable regulations) is not subject to said sanctioning regime.

What sanctions can be imposed in case of non-compliance?

There can be several types of consequences that breach of data protection regulations entails. It can range from a warning to a temporary or permanent ban on processing, with sanctions that can include:

  • o Very serious infractions: they will be sanctioned with administrative fines that can reach 20 million euros or, in the case of a company, an amount equivalent to 4% of the turnover.
  • o Serious infractions: they will be sanctioned with administrative fines that can amount up to ten million euros or, in the case of a company, a maximum amount of 2% of the turnover.

The authority must guarantee that the fines imposed in each case in particular are effective, proportionate and dissuasive, and will take into account several factors, such as the nature, severity, and duration of the infringement, its intentionality or negligence, any measure taken to alleviate the damage suffered by people, the level of organization cooperation, etc.

Is it recommended that a single person or several use it in the company?

It depends on the company and mainly on the type and volume of information to be anonymized. Nymiz allows a group of users to work with an administrator in order to facilitate teamwork.

¿Qué idiomas anonimiza/seudonimiza Nymiz?

Los idiomas soportados por el modelo NLP multiidioma de Nymiz son:

Afrikaans, Albanian, Arabic, Aragonese, Armenian, Asturian, Azerbaijani, Bashkir, Basque, Bavarian, Belarusian, Bengali, Bishnupriya, Manipuri, Bosnian, Breton, Bulgarian, Burmese, Catalan, Cebuano, Chechen, Chinese (Simplified), Chinese (Traditional), Chuvash, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, Galician, Georgian, German, Greek, Gujarati, Haitian, Hebrew, Hindi, Hungarian, Icelandic, Ido, Indonesian, Irish, Italian, Japanese, Javanese, Kannada, Kazakh, Kirghiz, Korean, Latin, Latvian, Lithuanian, Lombard, Low, Saxon, Luxembourgish, Macedonian, Malagasy, Malay, Malayalam, Marathi, Minangkabau, Nepali, Newar, Norwegian (Bokmal), Norwegian (Nynorsk), Occitan, Persian (Farsi), Piedmontese, Polish, Portuguese, Punjabi, Romanian, Russian, Scots, Serbian, Serbo-Croatian, Sicilian, Slovak, Slovenian, South Azerbaijani, Spanish, Sundanese, Swahili, Swedish, Tagalog, Tajik, Tamil, Tatar, Telugu, Turkish, Ukrainian, Urdu, Uzbek, Vietnamese, Volapük, Waray-Waray, Welsh, West Frisian, Western Punjabi, Yoruba.


What exactly does Nymiz do?

Nymiz detects personal data in unstructured documents (.doc, .docx, .pdf, .txt, email, powerpoint) and also in structured data (databases), and reversibly or irreversibly anonymizes or pseudonymizes those data accordingly with the information processing needs.

Can it be accessed from a cell phone?

Yes. Nymiz is designed to be accessible from any device.

Can entire files be uploaded?

Yes, you can select directories where different documents are contained in order for them to be anonymized in blocks.

Is training necessary to use it?

In principle no, Nymiz is characterized by its ease of use and functionality. However, on the Nymiz website you will find all the necessary information and a demonstration video. If you still have questions about the operation of our application, you can contact the Nymiz team who will gladly answer all the questions you may have in this regard.

What happens if I forget my password or username?

In case of forgetting the password or username, they can be recovered through the email provided by the user when registering.

Will the data that I enter in my account during the trial period be saved for when I sign up?

Yes. You will only be asked for your billing information if you did not enter it for the trial period.


What is the right plan for my company?

The main differences of the 3 modalities are 3:

  • Volume of data to be anonymized.
  • Types of documents to be anonymized. If you require more formats such as database, powerpoint or emails, you will have to use the Enterprise version.
  • If you need the pseudonymization option, you will also need to use the Business or Enterprise versions.

Can I change the plan at any time?

Yes, you can change it at any time and you will be billed for the new version from the day you register for it.

If you have contracted an annual plan, could you change plans during the year?

Yes, you can by requesting it for your application in the following month.

What payment methods are accepted for hiring?

You can pay with VISA card and Paypal.

Can I cancel my plan whenever I want?

Yes. You can request the cancellation and the billing for the service will stop from the following month.

Does the price include VAT?

The price shown does not include VAT. The product is subject to a 21% tax.

When will payments be made?

The service will be billed in the first 5 days of each month.

Customer Service

How can I contact Nymiz?

+34 94 4582285

Glossary of terms

Glossary of terms

Authorized accesses: authorizations granted to a user to use the various resources. Where appropriate, they will include the authorizations or functions attributed to a user by delegation from the person responsible for the file or treatment or the person responsible for security.

Affected or interested party: natural person who owns the data that is the object of the treatment.

Authentication: procedure for verifying the identity of a user.

Blocking data: the identification and reservation of personal data in order to prevent its treatment.

Cancellation: Procedure by virtue of which the person in charge ceases to use the data. The cancellation implies the blocking of the data, in order to prevent its treatment, except for making it available to Public Administrations, Judges and Courts, for the attention of possible responsibilities arising from the treatment and only during the prescription period of said responsibilities. After this period, the data must be deleted.

Transfer or communication of data: any disclosure of data made to a person other than the owner. Any data obtained as a result of consultation of a File, from the publication of the data contained in the File, its interconnection with other Files and the communication of data made by a person other than the affected person.

Assignee: any person or entity, of public or private ownership, recipient of the transferred data.

Consent of the interested party: any manifestation of will by which the interested party consents to the processing of personal data that concerns him. This manifestation must be free, unequivocal, specific and informed.

Password / access key: confidential information often made up of a string of characters, which can be used to authenticate a user or to access a resource. For files in paper format, the filing cabinet that stores the file is accessed using a key or access code.

Access control: a mechanism that, based on the already authenticated identification, allows access to data or resources.

Backup copy: copy of the data from an automated file on a support that enables its recovery.

Personal data: any numerical, alphabetical, graphic, photographic, acoustic information, or of any other type, susceptible to collection, registration, treatment or transmission, concerning an identified or identifiable natural person.

Data accessible to the public: are all those data that can be found available to the general public. Their access and knowledge is not limited by any legal norm, and they are usually collected in Official Journals and Gazettes, media, censuses, yearbooks, public databases, legal and jurisprudence repertoires and yearbooks, press files, telephone directories. and similar, as well as the published data referring to groups of people in which their grouping is based on categories or activities and professional groups and that contain exclusively the names, titles, profession, activity, academic degree, address and indication of their membership To the group.

Personal data related to health: Information concerning the past, present and future health, physical or mental, of an individual. In particular, data related to people’s health are those related to their percentage of disability and their genetic information.

Dissociated data: That which does not allow for the identification of an affected or interested party.

Declarant: Natural person who completes the registration application and acts as a mediator between the Agency and the owner / manager of the file. It should not necessarily coincide with the owner / responsible.

Access rights: authorizations granted to a user to use the various resources of a system, normally computerized.

Recipient or assignee: The natural or legal person, public or private, or administrative body, to which the data is disclosed. Entities without legal personality that act in traffic as differentiated subjects may also be recipients.

Document: all written, graphic, sound, image or any other kind of information that can be treated in an information system as a differentiated unit.

Person in charge of the treatment:The natural or legal person, public or private, or administrative body that, alone or jointly with others, processes personal data on behalf of the person responsible for the treatment or the person responsible for the file, as a consequence of the existence of a legal relationship that links you with it and defines the scope of your action for the provision of a service. Entities without legal personality that act in traffic as differentiated subjects may also be in charge of the treatment.

Exporter of personal data: the natural or legal person, public or private, or administrative body located in Spanish territory that carries out, in accordance with the provisions of this Regulation, a transfer of personal data to a third country.

File: Any organized set of personal data that allows access to data according to certain criteria, whatever the form or modality of its creation, storage, organization and access.

Privately owned files:the files for which the persons, companies or entities under private law are responsible, regardless of who holds the ownership of their capital or the origin of their economic resources, as well as the files for which they are public law corporations responsible, insofar as said files are not strictly linked to the exercise of public law powers attributed to them by their specific regulations.

Files of public ownership:the files for which the constitutional bodies or with constitutional relevance of the State or the autonomous institutions with similar functions, the territorial public administrations, as well as the entities or bodies linked or dependent on them are responsible. and Corporations governed by public law as long as their purpose is the exercise of public law powers.

Non-automated file: any set of personal data organized in a non-automated way and structured according to specific criteria related to natural persons, which allow access without disproportionate efforts to their personal data, whether that is centralized, decentralized or distributed in a functional way or geographic.

Temporary files: work files created by users or processes that are necessary for an occasional treatment or as an intermediate step during a treatment.

Sources accessible to the public: Those files whose consultation can be made by anyone, not prevented by a limiting rule, or without any requirement other than, where appropriate, the payment of a consideration. They are considered sources of public access, exclusively, the promotional census, the telephone directories in the terms provided by their specific regulations and the lists of people belonging to groups of professionals that contain only the data of name, title, profession, activity, academic degree, address and indication of their membership in the group. Likewise, they have the character of sources of public access, the Official Newspapers and Gazettes and the media.

Identification of the affected person: Any element that allows to directly or indirectly determine the physical, physiological, mental, economic, cultural or social identity of the affected person.

User identification: procedure for recognizing the identity of a user.

Importer of personal data: The natural or legal person, public or private, or administrative body receiving the data in case of international transfer of the same to a third country, whether it is responsible for the treatment, person in charge of the treatment or third party.

Incidence: any anomaly that affects or could affect the security of the data.

User profile: authorized access to a group of users.

Identifiable person: Any person whose identity can be determined, directly or indirectly, through any information related to their physical, physiological, mental, economic, cultural or social identity. A natural person will not be considered identifiable if such identification requires disproportionate time limits or activities.

Dissociation procedure: Any processing of personal data so that the information obtained cannot be associated with an identified or identifiable person.

Resource: any component part of an information system.

GDPR The General Data Protection Regulation GDPR) is the European regulation regarding the protection of natural persons with regard to the processing of their personal data and the free circulation of these data. It entered into force on May 25, 2016 and was applicable on May 25, 2018, two years during which companies, organizations, agencies and institutions were adapting for compliance. It is a regulation at the level of the European Union, so any company in the union, or those companies that do business in the European Union, that handle personal information of any kind, must adhere to it. The fines for non-compliance with the GDPR can reach 20 million euros.

Responsible for the file or treatment: Natural or legal person, of a public or private nature, or administrative body, that alone or jointly with others decides on the purpose, content and use of the treatment, even if it did not materially carry it out. Entities without legal personality that act in traffic as differentiated subjects may also be responsible for the file or the treatment.

Responsible for security: person or persons to whom the person responsible for the file has formally assigned the function of coordinating and controlling the applicable security measures.

Information system: set of files, treatments, programs, supports and, where appropriate, equipment used to process personal data.

Treatment system: way in which an information system is organized or used. Regarding the treatment system, the information systems may be automated, non-automated or partially automated.

Support: physical object that stores or contains data or documents, or object that can be processed in an information system and on which data can be recorded and retrieved.

Third:the natural or legal, public or private person or administrative body other than the affected or interested party, the person responsible for the treatment, the person responsible for the file, the person in charge of the treatment and the persons authorized to process the data under the direct authority of the person in charge of the treatment or of the person in charge of the treatment. Entities without legal personality that act in traffic as differentiated subjects may also be third parties.

Data transfer: The transfer of data between computer systems by any means of transmission, as well as the transfer of data by mail carriers or by any other conventional means.

International data transfer: Data processing that involves its transferoutside the territory of the European Economic Area, either constitutes a transfer or communication of data, or it has the purpose of carrying out data processing on behalf of the person responsible for the file established in Spanish territory.

Transmission of documents: any transfer, communication, sending, delivery or disclosure of the information contained therein.

Data processing: any operation or technical procedure, whether or not automated, that allows the collection, recording, conservation, preparation, modification, consultation, use, modification, cancellation, blocking or deletion, as well as the transfers of data resulting from communications, consultations, interconnections and transfers.

User: subject or process authorized to access data or resources. The processes that allow access to data or resources without identification of a physical user shall be considered users.

Request a demo

Do you want to see our product in action?

Request a free demo