Privacy Policy

Rainbow S.p.A. with registered office in via Brecce 257, 60025 Loreto (AN) Italia, VAT no. 01398510428 (hereinafter, “Owner“), owner of the websites:

(hereinafter, the “Sites“), data controller of the personal data of the users who browse and are registered on the Sites (hereinafter, the “Users“) provides below the privacy policy pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, “Regulations” or “Applicable Law“).

These Sites and any services offered through these Sites are reserved for persons who are eighteen years of age or older. At the request of the Users, the Owner will promptly delete all personal data involuntarily collected and relating to persons under the age of 18.

The Data Controller holds in the highest regard the right to privacy and protection of personal data of its Users. For any information in relation to this privacy policy, Users may contact the Owner at any time, using the methods described in paragraph 3.

  1. Purpose of the treatment

The personal data of the Users will be lawfully processed by the Owner pursuant to art. 6 of the Regulations for the following processing purposes:

  1. Navigation of the sites, in relation to the possibility of collecting the User’s data necessary at a technical level, such as, for example, the IP address, while browsing the sites.
  2. Sending of informative newsletters, upon specific request of the interested party.
  3. Reply to your requests for information, received by us through the appropriate contact form.
  4. Registration to the reserved area of the sites, through which you can access services reserved for registered users
  5. Legal obligations, i.e. to fulfil obligations provided for by law, by an authority, by a regulation or by European legislation.
  6. Reception of curricula used for the selection of personnel, through the appropriate form of insertion. A specific information will be conveyed on the relevant page.

The provision of personal data for the purposes of processing indicated above is optional but necessary, as failure to provide such data will make it impossible for the User to browse the websites, register on the Websites and take advantage of the services offered by the Owner on the Websites.

With reference to the purposes referred to in points 1/a, 1/c, 1/d, the legal basis for the processing is in fact the performance of the services provided through the Sites and requested by you (pursuant to Article 6, paragraph 1, letter b of the Privacy Regulation 2016/679); with reference to the purposes 1/b and 1/f referred to in the previous paragraph, the legal basis for the processing is your consent freely expressed (pursuant to Article 6, paragraph 1, letter 1). a of the Privacy Regulation 2016/679); with reference to the purposes referred to in point 1 of the previous paragraph, the legal basis for the processing is to comply with a legal obligation to which the data controller is subject (pursuant to Article 6, paragraph 1, letter c of the Privacy Regulation 2016/679).

  1. Methods of processing and storage times of data

The Data Controller will process the Users’ personal data by means of manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the data itself.

The personal data of the Users of the Sites will be kept for the time strictly necessary to carry out the purposes described in paragraph 1 above, or in any case as necessary for the civil protection of the interests of both Users and the Data Controller. In relation to the purpose referred to in point 1.b, the data will be kept until you object to the sending of the newsletter, through the appropriate link contained in the same or through the procedures for exercising the rights referred to in paragraph 3. The mechanism for subscribing to the newsletter is managed by a “Double opt-in” system (also known as confirmed opt-in), which provides for a further step to confirm the subscription. Once you have filled in the form and sent the request, you must click on the confirmation email sent automatically to your email address. This method is used to ensure that the email address you enter is valid and actually owned by the person concerned. If you do not confirm your registration, your data will be deleted within 30 days from our systems. A message may be sent (email or mobile, if inserted) to remind you that you must confirm your subscription after a few days, if not completed by the person concerned.

Scope of communication and diffusion of personal data

The personal data of the Users may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Sites. These subjects, who are formally appointed by the Data Controller as “authorised users”, will process the User’s data exclusively for the purposes indicated in this information notice and in compliance with the provisions of the Applicable Law.

The personal data of Users may also be disclosed to third parties who may process personal data on behalf of the Data Controller as “External Data Processors“, such as, for example, providers of IT and logistics services functional to the operation of the Sites, outsourcing or cloud computing service providers, professionals and consultants.

The data may also be communicated to the tax authorities and/or other public authorities where required by law or at their request.

Users have the right to obtain a list of any data processors appointed by the Data Controller, by making a request to the Data Controller in the manner indicated in paragraph 3 below.

  1. Rights of the Data Subject

Users may exercise the rights granted to them by the Applicable Law by contacting the Holder in the following ways:

– By sending a registered letter with return receipt to the registered office of the Holder

– By sending an e-mail to the address privacy@rbw.it;

In accordance with the Applicable Law, users may exercise the rights referred to in art. 15 et seq. of the Regulation, in the manner provided for ex art. 12 of the Regulation.

If he/she considers that the processing of his/her data violates the Regulation, he/she has the right to lodge a complaint with a supervisory authority (in the Member State in which he/she is habitually resident, in the Member State in which he/she works or in the Member State in which the alleged violation has occurred). The Italian Control Authority is the Guarantor for the protection of personal datahttp://www.garanteprivacy.it/garante@gpdp.it