Rainbow S.r.l. considers the protection of individuals, with regard to the processing of personal data, a fundamental right. Transparency towards data subjects therefore represents a primary objective, pursued through effective communication tools aimed at making basic information on the processing of their data available to interlocutors. The interested parties are informed of the following general profiles, valid for all areas of processing:

all the data of the subjects with whom we interface are treated in a lawful, correct and transparent manner, in compliance with the general principles set out in Article 5 of the GDPR;
specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access, pursuant to Article 32 of the GDPR.
Object of the processing. The organization processes personal identification data of customers / suppliers (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment references) and their operational contacts (name surname and contact details) acquired and used in the provision of the products / services provided.

Purpose and legal basis of the processing. The data are processed for:

conclude contractual / professional relationships;
fulfil the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
fulfil the obligations established by law, by a regulation, by community legislation or by an order of the Authority
exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions; the ordinary internal needs of an operational, managerial and accounting nature).
Failure to provide the aforementioned data will make it impossible to establish a relationship with the Data Controller. The aforementioned purposes represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If it is intended to carry out treatments for different purposes, specific consent will be requested from the interested parties.

Processing methods. The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process personal data for the time necessary to fulfil the purposes for which they were collected and related legal obligations.

Scope of processing. The data is processed by internal subjects duly authorized and trained in accordance with Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise information on any external subjects who operate as managers or independent data controllers (consultants, technicians, banks, transporters, etc.)

References Owner and Data Protection Officer. The Data Controller and Data Protection Officer with whom the interested party has established the contractual relationship can be contacted at the following addresses:

Rainbow S.r.l. – via F. e L. Chiodi, 1 – 29121 Piacenza (PC) – ITALY – info@rainbowsrl.com

Rights of interested parties.

– right to request the presence and access to personal data concerning him (Article 15 “Right of access”)
– right to obtain the rectification / integration of inaccurate or incomplete data (Article 16 “Right of rectification”)
– right to obtain, if there are justified reasons, the cancellation of data (Article 17 “Right to cancellation”)
– right to obtain the limitation of processing (Article 18 “Right to limitation”)
– right to receive the data concerning him in a structured format (Article 20 “Right to portability)
– right to object to the processing and automated decision-making processes, including profiling (Articles 21, 22)
– right to revoke a previously given consent;
– the right to submit, in case of non-response, a complaint to the Data Protection Authority.