Privacy Policy

The Gruppo Colorobbia respects the privacy of its Customers and Visitors of this portal.
Any data transmitted by users to Gruppo Colorobbia will be treated with the utmost confidentiality and all the necessary measures will be taken to ensure their protection in full compliance with the Italian law in force on data confidentiality.
Please read the privacy policy applicable to our site and give your consent for the processing of your personal data, if required.


Pursuant to Article 13 of the European Union Regulation no. 2016/679 on the Protection of Personal Data (hereinafter also referred to as “General Data Protection Regulation” or “GDPR”), prior to processing personal data (hereinafter also “Personal Data “or” Data “), the Company as data controller is required to provide the Data Subject (user of the website with a set of specific information on how the Company will use, hold and retain the data collected through the website and process it by means of IT and/or telematic tools for the purposes herein stated. To this end, Colorobbia Italia S.p.A. (hereinafter referred to also as “Colorobbia” or “the Owner” or “the Data Controller” or “the Company”) set this information out below in this Privacy Policy.

1. Data controller and Data Protection Officer
The Data Controller is Colorobbia Italia S.p.A., the registered office of which is at Via Pietramarina n. 53, 50059 Sovigliana, Vinci (Florence) Italy, VAT-Id IT-00435210489.
The Company has designated Data Processor Officer pursuant to Art. 37 ff. of the GDPR.
With regard to all issues related to processing of personal information, the Data Subject may contact the data protection officer by emailing at:
For detailed information on the rights of the Data Subject, please refer to the Section “Rights of the Data Subject” of this privacy statement.

2. Legal bases on which we process your personal data and purpose of Processing
Data provided or collected when browsing the website will be processed by the Data Controller in accordance with the regulations in force.
Our processing is based on the lawful bases that are necessary for us to process your personal data, namely: provision of services offered by the Company, management and facilitation of the website, management of protected areas on the site, Data subject explicit consent, where requested and given, to the processing of the Personal Data.
The processing of your data by Colorobbia Italia S.p.A. is aimed at pursuing the following purposes:

1) “Contact Us Area”: if you decide to contact us by filling-in the special form on the site, the Data you provide will be processed by the Data Controller to handle your request and provide you with the necessary information;
2) Social Networks: website allows access to Colorobbia Italia social pages, thus entailing installation of third-party cookies on Colorobbia website.

3. Nature of the processing
With the exception of those data that are necessary and essential to execute electronic and IT protocols, users may provide personal data for the purposes referred to in point 1) of the foregoing paragraph freely and optionally. However, if the Data Subject does not provide the information requested, the Company will not be able to handle any requests submitted or to be submitted by the user. In this context, please note that personal data may also be processed for the fulfilment of obligations established by law, legislation and, in general, by regulations in force and applicable from time to time.

4. What type of information is collected from you
The Controller will process those data provided by the user when browsing the website, for example: e-mail address.

5. How we process your Personal Data and how long we retain your information
Your personal information will be processed by the Controller in compliance with the provisions as set forth by applicable law on data protection. Data processing will take place through electronic and/or IT means and organizational and logical procedures strictly correlated with the purposes for which Information is collected. In addition, the Controller has implemented appropriate security measures intended to protect against unauthorised access, disclosure, alteration or destruction, loss or unlawful use and misuse of your personal information.
Despite this, the Company cannot guarantee that the measures implemented for the security of the site and the transmission of data and information are able to limit or exclude any risk of unauthorized access or disclosure of Data by users’ devices. Therefore, we recommend users of the site to install adequate software protecting data during transmission across the network (i.e. updated antivirus) and their Internet Provider to have appropriate data transmission security measures in place.
Furthermore, the Company undertakes to process the Personal data according to the principles of lawfulness, fairness and transparency, to collect it to the extent necessary and adequate for the processing and to limit access to authorised personnel only. Data that you provide to us will be managed and held in archives or on servers which are located within the European Union, owned by the Data Controller and/or by third party companies appointed as External Data Processors, and, in any case, currently seated in Italy.
Your Personal Information will be retained for as long as needed or permitted in light of the purposes for which it was obtained and, in any case, in accordance with the regulations in force.
In any case, the Company undertakes to avoid processing of personal data for an indefinite period and to verify, periodically, the actual interest of the Data Subject

6. Data recipients and Data Processors
Your Personal Data will not be in any way disclosed by transmission, dissemination or otherwise made available to third parties, except for those cases provided for by law and, in any event, in compliance with the procedures set forth in the applicable regulation. Your Personal Data will be processed by the Company’s employees to the extent and according to the purposes for which it is processed. Some Data may also be processed by third parties, acting as External Data Processor, that are appointed or may be appointed by the Controller for the management of contractual relationship, provision of the services and for organizational requirements as to corporate business. In particular, Personal Data may be shared, including but not limited to, with:

  • a) private or public third parties, authorised to process Personal Data by virtue of laws, regulations or community legislation, to the extent provided for by said regulations;
  • b) third parties that need to process Personal Information for purposes related to contractual relationship between the parties, to the extent strictly necessary for the performance of the tasks assigned (such as, for example, banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, mail carriers and shipping companies);
  • c) consultants, to the extent strictly necessary for the performance of professional task assigned. An updated list of the appointed External Data Processors is made available to the Data Subject at the headquarters of the Data Controller upon prior request to be emailed at:

7. Transfers of personal data to third countries.
Your Personal Data will not be transferred outside the European Union. It being understood, however, that the Controller, if necessary, shall be entitled to move server’s location in non-EU third countries. In this case, the Data Controller ensures from now on that the transfer of personal data outside the European Union will take place in accordance with provisions set forth in article 44 et seq. of the GDPR and other applicable regulations, by stipulating, if required, related agreements that ensure an adequate level of protection.

8. Rights of the Data Subject
The GDPR gives the Data Subject specific rights that help him/her be in control of his/her personal data, namely:

  • a) pursuant to art. 15, the data subject shall have the right to obtain from the Controller confirmation as to whether
    or not personal data concerning him or her are being processed, and, where that is the case, to obtain access
    to the personal data and the following information:

    • i) the purposes of the processing
    • ii) the categories of personal data concerned;
    • iii) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations;
    • iv) where possible, the envisage period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    • v) the existence of the right of the Data Subject to request from the Data Controller rectification or erasure of Personal Data or restriction of processing of personal data concerning the data subject or to object to such processing;
    • vi) the right to lodge a complaint with a supervisory authority, pursuant to articles 77 ff. of the GDPR;
    • vii) if the Data is not collected from the Data Subject, all information available on their origin;
    • viii) the existence of automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisage consequences of such processing for the data subject;
    • ix) where personal data are transferred to a third country or to an international organisation the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer of Personal Data to a third country or an international organisation;
  • b) the Data Subject shall also have (where applicable) the possibility of exercising the rights pursuant to articles 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to Data portability, right to object).

The Data Subject may at any time exercise the above-mentioned rights and request a copy of an updated list of the Data processors by emailing at:
The Company Colorobbia Italia S.p.A. undertakes to provide information on action taken on a request to the Data Subject within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In any case the Data Controller shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Information on the action taken on a request shall be provided in writing or by electronic means. In the event of a request for rectification, erasure and restriction of processing, the Data Controller shall inform about said requests received by the Data Subject to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may charge a reasonable fee.
Pursuant to Art. 37 of the GDPR, The Company has designated DPO – Data Processor Officer. With regard to all issues related to processing of personal information, the Data subject may contact the data protection officer via email at:

9. Changes to this privacy policy
The Data Controller reserves the right to make changes to this Privacy Policy from time to time. Any new version of this Policy will be published on the site so please check this page on a regular basis. The “Last Updated” legend at the bottom of this Privacy Policy indicates when this statement was last revised. In case of non-acceptance of the changes made to this Privacy Policy, the Data Subject shall have the right to obtain from the controller the deletion of his/her personal data. Unless otherwise specified, our processing of your information collected up to the time of the last update will be governed by the practices set out in the previous Privacy Policy version.

This Privacy Policy was last updated on 08/02/2022

Information Customers and Suppliers

Contacts of the Data Protection Officer

The Data Protection Officer (“DPO”) can be contacted for e-mail to the address: