Data Controller: The Data Controller in respect of this website is Colorobbia Consulting S.r.l., the registered office of which is at Via Pietramarina no. 53, 50059 Sovigliana, Vinci (Florence) Italy, VAT-Id: 03795100480.


  1. What are cookies? This website uses cookies, namely small text files sent to the browser and stored on the user’s device when visiting a website. Cookies allow an efficient operation of the site and improve its performance. Furthermore, they provide information to the website owner for statistical and advertising purposesmainly to personalize browsing experience by remembering user’s preferences


  1. Type of cookies and purposes: a number of different cookies can be served through the website The main types of cookies used by the owner and what each is used for are hereinafter detailed.


  • Technical, navigation and functional cookies: these cookies are used for the purpose of “carrying out the transmission of a communication over an electronic communications network as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”; in this context, navigation cookies are used to ensure the correct functioning of the website and are necessary for improving quality and browsing experience. In some cases, disabling these cookies may not be technically possible, as they are essential to ensure the functionality of the site.
  • Statistical/analytical cookies: analytics cookies are used to collect information to generate statistics on how users navigate around the Site. The data collected are used anonymously and exclusively for statistical purposes.
  • Advertising/Targeting cookies: these cookies are used to create user profiles with the purpose of sending advertising messages based on the preferences expressed by the user during the site visit or to improve shopping and browsing experience.
  • Third-party cookies: in some cases, the above-mentioned types of cookies can be installed by third-party companies based on agreements with the Owner. In other cases, the website may use some third-party services that, independently, may set their own cookies. In this context the website Owner doesn’t control these third-party cookies and so the user must review the cookie policies of these other websites for further information.

For detailed information on cookies set by Colorobbia Consulting S.r.l., please refer to the table below.


  1. Browsers settings. Procedure for managing cookies and browser direct links

Most internet browsers are initially setup to automatically accept cookies, unless browser settings have adjusted to refuse them. By using our website, you consent to our use of cookies in accordance with our Cookie Policy. We may use technologies, such as our own cookies, to provide you with personalized online display advertising tailored to your interests. Browsers are defaulted to accept, control and disable cookies via browser settings. Please be aware that disabling navigation or functional cookies will impact the functionality of our Website and/or some services may be restricted.

Depending on your browser, further information on how to manage cookies may be obtained via the following links:

1. Internet Explorer
2. Chrome
3. Firefox
4. Safari


  1. Data Controller and Data Protection Officer

The Data Controller in respect of this website is Colorobbia Consulting S.r.l the registered office of which is at Via Pietramarina no. 53, 50059 Sovigliana, Vinci (Florence) Italy, VAT-Id: 03795100480


  1. 5. Legal basis for Processing and purpose of processing

Data collected when visiting will be processed by the Data Controller in accordance with the applicable law.

The legal bases on which data processing is performed are: provision of services by the Company, management and facilitation of the website, management of protected areas on the site, Data Subject explicit consent, where requested and given, to the processing of his/her Personal Data.




  1. Nature of the processing

Except for those data processed through the use of strictly necessary cookies that are essential for the functionality of the website, consent to the processing of data through the use of cookies can be freely given (optional). The Data Subject may refuse to consent and disable cookies by following the procedures provided in the previous tables. In case of third-party cookies, users may choose whether or not to give consent to their use and which cookies to block or delete by accessing to their respective privacy policies (links shown in the previous tables) and by following the procedures provided by each third party


  1. Data processing methods

In relation to the aforementioned purposes, personal data collected through the installation and use of cookies will be processed by means of appropriate hard-copy, electronic and/or IT tools, by using logics strictly correlated with the purposes of the processing and, in any case, in a manner that ensures security and confidentiality of the information and Personal Data

  1. Framework for the free movement of Personal Data

Personal Data may be processed by third-party companies that perform activities on behalf of the Data Controller, acting as external data processors (including, but not limited to: suppliers/consultants managing and/or involved in the management and/or maintenance of electronic and/or IT tools, appointed by the Data Controller only for as long as is necessary for the optimal performance of the service). Access to Personal Data is limited to those, within the company, needing said information in relation to their job or hierarchical position. We have put in place appropriate security measures to protect your personal data against their unauthorised or unlawful use and accidental loss or destruction. However, pursuant to art. 6 letters b) and c) of the GDPR, the Data Controller may be legally obliged to disclose your Personal Data, if required to do so by law, to supervisory bodies, judicial authorities and any other third party, without the Data Subject explicit consent.


  1. Disclosure of Personal Data

Your Personal Data will not be disclosed to any unspecified third party.


  1. Recipients and Data processors

Personal Data shall not be in any way disclosed by transmission, dissemination or otherwise made available to third parties, except for those cases provided by law and, in any event, in compliance with the procedures set forth in the applicable regulation. Your Personal Data will be processed by the Company’s employees within the restrictions and according to the purposes of the processing. Some Data may also be processed by third parties, acting as External Data Processors, that are appointed or may be appointed by the Data Controller for the management of contractual relationship, provision of the services offered and for organizational requirements as to its business. In particular, Personal Data may be disclosed, merely by way of example, to:

  1. private or public subjects, authorised to process Personal Data by virtue of laws, regulations or community legislation, within the limits provided for by said regulations
  2. subjects who need to process the Personal Data for purposes related to the contractual relationship between the parties, within the limits strictly necessary for the performance of tasks assigned (such as, for example, banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, mail carriers and shipping companies);
  3. consultants, within the limits necessary for the performance of professional task assigned.

An updated list of the External Data Processor is made available to the Data Subject at the headquarters of the Data Controller upon request emailed to:


  1. Rights of the Data Subject

The GDPR provides Data Subject with the following rights:

  1. a) pursuant to art. 15, the data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to obtain access to the personal data and the following information: i) the purposes of the processing ii) the categories of personal data concerned; iii) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations; iv) where possible, the envisage period for which the personald data will be stored, or, if not possibile, the criteria used to determine that period; v) the existence of the right of the Data Subject to request from the Data Controller rectification or erasure of Personal Data or restriction of processing of personal data concerning the data subject or to object to such processing; vi) the right to lodge a complaint with a supervisory authority, pursuant to articles 77 ff. of the GDPR; vii) if the Data is not collected from the Data Subject, all information available on their origin; viii) the existence of automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisage consequences of such processing for the data subject; ix) where personal data are transferred to a third country or to an internation organisation the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer;
  2. b) the Data Subject shall also have (where applicable) the possibility of exercising the rights pursuant to articles 16-21 of the GDPR (namely: right to rectification, right to erasurem right to restriction of processing, right to data portability, right to object).

The Data Subject may at any time exercise the above-mentioned rights and require a copy of an updated list of Data processor by emailing the request to:

Colorobbia Consulting S.r.l. undertakes to provide information on action taken on a request to the data Subject within one month of receipt of the request, That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In any case the Data Controller shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Information on the action taken on a request shall be provided in writing or by electronic means. In the event of a request for rectification, erasure and restriction of processing, the Data Controller shall inform about said requests received by the Data Subject to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort.


Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may charge a reasonable fee.