Privacy and Cookies


1. Definitions
For the purposes of this Privacy Policy, the terms in capital letters shall have the same meaning
given to them in the General Conditions of Sale displayed on the website at the page Additional definitions may be included in this Privacy Policy.

2. Scope of application
2.1. This Privacy Policy shall be binding for any individual accessing the Website in any way,
also in the event it should be a consumer (hereinafter the “User”) both in the case where the
User should simply browse the Website and use its services without purchasing Products and in
the case it should purchase the Products.
2.2. Arco Iris respects the rights of the User in relation to all the information that may identify the
User or render the latter identifiable and that may reveal details concerning its habits, lifestyle,
personal relations, etc. (hereinafter the “Personal Data”).

3. Data Controllers, Data Processors and Persons tasked with processing
3.1. Pursuant to Legislative Decree of June 30, 2003 no. 196 (the “Italian Data Protection Code”),
Arco Iris is the data controller of the processing of the Personal Data (hereinafter also “
3.2. The Controller has the authority and responsibility to decide upon the methods and purposes
of the processing also in relation to aspects pertaining to the security of the data.
3.3. Moreover, for organizational and operational reasons, the Controller may, pursuant to the
Italian Data Protection Code, appoint one or more data processors (hereinafter the “Processors”)
and persons tasked with processing (hereinafter the “Persons Tasked with Processing”) as better
described below.
3.4. The User, if interested, may obtain the list of the Processors and of the Persons Tasked with
Processing by writing to the following email address:

4. Collection of the Personal Data and Purposes
4.1. Pursuant to this Privacy Policy , the Personal Data may be collected and processed with the
methods and for the purposes described below.
a) Some Personal Data (such as for example the email address of the User, its biographical
data, its password etc.) are collected at the time the User registers to the Website by filling in the
related registration form; the latter collection has the purpose of allowing the User to access
reserved areas and services offered by the Website, the support services and communication
services for technical/organizational reasons.
b) Some Personal Data (such as for example the post address, credit card data, bank
coordinates, phone number etc.) are collected at the time the User purchases Products by filling
in the related order form; the latter collection has the scope of allowing the Sale to be concluded
and the products to be delivered and grant the User access to support services and/or post-sale
c) Some Personal Data are collected in the course of the creation of a so called Wish List, in
order to allow the User to purchase the Products which had been previously selected.
d) Other Personal Data may be provided each time the User should file a complaint or a request
to Arco Iris, in order to respond to the complaint or request.
e) The email coordinates provided in the context of the sale of the Products may also be used for
the sending of advertisements concerning similar products to those already purchased, subject to
the condition that the User has not denied its consent to such use at the time his email was
provided or in later circumstances (article 130 paragraph 4 of the Italian Data Protection Code).
4.2. In addition to what is provided above, the Personal Data may also be used, prior specific and
separate consent of the User, also for the following purposes:
a) Sending of informative or promotional notices, also of commercial nature, specifically
newsletters, advertisements, offer of goods and services also concerning products and services
that are not similar to those already purchased, by the Controller, of companies of which it holds
controlling interest, and/or connected thereto, or of individuals or legal entities who should
cooperate in marketing and commercial activities of the Controller.
b) Organization and carrying out of events and exhibitions also of promotional nature;
4.3. In any case, even after having been authorized to send the User advertisements by email,
the Controller guarantees the Users the right to exercise at any time and without the need to
provide a justification, their right to stop receiving other notices in the future.

5. Omitted granting of Personal Data
5.1. The granting of Personal Data is optional. However, in case the User should refuse to
provide the data or should provide inexact or incomplete data, this could render the registration
to the Website and the fruition of the related contents and services impossible, as well as the
management or performance of the purchase orders.
5.2. In any case, the omitted provision of Personal Data or the incorrect or incomplete provision
thereof may constitute a lawful and justified reason to not perform the obligations arising from the
purchase contract concerning the Products or the provision of the related services.

6. Methods of the Processing
6.1. The Personal Data are mainly processed in electronic format and in some cases also in
paper form. The Personal Data will be stored for the time that is strictly necessary for the
purposes for which they have been collected and in any case within the limits set forth by the
law. The Personal Data are stored in servers (in case of electronic data) or archives located at
Arco Iris s.r.l. in Via Alexander Gustave Eiffel 100 Commercity mod.E32 00148 Rome Italy.
6.2. The Controllers may find themselves processing Personal Data of third parties
communicated directly by its Users, by way of example in case the User has purchased a
product to be shipped at a friend’s address, or when the individual paying the price for the
purchase of a Product is different from the recipient of the Product. In all those cases the User
shall ascertain to have obtained consent of the owner of the Personal Data before it
communicates them to the Controller and inform such person of the contents of this Privacy
Policy. The User only will be responsible for having communicated information and Personal
Data relating to third parties without their consent for the incorrect or unlawful use of such
Personal Data.
6.3. The Controller reserves the right to cancel the accounts of the Registered Users and of all
the related Personal Data, in case it should find unlawful contents, violating the image of Arco
Iris, of its Products or of Products of third parties or in any case contents that are offensive or that
promote illegal or reprehensible activities.

7. Communication of Personal Data
7.1. Without prejudice to the communications made to comply with the applicable legislation, the
Personal Data maybe communicated to individuals and/or legal entities appointed by the
Controller to enable the operating of the Website and the sale and delivery of the products.
7.2. By way of example only, the Controller may communicate the Personal Data to third parties
belonging to, inter alia, the following categories: (i) individuals that carry-out on behalf of the
Controller technical and organizational tasks; (ii)individuals that carry-out services concerning the
acquisition, processing and elaborating of data that are necessary for the provision of the
Products; (iii) individuals providing services for the management of the Website and of the
computer system of the Controller; (iv) individuals performing services of data storage and data
entry; (v) banks or other entities involved in the payment procedures; (vi) individuals operating in
assistance or consulting relations which may be, inter alia, legal and/ or financial; (vii) couriers or
dispatchers; (viii) public authorities and supervisory authorities.
7.3. The above mentioned individuals operate, from case to case, as autonomous Controllers,
Processors or specifically appointed Persons Tasked with Processing. In addition, employees
and consultants of the Controllers may also be informed of the Personal Data if specifically
appointed as Processors or Persons Tasked with Processing.
7.4. The Personal Data shall not be used nor communicated to third parties for purposes that
differ from those described in the Privacy Policy without the User being provided with a prior
information notice and without having obtained its consent, if required by the law.

8. Security
8.1. Pursuant to the Italian Data Protection Code, the Controllers adopt adequate security
measures to reduce – to a minimum – the risk of destruction or of loss of the Personal Data, of
unauthorized access or of non-permitted processing or processing that is not carried-out in
accordance with this Privacy Policy.
8.2. However, the Controllers may not guarantee that the measures used to ensure security of
the data will adequately limit or exclude any risk of unauthorized access or loss of the Personal
Data. The users are therefore encouraged to ensure that their computer and internet connection
are equipped with adequate devices for the protection of the online transmission of Personal

9. Other rights of the User
9.1. In addition to the provisions of this Privacy Policy, the User may always exercise its rights
under article 7 of the Italian Data Protection Code, which for the sake of completeness, is
integrally re-written below:
“Art. 7
1. The Data Subject has the right to to obtain confirmation as to whether or not personal data
concerning him exist, regardless of the data being registered or not, and the right to obtain
communication of such data in intelligible form.
2. The data subject shall have the right to be informed:
a) of the source of the personal data;
b) of the purposes and methods of the processing;
c) of the logic applied to the processing, if the latter is carried out with the aid of electronic
d) of the identification data concerning data controller, the data processors and the
representative designated as per Section 5(2); and e) of the or categories of entities to whom or
which the personal data may be communicated and who or that may be informed of such data in
their capacity as designated representative(s) in the State’s territory, as data processor(s) or
person(s) tasked with the processing.
3. The data subject shall have the following rights:
a) to obtain updating, rectification or, where interested therein, integration of the data;
b) to obtain deleting, anonymization or blocking of data that have been processed unlawfully,
including the data that does not require retention for the purposes for which they were collected
or subsequently processed;
c) to obtain certification that the operations under letters a) and b) have been notified, also with
reference to their contents, to the entities to whom or which the data were communicated or
diffused, unless this requirement proves impossible or results in a disproportionate effort
compared to the protected right.
4. The data subject shall have the right to object, in whole or in part,
a) on legitimate grounds, to the processing of personal data concerning him/her, even if the data
are pertinent to the purpose for which they are collected;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose
of sending advertising materials or direct selling or else for the performance of market or
commercial communication surveys.”
9.2. The User shall exercise its right freely and at any time, inasmuch as it does so within the
limits set forth by the law, by sending a request to the Controller at the following e-mail address:

10. Links to other websites
10.1. The Website contains links to other websites that might not be connected in any way to the
Website and to Arco Iris.
10.2. The Controller does not verify those websites nor does it perform monitoring operations of
the websites and of their contents. The Controller may not be held liable for the contents of those
websites and of the rules adopted therein concerning privacy and personal data processing. The
User shall therefore pay attention at the time it connects to those websites through the links
found on the Website and it shall attentively read their terms of use and privacy policies. This
Privacy Policy does not apply to websites of third parties and the Controller is not responsible in
no way whatsoever of the rules concerning data protection applied by those websites.
10.3. The activation of the links does not imply any recommendation or notice by the Controller
concerning the access and browsing on those websites, nor any guarantee concerning their
contents, goods or services provided therein and sold to Internet users.

11. Cookies
11.1. Cookies are small text files that some websites send to the computers of their users during
browsing on the websites and that are memorized in the computer of the single user. Based on
their function, some cookies are automatically deleted from the hard disk of the user at the end of
each browsing session, other cookies stay, instead, memorized in the hard disk for a certain
amount of time.
11.2. The User acknowledges and accepts that the Website uses the following cookies:
(i) “technical” cookies these cookies enable the Website to work properly. By way of example,
these enable the User to visualize the contents of the Website in a different language according
to the country where the User connects from. They enable the User to create its account, log in,
manage its orders (including the so-called “Cart” and “WishList” functions), that enable to
maintain the User identified during the browsing session and enable the Website to recognize
Users who have already registered each time they access the Website.
(ii) “Google Analytics” cookies: these cookies are used by the company Google to elaborate
statistical analysis on the browsing methods of the Users. The Controllers use the results of
those analysis anonymously and for statistical purposes only. For further information on the
functioning of Google Analytics cookies, also in relation to data protection, please visit the
following webpage:
11.3. As a result of this Privacy Policy, the User declares to agree to the processing of its data
carried-out by means of the cookies described above.
11.4. The User may refuse to install cookies by setting the browser it uses accordingly. It is
hereby specified, however that in such case the User may not be able to fully benefit from some
functions of the Website.
11.5. The User may modify parameters of the browser relating to the cookies with the modalities
of the single browser. Please find below the path to be followed to modify the parameters of the
following browsers:
Internet Explorer:
Safari: ​

Opera: ​
11.6. To disable the analytical cookies and choose to not be followed by Google Analytics in
every website, the opt-out extension for browsers of Google Analytics may be downloaded: ​ .

12. Plug-in to social networks
12.1. The Website uses some social network plugins. If the User clicks on the interaction buttons
with the social networks that are displayed on the website (for example in case of Facebook, the
“like” or “share” buttons), the information concerning the browsing of the User on the Website will
be sent and registered on the server of the related social network in order to be shared, pursuant
to the terms of use of that social network. The interactions and information obtained from the
Website are in any case subject to the privacy settings of the User relating to each social
12.2. The User acknowledges and accepts that the Website uses the following plugins:
– Tweet button and social widgets of Twitter Inc. Personal Data collected: Cookies and data
relating to browsing and use. Place of the Processing: USA.
– “Like” button and social widgets of Facebook Inc. Personal Data collected: Cookies and data
relating to browsing and use. Place of the Processing: USA.
– Youtube button and social widgets of Youtube (Google). Personal Data collected: Cookies and
data relating to browsing and use. Place of the Processing: USA.

13. Contacts
For further information on how the Controller processes the Personal Data the User may send a
letter to Arco Iris, Via Alexandre Gustave Eiffel No. 100 – Commercity E32 – 00148, or via email
at the following address:

14. Amendments and updates to this Privacy Policy
The Controllers may amend or simply update, in whole or in part, this Privacy Policy also
pursuant to the developments of the applicable legislation. Any amendments and updates of this
Privacy Policy will be notified by publication on the Website and will be binding thereupon.