Privacy Policy

This Privacy Policy sets out how personal data that RAINBOW IDEA collects from its contractual partners or from individuals in the course of the promotional activities that the company delivers will be processed by RAINBOW IDEA. The provisions of the Terms and Conditions document apply to and complete this Privacy Policy.

By continuing to use the site, you understand that browsing the RAINBOW IDEA web page/website and interacting with the company's services implies your request for certain personal data, and the refusal to provide us with this data may result in the inability to provide the requested services.

Thus, we provide you with transparent information about the personal data we collect and the way we use this personal information, and we also inform you about the rights of the data subjects and how these rights can be exercised.

Before you provide us with personal data by accessing the site or by other means of communication and transfer, you will be required to consent to some of the processing of your personal data by RAINBOW IDEA in accordance with Article 3 of this Policy.

Insofar as you have requests or questions related to the processing of your personal data within the S.C. RAINBOW MARKETING & CONSULTING S.R.L., please contact us by using the following contact information:

Address (lucrative facility):29th Tudor Vianu Street, Apt. 1, 1st District, post code 011636, Bucharest, Romania;

Telephone: (+4) 0748 281 484


Given the activity of RAINBOW IDEA, the company does not justify at this time, the designation of a Data Protection Officer (DPO).

If you submit to RAINBOW IDEA a request to access your personal data processing activities to receive information, please keep in mind that due to the continuous processing of your personal data and taking into account the routine established in our IT systems for deletion information processed under the Data Retention Policy, we undertake to keep your up-to-date and accurate data at all times.Thus, this routine processing may involve modifying or deleting the personal information we process after you have submitted a request to us. In this case, RAINBOW IDEA will provide the information in its possession when we send you the response, even if it differs from the information that was stored at the date when you sent the request. Please note that deleting your personal data is a procedure that RAINBOW IDEA would have performed even if you had not submitted the request.

1. Contact details of the entity carrying out the described processing activities:


Registered office address: Bucharest, 2nd Piața Alba-Iulia Street, building I1 entrance 1 ap. 11, 3rd District, Romania;

You can contact us through:


By telephone: (+4) 0748 281 484 (normal rate call)    

By mail: 29 Tudor Vianu Street, Apt. 1, 1st District, post code 011636, Bucharest.

2. Personal Data collection, storage and processing

We only store and process your personal data in cases when you have voluntarily provided us with such data, such as by telephone in direct contact with one of the company's employees, or by e-mail to our corporate clients or our collaborators, or by filling in a printed form (paper), or placing them on an electronic device (for example, a tablet) in a campaign conducted by RAINBOW IDEA or by sending personal data by e-mail. If we collect any other personal data, you will be informed in this Policy or in the promotional campaigns or events, about the intended purpose of using this data, and if necessary, we will require your consent to the processing of personal data.

All personal data of individuals obtained by RAINBOW IDEA directly from them on behalf of and for the RAINBOW IDEA customer for which we conduct or organize a promotional campaign or promotional event will be forwarded to our client under the contract concluded with him without storing in any way this information.

3. RAINBOW IDEA collects personal data of the representatives of partner companies or individuals with whom RAINBOW IDEA comes in direct contact according to the contract concluded with its legal entities for the following purposes:

- every time you access our services, we process your personal data to conclude and execute the framework contract under which we provide our services;

- we process your personal data when we have obtained your consent to processing, such as the use of third-party cookies, such as Google Analytics, to verify traffic generated when you access our website;

- keeping in touch with our partners (via SMS, e-mail or phone) in connection with the accomplishment of the object of the concluded contract;

- to respond to requests for the performance of the services rendered or in connection with the data processing activities;

- transfer of information to our contractual partners for the provision of contracted services;

- transmission of offers for the conclusion of a contract with RAINBOW IDEA;

- transfer of information requested by different public authorities according to legal requirements, to internal or external audit firms or consultants;

- performing internal corporate operations of RAINBOW IDEA (example: drawing up lists);

- participating in a contest or promotional campaign sponsored or organized by RAINBOW IDEA or by a third party on our behalf.

4. Personal data we use and the legal basis of the processing

  • Identification and contact details of our clients' representatives - name and surname, business or personal email, phone number (mobile, landline or both), postal address of the company you are working in. The legal basis on which we carry out the processing of this personal data is the legitimate interest pursued by a third party, namely the client- legal entity of RAINBOW IDEA, as provided by art. 6 par. (1) letter f);
  • Identification and contact details of individuals with whom we enter into contact directly or through subcontractors (promoters) to conduct promotional campaigns or events having the same purpose on behalf and for our clients - name and surname, telephone number, email address, as well as any information that is required by our client on the basis of a prize contest, event, or promotion campaign. The legal basis on which we carry out the processing of these personal data is the consent of the data subjects, according to art. 6 par. (1) letter a) from GDPR.

In relation to RAINBOW IDEA, we ask you to provide us with specific information and you may refuse to submit this information, because you decide what information you give us, if you consent to giving it. If the requested information is not given by the data subjects, we may be unable to perform the required services.

5. Principles of processing personal data

We respect the principles of processing and data protection so your personal data will be:

  • processed legally, fairly and transparently;
  • collected only for a valid purpose that we have clearly explained and not used in a way incompatible with this purpose;
  • relevant to the purpose we have communicated to you and limited only to those purposes;
  • accurate and up-to-date;
  • not be stored longer than necessary for the purposes described;
  • stored securely.

6. How do we get this data:


Directly from you:

  • Via the website, after sending a message by filling in the predefined fields in the "Contact" section;
  • After interacting with you by phone or by e-mail to send requests, recommendations or suggestions;  
  • Through your direct contact with our employees at a business meeting organization.

7. To whom we transmit your personal data and the results of our processing activities (reports, lists, etc.):

a)To our clients (legal entities)

We disclose/transmit information to our partners to the extent you authorize us at the time of receiving this data from you solely for and on behalf of our partner to whom we will transmit this data without storing them at the RAINBOW IDEA level.

The updated list of contractual partners, in relation to which RAINBOW IDEA processes your personal data can be consulted on request, by e-mail or by mail, accessing the means of communication under Art. 1 above.

b)Mandatory disclosure

To the necessary extent and RAINBOW IDEA still has personal data, RAINBOW IDEA will make it available to third parties to comply with any laws, regulations, legal requests or requests received from public authorities (for example, under certain law enforcement measures as a result of controls, summons or court orders) or when we believe and acting in good faith (in order to implement our internal policies and rules), including the investigation of their possible violations or the detection, preventing or taking action in respect of illegal activities or other misconduct, suspicion of fraud or the occurrence of security incidents.In addition, we will only share your data insofar as we are required to exercise our legal rights to defend ourselves against claims with legal implications or to prevent the damage to our rights, property or safety, our partners, yours or any third party or for the purpose of collaborating with law enforcement authorities, or if we believe it is necessary to ensure compliance with the intellectual property of RAINBOW IDEA or other rights.

c)Service providers

We may disclose personal information to our service providers so that they can perform the requested services on our behalf, for example, the promoter company through which we obtain your personal data in promotional campaigns, events or competitions organized or conducted by RAINBOW IDEA for and on behalf of a commercial partner).

d)Business transfers

We may share personal information in the case of a corporate transaction (purchases of the majority or wholly owned share of the company such as by merger). In the case of the aforementioned, affiliated companies or acquiring company will assume the rights and obligations described in this policy.


We can share the identifiers we collect (by using cookies) in order to operate our business and improve the relevance of our website as well as to detect potential security incidents or technical issues related to the operation of our website.

f)Non-personal information

We may share aggregate or non-personal information (data automatically generated through our internal systems or business information) with our business partners and other third parties in accordance with the terms of this policy.

8. Legality of processing personal data

RAINBOW IDEA is responsible for the processing of your personal data for the entire duration of this data storage within RAINBOW IDEA. We respect the principles of processing established under the General Data Protection Regulation (GDPR) and integrate these principles into our company's internal processes and our commercial practices.

9. Where are we processing your data?

For the period when your personal data is processed on the RAINBOW IDEA level in order to conduct our business, we process your personal data at a national level, namely in Romania where the company's server is located. If our providers process your personal data in countries that do not provide a sufficient level of protection of your rights, we carefully evaluate all the circumstances and ensure that appropriate security and privacy safeguards are in place so that your rights are not in any way violated. We also ensure that you have the means to exercise your rights.

10. Processing of job applicant’s data for jobs available within RAINBOW IDEA

Personal data means any information that identifies you or could be used to identify you. We process the data of the candidates applying to the jobs available in the company for legitimate and voluntary purposes, in order to conclude an employment contract. We ensure that we process only your personal data that is strictly necessary for the stated purpose.

For the purposes of selection and recruitment, we can process the following categories of personal data:

Identification data - name, surname, address, national insurance number, identification document number, photo etc..

Contact details - email address, phone number, address, etc.

Professional life data - employer, experience, position, salary, education, etc.

Please note that for certain positions involving the management of the company's assets (especially money management), the company may request the submission of a criminal record without storing personal data in the document and without retaining this document in its archive.

Digital data - cookies, IP addresses, and we can view websites that you own or are tracking and existing social networking activities as well as other public data available on the Internet without storing any data in any way;

Special categories of data (sensitive data) - personal data revealing racial or ethnic origin, membership of trade unions, health data for control of occupational health.

How do we collect the data?

Directly from you:

In the selection and recruitment process or through your submission of the resume following the posting of our jobs on the company's Facebook page through the recruitment platforms of our contract partners or following a recommendation.    

From other sources:

  • By recommendation;
  • External company to assess the suitability of the candidate during the recruitment process;
  • Health and safety at work or other providers of safety services at work or in medical services;
  • From the former employer.

How long do we keep your data?

As a general rule, we keep your personal data for a period of time necessary to achieve the purpose of its processing, that is, during the recruitment and selection process, which is, in most cases, even if it does not materialize by signing an individual employment contract after 3 months. When we store your personal data for another specific purpose, the storage period will be specified in the Retention (storage) Policy of personal data. Your consent will be required if we consider it necessary to extend the data storage period beyond this initial period. All unsolicited CVs will be immediately destroyed or deleted.

11. The rights you have

  • Before exercising your rights, we must identify you to protect your personal data against any fraudulent attempts.
  • Your requests for personal data processing by RAINBOW IDEA will be honoured as soon as possible. With respect to our internal processes, we will endeavour to deliver any response in relation to your personal data processing activities, within a maximum of one month, by sending a mail toby phone call using the phone numbers displayed in the "Contact" section of the Site.
  • You have the right to receive information at any time about the purposes of processing your personal data, categories and sources, recipients, periods of storage of your personal data and your rights.
  • You have the right not to be subject to an automatic decision, having the possibility of opposing an automatic decision-making process. RAINBOW IDEA does not make automated decision-making processes at this time.
  • You have the right to access your personal data, including the right to obtain a copy of the personal data we process.
  • Regarding the portability (transfer) of the data you have provided to us in relation to the precise purpose for which you have given us these data and the limited time for which we store these data by the date we transferred it to our trading partner or at the time we are requested to delete, anonymize or destroy them, this right must be requested from our contractual partner with whom RAINBOW IDEA acts as the Entitled Person and thus strictly abide by our partner's instructions regarding any processing activity which we do.
  • We update your personal data, asking you to review it from time to time and whenever the need for updating is required by law. However, if you find that some data that we have or obtained from you in the presentation modes in this policy is incorrect or inaccurate, you may request the rectification and/or updating of incorrect data and the completion of incomplete data.
  • You can rectify or complete your personal data by contacting us and providing us with the correct or additional data. You may request that you restrict your data processing if the accuracy of the data is challenged for a period that allows us to verify that accuracy.
  • You have the right to restrict processing, which means we store your personal data, but we do not use it for any other purpose. If you have obtained restriction on processing, you will be notified before the data processing restriction is lifted.
  • You have the right to request the deletion of your personal data. You can exercise both rights under the conditions provided by law. We will evaluate your deletion request from our internal legislation and procedures, taking into account, where applicable, our partner's instructions and provide a written response within the agreed timeframe, which will not exceed one month from the receipt of the deletion request.
  • You have the right to contact us at any time if you believe that your rights stipulated by the legislation on the protection of personal data have been violated.
  • You have the right to appeal to the Data Surveillance Authority, namely The National Supervisory Authority for Personal Data Processing, having the address 28-30 , 1st District, post code 010336, Bucharest, Romania, or at a competent court if you believe that your personal data processing rights have been violated.

12. Cookies

Cookies are text files entered on your computer, smartphone or tablet, to collect standard internet logging information and information about your conduct on our website. This information is used, for example, to analyse your use of the site and to generate statistics reports on the work done on the website. You can set your browser to not accept cookies. However, some internal cookies are required to allow the Website user to use the RAINBOW IDEA site.

For more information, visit Cookies policy.

13. We do not process data about under-aged people

By using the RAINBOW IDEA website and interacting in any way with RAINBOW IDEA, you warrant that (i) if you are in Romania, you are at least 18 years of age, or if you are in any other country, you are over the age defined for "children "in accordance with the applicable laws of your jurisdiction and (ii) you have the full exercise capacity to become subject to this Privacy Policy.If you are under 18, please read the terms of this Privacy Policy carefully with your parents or legal guardians. RAINBOW IDEA services are not directed or intended for children as defined by applicable law, and we do not collect or request information from children. If we get real knowledge of the fact that a user is considered a child in accordance with the applicable law, we will take steps to immediately delete the person's personal information. If you are aware of or have any reason to believe that a child shared any information with us, please contact us at the above-mentioned email address.

14. How do we protect your data?

In order to ensure that your rights and freedoms are not jeopardized and that compliance with relevant data protection laws and regulations is complied with, we implement appropriate technical and organizational measures to ensure a sufficient level of security for the processing of personal data. These measures consist of training and regular testing of our employees and, if applicable, our subcontractors in the introduction of relevant policies and processes, which are regularly reviewed and updated under the supervision of our data protection consultant.We also ensure that we carefully evaluate our service providers to provide you with an appropriate level of protection of your personal data and conclude with them personal data processing agreements to ensure that each subcontractor who comes in contact under our authority and your personal data, performs contracted processing activities in complete safety and comply with the provisions of the legislation in force in the field of personal data processing.

15. Updates

Our Privacy Policy may be changed from time to time (generally, to comply with data protection laws and practices). Updated versions will be published on our website.

©- RAINBOW IDEA: May 2019