top of page

Privacy Policy

Last updated: 15 September 2021

Please read carefully

This privacy policy explains what information we gather about you, what we use that information for and who we give that information to.  It also sets out your rights concerning your information and who you can contact for more information or queries. 


•    Who this privacy policy applies to and what it covers
•    What information do we collect
•    From where do we collect information
•    How will we use your information
•    The legal grounds for processing your personal information
•    Who we disclose your information to
•    Protection of your personal information
•    How long do we keep your information for
•    Your data protection rights
•    Right to complain
•    Changes to this privacy policy


Who this privacy policy applies to and what it covers

This privacy policy is to let you know RAINBOW+Co cares deeply about your personal information. Personal information includes what you tell us about yourself, what we learn by having you as a customer, and the choices you actively give us about what marketing information you want us to send you. This notice explains how we do this and tells you about your privacy rights and how the law protects you. We are committed to protecting your privacy and handling your information in an open and transparent manner.

This privacy policy sets out how we will collect, handle, store and protect information about you when:

  • selling products and providing services to you;

  • you use “our Website”; or

  • performing any other activities that form part of the operation of our business.

When we refer to “our Website” or “this Website” in this policy we mean the specific webpage of

In the context of this privacy policy, “you” refers to any users of this Website, whether you have a registered account on our Website or not.   

This privacy policy also contains information about when we share your personal data with other third parties (for example, our service providers).

In this privacy policy, your information is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal information.

We use many different kinds of personal information and group them as follows.

Types of personal information

  • Personal identification and contact details - Your name, surname, title, date of birth, address, telephone and/or mobile no, nationality, profile photo etc.

  • Financial - Your financial information to process orders on our website such as bank account and payment card information.

  • Transactional/contractual - Details about the items, products or services that you have purchased from us and details relating to payments.

  • Locational - Data we get about where you are, such as may come from your mobile phone, the address where you connect a computer to the internet, or a shop where you buy something with your card.

  • Behavioural/usage data - Details about how you use our products and services.

  • Technical - Details on the devices and technology you use, for example Internet Protocol ("IP") address, browser type and version, operating system, date/time stamp, browser plug-in types and other technological information relating to the device you use to access our Website. Technical information may be collected by using cookies and similar technologies (please refer to our Cookie Policy). We may also receive information relating to you from third parties, including analytic providers and advertising networks.

  • Communications - What we learn about you from emails, live chats, social media and/or conversations between us.

  • Open data and public records - Details about you that are in public records and information about you that is openly available on the internet.

  • Consents - Any permissions, consents, or preferences that you give us. This includes things like how you want us to contact you when you place an order or when you subscribe to our mailing list.

What information do we collect?

We may collect or obtain such data because you give it to us, for example, when you:

  • register online or place an order for any of our products or services;

  • voluntarily complete a form on our Website or customer survey, or contact us through a communication channel such as email or social media; or

  • use or view our Website via your browser’s cookies.


We may also collect and process data because other people give that data to us (for example third party service providers that we use to help operate our business) or because it is publicly available.


The General Data Protection Regulation says that we are permitted to use personal information only if we have a proper reason to do so. This includes sharing it outside RAINBOW+Co. The regulation says we must have one or more of these reasons:

  • To fulfil a contract we have with you; or

  • When it is our legal duty; or

  • When it is in our legitimate interest; or

  • When you consent to it.


A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.


Here is a list of how we may use your personal information, and the reasons we rely on to do so. Here we also tell you what our legitimate interests are.

What we use your personal information for:

  • To process your order and manage your account.

  • To make suggestions and recommendations to you about products or services that may be of interest to you.

  • To develop new ways to meet our customers’ needs and to grow our business.

  • To develop and carry out marketing activities.

  • To study how our customers use products and services from us.

  • To provide advice or guidance about our products and services.

  • To improve and keep our Website secure.

  • To provide and improve our customer service and support.

Our reasons:

  • Your consent.

  • Order fulfilment.

  • Our legitimate interests.

  • Our legal duty.

Our legitimate interests:

  • Keeping our records up to date, working out which of our products and services may interest you and tell you about them.

  • Developing products and services, and what we charge for them.

  • Defining types of customers for new products or services.

  • Seeking your consent when we need it to contact you.

  • Being efficient about how we fulfil our legal duties.

From where do we collect personal information?

In the course of providing products and services to you, we will collect or obtain personal data about you.  We may also collect personal data from you when you use this Website.


We may collect personal information about you from RAINBOW+Co and the following sources (non-exhaustive):

Data you give to us:

  • When you apply for our products and services

  • When you communicate to us on the phone, via email, social media or live chats

  • When you use our Website

  • In customer surveys and/or feedback/reviews

  • If you take part in our promotions.


Data from third parties we work with:

  • Social networks

  • Public information sources

  • Market researchers

  • Government and law enforcement agencies.

How do we use information about you?

We will use your personal data to provide you with our products and services. As part of this, we may use your personal data in correspondence relating to the provision of our products or services.  Such correspondence may be with you, our client, our service providers and/or competent authorities. ­­

Use of personal information collected via our Website

In addition to the purposes connected to the operation of our business above, we may also use your personal data collected via our Website:

  • to manage and improve our Website

  • to tailor the content of our Website to provide you with a more personalised experience and draw your attention to information about our products and services that may be of interest to you

  • to manage and respond to any request you submit through our Website.

Who we disclose your information to?

We may share your personal information within RAINBOW+Co and these organizations:

  • Individuals who are legally entitled to receive such information

  • Market researchers

  • Companies you ask us to share your data with

  • Third parties that provide services to RAINBOW+Co


Aggregated/anonymised information: We may share non-personal, de-identified and aggregated information with third parties for several purposes, including data analytics and promotional purposes.


Sending data outside of the EEA

Please note that some of the recipients of your personal data referenced above may be based in countries outside of the European Economic Area (EEA) whose laws may not provide the same level of data protection. In such cases, we will ensure that there are adequate safeguards in place to protect your personal data that comply with our legal obligations. Where the recipient is not a member of RAINBOW+Co, the adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal data to third countries.

Read more on the EU Data Protection site.

Our website is hosted by Ltd (inclusive of its affiliated companies), which processes personal information within the territory of the European Union, Israel or a third country, territory or one or more specified sectors within that third country of which the European Commission has decided that it ensures an adequate level of protection and such processing and transfer will be in accordance to Wix’s Data Processing Agreement dated 11 October 2020 (the “Wix DPA”). Any transfer to and processing in a third country outside the European Union that does not ensure an adequate level of protection according to the European Commission, shall be undertaken in accordance with the Standard Contractual Clauses (2010/87/EU) set out in Annex 1 of the DPA. Please refer to the Wix DPA and Privacy Policy at Wix - DPA Users and About Privacy | WIX respectively, which sets out the manner in which compliance is achieved with the requirements of the Regulation (EU) 2016/679 (General Data Protection Regulation).

Note: The European Commission has the power to determine, on the basis of article 45 of Regulation (EU) 2016/679 whether a country outside the EU offers an adequate level of data protection. As per the Adequacy decisions | European Commission (, the state of Israel has been recognized by the EU as one of the third countries having adequate level of data protection for the purposes of data flow and as such data transfers to Israel will be assimilated to intra-EU transmissions of data. For further details, please refer to EUR-Lex - 32011D0061 - EN - EUR-Lex ( as well as Adequacy decisions | European Commission (


We may use your personal information to tell you about relevant products and offers. This is what we mean when we talk about “marketing”.

The personal information we have of you is made up of what you tell us, and data we collect when you use our products and services, or from third parties, whom we work with.

We study this to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant to you.

We can only use your personal information to send you marketing messages if we have either your consent or a “legitimate interest”. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.

You can ask us to stop sending you marketing messages by contacting us at any time by completing the contact form on our website, via email at or by clicking “unsubscribe” on our mailing list.

Whatever you choose, you will still receive notifications and other important information in relation to your orders.

We may ask you to confirm or update your choices if you take out any new products or services with us in future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business. If you change your mind, you can update your choices at any time by contacting us.

What if you choose not to give personal information?

We may need to collect personal information by law, or under the terms of a contract, we have with you.

If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to fulfil your order. It could mean that we cancel a product or service you have with us. Any data collection that is optional would be made clear at the point of collection.


Privacy policies of other websites

Like many websites, our Website contains links to other websites, such as our affiliates. Our privacy policy applies only to our Website, so if you click on a link to another website, you should read their privacy policy and other related terms and conditions to understand your rights before proceeding.

Protection of your personal information

We use a range of physical, administrative and technical measures to ensure that we keep your personal data secure, accurate and up to date. These measures include:

  • education relating to privacy obligations when handling personal data;

  • technological security measures, including firewalls, encryption and anti-virus software.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure.  We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.

How long we keep your information for

We will hold your personal data on our systems for the longest of the following periods:

  • as long as you are a customer of RAINBOW+Co;

  • any retention period that is required by law; and

  • the end of the period in which litigation or investigations might arise in respect of the product and services.

After you stop being a customer, we may keep your data for up to 10 years for one of these reasons:

  • To respond to any questions or complaints.

  • To show that we treated you fairly.

  • To maintain records according to rules that apply to us.

We may keep your data for longer than ten years if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.


Your rights

You have various rights in relation to your personal data. Every user is entitled to the following:

  • Right to access - You have the right to obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you.

  • Right to rectification – You have the right to ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete.

  • Right to erasure – You have the right to request that your personal data is erased, subject to certain conditions.

  • Right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

  • Right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

  • Right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us at our email:  

You may also use the same contact email if you wish to make a complaint to us relating to your privacy.

Right to complain

If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Office of the Information and Data Protection Commissioner (“IDPC”). Find out on the IDPC website how to file a complaint.

Changes to this privacy policy

We may modify or amend this privacy policy from time to time. To let you know when we make changes to this privacy policy, we will amend the revision date at the top of this page. The new modified or amended privacy policy will apply from that revision date. Therefore, we encourage you to periodically review this policy to be informed about how we are protecting your information.


To find out more about how we use cookies, please see our Cookie Policy.

bottom of page