Supplier and Customer Policy

Pursuant to and for the purposes of articles 13 and 14 of European Regulation 2016/679 (hereafter GDPR) containing provisions on the protection of personal data, the Company CloudFire Srl, as Data Controller, informs you that the data concerning you, provided by you, or otherwise acquired, will be processed in compliance with the above-mentioned legislation.

The processing of personal data will be carried out in a lawful, correct and transparent manner with respect to the interested party.

By personal data processing, we mean any operation or set of operations, carried out even without the aid of electronic tools, concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation and destruction of data, even if not registered in a database.


Data controller

The Data Controller is the undersigned company CloudFire Srl (VAT number/tax code) IT02764700353), with registered office in Reggio Emilia (RE) at Via Giambattista Vico 93, ordinary e-mail address info@cloudfire.it, certified e-mail address cloudfire@legalmail.it.

The User can also easily object to further newsletter submissions even by clicking on the appropriate link for revoking consent, which is present in each e-mail containing the newsletter. Once the consent has been revoked, the Data Controller will send the User an e-mail message to confirm the revocation of the consent.


Data Protection Officer (DPO)

Cloudfire Srl has appointed a data protection officer (RPD/DPO). The Nominated DPO is Attorney Andrea Ruffilli, with studio in Maranello (MO), Via Garibaldi n. 2, which can be contacted at the following e-mail address info@studiolegaleruffilli.com.


Categories of data processed

The Data subject to this treatment are the following:

  • in the case of a natural person, personal identification data such as name, surname, place and date of birth, tax code, identification document, telephone number, e-mail address, IBAN);
  • in the case of a legal entity, the Data will be the name of the company or the owner/contact person of the company, e-mail address, IBAN, name, surname, place and date of birth, tax number of any contacts and/or representatives of the company.


Purposes of the treatment

A. Installation and execution of the supply/service agreement

This, for example, takes the form of: pre-contractual activities, conclusion and execution of the contract, litigation management.

Legal basis for the processing: the processing of the collected data is justified by the contract for the supply of goods or services to which you are a party (art. 6 letter b GDPR).

Recipients of the data: the data collected in relation to the indicated purpose may be communicated to professional firms of lawyers, accountants or labor consultants, to data processors designated pursuant to art. 28 of Reg. EU 2016/679, to insurance companies, to IT consultants/system administrators. The updated list of data processors is kept at the headquarters of the Data Controller. There is no provision for the dissemination of data to third parties.

Duration of treatment: the data collected in relation to the aforementioned purpose will be kept until the termination, for any reason, of the negotiating relationship or for the longer period after the expiry of the ordinary limitation period for contractual liability, without prejudice to special needs for further storage of data in relation to the contractual relationship entered into.

Failure to communicate data: the provision of the data necessary for the pursuit of the indicated purposes is a contractual obligation that the interested party is required to fulfill. Failure to communicate by the interested party makes it impossible to execute the contract.

B. Fulfilment of legal obligations

This, for example, takes the form of: administrative and accounting obligations, tax obligations.

Legal basis for the processing: the processing of the collected data is justified by the fulfillment of legal obligations on the part of the Data Controller (art. 6 letter c GDPR).

Recipients of the data: the data collected in relation to the indicated purpose may be communicated: to credit institutions, to the Revenue Agency, other public bodies and/or private entities to whom the communication of data is required by law to professional firms of lawyers, accountants or labor consultants, to data processors designated pursuant to art. 28 of Reg. EU 2016/679, to insurance companies, to IT consultants/system administrators. The updated list of data processors is kept at the headquarters of the Data Controller. There is no provision for the dissemination of data to third parties.

Duration of treatment: the data collected in relation to the aforementioned purpose will be kept for the time required by the legislation that imposes the processing or for the longer term relating to the prescription of the related rights, without prejudice to special needs for further storage of data in relation to existing legal obligations.

Failure to communicate data: the provision of data is mandatory and necessary for the fulfillment of the obligations established by law. Any refusal to provide data for this purpose makes it impossible to continue the relationship.

C. Promotion of services, concessions and comparable services for customers only

C.D. soft spam: communications having the character of “direct marketing” to inform about promotions, concessions, and particularly advantageous offer conditions in relation to the customer's preferences/purchases made.

Legal basis for the processing: the processing of the collected data is justified by the legitimate interest of the Data Controller (art. 6 letter f GDPR)

Recipients of the data: the data collected in relation to the indicated purpose may be communicated: to credit institutions, to the Revenue Agency, other public bodies and/or private entities to whom the communication of data is required by law to professional firms of lawyers, accountants or labor consultants, to data processors designated pursuant to art. 28 of Reg. EU 2016/679, to insurance companies, to IT consultants/system administrators. The updated list of data processors is kept at the headquarters of the Data Controller. There is no provision for the dissemination of data to third parties.

Duration of treatment: the data collected in relation to the aforementioned purpose will be kept until the termination, for any reason, of the negotiating relationship or for the longer period after the expiry of the ordinary limitation period for contractual liability, without prejudice to special needs for further storage of data in relation to the contractual relationship entered into.


Methods of processing

The processing of data for the purposes set out above takes place through electronic, computer or paper support in compliance with the confidentiality and security rules provided for by the regulations mentioned above and other regulations resulting from them.


Transfer of data abroad

The data collected in relation to the above-mentioned purposes are not transferred to countries outside the EU. The owner, however, reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as required by art. 46 of EU Regulation 2016/679.


Automated decision-making processes

The data collected in relation to the above-mentioned purpose are not subject to automated decision-making processes (including profiling).


Rights of the interested party

Pursuant to Reg. EU 2016/679 the interested party has the right to:

  • access personal data to know (“reactive transparency”) the purposes of the processing, the categories of personal data collected, the recipients of the data communication, in particular if recipients of third countries or international organizations, the period of conservation of the planned data (art. 15);
  • obtain the correction (art. 16);
  • obtain the cancellation of personal data, if these are no longer necessary for the purposes for which they were collected and if there are no further legal storage requirements (art. 17 GDPR);
  • request the limitation of processing (art. 18);
  • request data portability (art. 20);
  • object to the processing for reasons related to your particular situation (art. 21 GDPR). In this case, we will refrain from further processing your data unless you demonstrate the existence of compelling legitimate reasons to proceed with the processing (e.g. for the defense of your rights in court).
  • not be subject to automated decision-making, including profiling (art. 22);
  • revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation (art. 7).

Finally, the interested party will have the right to lodge a complaint with the Guarantor Authority pursuant to art. 13 paragraph 2 letter d) of the above-mentioned regulation as well as pursuant to art. 77 of the regulation.


How to exercise your rights

The interested party may at any time exercise their rights in accordance with the provisions of art. 12 of EU Regulation 2016/679, by sending a:

  • registered letter with return receipt to: CloudFire Srl (VAT number/tax code) IT02764700353), with registered office in Reggio Emilia (RE) at Via Giambattista Vico 93;
  • PEC: cloudfire@legalmail.it;
  • email: info@cloudfire.it.

Or by writing to the Data Protection Officer Avv. Andrea Ruffilli, with studio in Maranello (MO), Via Garibaldi n. 2


Referral clause

For anything not provided for in this information, please refer to the rules of laws in force on the subject and in particular to Regulation 2016/679 and to Legislative Decree no. 196/03 as amended by Legislative Decree 101/18 and subsequent amendments, as well as to any other provision relating to it