Pre-Contractual Policy
Pursuant to and for the purposes of articles 13 and 14 of European Regulation 2016/679 (hereafter GDPR) containing provisions on the protection of personal data, the company CloudFire Srl, as Data Controller (hereinafter referred to as the “Data Controller”) informs you that the data you provide, or otherwise acquired, will be processed in compliance with the above-mentioned legislation.
The processing of personal data will be carried out in a lawful, correct and transparent manner with respect to the interested party.
By personal data processing, we mean any operation or set of operations, carried out even without the aid of electronic tools, concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation and destruction of data, even if not registered in a database.
Data controller
The Data Controller is the undersigned company CloudFire Srl (VAT number/tax code) IT02764700353), with registered office in Reggio Emilia (RE) at Via Giambattista Vico 93, ordinary e-mail address info@cloudfire.it, certified e-mail address cloudfire@legalmail.it.
Data Protection Officer (DPO)
Cloudfire Srl has appointed a data protection officer (RPD/DPO). The Nominated DPO is Attorney Andrea Ruffilli, with studio in Maranello (MO), Via Garibaldi n. 2, which can be contacted at the following e-mail address info@studiolegaleruffilli.com.
Categories of data processed
The Data subject to this treatment are the following:
- in the case of a natural person, these will be personal identification data such as name, surname, n., tel., e-mail address) and any accounting data;
- in the case of a legal entity, the Data will be the name of the company or of the owner/contact person of the company, telephone number, e-mail address, first name, last name of any contacts and/or representatives of the Client company, and any accounting data.
Purposes of the processing and legal basis
A. Management of pre-contractual activities
In particular, management and use of contact data received for commercial proposals and for the realization or participation in events following the subsequent release of data by interested parties both in paper and electronic form, also through the various web platforms (by way of example and not exhaustive, LinkedIn). The processing of the collected data is justified by the contract to which you are a party (art. 6 letter b GDPR).
Recipients of the data: the data collected in relation to the indicated purpose may be communicated to the appointees/authorized by the Data Controller, to the data processors designated pursuant to art. 28 of Reg. EU 2016/679, to IT consultants/system administrators, to Autonomous Controllers. The updated list of managers and persons in charge of processing is kept at the headquarters of the Data Controller and you can access it at any time, upon a specific request, to be sent to the addresses listed below.
Duration of Treatment: the data collected in relation to the aforementioned purpose will be kept until the termination, for any reason, of the negotiating relationship or for the longer period after the expiry of the ordinary limitation period for contractual liability, without prejudice to special needs for further storage of data in relation to the contractual relationship entered into.
Failure to communicate data: Without them, it would be impossible to fulfill some legal and contractual obligations. Therefore, your failure to provide them would, in fact, make it impossible to carry out the requested services and to proceed further to process them.
B. Fulfilment of legal obligations
This, for example, takes the form of: administrative and accounting obligations, tax obligations. The processing of the collected data is justified by the fulfillment of legal obligations on the part of the Data Controller (art. 6 letter c GDPR)
Recipients of the data: the data collected in relation to the indicated purpose may be communicated to public bodies and/or private entities to whom the communication of data is required by law, to the data processors designated pursuant to art. 28 of Reg. EU 2016/679, to those appointed by the Data Controller. The updated list of managers and persons in charge of processing is kept at the headquarters of the Data Controller and you can access it at any time, upon a specific request, to be sent to the addresses listed below.
Duration of treatment: the data collected in relation to the aforementioned purpose will be kept for the time required by the legislation that imposes the processing or for the longer term relating to the prescription of the related rights, without prejudice to special needs for further storage of data in relation to existing legal obligations.
Failure to communicate data: the provision of data is mandatory and necessary for the fulfillment of the obligations established by law. Any refusal to provide data for this purpose makes it impossible to continue the relationship.
Methods of processing
The processing of data for the purposes set out above takes place through electronic, computer or paper support in compliance with the confidentiality and security rules provided for by the regulations mentioned above and other regulations resulting from them.
Transfer of data abroad
The data collected in relation to the above-mentioned purpose are not transferred to countries outside the EU. The owner, however, reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as required by art. 46 GDPR 2016/679.
Automated decision-making processes
The data collected in relation to the above-mentioned purpose are not subject to automated decision-making processes (including profiling).
Rights of the interested party
Pursuant to Reg. EU 2016/679 the interested party has the right to:
- access personal data to know (“reactive transparency”) the purposes of the processing, the categories of personal data collected, the recipients of the data communication, in particular if recipients of third countries or international organizations, the period of conservation of the planned data (art. 15);
- obtain the correction (art. 16);
- right to obtain the cancellation of personal data, if these are no longer necessary for the purposes for which they were collected and if there are no additional legal storage requirements (art. 17 GDPR);
- request the limitation of processing (art. 18);
- request data portability (art. 20);
- object to the processing for reasons related to your particular situation (art. 21 GDPR). In this case, we will refrain from further processing your data unless you demonstrate the existence of compelling legitimate reasons to proceed with the processing (e.g. for the defense of your rights in court).
- not to be subject to automated decision-making, including profiling (art. 22).
Finally, the interested party will have the right to lodge a complaint with the Guarantor Authority pursuant to art. 13 paragraph 2 letter d) of the above-mentioned regulation as well as pursuant to art. 77 of the regulation.
How to exercise your rights
The interested party may at any time exercise their rights in accordance with the provisions of art. 12 of EU Regulation 2016/679, by sending a:
- registered letter with return receipt to: CloudFire Srl (VAT number/tax code) IT02764700353), with registered office in Reggio Emilia (RE) at Via Giambattista Vico 93;
- PEC: cloudfire@legalmail.it;
- email: info@cloudfire.it.
Or by writing to the Data Protection Officer Avv. Andrea Ruffilli, with studio in Maranello (MO), Via Garibaldi n. 2
- email: info@studiolegaleruffilli.com.