Candidate Privacy Policy

Pursuant to and for the purposes of articles 13 and 14 of European Regulation 2016/679 (hereinafter GDPR) containing provisions on the protection of personal data, the company CloudFire Srl, owner of the website https://www.cloudfire.it/ (hereinafter, the “Site”), acting as Data Controller (hereinafter referred to as the “Data Controller”) informs you that the data you provide, or otherwise acquired, will be processed in compliance with the above-mentioned legislation.

The processing of personal data will be carried out in a lawful, correct and transparent manner with respect to the interested party.

By personal data processing, we mean any operation or set of operations, carried out even without the aid of electronic tools, concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation and destruction of data, even if not registered in a database.

Any services offered through the Site are reserved for individuals who have reached the age of eighteen. The Data Controller therefore does not collect personal data relating to individuals under 18 years of age. At the request of Users, the Data Controller will promptly delete all personal data unintentionally collected and relating to individuals under 18 years of age.

Data controller

The Data Controller is the undersigned company CloudFire Srl (VAT number/tax code) IT02764700353), with registered office in Reggio Emilia (RE) at Via Giambattista Vico 93, ordinary e-mail address info@cloudfire.it, certified e-mail address cloudfire@legalmail.it.


Data Protection Officer (DPO)

Cloudfire Srl has appointed a data protection officer (RPD/DPO). The named DPo is theAttorney Andrea Ruffilli, with studio in Maranello (MO), Via Garibaldi n. 2, which can be contacted at the following e-mail address info@studiolegaleruffilli.com.

Categories of data processed

The data subject to this treatment are the following:

  1. personal identification data (name, surname, place and date of birth, tax code, telephone number, email address, educational qualifications, profile photo, IP address, log file) and everything that you have independently entered contained in your curriculum vitae and related attachments;
  2. additional data, including those pursuant to art. 10 GDPR, (data that the law defines as “special”, e.g. disability, health conditions) possibly and voluntarily inserted in the search and selection form of personnel and/or their curriculum vitae.


Purposes of the processing and legal basis

EXPERIMENT WITH PROCEDURES FOR SELECTING PERSONNEL (FORM ON THE SITE AND/OR OTHER METHODS OF RECEIVING CVS FROM THE COMPANY - e.g. e-mail, hand delivery, etc.)

Your data will be processed in order to allow the carrying out of activities related to or instrumental to the company's internal selection processes, a necessary prerequisite for possible recruitment or for the start of a possible collaboration. Your data will also be processed in order to communicate the outcome of the selection procedure, by contacting you at the addresses contained in the form on the Site and/or curriculum vitae.

Data processing is necessary for pre-contractual purposes (art. 6 letter b of the GDPR), in combination with art. 88 (1) GDPR and the General Authorization No. 1/2016 of the Guarantor for the protection of personal data (Authorization to process sensitive data in employment relationships - 15 December 2016) linked to the personnel selection processes that originated from the receipt of your curriculum vitae.

Recipients of the data: the data collected in relation to the indicated purpose may be communicated to the appointees/authorized by the Data Controller, to the data processors designated pursuant to art. 28 of Reg. EU 2016/679, to IT consultants/system administrators, to autonomous owners.
The updated list of managers and persons in charge of processing is kept at the headquarters of the Data Controller and you can access it at any time, upon a specific request, to be sent to the addresses listed below.

Duration of treatment: As for the personal data collected in connection with the collection of curricula vitae, they will be kept for the time necessary to carry out the purposes indicated and in any case kept for a period not exceeding 24 months. At the end of the storage period, personal data will be deleted.

Failure to communicate data: the provision of data is necessary for the pursuit of the purposes indicated above, to which the interested party is required to fulfill. Failure to communicate by the interested party makes it impossible to continue with the selection process.

Methods of processing: the processing of data for the purposes set out above takes place through electronic, computer or paper support in compliance with the confidentiality and security rules provided for by the regulations mentioned above and other regulations resulting from them. They are also processed, on behalf of the Data Controller, by professionals and/or companies responsible for carrying out technical, development, management and administrative - accounting activities.

Transfer of data abroad: The data collected in relation to the above-mentioned purposes are not transferred to countries outside the EU. The owner, however, reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as required by art. 46 of EU Regulation 2016/679.

Automated decision-making processes: the data collected in relation to the above-mentioned purpose are not subject to automated decision-making processes (including profiling).

Rights of the interested party: pursuant to Reg. EU 2016/679 the interested party has the right to:

  • access personal data to know (“reactive transparency”) the purposes of the processing, the categories of personal data collected, the recipients of the data communication, in particular if recipients of third countries or international organizations, the period of conservation of the planned data (art. 15);
  • obtain the correction (art. 16);
  • right to obtain the cancellation of personal data, if these are no longer necessary for the purposes for which they were collected and if there are no additional legal storage requirements (art. 17 GDPR);
  • request the limitation of processing (art. 18)
  • request data portability (art. 20);
  • right to object to processing for reasons related to your particular situation (art. 21 GDPR). In this case, we will refrain from further processing your data unless you demonstrate the existence of compelling legitimate reasons to proceed with the processing (e.g. for the defense of your rights in court);
  • not to be subject to automated decision-making, including profiling (art. 22).

Finally, the interested party will have the right to lodge a complaint with the Guarantor Authority pursuant to art. 13 paragraph 2 letter d) of the above-mentioned regulation as well as pursuant to art. 77 of the regulation.

How to exercise your rights: the interested party may at any time exercise their rights in accordance with the provisions of art. 12 of EU Regulation 2016/679, by sending a:

  • registered letter with return receipt to: CloudFire Srl (VAT number/tax code) IT02764700353), with registered office in Reggio Emilia (RE) at Via Giambattista Vico 93;
  • PEC: cloudfire@legalmail.it
  • email: info@cloudfire.it.

or by writing to Data Protection Officer Avv. Andrea Ruffilli, with studio in Maranello (MO), Via Garibaldi n. 2

Users have the right to obtain:

  • access personal data to know (“reactive transparency”) the purposes of the processing, the categories of personal data collected, the recipients of the data communication, in particular if recipients of third countries or international organizations, the period of conservation of the planned data (art. 15);
  • obtain the correction (art. 16);
  • right to obtain the cancellation of personal data, if these are no longer necessary for the purposes for which they were collected and if there are no additional legal storage requirements (art. 17 GDPR);
  • request the limitation of processing (art. 18);
  • request data portability (art. 20);
  • right to object to processing for reasons related to your particular situation (art. 21 GDPR). In this case, we will refrain from further processing your data unless you demonstrate the existence of compelling legitimate reasons to proceed with the processing (e.g. for the defense of your rights in court).
  • not to be subject to automated decision-making, including profiling (art. 22);
  • to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation (art. 7).

Finally, the interested party will have the right to lodge a complaint with the Guarantor Authority pursuant to art. 13 paragraph 2 letter d) of the above-mentioned regulation as well as pursuant to art. 77 of the regulation.
The Italian Supervisory Authority is the Guarantor for the protection of personal data, with headquarters in Piazza Venezia 11, 00186 — Rome (http://www.garanteprivacy.it/).

For anything not provided for in this information, please refer to Regulation (EU) 2016/679 to Legislative Decree 196/03 as amended by Legislative Decree 101/2018 and subsequent amendments, as well as to any other measure issued by the Guarantor Authority for the Protection of Personal Data (“Guarantor”).

The Data Controller is not responsible for updating all the links that can be viewed in this Policy, so whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by that link. In case of non-acceptance of the changes made to this privacy policy, the User is required to cease using https://www.cloudfire.it/ and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to Personal Data collected up to that time.