Videoconferencing Policy

Pursuant to and for the purposes of articles 13 and 14 of European Regulation 2016/679 (hereafter GDPR) containing provisions on the protection of personal data, the company CloudFire Srl , owner of the website https://www.cloudfire.it/ (hereinafter, the”Site”), as Data Controller, informs you that the data concerning you provided, or otherwise acquired, will be processed in compliance with the above-mentioned legislation.

The processing of personal data will be carried out in a lawful, correct and transparent manner with respect to the interested party.

By personal data processing, we mean any operation or set of operations, carried out even without the aid of electronic tools, concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation and destruction of data, even if not registered in a database.


1. Data controller

The Data Controller is the undersigned company CloudFire Srl (VAT number/tax code) IT02764700353), with registered office in Reggio Emilia (RE) at Via Giambattista Vico 93, ordinary e-mail address info@cloudfire.it, certified e-mail address cloudfire@legalmail.it.


2. Data Protection Officer (DPO)

Cloudfire Srl has appointed a data protection officer (RPD/DPO). The appointed DPO is Attorney Andrea Ruffilli, with an office in Maranello (MO), Via Garibaldi n. 2, who can be contacted at the following e-mail address info@studiolegaleruffilli.com.


3. Purposes of the treatment

In compliance with the principles of lawfulness, correctness, transparency, appropriateness, relevance and necessity referred to in art. 5, paragraph 1 of the GDPR, the Data Controller will process the personal data provided by the interested party when using the platform for the execution of Video Conferences with the aid of electronic means and platforms for the pursuit of the following:

  • Videoconferencing management and implementation;
  • Sharing of contributions and documentation to be viewed, controlled and/or subject of the Video Conference, using the tools provided by the platform;
  • Collection, storage and dissemination of mandatory personal data (name, surname, e-mail address) of Users as well as telephone number, password and credentials for accessing the platforms not only by the Data Controller but also by the platform that issues its specific information.


4. Legal basis

The legal basis provided is linked to a purpose of fulfilling a legal obligation as well as for the fulfillment of a contractual obligation. The Data Controller and the interested party have a contractual relationship, based on the stipulated contract for which the purposes referred to in the previous paragraph, i.e. the conduct of the Video Conference, also find their legal basis in the fulfillment of a contractual obligation.


5. Categories of recipients of the data and possible transfer of data

The data processed for the above purposes will be communicated or will in any case be accessible to the Data Controller and to those responsible for managing the platform, including system administrators and/or persons in charge of processing.

Access to the data collected for the above purposes may be allowed by the Data Controller, for carrying out hardware or software maintenance work necessary for the operation of the platform or for the management of some additional functions, even to external parties who, for the sole purpose of the requested service, may become aware of the personal data of the interested parties and who will be duly appointed as Data Processors in accordance with art. 28 of the GDPR, and any joint controllers.

Apart from the cases of communication mentioned above, the data will not be disclosed to third parties except to comply with legal obligations or respond to legal and judicial requests and will not be disclosed.

The data collected by the Data Controller will not be transferred to countries outside the EU.

The data collected by the host platform with which the online video conferences will be carried out can be stored and processed in non-EU countries (please read the information on the host platform).


6. Data retention period

The data collected will be kept by the Data Controller for the period of carrying out the activity carried out and for no more than 10 years from its termination and will be kept by the platforms for the times stated by their manager in their information.


7. Third-party websites and services

The platform may contain links to other websites that have their own privacy policy in which they explain how they process data independently. The Data Controller is not responsible for the processing of data carried out by these sites and/or carried out by platform managers.


8. Specific information related to the platforms used

The use of these platforms requires the use of dedicated servers with sufficient bandwidth to allow multiple simultaneous accesses.

The servers are made available by the companies to which the Data Controller has contacted or by third companies that offer the hosting service. General rules adopted and common to all platforms that offer videoconferencing services:

  • The Data Controller will send this information to all Users;
  • During the Video Conference, tools will be used: chat for sending messages and questions, screen sharing by the data controller who will have tools available for moderating conversations, microphone for formulating questions and answers to questions available to the User.


9. Rights of the interested party

The interested party has the right to request from the Data Controller, pursuant to articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR:

  • access to their personal data and to all the information referred to in art. 15 of the GDPR;
  • the correction of their inaccurate personal data and the integration of incomplete ones;
  • the cancellation of their data, with the exception of those contained in documents that must be kept by the Foundation and unless there is a legitimate overriding reason to proceed with the processing;
  • the limitation of processing where one of the hypotheses referred to in art. 18 of the GDPR occurs.

The interested party also has the right:

  • to object to the processing of their personal data, without prejudice to the provisions regarding the necessity and mandatory nature of the processing for the purpose of establishing the relationship;
  • to revoke any consent given for non-mandatory data processing, without thereby affecting the lawfulness of the processing based on the consent given before the revocation.


10. How to exercise your rights

The interested party may at any time exercise their rights in accordance with the provisions of art. 12 of EU Regulation 2016/679, by sending a:

  • registered letter with return receipt to: CloudFire Srl (VAT number/tax code) IT02764700353), with registered office in Reggio Emilia (RE) at Via Giambattista Vico 93;
  • PEC: cloudfire@legalmail.it;
  • email: info@cloudfire.it.

or by writing to Data Protection Officer Avv. Andrea Ruffilli, with studio in Maranello (MO), Via Garibaldi n. 2


11. Complaint

The interested party also has the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data pursuant to art. 77 of the GDPR (http://www.garanteprivacy.it).


12. Referral clauses

For anything not provided for in this information, please refer to the rules of the laws in force on the subject and in particular to Regulation 2016/679 and to Legislative Decree 196/03 as amended by Legislative Decree 101/18 and subsequent amendments, as well as to any other provision relating to it.


13. Whether or not it is mandatory to provide data

The provision of personal data is mandatory in order to register on the platform and to be able to carry out video conferences and participate in the activities proposed with them.

Any explicit refusal will eventually be communicated to: info@cloudfire.it and makes it impossible for the interested party to use the service.