We at Cloudfire take personal data protection very seriously, which is why we make a constant effort to guarantee that privacy is respected.

We would therefore like to provide you with some information on how we process your personal data, how and why we collect them, and how we manage them.

We process your personal data whenever you visit our websites, purchase our services, as well as when you make a request for assistance or simply for information.

In all such cases, we will process your data responsibly in compliance with Regulation (EU) 2016/679 and in accordance with the principles of lawfulness, fairness and transparency, accuracy, purpose limitation, data minimisation and storage limitation, ensuring its integrity and confidentiality.

Based on this and in accordance with Article 13 of Regulation (EU) 2016/679, we would like to provide you with some information about such processing.





The Data Controller is CloudFire Srl (VAT No/Tax ID No IT02764700353), with a registered office in Reggio Emilia (RE), at Via Fratelli Cervi 87/B, who can also be contacted using the email address or the certified email address







We process your data to enable you to browse and use our websites. The computer system and software resources used for operating the website will collect, during their normal operation, some personal data the transmission of which is implicit in the use of internet communication protocols. This category of data includes IP addresses, information on the device used to access the site, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the request time, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), other parameters relating to the operating system and/or computer environment of the user, as well as other identifiers that, alone and/or in combination with other information, could allow a natural person to be identified. This category includes cookies, for which please refer to the specific information provided.

Processing is carried out in accordance with Article 6(1)(b) of Regulation (EU) 2016/679 and is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.



Registering for the restricted area


Data are processed to allow you to register and subsequently access the restricted area of the website, as well as to manage your account.

Processing is carried out in accordance with Article 6(1)(b) of Regulation (EU) 2016/679 and is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.



Performance of pre-contractual and contractual measures


We process your data for activities prior to, connected with and/or following the purchase of one of our services and/or products. This purpose includes processing prior to entering into a contract, and for concluding and managing a contract, including assistance, billing and/or fulfilling any other legal obligations required to perform a contract.

Processing is carried out in accordance with Article 6(1)(b) of Regulation (EU) 2016/679 and is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.



Direct marketing


Personal data processing is performed for the purpose of sending commercial and/or promotional communications by email concerning services and/or products similar to those already purchased.

Processing is carried out in accordance with Article 6(1)(f) of Regulation (EU) 2016/679, and in particular on the legitimate interest pursued by the Controller in carrying out promotional activities, except where such interests are overridden by the interests or fundamental rights and/or freedoms of the data subject. In particular, pursuant to Art. 130(4) Legislative Decree No 196/2003, Cloudfire can use the email address you provide when buying products or services from the Controller to send commercial communications relating to products or services similar to those already purchased. You can in any case object to processing at any time, easily and free of charge, by requesting not to receive further communications.





Your disclosure of your personal data is a contractual obligation without which the requested actions cannot be performed.





Depending on the purpose, personal data provided to Cloudfire can be disclosed by Cloudfire to its own staff expressly authorised to carry out processing operations, as well as to IT service suppliers and/or consultants acting as processors, to credit institutions acting as independent controllers, as well as to public bodies as required to fulfil legal obligations. You can request a full list of recipients from the holder.





Data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data were collected. For the purposes of performing a contract and/or fulfilling related legal obligations, the data will be stored for 10 years under Article 2946 of the Civil Code on ordinary time limits, and/or under Articles 2220 of the Civil Code and 22 of Presidential Decree No 600/1973, as relevant.





You have the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:


  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed;
  • the envisaged period for which the personal data will be stored or the criteria used to determine that period;
  • the existence of automated decision-making, including profiling.



You may also request:


  • rectification of your data where they are inaccurate;
  • their erasure where: i) the personal data are no longer necessary in relation to the purposes for which they were collected and/or otherwise processed; ii) you withdraw your consent, where there is no other legal ground for the processing; iii) you object to processing under Article 21(1) and (2) of the Regulation; iv) this is necessary to fulfil a legal requirement;
  • restriction of processing where: i) you contest the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data; ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; iii) the Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; iv) you have objected to processing pursuant to Article 21 pending verification whether the legitimate grounds of the controller override yours;
  • to receive the personal data processed in a structured, commonly used and machine-readable format, where the processing of personal data is carried out by automated means on the basis of your consent or a contract;
  • that the data will not be further processed for direct marketing purposes, by objecting in accordance with Article 21(2) of the Regulation.



Finally, if you believe that any processing infringes the Regulation, you have the right to lodge a complaint with the Italian Data Protection Authority (Autorità Garante per la protezione dei dati personali), with a registered office in Rome, at Piazza Venezia 11.