Dear User, Dear Customer,
information on the processing of personal data carried out via our website https://cloudfire.it/en/ (hereinafter the “Site“), the Cloudfire Srl identifier – which enables you to access Cloudfire Srl applications and services – (hereinafter “Cloudfire Srl“), or otherwise carried out in connection with our products and services, pursuant to (EU) Regulation no. 2016/679 (hereinafter the “Regulation” or “GDPR“), is set out below. The data controller is, on each occasion, the relevant Cloudfire Srl group company (hereinafter “Cloudfire Srl”, “we”, “ours” or the “Company”) and in particular: (i) Cloudfire Srl, with registered office at Via F.lli Cervi, 87/b • 42124 Reggio Emilia IT, for processing on the Site; (ii) the Cloudfire Srl from which you purchased the product or with which you stipulated the contract for services or with which you have been in contact for information on our products (including in the context of demos, promotions and trials) (hereinafter only the “Controller“, “Cloudfire Srl” or the “Company“). The contact details of the relevant controller on each occasion are set out in the “Data Controller” section.
We provide this policy not just to comply with the legal obligations relating to the protection of personal data specified in the GDPR, but also because we believe that protecting personal data is a fundamental value of our business and therefore want to give you all possible information that can help you protect your privacy and control the use made of your data.
Data Protection Officer
The Cloudfire Srl Data Protection Officer, who is the person appointed to monitor compliance with the Regulation, is available to respond to your needs for information on how we process your data, and can be contacted at the Cloudfire Srl head office or at the email address firstname.lastname@example.org.
Categories of personal data processed
To enable the conclusion and institution of the contractual relationship with Cloudfire Srl, or whenever you visit, consult, request or use Cloudfire Srl services and/or products (including those available on this Site), we collect and use your personal data (i.e. any information that is able to identify you directly or indirectly). Here below we list the categories of processed personal data relating to you:
- Identification, contact and access data such as first name, surname, user name, email address, postal address, telephone number, Cloudfire Srl and password, any profile image if set by you;
- Product data such as those relating to products licensed to you and/or services subscribed to by you;
- Invoicing information and payment data, such as VAT number, tax code, address, and possibly company name;
- Browsing data, e.g. connection data, IP addresses, domain names and other parameters relating to the browser and operating system that you use, log data, data relating to installation and configuration licenses, data relating to recordings carried out, interaction and transaction processes, performance indicators, data relating to browsing flows and page views, usage of features and counts;
- Usage Data both in “on premises” mode – i.e. information generated locally when using products or services purchased by you, or in “cloud” mode, i.e. during your online use of Cloudfire Srl services. Usage Data relating to different products and/or services purchased by you (also from different Controllers from Cloudfire Srl) may be linked for lawful and transparent purposes, as listed in the following paragraph.
We remind you that the use of Cloudfire Srl products and services accessed via the credentials linked to your Cloudfire Srl is subject to the relevant contractual conditions and limitations. The creation of the ID Cloudfire Identifier also enables the activation of a feature used to collect and store log data relating to access and usage of management platforms to verify their operational status in compliance with the security requirements specified by the Regulation.
Purpose of processing
The processing of the personal data categories listed above is carried out by the Company, in the performance of its financial and commercial activities, for the specific purposes described below.
- Contractual and Legal Purposes
- a) To enable you to browse the Site;
- b) Account registration and management (including any account verification and recovery of the credentials linked to it, where envisaged) and usage of the features related to the account itself;
- c) The performance of activities required for the conclusion and execution of the contract in order to provide the service/product you requested or purchased, also through the Site;
- d) The handling of registration requests for webinars and events, requests for newsletters, the provision of quotations, the processing of orders and the provision of customer assistance and support;
- e) The handling of any complaints and requests and the sending of service communications and updates, using both traditional communication tools such as physical mail, and also distance communication tools such as email, chat, telephone, SMS, chatbots, banners, notification systems and others;
- f) Customer assistance and support activities for the use of services by individual Customers, tutorship activities and the handling of open tickets for support purposes, also through Usage Data.
- g) The fulfillment of obligations ensuing from laws, regulations or community legislation currently in force (e.g. tax and accounting obligations), or handling and responding to requests from the competent administrative, tax or judicial authorities.
The purposes listed above are jointly defined as “Contractual and Legal Purposes” and do not require the express consent of the interested party. Providing your personal data for the aforementioned purposes is necessary and mandatory, so that any refusal to provide them would prevent us from pursuing our contractual relationship with you and providing the requested services.
- Purposes of Legitimate Interest
- h) For statistical and research analyses of the products and services purchased and used by you with the aim of improving and developing the products and services themselves, also by linking data between different Controllers in Cloudfire Srl. While respecting the principle of minimization, where possible, this activity will take place after the anonymization and aggregation of the data collected;
- i) To assert and defend the rights of the Company, also in the context of credit recovery procedures and the assignment of credits to authorized companies, including through third parties, and to prevent and counter fraud;
- j) To complete a potential merger, asset sale, company sale, company branch sale or financial operation by disclosing and transferring the data to the third party(s) involved;
- k) To send via email, pursuant to article 130, paragraph 4 of Legislative Decree 196/2003 (“Privacy Code”), marketing communications on services or products related to those covered by the contract with Cloudfire Srl, it being understood that, at any moment, you will have the option to object to the sending of such communications;
- l) To carry out customer segmentation activities, with the possibility of sending messages to customers for Marketing Purposes, as indicated in this policy, based on non-invasive information categories such as, among others, professional category, city/province/region in which based, the type of product or service purchased. This customer segmentation activity may also be performed on the platforms of third-party suppliers through linked activities with data belonging to the third-party platform. In this case, communications for Marketing Purposes will be sent in compliance with the consent expressed by you and in accordance with the provisions of this policy. In this context, the data could also be used to detect similar customer profiles.
The “Purposes of Legitimate Interest ” described do not require your specific consent since they are covered by the exception provided for by art. 6, paragraph 1, lett. f) of the GDPR. Nonetheless, in compliance with the GDPR, the Company has implemented a careful balancing of interests in order to protect and guarantee the privacy and fundamental rights of the interested parties.
- Marketing Purposes
- m) To send you news updates and business offers regarding Cloudfire Srl products and services, also by linking Usage Data and analyses of your Site browsing behavior and, more generally, your usage of Cloudfire Srl services and products, or to invite you to take part in events, or to conduct market research or other commercial and customer satisfaction initiatives through traditional communication channels like physical mail or one-to-one telephone calls or through automated communication tools such as email, chat, messages (SMS and other instant messaging), chatbots and other distance communication tools
- n) To disclose your personal data to other companies in the Cloudfire Srl group and/or business partners belonging to its sales network, to send marketing communications and to undertake other business initiatives such as those set out at letter n).
The processing of your data for “Marketing Purposes” is not mandatory. Your prior consent is therefore needed, which the Company will request on each occasion in the most appropriate manner for each of the activities described above. You can withdraw your express consent at any time without affecting your contractual relationships with the Company.
Disclosure, dissemination and transfer of data
In respect of the principle of purpose and minimization, your personal data may be disclosed to the following third parties who perform activities serving those relating to the Cloudfire Srl product or service purchased, such as: (a) third-party suppliers of support and consultancy services on behalf of the Company regarding activities in the (purely by way of example) technology, accounting, administrative, legal, insurance sectors, (b) in cases in which the contractual relationship involves activities by business partners, the Company may share some of your personal data with its distributors, resellers and partners that are part of the distribution chain for Cloudfire Srl products and services; (c) banks and credit institutions; (d) credit recovery companies; (e) public entities and authorities with a right to access your personal data expressly recognized by the law and by regulations or provisions issued by the competent authorities; (f) potential buyers of the Company and entities resulting from the merger or any other form of transformation regarding the Company.; (g) public databases and credit information IT systems.
For Marketing Purposes, and by your specific consent, your personal data may also be disclosed to third parties and business partners appointed to conduct marketing campaigns on behalf of the Company.
Data processing methods
The Company processes your personal data using electronic and manual systems in compliance with the principles of lawfulness, fairness and transparency set out in the applicable personal data protection legislation, and also protects your confidentiality by means of technical and organizational security measures to ensure an adequate level of security.
This processing is performed at the Company’s head offices and/or at the offices of external data processing officers who perform it on behalf of the Company. As regards Usage Data, in compliance with the purposes described and, where necessary, with your express consent, analysis activities may be carried out – also by linking your data regarding the different products and services you purchase from Cloudfire Srl – both in relation to “on premises” products, by acquiring Usage Data generated locally when using Cloudfire Srl products and/or services, and to “cloud” products, i.e. during the use of services online. To compile usage statistics the Company uses tools that enable the collection of Usage Data. These tools may involve storing information in the application used through your terminal or accessing this information. As specifically regards the collection of Usage Data in the “cloud”, the Company uses analytical tools such as, among others:
- a) Web and customer analytics;
- b) Analytics and document search;
- c) Querying and Dashboarding.
Data will be retained for the period of time needed to pursue the purposes for which it was collected, as stated in this policy. Whatever the case, the following data retention terms will apply to the processing of data for the following purposes:
(i) for Contractual and Legitimate Interest Purposes data is kept for the duration of the supply of services requested by you and for the subsequent 10 years (the period in which the customer’s right to claim any possible contractual liability against Cloudfire Srl expires), without prejudice to cases in which its retention for a further period is required for disputes, requests from the competent authorities or pursuant to the applicable legislation;
(ii) data for Marketing Purposes is retained for a period of 24 months from the date on which consent is given or renewed when purchasing a new Cloudfire Srl brand product or service, or from the date of the last contact with you in the sense of, among other things, participation in a Company event, the use of a product or service provided by the Company or the opening of a newsletter (jointly referred to as the “Last Contact”);
Changing your mind and withdrawing your consent
If you change your mind, you can at any time modify your consent to data processing for marketing purposes in the ways indicated below or, if you no longer wish to receive our business communications, you can use the cancellation link available at the bottom of those communications. Not granting or withdrawing your consent will in no way impair your use of our services.
Rights of interested parties
As regards the processing of data described in this policy, you can at any time exercise the rights set out in the GDPR (articles 15-21), including those:
- to receive confirmation of the existence of your personal data and to access its content (right of access);
- to update, modify and/or correct your personal data (right to rectification);
- to request the erasure or restriction of the processing of your personal data that has been processed in violation of the law, including where its retention is unnecessary for the purposes for which it was collected or otherwise processed (right to erasure and right to restrict processing), without prejudice to a prevailing public interest or a legal obligation on the Company to retain it;
- to object to processing, including profiling (right to object), without prejudice to the existence of a prevalent legitimate reason of the Company to continue processing;
- to withdraw consent, where given, to marketing activities;
- without prejudice to any other administrative or judicial action, any interested party who deems the processing relating to him or her to be in violation of this regulation has the right to file a complaint to a supervisory authority, in particular in the Member State in which he/she habitually lives or works or in the place where the alleged violation took place. In Italy this supervisory authority is the Guarantor for the protection of personal data (www.garanteprivacy.it);
- to receive an electronic copy of personal data concerning you, for yourself or to transfer it to a different service provider, provided that the Company processes this data based on your consent or on the fact that it is needed to supply the services requested by you, and provided that the data is processed by automated means (right to data portability).
Pursuant to article 2-terdecies of the Privacy Code, in the event of death the aforementioned rights in relation to your personal data may be exercised by those who have a personal interest, or who act on your behalf as a proxy, or for family reasons worthy of protection. You may expressly prohibit the exercising of some of the aforementioned rights by the assignees by sending a written statement to the Company at the email address indicated below. This statement can be subsequently withdrawn or modified in the same way.
To exercise your personal data protection rights free of charge at any time you may contact the Data Protection Officer by email at email@example.com, or by post to:
Sede operativa: Via F.lli Cervi, 87/b • 42124 Reggio Emilia IT
Sede legale: Via F.lli Cervi, 87/b • 42124 Reggio Emilia IT
Tel. +39 0522 17534 • Fax +39 0522 1753490
firstname.lastname@example.org • P.I.: IT02764700353 • C.F. 02764700353
Reg. Imprese di Reggio Emilia del 15/06/2017 • REA RE-311443 • Cap. Soc 50.000€
Attn.: Data Protection Officer
When contacting the Company make sure to include your name, email/postal address and/or telephone number(s) to be certain that your request can be handled correctly.
Changes and updates
This policy may be subject to modification also as a consequence of any regulatory changes and/or additions. Any changes will be announced in advance and the continually updated text of the policy will be available at https://cloudfire.it/en/.
Information updated in September 2020