Information Photos/Images

Dear interested party

We inform you that data protection is governed by EU Regulation 2016/679 “General Regulation on the protection of personal data”.

The owner provides the following information:

Data controller

The Data Controller is the undersigned company CloudFire Srl (VAT number/tax code) IT02764700353), with registered office in Reggio Emilia (RE) at Via Giambattista Vico 93, ordinary e-mail address, certified e-mail address

Data Protection Officer (DPO)

Cloudfire Srl has appointed a data protection officer (RPD/DPO). The Nominated DPO is theAttorney Andrea Ruffilli, with studio in Maranello (MO), Via Garibaldi n. 2, which can be contacted at the following e-mail address

Categories of data processed

The Data subject to this treatment are the following:

  • Pictures/photos/videos.

Purposes of the processing and legal basis

During the events organized by the Data Controller, images and videos may be created in which it can be filmed. These images are primarily used for promotional purposes.

In case of publication of images and/or videos on the institutional website and/or on the main social channels and/or printed media, the above-mentioned images and videos will remain on the site for the time necessary for their intended purpose.

The collected images and footage will be stored in paper and/or digital format for the time necessary for the intended processing.

For such processing, the express consent of the interested party will be required.

Pursuant to art. 6 paragraph 1 letter a), the provision of your data is optional and subject to your consent. If consent is not provided, the Data Controller reserves the right, however, to publish the photos obscuring the image of the interested party who has denied consent. The consent is valid in all EU member countries.

Data processing methods

The personal data you provide will be processed in compliance with the above-mentioned legislation and confidentiality obligations. These data will be processed both with IT tools and on paper and in any other type of medium, in compliance with the security measures provided for by the regulations on the protection of personal data.

Communication and dissemination of data

The data collected in relation to the indicated purpose may be communicated, by each data controller, to those appointed/authorized by the Data Controller, to the data processors designated pursuant to art. 28 of Reg. EU 2016/679, to IT consultants/system administrators, to any autonomous owners, any joint controllers.

The updated list of managers and persons in charge of processing is kept at the headquarters of each Data Controller.

Within the limits relevant to the processing purposes indicated, copies of images and video footage may be sent, upon explicit request, to public control bodies (e.g. the judicial authority).

Automated decision-making processes

The data collected in relation to the above-mentioned purpose are not subject to automated decision-making processes (including profiling).

Transfer of data abroad

The data collected in relation to the above-mentioned purposes are not transferred to countries outside the EU. The owner, however, reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as required by art. 46 of EU Regulation 2016/679.

Storage period

The data collected will be kept for a period of time not exceeding the achievement of the purposes for which they are processed (pursuant to art. 5 Reg. EU 2016/679), and in any case no later than the revocation of consent by the interested party.

Revocation of consent

Your express consent pursuant to art. 6 paragraph 1 letter a) and art. 7 of Reg. EU 2016/679, may be revoked at any time, without this affecting the lawfulness of the treatment based on the consent given before the revocation.

Rights of the interested party

In accordance with Reg. EU 2016/679 the interested party vis-à-vis the data controller has the right to:

  • access personal data to know (“reactive transparency”) the purposes of the processing, the categories of personal data collected, the recipients of the data communication, in particular if recipients of third countries or international organizations, the period of conservation of the planned data (art. 15);
  • obtain the correction (art. 16);
  • right to obtain the cancellation of personal data, if these are no longer necessary for the purposes for which they were collected and if there are no additional legal storage requirements (art. 17 GDPR);
  • request the limitation of processing (art. 18);
  • request data portability (art. 20);
  • right to object to processing for reasons related to your particular situation (art. 21 GDPR). In this case, we will refrain from further processing your data unless you demonstrate the existence of compelling legitimate reasons to proceed with the processing (e.g. for the defense of your rights in court);
  • not to be subject to automated decision-making, including profiling (art. 22);
  • to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation (art. 7).

Finally, the interested party will have the right to lodge a complaint with the Guarantor Authority pursuant to art. 13 paragraph 2 letter d) of the above-mentioned regulation as well as pursuant to art. 77 of the regulation.


How to exercise your rights

The interested party may at any time exercise their rights in accordance with the provisions of art. 12 of EU Regulation 2016/679, by sending a:

  • registered letter with return receipt to: CloudFire Srl (VAT number/tax code) IT02764700353), with registered office in Reggio Emilia (RE) at Via Giambattista Vico 93;
  • PEC:;
  • email:

Or by writing to the Data Protection Officer Avv. Andrea Ruffilli, with studio in Maranello (MO), Via Garibaldi n. 2