The site uses cookies to provide you with a better experience. By using this site you agree to our Privacy Policy.

Privacy and Cookie Policy

Privacy Policy and Cookie Policy of

Privacy Policy


1. Introduction

DF Audit S.p.A. ("DF") undertakes to guarantee the protection of personal data of its current and potential customers (collectively, "customers") on a daily basis.

This information notice seeks to provide customers a clear and transparent overview of what information we collect and process in relation to our customers as part of the contractual relationship and the use of our website.

In the following paragraphs we will explain how we use personal data of customers, for what purposes and for how long, also remembering how we guarantee the rights of customers and compliance with the rules on personal data protection.

2. Who is the data controller of the customer's personal data?

DF Audit S.p.A., with registered office in Via Trieste, 49/53, Padua (Italy), in the person of its legal representative, is the data controller of the customer's personal data (the "Controller", "DF" or "we").

3. Data Protection Officer (DPO)

DF, not being obliged by the terms of the regulation to designate a DPO and not deeming it useful to proceed with this designation on a voluntary basis, did not deem it necessary appoint a Data Protection Officer (DPO). For information or notifications regarding the compliance by the Controller with the formalities prescribed by the GDPR and in general with the legislation regarding the protection of personal data and to exercise their rights, as mentioned in this statement, the customer can send an e-mail to the e-mail address or write to DF Audit SpA Via Trieste, 53 - 35121 - Padua (Italy).

4. What is personal data and what data do we process?

"Personal data" means any information that may identify, directly or indirectly, a natural person, in this case the customer who uses (or may use) the services provided by DF.

In particular, we collect and process the personal data of the customer necessary for the conclusion of the contract and the provision of services, such as:

  • personal and identification data (name, surname, date and place of birth, tax code, gender) of the signer of the letter of appointment, the legal representative and the actual controller;
  • the address of residence, the telephone number and the email address of the signer of the letter of appointment, of the legal representative and of the actual controller;
  • in general, any other data and information necessary for the conclusion and execution of the contract.

In addition, when the customer uses our site we process (or could process following updates in the future) the navigation data, customer contact information, IP address, the domain name of the devices used by the customer, the URL used, the information relating to the operating system and the computer environment used by the customer, the browsing history, the geographical coordinates of the mobile device, as well as the data provided by the client voluntarily in this context to use and purchase our services.

We also collect customer data via cookies. Cookies are small text files that the sites visited by users send to their terminals, where they are stored before being re-transmitted to the same sites at the next visit. In general, we use the so-called technical cookies necessary to guarantee the user the best functionality of our website. If the customer wishes to disable/reject the use of such cookies, they can at any time edit their browser settings on their PC.

5. Why do we process customers' personal data?

First of all, we collect and process personal data concerning customers and that are strictly necessary to follow up the requests and services they have subscribed to. In particular:

  • for the stipulation and execution of the contract concerning our services, i.e. for purposes strictly connected and instrumental to the completion of the necessary pre-contractual activities (risk assessment including creditworthiness and solvency), to the management of the contractual relationship (administrative and accounting, customer assistance, claims management, credit recovery), the provision of services, from time to time, required;
  • for the protection of our corporate assets and the defence of our rights on the basis of our legitimate interest;
  • for compliance with legal obligations and requests of the Authorities, as well as for compliance with the provisions of the legislation for the prevention of fraud, money laundering and terrorist financing, where applicable.

Moreover, with focus on continuous improvement of customer satisfaction and in order to offer services of possible interest, we process customer data for commercial and marketing promotion activities for the direct offer of our products and services similar to those already purchased from customers. To do so we will act on the basis of our legitimate interest, giving at any time to the customer the right to object to receiving such communications by writing to us at or by contacting us at the addresses indicated in paragraph 3 above.

If we have previously acquired the customers’ express and specific consent, which can be revoked at any time by writing to the email address or contacting us at the addresses indicated in paragraph 3 above, we will process the customers’ personal data:

  • for the purpose of direct commercial activities by sending customer communications - using traditional and automated systems - concerning the entire range of products and services offered by us and third-party partners;
  • for profiling purposes, to allow the processing and completion of studies and statistical and market research, to allow the creation/definition of a customer profile, to analyse their preferences and needs so as to offer more products and services line with customer needs.

In any case, we are committed to ensuring that the information collected and used is appropriate to the purposes described, and that this does not result in an invasion of the customer's personal sphere.

6. Who do we disclose customer data to?

We disclose the customer's data only to the parties that we appoint to perform activities necessary for achieving the purposes indicated and described in paragraph 5 above.

The parties mentioned above are specifically appointed by us as data processors (a list can be requested at the addresses indicated in the previous paragraph 3).

We may also disclose the customer's data to the parties that are entitled to disclosure by virtue of legal obligations. These parties perform their respective processing activities as independent controllers.

7. Where do we transfer customer data?

As a rule, we do not transfer customer data outside the European Union (even if we use international cloud service and are currently independent members of an international network with an intranet site for sharing documents/resources). In certain circumstances and for purposes related to the verification of creditworthiness and financial soundness, some customer data may be transferred to third countries.

In this case we make sure that the recipient, acting as data controller, complies with the provisions of the GDPR, including the rules specifically for the transfer of personal data to third countries. In particular, we guarantee that said transfers take place on the basis of an adequacy decision or the signing by the manager of contractual clauses of data protection type approved by the European Commission.

The actual transfer of personal data to third countries and the related additional information can be requested by contacting us at the addresses indicated in paragraph 3 above.

8. How long do we retain customer data?

We retain customer data only for the time necessary to perform processing for the purposes mentioned above.

In particular, below are the main periods of use and storage of the customers’ personal data with reference to the different processing purposes:

a) we will process the customers’ data for the entire duration of the contract and until there are obligations or obligations related to their execution. After termination of the contractual relationship, we will keep the data for 11 years to fulfil legal obligations or to defend our rights;

b) with reference to the processing for marketing purposes, carried out on the basis of a legitimate interest, or the customer's consent, the customer data will be processed for the duration of the contract and until there are obligations or conditions related to its execution, unless the customer opposes processing or revokes their consent.

c) customer data will be processed for profiling purposes until revocation of consent and/or the request to terminate processing has been received. In any case, the profiling activities will take into account only the data relative to the last 36 months;

d) for the fulfilment of legal obligations, the customer's data will be processed and stored as long as the need for processing persists to fulfil these legal obligations.

9. What are the customers’ rights?

Right of access - the customer has the right to obtain confirmation about the existence or not of processing that concerns their data as well as the right to receive any information on processing itself.

Right to rectification - the customer has the right to have their data corrected if they are incomplete or inaccurate.

Right to deletion (so-called "Right to be forgotten") - in certain circumstances, the customer has the right to obtain the deletion of their data in our archives if they are not relevant for the purposes of the continuation of the contractual relationship or necessary due to the law.

Right to limitation of processing - when certain conditions occur, the customer has the right to obtain the limitation of processing, if it is not relevant for the purpose of the continuation of the contractual relationship or necessary by law.

Right to portability - the customer has the right to obtain the transfer of their data in favour of a different controller.

Right of opposition - the customer has the right to object, at any time for reasons connected with their particular situation, to the processing of data concerning them based on the lawfulness of legitimate interest or the execution of a task of public interest or exercise of public powers, including profiling.

Right of revocation of consent - the customer has the right to withdraw consent to the processing of their data at any time, while all processing prior to revocation of consent remains lawful.

Right to lodge a complaint with the Supervisory Authority - at any time, the customer has the right to promote requests for the exercise of their rights. In any case, if you wish to lodge a complaint about how your data is processed, or about the management of your claim, you have the right to file an application directly to the Supervisory Authority.

The above rights may be exercised against the Data Controller by writing to the email address or by contacting us at the addresses indicated in paragraph 3 above.

The customer may exercise their right gratuitously as interested party under Article 12 of the GDPR.

Cookie Policy

In order to provide the user with a more personalized and responsive service, DF Audit needs to remember and store information on website manner of use. This operation is performed using small text files called cookies. Cookies consist of portions of code installed in the browser that assist the Controller in providing the Service according to the purposes described. Some of the purposes of installation of cookies may also require the User's consent. When cookie installation is consent based, this consent can be freely revoked at any time by following the instructions contained in this document.

Technical and aggregate statistic cookies

Activities strictly necessary for operation

This application uses cookies to save User session and to perform other activities strictly necessary for the operation of this application, for example in relation to the distribution of traffic.

Activities for saving preference, optimization and statistics

This application uses cookies to save browsing preferences and optimize the user's browsing experience. These cookies include, for example, those for setting the language and currency or for the management of statistics by the site owner.

How can I grant consent for the installation of cookies?

In addition to what is indicated in this document, the User can manage preferences related to cookies directly within his browser and prevent - for example - that third parties can install. Cookies installed in the past, including cookies that save consent for the installation of cookies by this site, can be deleted via the browser preferences.  The User can find information on how to manage cookies with some of the most popular browsers, for example at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet Explorer.

With reference to Cookies installed by third parties, the User can also manage their own settings and revoke consent by visiting the relative opt out link (if available), using the tools described in the third party's privacy policy or by contacting it directly.

Notwithstanding the foregoing, the User may use the information provided by EDAA (EU), Network Advertising lnitiative (USA) and Digital Advertising Alliance (USA), DAAC (Canada), DDAI (Japan) or other similar services. These services allow you to manage tracking preferences of most advertising tools. The Controller, therefore, advises Users to use these resources in addition to the information provided by this document.

Data Controller

DF Audit S.p.A. Via Trieste, 49/59 - 35121 Padua (PD) - Italy

Email address of the Controller:

Since the installation of Cookies and other tracking systems operated by third parties through the services used within this Application can not be technically controlled by the Controller, any specific reference to Cookies and tracking systems installed by third parties is to be considered indicative. To obtain complete information, we invite the User to consult the privacy policy of any third party services listed in this document.

Given the objective complexity of identification of the technologies based on Cookies, we invite the User to contact the Data Controller if he wishes to receive any further information regarding the use of the Cookies through this Application.

Social Buttons

DF Audit uses "social buttons" to allow users to share or report web pages. These are buttons for third-party social media sites and these sites may record information on the activities carried out on the Internet by users, included on this site. You should review the respective terms of use and privacy policies of those sites to understand exactly how user information is used and how you can revoke your consent or delete it.

External web services

In some cases DF Audit uses external web services on this Application to display content within pages, for example to view images, or to display videos. As with social buttons, DF Audit can not prevent these sites or external domains from gathering information about the use of embedded content by the user.

Definitions and legal references

Personal Data (or Data) Cookie policy

Personal data is constituted by any information that, directly or indirectly, also in connection with any other information, including a personal identification number, identifies a physical person or allows identification.   

User Data

This is information collected automatically through this Application (also from third party applications integrated into this Application), including: IP addresses or domain names of the computers used by the User that connects with this Application, addresses in URI notation (Uniform Resource ldentifier), the time of the request, the method used in forwarding the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (good order, error, etc.) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of the pages consulted, to the parameters related to the operating system and the IT environment of the User.


The individual who uses this application, unless otherwise specified, coincides with the interested party.

Interested party

The natural person to whom the Personal Data refers.

Data Processor (or Manager)

The natural person, legal person, public administration and any other body that processes personal data on behalf of the Controller, as set out in this privacy policy.

Data Controller (or Controller)

The natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures related to the operation and use of this application. The Data Controller, unless otherwise specified, is the controller of this application.

This Application

The hardware or software tool through which the Personal Data of Users are collected and processed.


The Service provided by this Application as defined in the relevant terms (if any) on this site/application.

European Union (or EU)

Unless otherwise specified, any reference to the European Union contained in this document shall be extended to all current member states of the European Union and the European Economic Area.

Legal references

This privacy statement is drawn up on the basis of multiple legislative systems, including articles 13 and 14 of the Regulation (EU) 2016/679.

Unless otherwise specified, this privacy statement only concerns this application