D-Audit Consulting

D-Audit Consulting logo

Last update: 19/11/2025

1. Data controller

D-Audit Consulting Srl
Registered office: Piazza Duomo 20 – 20122 Milan, Italy
VAT: 14265230962
E-mail: info@d-auditconsulting.it
PEC: d-audit-consulting.srl@legalmail.it
Telephone: +39 02 7222201

Privacy officer/DPO:
Daniele Di Teodoro
Email: d.diteodoro@dtarevitax.it

2. Types of data processed

  • Navigation data: technical information generated by accessing the website (e.g. temporary IP address, date/time, requested URLs, user agent). This data is processed as necessary for the use of the website and for security purposes.
  • Data provided voluntarily: name, surname, e-mail address, telephone number and content of messages sent via forms or e-mail; any data contained in CVs.
  • Cookies and similar tools: please refer to Cookie Policy separate, describing the purpose, duration and management of consent.

3. Purposes and legal bases (Article 6 of the GDPR)

  • Responding to enquiries/contacts (form, e-mail): execution of pre-contractual or contractual measures (Article 6.1.b).
  • Appointment/consultation management: contractual performance (Article 6.1.b).
  • Legal/tax compliance related to the activity: legal obligation (Article 6.1.c).
  • Site security and abuse prevention (technical logs, anti-fraud): legitimate interest of the Data Controller (Article 6.1.f).
  • Sending of informational/marketing communications (only if activated): consent of the data subject (art. 6.1.a) or soft spam within the limits of the law.
  • Staff selection (if you receive CVs): pre-contractual measures (Article 6.1.b) + legal obligations (Article 6.1.c).
  • We do not carry out automated decisions nor profiling on the website. Should they be introduced in the future, we will update this policy.

4. Recipients and categories of subjects who process the data

Personal data may only be disclosed to authorised parties and data processors appointed pursuant to Article 28 of the GDPR, for purposes strictly related to the provision of the services offered by the website.

List of main suppliers / External data processors

Hosting / Server
Hostinger International Ltd. – 61 Lordou Vironos Street, 6023 Larnaca, Cyprus
Provides hosting and server management services for the website.
The data is processed within the European Union.
https://www.hostinger.com/privacy-policy

Domain and professional email
Aruba S.p.A. – Via San Clemente 53, 24036 Ponte San Pietro (BG), Italy
Manages the domain d-auditconsulting.it, email and certified email.
https://www.aruba.it/informativa_arubaspa.pdf

Online appointment management
Calendly LLC – 271 17th Street NW, 10th Floor, Atlanta GA 30363, United States
Used for scheduling appointments and online consultations.
Calendly acts as Data Processor pursuant to Article 28 of the GDPR and adopts Standard Contractual Clauses (SCC) for data transfers outside the EU.
https://calendly.com/privacy

Web Analytics
Google Ireland Ltd. – Gordon House, Barrow Street, Dublin 4, Irlanda
Service used: Google Analytics (with IP anonymisation enabled).
Browsing data is collected in aggregate and anonymous form for statistical purposes and to optimise the website.
Any transfers to Google LLC (USA) are carried out in accordance with the SCCs approved by the European Commission.
https://policies.google.com/privacy

5. Transfers outside the EU

Treatment mainly takes place in the European Economic Area.
Where certain suppliers store or access data outside the EEA, the transfer will take place in accordance with Chapter V of the GDPR (e.g. Standard Contractual Clauses e garanzie supplementari). 

6. Retention periods

  • Contacts: 12 months from the closure of the request, unless further storage is necessary for legal defence purposes.
  • Contract/billing details: 10 years (civil/tax obligations).
  • Technical security logs: up to 12 months, unless events require an extension.
  • Newsletter/marketing: until consent is revoked or prolonged inactivity; consent logs are retained for accountability purposes.
  • CV: 12 months, unless included in selection processes.

7. Rights of the data subject (Articles 15–22 GDPR)

You may exercise the following rights at any time: access, rectification, erasure, restriction, portability, objection, withdrawal of consent (without prejudice to the lawfulness of previous processing).
To exercise your rights: info@d-auditconsulting.it.
You also have the right to propose complaint to the Data Protection Authority (www.garanteprivacy.it).

8. Consent of minors

In Italy, consent to data processing in the context of information society services is valid from 14 years old; for younger children, the consent of the person exercising parental responsibility is required. 

9. Data security

We adopt appropriate technical and organisational measures (encryption in transit, segregation of environments, profiled access, backups, security logging) to protect data from loss, misuse or unauthorised access (Art. 32 GDPR).

10. Cookies and tracking tools

Upon access, we display a compliant banner to Cookie guidelines from the Data Protection Authority (10/06/2021): consent granular and previous for non-technical cookies, possibility of refusal with equal evidence, link to Settings and Cookie Policy dedicated; preventive blocking of unnecessary cookies until consent is given.
The legal basis for non-technical cookies is the consent (GDPR + ePrivacy Directive). 

11. Nature of the transfer

The provision of data for contacts/consultations is necessary to process the request; provision for purposes of marketing is optional and subject to consent.

12. Links to third-party websites

The pages may contain links to third-party websites: this policy does not apply to processing carried out by such parties. Please consult their respective privacy policies.

13. Amendments to this policy

Any updates will be published on this page with the date of revision. In the event of substantial changes, a dedicated communication may be provided (banner/e-mail, if relevant).

 

Detailed information for transparency (Articles 12–14 GDPR)

  • Identity and contact details of the Data Controller: see. §1.
  • Purpose and legal basis: see. §3.
  • Legitimate interests pursued: site security, abuse prevention, legal protection.
  • Recipients/categories of recipients: see. §4.
  • Any transfers outside the EU and guarantees: see. §5.
  • Retention period: see. §6.
  • Rights and methods of exercise: see. §7.
  • Data source: directly from the data subject; for browsing data only, from the device used.

This structure complies with the information requirements of Articles 12–14 of the GDPR and the transparency recommended by WP29/EDPB. 

 

Regulatory notes

  • GDPR – Regulation (EU) 2016/679, text and reference articles (Articles 12–14, 6, 21, 77, 32). 
  • Privacy Code (Legislative Decree 196/2003) as amended by Legislative Decree 101/2018
  • Consent of minors in Italy (Art. 2-quinquies of the Privacy Code): 14 years old. 
  • Cookie guidelines from the Italian Data Protection Authority (10/06/2021): banner, preventive blocking, refusal with equal evidence, consent logs.
  • ePrivacy Directive 2002/58/EC (Cookie Law) and application practices.
EN
EN IT
Scroll to Top