DAS Srl, – Data Controller of personal data of Customers / suppliers / partners – informs, pursuant to and for the purposes of the legislation on the protection of personal data, on the following:


  1. Nature of the processed data

The personal data of the customers / suppliers / partners of DAS Srl, or the data concerning the Directors, Legal representatives and contact persons of the Customers / suppliers / partners companies and of anyone acting in the name and on behalf of the same supplied to DAS Srl, or otherwise acquired by the same, may be processed in compliance with the obligations of correctness, lawfulness, transparency and protection of confidentiality and integrity according to the principles and provisions of the aforementioned legislation on the protection of personal data (Privacy Code and Regulation European 679 of 27 April 2016 – so-called GDPR). In particular, the data strictly pertinent to the obligations, tasks and purposes indicated below, which cannot be fulfilled or implemented through the processing of anonymous data or data of a different nature, will be processed.

The processing of personal data could also concern data categories c.d. judicial proceedings which will be treated in accordance with the provisions of the current legislation on Privacy.

  1. Purpose of the processing of personal data

The personal data of customers / suppliers / partners or contact persons and / or legal representatives of companies Clients / suppliers / partners are collected, recorded, stored, communicated and archived for activities strictly related to the management of the relative contractual relationship in order to treat and to fulfill all the obligations established by law, regulations, European legislation, provisions of the Supervisory Authorities of the sector as well as to fulfill the obligations deriving from the execution of contracts and the management of internal administrative, accounting, tax and organizational activities .

In particular, the main purposes of the treatments are listed below:

  1. a) care of all obligations for the purpose of entering into contracts with customers / suppliers / partners;
  2. b) management of communication to and from customers / suppliers / partners for the correct execution of the relative contractual relationship;
  3. c) regular keeping of accounting records and VAT register pursuant to the law (eg payment of invoices);
  4. d) fulfillment of any type of obligation envisaged by the law, regulations and European legislation, especially in accounting, tax, contractual and health and safety at work and health protection, as well as any publication obligations pursuant to Legislative Decree n . 33/2013 (c.d. Consolidated Transparency Text), as updated by Legislative Decree 97/2016, and by Law no. 190/2012 (c.d. Anti-corruption Law);


The legal basis of the processing for the purposes referred to in points a) and b) is the execution of the existing contract or of pre-contractual measures of which the interested party is a party, pursuant to Article 6, c. 1 letter b). For the purposes referred to in points c) and d) the legal basis is given by the need to meet legal obligations to which the Data Controller is obliged, pursuant to Article 6, c. 1 letter c)



  1. Nature of data provision

The provision of data by the Customers / suppliers / partners, for the purposes indicated above, is strictly instrumental to the execution of the contractual relationships, and to the management of the relative contractual relationship; therefore any refusal or incorrect communication of one of the requested information will have the following consequences:

– the impossibility of setting up, executing and managing the contractual relationship; in particular the impossibility of fulfilling the obligations provided by the law for the purposes of keeping the company accounts, the obligations to pay the fees for supplies of goods, services and / or works (eg payment of invoices) and, more generally, to the regular administrative, accounting and fiscal management of the company;

– the impossibility of fulfilling specific obligations and / or duties required by law, regulations, European legislation, tax and accounting regulations, occupational hygiene and safety, public order and safety. In particular, the impossibility of complying with the legal provisions with reference to the obligations deriving from the contractual relationship and, finally, the impossibility of fulfilling the obligations provided for by the legislation on “anti-corruption and transparency”;

– the impossibility of asserting and / or defending a right in a court of law, as well as the impossibility to observe company procedures for the purchase of goods, services and / or works or to comply with the regulations in force concerning public tenders and public contracts relating to works, services and supplies.

  1. Procedures for the processing of personal data

The personal data subject to processing will be processed only by the personnel authorized to process data that operates in conformity and within the limits established by law and under the direct responsibility of the Company’s Legal Officer.

Personal data may be processed either on paper – therefore kept in special protected archives and accessible only to authorized personnel – or with automated tools – therefore protected computer equipment accessible only to authorized personnel – in full compliance with the security measures provided for by law in force regarding the protection of personal data.

Specific security measures are observed in order to prevent the loss of the data, illicit or incorrect use and unauthorized access. In particular, the protection and confidentiality of personal data is guaranteed by the adoption, by the company, of the “adequate security measures” prescribed by current legislation and indicated in the company regulations / procedures regarding Privacy.


  1. Subjects to whom personal data may be communicated

The personal data eventually processed relating to the aforementioned purposes will not be disseminated, however they may be communicated to Public Subjects and / or Economic Public Bodies and / or Bodies or Private Subjects whose activity is connected, instrumental or supportive to that of our Company or those relating to the offer (s) of the services referenced to you and for the fulfillment of the purposes for which the data were collected, as well as the obligations provided for by law by regulations, by European legislation, by provisions of the sector Supervisory Authorities as well as for the performance of institutional functions and / or for purposes of significant public interest.

The list of these companies or bodies, promptly updated, is located at our office and is at your disposal.

The third parties to whom the data are communicated may be appointed as Data Processors.

The complete list of Managers and third-party companies to whom your data are communicated is available at our Office.

You can request a copy by writing to:


  1. Data transfer outside the EU

Your data will not be transferred outside the EU territory.

In the event of any transfer of Data to Third Countries (outside the EU), including countries that may not guarantee the same level of protection required by the applicable Privacy Policy, the Data Controller informs that the processing will take place according to one of the methods allowed by the Regulation, such as, for example, your consent, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data, (eg EU-USA Privacy Shield) or operating in countries considered safe by the Commission European.


  1. Storage times

All personal data, acquired in accordance with the aforementioned purposes, will be kept for the time strictly necessary for the fulfillment of legal obligations or deriving from the interruption of the contractual relationship between the parties, except in the case in which the conservation for a longer duration is prescribed by a legal or necessary obligation to ascertain, exercise or defend a right of the Company in judicial proceedings.

  1. Rights of interested parties

The subjects to whom the data refer at any time will be able to exercise, with respect to the Owner, their rights under the Articles. 15-22 of EU Regulation 679/2016.

In particular the subjects to which the data refer have the right at any time to obtain confirmation of the existence of the same data and to know its content and origin, verify its accuracy or request its integration or updating, rectification, cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes for which the data were collected or subsequently processed;

The interested party may also request proof that the aforementioned operations have been brought to the attention, including with regard to their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is revealed impossible or involves the use of means manifestly disproportionate to the protected right.

Finally, the interested party – customer and / or supplier – has the right to object, in whole or in part, for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the collection.


  1. Complaints

The person concerned is given the right to lodge a complaint with a supervisory authority, particularly in the Member State in which he habitually resides, works or in the place where the alleged violation occurred, which in Italy corresponds to the Authority for the Protection of personal data, whose references can be found on


  1. Identification details of the Data Controller and Data Processors.

The Data Controller is: DAS srl Viale Tivoli 102 – 00018 Palombara Sabina (Rome)

The Data Controller may be contacted for the exercise of rights at the following email address: