ELYUS monogram
ELYUS
HERITAGE COLLECTION
Privacy

Privacy Policy

This privacy notice is provided pursuant to EU Regulation 2016/679 (“GDPR”) and applicable national data protection laws. It describes how personal data of users who browse the website elyusresidences.com and use its services (such as the contact form and links to the external booking engine) are processed.

1. Data Controller

The Data Controller is Auxilium Real Estate S.r.l., owner of the brand ELYUS – Heritage Collection, with registered office at Corso Europa 601, 10088 Volpiano (TO), Italy.
Email contact for privacy matters: short-rent@auxilium-realestate.com.

2. Categories of data processed

2.1 Browsing data

The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols (e.g. IP addresses, time of the request, response status code, pages visited). These data are used in aggregate and anonymous form for statistical purposes and to ensure the security of the website.

2.2 Data voluntarily provided by the user

The optional, explicit and voluntary sending of communications via the contact form or via the email addresses indicated on the website entails the subsequent acquisition of the personal data provided (name, email address, content of the message and any other information included by the user).

2.3 Data processed through external booking engines

Bookings for the residences are managed through an external booking engine (e.g. Octorate) linked from this website. When accessing the booking system, the user is redirected to an external domain, which acts as an independent data controller or processor. For those processing activities, users are invited to read the relevant privacy notice made available on the booking provider’s website.

3. Purposes and legal bases of processing

  • Handling requests sent via the contact form or by email
    Legal basis: performance of pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR) and the Controller’s legitimate interest in managing communications with users (Art. 6(1)(f) GDPR).
  • Managing bookings and the operations connected to accommodation services
    Legal basis: performance of a contract and compliance with legal obligations (e.g. tax and accounting) pursuant to Art. 6(1)(b) and (c) GDPR.
  • Ensuring IT security and preventing abuse or fraudulent activities
    Legal basis: the Controller’s legitimate interest in ensuring the security of networks and information (Art. 6(1)(f) GDPR).
  • Compliance with legal obligations or orders issued by Authorities
    Legal basis: compliance with a legal obligation to which the Controller is subject (Art. 6(1)(c) GDPR).

The Controller does not carry out, via this website, any automated decision-making process nor profiling within the meaning of Art. 22 GDPR.

4. Nature of data provision

The provision of data marked as mandatory in the forms (for example, name and email address for contact requests) is necessary to receive a reply. Failure to provide such data may make it impossible to process the request. The provision of additional data is optional.

5. Methods of processing

Personal data are processed by electronic and, where applicable, paper-based means, in compliance with the principles of lawfulness, fairness, transparency, data minimisation and storage limitation set out in the GDPR. Appropriate technical and organisational measures are adopted to protect data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

6. Data retention

  • Contact requests: data are retained for the time strictly necessary to handle the request and, in any case, no longer than 24 months, unless further retention is required to protect the Controller’s rights.
  • Bookings and accommodation contracts: data are retained for the duration of the contractual relationship and thereafter for the time required by applicable tax and accounting laws (generally up to 10 years).
  • Technical and security logs: retained for the time strictly necessary to ensure the security and proper functioning of the IT infrastructure.

7. Recipients of personal data

Data may be processed by the Controller’s staff expressly authorised to do so and by external parties acting as processors pursuant to Art. 28 GDPR, such as, for example:

  • providers of hosting and IT infrastructure services;
  • providers of technical maintenance services for the website;
  • providers of booking engine platforms and reservation management systems;
  • accounting, tax or legal consultants, within the limits necessary to perform their tasks.

Personal data may also be disclosed to judicial or administrative Authorities, in compliance with legal obligations or upon their request. Data are not disseminated to the public.

8. Transfers of data outside the European Economic Area

As a rule, processing takes place within the European Economic Area (EEA). Should it become necessary, for technical or operational reasons, to make use of entities located outside the EEA, any transfer of data to such countries will take place in compliance with Arts. 44 et seq. GDPR, on the basis of an adequacy decision by the European Commission, standard contractual clauses or other appropriate safeguards. Upon request, the data subject may obtain further information on the safeguards adopted for extra-EEA transfers.

9. Rights of the data subjects

As a data subject, the user may exercise at any time the rights provided for in Arts. 15–22 GDPR, including:

  • right of access to personal data;
  • right to rectification of inaccurate or incomplete data;
  • right to erasure (“right to be forgotten”), in the cases provided for by the GDPR;
  • right to restriction of processing;
  • right to data portability, where applicable;
  • right to object to processing based on legitimate interest.

Requests may be sent to the Controller at: short-rent@auxilium-realestate.com.
Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority or with the Supervisory Authority of the EU Member State of their habitual residence, place of work or place of the alleged infringement.

10. Cookies and tracking tools

This website uses technical cookies that are strictly necessary for its operation and, only with the user’s consent, any profiling cookies and/or third-party cookies (for example, related to integrated services or the external booking engine). For more information on the types of cookies used, their purposes and how to manage your preferences, please refer to the Cookie Policy, where available.

11. Data Protection Officer

At present, no Data Protection Officer (DPO) has been appointed. Should the Controller appoint a DPO in the future, the relevant contact details will be made available and this notice will be updated accordingly.

12. Changes to this privacy notice

The Controller reserves the right to amend or update this privacy notice at any time. Any changes will be published on this page. Users are therefore invited to check this section regularly. The latest update to this notice dates from January 2025.

In short
We mainly use personal data to respond to user enquiries, manage bookings and comply with legal obligations. We do not carry out profiling via this website and we adopt appropriate technical and organisational measures to protect the personal data we process.