Privacy & Cookie Policy

Privacy Policy

This policy describes how we process the personal data of users who consult and/or use the website www.elitishouse.it (hereinafter, the "Site"), as well as anyone who contacts Elitis House for information requests, reservations, stays, meals, spa access, voucher purchases, and additional services. This policy is provided pursuant to Regulation (EU) 2016/679 ("GDPR"), Legislative Decree 196/2003 and subsequent amendments ("Privacy Code"), and the provisions of the Italian Data Protection Authority.

1. Data Controller

The Data Controller is:

Ercolano Beni Stabili S.r.l.

Registered and operational office: Via Dante Alighieri 22, 20834 Nova Milanese (MB), Italy
VAT No.: 00690460969
Tax Code: 00762180156
Phone: +39 0362 1637582
Certified email (PEC): ercolanobenistabili@pec.it
Contact email: info@elitishouse.it

For any request regarding the processing of personal data, the User may contact the Data Controller using the details above.

2. Types of Data Collected

The Data Controller processes the following categories of personal data, provided directly by the User or collected automatically while browsing the website www.elitishouse.it.

2.1 Data voluntarily provided by the User

Personal and contact data: name, surname, address, city, postal code, nationality, phone number, email address.
Booking-related data: arrival and departure dates, number of guests, room type, special requests, dietary preferences, allergy or intolerance information.
Payment and billing data: credit card details (processed via secure third-party payment gateways), billing address, VAT number or tax code for invoicing, SDI code / certified email (PEC).
Legally required registration data: copy of identity document for public security reporting (Alloggiati Web, Art. 109 TULPS) and statistical obligations (ISTAT).
Communication data: content of emails, contact forms, chat messages, or social media communications.
SPA and treatment-related data: information necessary for wellness services, including health-related data voluntarily provided by the User, processed with enhanced safeguards and only when strictly necessary.

2.2 Automatically collected data

Browsing data: IP address, browser type, operating system, referring domain, pages visited, time spent, request time, and technical parameters of the device used.
Cookies and similar technologies: as described in the Cookie Policy section of this document.

3. Processing Methods and Place

Management of information requests, quotations, bookings, and cancellations;

Administrative and accounting management, including invoicing and receipts;

Handling of complaints and disputes.

Legal basis: performance of a contract or pre-contractual measures requested by the User (Art. 6(1)(b) GDPR).

4.1 Contractual and service purposes

Management of requests, quotes, bookings, and cancellations;
Provision of accommodation, hospitality, restaurant, SPA, meetings, events, and vouchers;
Administrative and accounting management, invoicing and receipts;
Handling complaints and disputes.

Legal basis: performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR).

4.2 Legal obligations

Mandatory public security reporting (Alloggiati Web) and statistical obligations;
Tax, accounting, and fiscal obligations;
Responses to requests from competent authorities.

Legal basis: legal obligation (Art. 6(1)(c) GDPR).

4.3 Direct marketing for similar services

Sending commercial communications via email regarding services similar to those already purchased (“soft spam” under Art. 130(4) Italian Privacy Code), unless the User objects.

Users may opt out at any time via the unsubscribe link included in each communication.

4.4 Marketing and newsletter (based on consent)

Newsletters, promotional communications, offers, invitations to events, and satisfaction surveys;
Profiling, individually or in aggregate, to personalize offers and communications.

Legal basis: freely given, specific, informed, and revocable consent (Art. 6(1)(a) and Art. 7 GDPR; Art. 130 Privacy Code).

4.5 Security, fraud prevention, and legal protection

Prevention of fraud, abuse, and unlawful activities;
Protection and enforcement of the Data Controller’s rights, including in legal proceedings.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

5. Data Recipients

Personal data may be shared, within the limits of the purposes above, with:

Authorized personnel and employees of the Data Controller;
IT and technology service providers (hosting, website management, email, CRM, booking engine, channel manager), appointed as processors under Art. 28 GDPR;
Banks, payment providers, and POS/payment gateways;
Tax, accounting, legal advisors, auditors, and insurance providers;
Public authorities, police, and judicial authorities when required by law;
Companies within the same corporate group, where applicable.

Personal data will never be disclosed or sold for purposes other than those stated above.

6. Data Retention

Contract, booking, and invoicing data: 10 years after the end of the relationship (legal tax and civil requirements).
Public security reporting data: according to legal requirements.
Browsing and technical logs: generally up to 12 months, unless required for criminal investigations.
Marketing and profiling data: until consent is withdrawn and no later than 24 months after collection or last interaction.
Complaint and litigation data: for the duration of the dispute and statutory limitation periods.

After these periods, data will be deleted or irreversibly anonymized.

7. User Rights

The User may exercise the rights under Articles 15–22 GDPR, including:

Access;
Rectification;
Erasure (“right to be forgotten”);
Restriction of processing;
Data portability;
Objection, especially to direct marketing;
Right not to be subject to automated decision-making;
Withdrawal of consent at any time.

7.1 How to exercise rights

Requests can be sent to:

Email: info@elitishouse.it
PEC: ercolanobenistabilii@pec.it
Postal address: Via Dante Alighieri 22, 20834 Nova Milanese (MB), Italy

The Data Controller will respond within 30 days.

7.2 Complaint to the Supervisory Authority

Users may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali: www.garanteprivacy.it) or take legal action before the competent courts.

8. Nature of Data Provision

Providing data necessary for contractual performance and legal obligations is mandatory. Failure to provide such data may prevent service delivery (e.g., booking completion, invoicing, or guest registration).

Providing data for marketing purposes is optional and does not affect access to services.

9. Data Security

The Data Controller adopts appropriate technical and organizational measures to ensure data security, including encryption, access controls, backups, antivirus and firewall systems, HTTPS/TLS protocols, and staff training.

However, absolute security over internet transmissions cannot be guaranteed, and Users are advised not to send sensitive data via email.

10. Minors

The website and services are not intended for children under 14, who may not provide personal data or consent to processing. For minors under 18, data must be provided by a parent or legal guardian.

Any data of children under 14 collected in violation of this policy will be promptly deleted.

11. Changes to This Policy

The Data Controller reserves the right to modify this policy at any time. Updates will be published on this page, with the revision date indicated at the bottom. Users are encouraged to review this section periodically.

Cookie Policy

This Cookie Policy forms an integral part of the Privacy Policy of the website www.elitishouse.it and has been drafted in accordance with the provision issued by the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) on 10 June 2021 (“Guidelines on cookies and other tracking tools”).

1. What are cookies

Cookies are small text strings that websites visited by the User send to their device (computer, tablet, smartphone), where they are stored and then retransmitted to the same websites upon the User’s next visit. Similar technologies (e.g., web beacons, pixels, local storage, fingerprinting, SDKs) allow the collection of information about the User or the device used.

For simplicity, in this document the term “cookies” is also used to refer to the above-mentioned technologies.

2. Types of cookies used

2.1 Technical cookies (necessary)

These cookies are essential for the proper functioning of the Website or to allow the User to use the services requested. They include navigation or session cookies (authentication, shopping cart management, language recognition), analytics cookies treated as technical cookies (provided that they are used solely to produce aggregated statistics, with anonymized IP and without cross-referencing with other data), and functionality cookies (storing preferences).

The installation of these cookies does not require the User’s consent; however, this information notice must still be provided.

2.2 Profiling and marketing cookies

These cookies are used to track the User’s browsing activity, analyze behavior for marketing purposes, and create profiles regarding preferences, habits, and choices in order to deliver personalized advertising messages or services aligned with the User’s interests.

These cookies are installed only with the User’s prior consent, given via the cookie banner displayed on the first visit or through the preference management panel available at any time.

2.3 Third-party cookies

These cookies are set by parties other than the Website Owner (e.g., booking platforms, social networks, analytics and advertising providers). The processing of such cookies is governed by the privacy policies of the respective third parties.

The main third parties that may install cookies via the Website include, by way of example:

Google Analytics / Google Marketing Platform — traffic analysis and conversion tracking;
Google Ads, Meta (Facebook/Instagram) Pixel, LinkedIn Insight Tag, TikTok Pixel — marketing and remarketing;
YouTube, Vimeo — embedded video content;
Booking engines and channel managers (e.g., SysHotelOnline / Siges Group) — reservation management;
Chat tools, review systems, and social widgets;
Anti-spam and security providers (e.g., reCAPTCHA).

An updated list of third parties and related cookies is available in the Cookie Preferences management panel on the Website.

3. Cookie duration

Cookies are classified, based on their duration, as follows:

Session cookies: automatically deleted when the browser is closed;
Persistent cookies: stored on the User’s device until they expire or are manually deleted. The maximum duration of profiling cookies generally does not exceed 12 months, in line with the guidelines issued by the Data Protection Authority.

4. Management of preferences and withdrawal of consent

The User may give, refuse, or modify consent to cookies at any time via the banner displayed on the first visit or, subsequently, by clicking the “Manage cookies” / “Cookie preferences” link in the Website footer.

Additionally, cookies can be managed directly through the browser settings. Below are links to instructions for the main browsers:

Google Chrome: support.google.com/chrome/answer/95647
Mozilla Firefox: support.mozilla.org/it/kb/Gestione%20dei%20cookie
Apple Safari: support.apple.com/it-it/guide/safari/sfri11471/mac
Microsoft Edge: support.microsoft.com/it-it/microsoft-edge

Disabling technical cookies may prevent the Website from functioning properly.

5. User rights

For the exercise of rights under Articles 15–22 of the GDPR (access, rectification, erasure, restriction, objection, portability, withdrawal of consent, complaint to the Supervisory Authority), please refer to the “User Rights” section of the Privacy Policy above.

6. Data Controller

Ercolano Beni Stabili S.r.l.

Registered and operational office: Via Dante Alighieri 22, 20834 Nova Milanese (MB), Italy
VAT No.: 00690460969 — Tax Code: 00762180156
Phone: +39 0362 1637582
PEC: ercolanobenistabilii@pec.it
Email: info@elitishouse.it

7. Updates

This Cookie Policy may be updated to reflect regulatory changes or the introduction of new tracking tools. The date indicated at the bottom refers to the latest update.

Newsletter & Marketing information

pursuant to art. 13 GDPR

This information is provided to Users who decide to subscribe to the newsletter of the www.elitishouse.it website or who consent to receive commercial, promotional and marketing communications from Ercolano Beni Stabili Srl

This information is provided to Users who fill out the contact forms on the website www.elitishouse.it (information requests, quote requests, SPA reservations, room reservations, meeting reservations, voucher requests, general contact details).

1. Data controller

Ercolano Beni Stabili Srl — via Dante Alighieri 22, 20834 Nova Milanese (MB) — VAT number 00690460969 — Fiscal Code 00762180156 — Tel. +39 0362 1637582 — PEC: ercolanobenistabilii@pec.it — E-mail: info@elitishouse.it.

2. Processed data

Name, surname, email, telephone number, message content, and any additional information voluntarily provided by the User (e.g., dates of stay, number of guests, preferences).

3. Purpose and legal basis

Responding to User requests, managing quotes, bookings, and related communications — legal basis: execution of pre-contractual measures and the contract (Article 6, paragraph 1, letter b GDPR);

Fulfillment of legal obligations related to the management of the relationship — legal basis: Art. 6, paragraph 1, letter c GDPR.

4. Conservation

Data relating to requests that do not result in a contract are retained for a maximum of 24 months from the last interaction. Data relating to completed bookings are subject to the retention periods indicated in the general Privacy Policy (10 years for tax and accounting purposes).

5. User Rights

Please refer to the "User Rights" section of the Privacy Policy.

Last updated: May 2026