Property provider privacy policy

DELASTO PRIVACY POLICY - PROPERTY PROVIDER

Art. 13 Reg. (EU) 679/2016

This Privacy Policy applies to DELASTO's website and mobile app (jointly, the "Delasto Platform") and provides information on how DELASTO receives, uses, and processes your personal data in your capacity as a Property Provider and in relation to your use of the Delasto Platform.

Personal data consists of all data that makes it possible to identify you, directly or indirectly.

We reserve the right to make changes to this Privacy Policy at any time and invite you to consult it periodically so that you do not miss any updates.

Data controller

DELASTO, with registered office in Pomezia at Via Naro 84/A, acts as Data Controller, meaning that it determines the purposes and methods for processing your personal data and carries out the processing operations described in this notice. To ask a general question about the processing of your personal data by DELASTO or about this Privacy Policy, you can contact us by sending an email to <privacy@delasto.com>.

What data we collect

When you use our services, we may process the following types of personal data:

Identification and contact data provided by you, such as first name, last name, email address, telephone contact details, tax code, and company name.

Information about your account (such as login credentials, including email address and password, and account settings).

Booking data (for example the name of the booked property and the period).

Data relating to payment transactions such as payment date and time and payment amount.

Content generated or provided by you and uploaded to the DELASTO Platform (such as comments, photos, and videos).

Browsing data: acquired automatically, such as IP addresses, browser information, visited pages (collected through cookies and similar technologies).

You may also choose not to provide us with the personal information described above. In the event of refusal, since the provision of personal data is necessary in order to provide our services, it will not be possible to use the Delasto Platform.

Why and how we use your personal data

Your data is processed in order to:

Allow you to access and use the Delasto Platform to offer your properties.

Process and respond to your requests and provide support.

Facilitate a contract between you and the user interested in the property.

Detect, prevent, assess, and address fraud and security risks.

Comply with legal obligations and law enforcement requests, or to exercise or defend a right in court.

Legal basis of the processing carried out:

performance of a contract to which the data subject is party or pre-contractual measures. [art. 6.1 b) GDPR];

compliance with legal obligations [art. 6.1 c) GDPR];

pursuit of a legitimate interest [art. 6.1 f) GDPR].

Who can access your data and with whom we share it

Your personal data may be processed and disclosed to the following categories of recipients:

employees or collaborators of the Controller in their capacity as persons authorized to process data in the performance of their duties, properly instructed on compliance with personal data protection principles.

Service providers and consultants who perform services or functions on our behalf. We do not authorize these third parties to use or disclose the information for purposes other than those for which it was provided. Service providers have been carefully selected and appointed by us, are contractually bound to our instructions, have appropriate technical and organizational measures, and will be appointed as external data processors.

Subjects, bodies, or authorities to whom communication is mandatory by law or by orders of the authorities themselves.

Transfer of data outside the EU

Data will be processed within EU territory. In the event of a transfer of data to Third Countries, including countries that may not guarantee the same level of protection required by the applicable Privacy Regulations, processing will in any case take place according to one of the methods permitted by the Regulation, such as the adoption of Standard Clauses approved by the European Commission, the selection of parties adhering to international programs for the free circulation of data, or operating in countries considered safe by the European Commission through an adequacy decision.

How we process and protect data

The processing of your personal information will be based on the principles of fairness, lawfulness, transparency, and protection of your confidentiality and your rights. Your personal data will be processed with automated tools for the time strictly necessary to achieve the purposes for which it was collected and in compliance with the principles of necessity and proportionality. DELASTO adopts physical, administrative, and technical security measures designed to protect personal data against loss, misuse, unauthorized access, disclosure, alteration, and destruction.

How we store data

We store your personal data for the time necessary or permitted in light of the purposes for which it was collected and in accordance with applicable law, and if there is a need or obligation to keep it for a certain period, or until you withdraw your consent in certain circumstances.

We will then delete the data, unless it is necessary until the expiry of limitation periods provided by law (for example for evidentiary purposes in civil claims or for accounting and tax reasons) or where another legal basis exists under data protection law to continue processing your data in the specific case.

Your rights

You may exercise the data protection rights provided for in Articles 15-21 of European Regulation 679/2016 ("GDPR"):

Right to be informed (art. 13 GDPR),

Right of access and to request a copy of the personal information we hold about you (art. 15 GDPR),

Right to obtain correction or updating of your personal data (art. 16 GDPR),

Right to request deletion of your personal data (art. 17 GDPR),

Right to restrict the ways in which your personal data is processed (art. 18 GDPR)

Right to receive your personal data in a usable electronic format (art. 20 GDPR).

Right to object to the way we use your personal information if the legal basis for processing that information is our legitimate interest (art. 21 GDPR).

Right to withdraw consent if we use the user's personal information on the basis of consent, and where applicable under local law, the user has the right to withdraw such consent at any time.

Right to lodge a complaint with the competent supervisory authority for data protection if you believe that the processing of your personal data is carried out in violation of applicable data protection legislation.

To exercise the above rights, you may send us a request to the email address <privacy@delasto.com>.

Last updated February 2026