|

Privacy Policy

 

1. INTRODUCTION
We respect your privacy in accordance with Regulation (EU) 2016/679 (of the European Parliament and the Council regarding the protection of individuals concerning the processing of personal data and the free movement of such data). Our purpose is to protect and safeguard your personal data when interacting with our website.

2. WHO ARE WE?
The Data Controller is the natural person, public authority, business, public or private entity, association, etc., that decides on the purposes and methods of processing (Article 4, paragraph 1, point 7, of Regulation EU 2016/679).
The Data Processor is the natural or legal person to whom the Data Controller requests to carry out specific and defined management and control tasks on their behalf (Article 4, paragraph 1, point 8, of Regulation EU 2016/679).

Data Controller:

Data Processor:

3. WHAT INFORMATION DO WE COLLECT AND USE?
Personal Data: This refers to information that identifies or can identify, directly or indirectly, a natural person and may provide details about their characteristics, habits, lifestyle, personal relationships, health status, economic situation, etc.

We do not collect your personal data during anonymous browsing of the website. We collect your data (voluntarily provided) to deliver our services.

(A) To provide our booking engine service, we collect the following information:

  • name and surname
  • email address
  • mobile phone number
  • credit card details

(B) If you send an enquiry or any other request through our contact form, we collect the following information to respond to your enquiry:

  • name and surname
  • email address and/or mobile phone number
  • any information voluntarily disclosed (in free text fields), which may include special data such as disabilities, assistance needs, etc.

QUOVAI S.r.l. does not collect or process personal data classified as "special data" (such as data revealing racial or ethnic origin, religious, philosophical, or other beliefs, political opinions, membership in religious, philosophical, or trade union organizations, as well as data revealing health status or information related to criminal convictions and offences) unless you have given your explicit consent, which might occur when submitting an inquiry (case (B)). For operational and maintenance purposes, this website may collect system logs, i.e., files that record interactions and may contain personal data, such as IP addresses.

The data you provide through the portal will be processed for the following purposes (among others): responding to inquiries and managing support requests; providing booking or sales services; sending information about future events; managing payments; and generating statistics to measure the portal's performance in an aggregated and anonymous form (which does not allow individual identification). Credit card details (name, surname, card number, and expiry date) are collected through the Stripe payment gateway (stripe.com/en) and stored in encrypted form until the service is provided.

4. ON WHAT LEGAL BASES DO WE PROCESS YOUR PERSONAL DATA?
We collect, use, and share data in our possession as described, based on the following legal bases:

  • The processing is lawful if necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at the request of the data subject. This expressly includes administrative and accounting purposes. This context also includes the service provided by the administrative section and, thus, the processing of the data subject's personal data for booking management and responding to support requests. The legal basis is Article 6(1)(b) of Regulation (EU) 2016/679.
  • Consent to process personal data for one or more specific purposes (e.g., sending promotional material by email following voluntary subscription to the newsletter). For this purpose, you must provide consent, which can be withdrawn at any time. The legal basis is Article 6(1)(a) of Regulation (EU) 2016/679.

Mailing list for receiving information:
During the booking process, your email address may be added to a contact list (with prior consent) to receive email messages. Our legitimate interests include providing a secure and efficient service for you. Article 130(4) of the Privacy Code also allows the sending of promotional emails to clients (current or former) to advertise services similar to those previously purchased (so-called soft spam). The right to opt-out exists. The legal basis is Article 6(1)(f) of Regulation (EU) 2016/679.

5. DATA PROCESSING LOCATION
Data processing related to the web service provided by QUOVAI S.r.l. takes place at the company's headquarters and on Data Centers operated by HETZNER, located in Germany. No data is transferred outside the European Union.

The Platform may share some of the collected data with services located outside Italy, particularly the Google Analytics service. Google Analytics 4 is a web analytics service provided by Google Inc. ("Google"). This data may be transferred outside the European Union, such as to the United States, under the new EU-U.S. Data Privacy Framework (DPF), which ensures the protection of personal data. All collected data is used securely and transparently to improve the user experience and our services.

6. WHAT PERSONAL INFORMATION DO WE DISCLOSE TO THIRD PARTIES?
We do NOT disclose, sell, or transfer your personal data to companies or third parties not directly involved in the primary purposes of our activity. Your data will be known to our employees. Additional recipients include: entities we use for contract execution; entities providing platform management services; entities offering legal and/or tax and accounting consultancy; competent authorities and supervisory bodies for legal obligations; and Public Administrations for their institutional purposes.

Entities belonging to the above categories operate, in some cases, entirely independently as separate Data Controllers; in other cases, they act as Data Processors specifically appointed by the Data Controller in compliance with Article 28 of Regulation (EU) 2016/679. However, we may be forced to disclose personal data following a request from the Judicial Authority, as well as for crime prevention purposes or if we believe such action is necessary to protect our business.

7. COOKIES
For information regarding Cookies, please refer to our specific Cookie Policy.

8. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
We retain your personal data for the time necessary to carry out the operations related to the activities of the Data Controller, in compliance with Regulation (EU) 2016/679. Personal data processing is predominantly carried out using digital media for the time strictly necessary to achieve the purposes for which the data was collected and for a subsequent 10 years from the acquisition date. After this period, online data will be deleted or anonymized by our provider QUOVAI S.r.l., unless further purposes for retention exist. We must retain your tax data for 10 years as required by Italian law, after which there is no longer a legal basis for retention, and they are deleted. Special categories of personal data are not collected. However, if such information is included in free-text fields on the site or in emails sent to us, it will be retained (if identified and recognized) for the time strictly necessary to achieve the initial purposes.

9. HOW DO WE PROTECT YOUR PERSONAL DATA?
To prevent unauthorized access to your personal data and maintain its accuracy, we commit to implementing appropriate security measures to ensure its confidentiality, integrity, and security. However, it is important to note that no Internet transmission can ever be 100% secure. In areas of the sites where personal data is collected, Secure Socket Layer (SSL) technology is used, ensuring that all communications between the user's computer and us cannot be intercepted or deciphered.

By convention, Internet addresses (URLs) that involve an SSL connection begin with https:// instead of http://. Additionally, in most browsers, a green padlock icon is displayed to the left of the URL to indicate a full SSL connection has been established between the user's browser and our Platform. If your browser does not support SSL technology, you should update it to the latest version.

10. HOW DO WE HANDLE YOUR CHILDREN’S PRIVACY?
The Platform is intended for a general audience and does not offer services directed at minors. Minors under the age of 18 MUST NOT provide us with personal information or data. If we discover that a minor has provided us with personal data without parental or guardian authorization, we will immediately delete such information.

11. WHAT ARE YOUR RIGHTS?
Under Regulation (EU) 2016/679, you may, according to the methods and within the limits provided by current legislation, exercise the following rights by addressing a request to the contact details of the Data Controller:

  • access your personal data;
  • withdraw consent;
  • object to the processing of your personal data (when processing is based on a legal basis other than consent);
  • verify and request rectification;
  • obtain processing restriction (in this case, we will not process your data for any other purpose except storage);
  • obtain the deletion or removal of your personal data;
  • request data portability;
  • file a complaint.

Requests should be addressed to us directly as the Data Controller. We aim to respond to all legitimate requests within one month. Occasionally, it may take longer than a month if your request is particularly complex. If you believe that the processing of your data infringes privacy laws or that your rights have been violated in any way, you may contact the supervisory authority:

  • Data Protection Authority: Piazza di Monte Citorio n. 121, Rome, 00186, Italy Phone: 06-69677-3785 Website: www.garanteprivacy.it/

12. HOW CAN YOU CONTACT US?
For any requests related to the processing of your personal data, you can:

13. CHANGES TO THIS PRIVACY POLICY
The Data Controller may modify this Privacy Policy at any time; in such cases, we will publish the updated version here and change the effective date below.

This Privacy Policy is updated as of 03/12/2024.