Privacy Policy

1. INTRODUCTION
We respect your privacy in accordance with Regulation (EU) 2016/679 (of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data). Our aim is to protect and safeguard your personal data when you interact with our website.

2. WHO WE ARE?

• Data Controller is the natural person, public authority, company, public or private entity, association, etc., which makes decisions about the purposes and methods of processing (Article 4, paragraph 1, point 7), of Regulation EU 2016/679).
• Data Processor is the natural or legal person to whom the Controller delegates specific and defined management and control tasks for the processing of data on their behalf (Article 4, paragraph 1, point 8), of Regulation EU 2016/679).

Data Controller:

• Queen Services SAS
• Email: queenservices@pec.it
• VAT: 02070780503

Data Processor:

• QUOVAI SRL Via Custoza, 13 56040 Monteverdi Marittimo (PI)
• VAT: 01871320493

3. WHAT INFORMATION DO WE COLLECT AND USE?
Personal Data: These are the information that directly or indirectly identify a natural person and can provide information about their characteristics, habits, lifestyle, personal relationships, health status, economic situation, etc..

We do not collect your personal data during anonymous browsing on the site. We collect your data (voluntarily provided) in order to provide you with services.

(A) For the provision of our booking engine, we collect the following information:

•     first and last name
•     email address
•     mobile number
•     credit card details

(B) If you send a request for information or of any other kind via our contact form, the following information is collected to provide you with a response:

•     first and last name
•     email address and/or mobile number
•     any information voluntarily disclosed (by you in the free text sections) that may contain special data such as disabilities, need for assistance, etc.

QUOVAI S.r.l. does not collect or process personal data qualified as "special data" (such as, by way of example only, data capable of revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of associations or organizations of a religious, philosophical or trade union nature, as well as personal data capable of revealing health status or data relating to criminal convictions and offenses), unless you have given your explicit consent, which may be the case when sending a request for information (case (B)). For operational and maintenance needs, this site may collect system logs, which are files that record interactions and may also contain personal data, such as IP addresses.

The data provided by you through the portal will be processed for the following purposes (among others): responding to information requests and managing support requests; providing sales or booking services; sending information about future events; managing payments; keeping statistics to measure the performance of the portal in an aggregate and anonymous form (which do not in any way allow the identification of the individual). The details of your credit card (name and surname, card number, and expiry date) are collected via the Stripe payment gateway (stripe.com/it) and are stored encrypted until the service is provided.

4. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
We collect, use, and share the data in our possession as described based on the following legal bases:

• Processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Administrative and accounting purposes are expressly included. This also includes the service provided by the administrative part and, therefore, the processing of the data subject's personal data for reservation management and response to support requests. The legal basis is based on Article 6 par. 1 letter b) of Regulation (EU) 2016/679.
• Consent to the processing of personal data for one or more specific purposes (for example, sending promotional material via email following voluntary registration for the newsletter). For this purpose, you will need to give your consent, which can be revoked at any time. The legal basis is based on Article 6 par. 1 letter a) of Regulation (EU) 2016/679.
• Mailing list to receive information: during the booking process, your email address is added to a contact list (with your consent) to which email messages may be sent. Our legitimate interests, including our interests in providing a secure and effective service for you. Article 130 paragraph 4 of the Privacy Code also allows the sending of promotional communications by email to customers (current or former customers) to advertise services similar to those already purchased in the past (so-called soft spam). There is a right to opt-out. The legal basis is based on Article 6 par. 1 letter f) of Regulation (EU) 2016/679.

5. LOCATION OF DATA PROCESSING
The data processing activities related to the web service provided by QUOVAI S.r.l. take place at the company’s headquarters and within the Data Centres of HETZNER, located in Germany. No data is transferred outside the European Union.

The Platform may share some of the data collected with services located outside Italy, particularly with Google Analytics. Google Analytics 4 is a web analysis service provided by Google Inc. (“Google”). These data may be transferred outside the European Union, such as to the United States, in compliance with the new EU-U.S. Data Privacy Framework (DPF), which ensures personal data protection. All data collected is used securely and transparently to enhance user experience and improve our services.

6. WHAT KIND OF PERSONAL INFORMATION DO WE DISCLOSE TO THIRD PARTIES?
We do NOT disclose, transfer, or sell your personal data to companies or third parties not directly involved in the main purposes of our business. Your data will be known to our employees. Furthermore, other recipients are: subjects whom, for various reasons, we use to execute the contract; subjects providing services for platform management; subjects providing legal and/or tax and accounting consulting activities; competent authorities and supervisory and control bodies for the fulfillment of legal obligations; and Public Administrations for their institutional purposes.

The subjects belonging to the above-mentioned categories operate, in some cases, autonomously as separate Data Controllers, in other cases, as Data Processors specifically appointed by the Controller in accordance with Article 28 of Regulation (EU) 2016/679. However, we may be required to communicate personal data following a request from the Judicial Authority, as well as for the purpose of fraud prevention or general crime prevention, or if we believe that such action is necessary to protect our business.

7. COOKIES
For information on Cookies, we refer you to our specific Cookie Policy.

8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep your personal data for the time necessary to carry out the operations inherent to the Data Controller's activity in accordance with Regulation (EU) 2016/679. Personal data processing is mainly carried out using computer systems for the time strictly necessary to achieve the purposes for which the data was collected and for the subsequent 10 years from the date of acquisition. At the end of this period, online data will be deleted or anonymised by our provider QUOVAI S.r.l unless there are further purposes for their retention. We must keep your tax data for the 10 years provided by Italian law, after which, once this period has expired, there is no longer a legal basis (legal obligation) for further retention, so we delete them. We do not collect special categories of personal data. However, if this information is entered in a free text section of the website or in emails sent to us, such information will be retained (if identified and recognised) for the time strictly necessary to achieve the initial purposes.

9. HOW DO WE PROTECT YOUR PERSONAL DATA?
In order to prevent unauthorized access to your personal data and to maintain its accuracy, we are committed to implementing appropriate security measures to protect its confidentiality, integrity, and security. However, it is important to note that no transmission over the Internet can ever be 100% secure. SSL (Secure Socket Layer) technology is used in parts of the sites where personal data is collected, which ensures that all communications between the user's computer and us cannot be intercepted or decrypted.

By convention, Internet addresses (URLs) that involve an SSL connection begin with https:// instead of http://. In addition, in the most common browsers, the icon of a green padlock is shown to the left of the URL to indicate that a full SSL connection has been established between the user's browser and our Platform. If your browser does not support SSL technology, you should update it to the latest version.

10. PRIVACY OF MINORS
The Platform is aimed at a general audience and does not offer services aimed at minors. Individuals under the age of 18 MUST NOT provide us with information or personal data. If we discover that a minor has provided us with personal data without the authorisation of their parents or legal guardian, we will promptly delete such information.

11. YOUR RIGHTS
Under Regulation (EU) 2016/679, you may, in accordance with the procedures and limits provided for by current legislation, exercise the following rights by sending a request to the contact details of the Data Controller:

• access your personal data;
• withdraw consent;
• object to the processing of your personal data (where processing is based on a legal basis other than consent);
• verify and request rectification;
• obtain restriction of processing (in this case, we do not process your data for any purpose other than their retention);
• obtain erasure or removal of your personal data;
• request data portability;
• lodge a complaint.

Requests should be addressed to us directly as the Data Controller. We endeavour to respond to all legitimate requests within one month. Occasionally, it may take more than a month if your request is particularly complex. If you believe that the processing of your data breaches privacy law or that your rights have been infringed in any other way, you can contact the supervisory authority:

Italian Data Protection Authority: Piazza di Monte Citorio n. 121, Rome, 00186, Italy

• Tel: 06-69677-3785
• Website: www.garanteprivacy.it/

12. HOW CAN YOU CONTACT US?
For any request regarding the processing of your personal data, you can:

•  Send us an email to support@quovai.com
• Call us at +39-02-87198048

This Privacy Policy was last updated on 03/11/2024.