Skip links

Privacy Statement (booking engine)

We, as QUOVAI S.r.l., respect your privacy in line with Regulation (EU) 2016/679 (GDPR). Our aim is to protect and safeguard your personal data when you use our booking engine. If you do not agree with this policy, we would kindly ask you not to continue further.

N.B. Our service is not intended for use by children (those under the age of 18).

Data Controller: the legal representative of the hotel, B&B, farmhouse, short-term vacation rental, camping site etc. 

Data Processor: is QUOVAI S.r.l. that is a society registered in Pisa with VAT code 01871320493. The company’s headquarters are based in Via Custoza, 13 – Monteverdi Marittimo (PI).

We do NOT collect personal information about you when you are browsing.

  • If you send a request for information from the booking engine contact form, your message is transmitted to the holiday property. The information that you disclose voluntarily under NOTES, which could contain sensitive data relating to your health such as a disability, dietary preferences etc., is not collected by QUOVAI S.r.l.. This information is processed solely by the holiday property.  
  • If you make a reservation using our booking engine, we collect your name/surname, email address and telephone number in order to complete the booking. The reservation is immediately transmitted to the holiday property and processed by the holiday property.
  • For needs relating to the operation and maintenance of our booking engine, we may collect system logs, which may also contain personal data such as your IP address. By checking the IP address, you can understand the user’s geographical position. We do not store geolocation data.
  • The details of your credit card (name and surname, card number, CVV and expiration date) are collected through the Stripe payment gateway and are stored in encrypted form until used by the holiday property.

Our lawful basis for processing is based on:

  • Contract: Your data needs to be processed in order to deliver a contractual service to you. The legal basis is Article 6 1b) of Regulation (UE) 2016/679.
  • Consent:  The holiday property will only send you (adult of the guest party) marketing information where you have opted in to receive these communications (via an opt-in box). You can opt out of receiving marketing material at any time using the unsubscribe link that can be found at the end of each email that the property sends. The legal basis is Article 6 1a) of Regulation (UE) 2016/679.

The processing operations connected to our service take place at the company’s headquarters and at the Data Centres of Hetzner, which are located in Germany. No data transfer occurs outside the European Union.

We do NOT share, trade or sell your personal information to any company or third parties not directly associated with its proper use within the sphere of activity. We may be obliged to disclose personal information if required to do so by law, by a Court order or for the purposes of prevention of fraud or other crime or if we believe that such action is necessary to protect QUOVAI S.r.l..

Our site uses cookies. Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyse what works and where it needs improvement.

Strictly necessary cookies (and exempt from consent): Session cookie.
Expiry date: when you close your session.

(2) Stripe is an online gateway that uses technical cookies: __stripe_sid and __stripe_mid. Stripe sets __stripe_sid for fraud prevention purposes and __stripe_mid to remember who you are and to enable the website to process payments without storing any credit card information on its our servers
Expiry date:
__stripe_mid | 1 year
__stripe_sid | 30 minutes

Analytics cookies (in theory exempt from consent as equivalent to strictly necessary cookies. We have decided to request consent.) Google Analytics uses the following cookies (_ga, _gid, _gat). Even if they are analytics cookies, they are comparable to technical cookies (and therefore exempt from consent) because they are used only to produce aggregated statistics and in relation to a single web site and the IP addresses (at least the fourth component) are masked and do not combine with other information for further processing. Please see Google’s privacy policy for further information. If you prefer not to have data reported by Google Analytics, you can install the Google Analytics Opt-Out Browser Add-On. You may also opt out of Google’s use of tracking technologies by visiting the Google advertising opt-out page.
Expiry date:
_ga | 2 years (from the last visit)
_gid | 1 day (from the last visit)
_gat | 1 minute (from the last visit)

Marketing cookies: We do NOT use profiling cookies.

Cookie management
Most web browsers allow some control of most cookies through the browser settings. Find out how to manage cookies on popular browsers by accessing the following browser links:

More information:

We retain your personal data on our systems for as long as is necessary for the booking activity in question in accordance with Regulation (EU) 2016/679. 

To prevent unauthorised access to your personal information and maintain data accuracy, we guarantee you that the appropriate physical and electronic measures have been taken to safeguard and secure the information we collect online. Please note though that no transmission over the Internet can ever be guaranteed.

  • We use Secure Socket Layer (SSL) technology, which ensures that any communications between your computer and QUOVAI cannot be intercepted and is unreadable by anyone else. By convention, URLs that imply an SSL connection start with https: instead of http. Furthermore in most common browsers, a padlock icon is show on the left beside the URL to show you that you have established a full SSL encrypted connection. If your browser does not support SSL technology, then you should update to the latest version.

Under Regulation (EU) 2016/679, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

  •     Your right of access
  •     Your right to rectification
  •     Your right to erasure
  •     Your right to restriction of processing
  •     Your right to data portability
  •     Your right to make a complaint

You also have recourse to the Data Protection Authority:

    Garante per la Protezione dei Dati Personali: Piazza di Monte Citorio n. 121, Rome, 00186, Italy
    Tel: + 39 06 69677-3785
    Web site:

If you have a query relating to the processing of your personal information, please send an e-mail to our mailbox ( If you are unable to make a query in writing, please ring us at +39-02-87198048.

We reserve the right to amend or modify this Privacy policy at any time and in response to changes in applicable data protection and privacy legislation. 
Last updated: 12 November 2022