Privacy Policy

1. INTRODUCTION
We respect your privacy in accordance with Regulation (EU) 2016/679 (of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data). Our goal is to protect and safeguard your personal data when you interact with our website.

2. WHO ARE WE?

• The Data Controller is the natural or legal person, public authority, agency, or other body which determines the purposes and means of the processing of personal data (Article 4(7) of Regulation (EU) 2016/679).
• The Data Processor is the natural or legal person which processes personal data on behalf of the Data Controller (Article 4(8) of Regulation (EU) 2016/679).

Data Controller:

• Ms. Chiara Gelmetti
• GLMCHR82M71G489O
• Email: info@gardabeds.com

Data Processor:

• QUOVAI SRL
• Email: supporto@quovai.com
• VAT No.: 01871320493

3. WHAT INFORMATION DO WE COLLECT AND USE?
Personal Data: any information relating to an identified or identifiable natural person, directly or indirectly, and that may provide information about their characteristics, habits, lifestyle, personal relationships, health status, or economic situation.

We do not collect your personal data during anonymous browsing of the website. We collect your data (provided voluntarily) in order to provide the requested services.

(A) For the provision of our online service (booking through the booking engine), we collect the following information:

• First and last name
• Email address
• Mobile phone number
• Credit card details

(B) By using our information request form, we collect the following personal data:

• First and last name
• Email address
• Mobile phone number
• Information voluntarily disclosed in the “Message” field, which may include sensitive data

We collect your personal data for the following purposes:

• Providing the requested information
• Communicating with you regarding your request
• Improving our services and personalizing communications

QUOVAI S.r.l. does not collect or process personal data classified as “special categories of data” (e.g. data revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, health data, or data concerning criminal convictions), unless you have provided explicit consent, as may occur when submitting an information request (case B). For operational and maintenance purposes, this website may collect system logs containing personal data such as IP addresses.

The data you provide will be processed for purposes including: responding to information requests and support inquiries; managing sales or bookings; sending information about future events; managing payments; and producing aggregated and anonymous statistical reports that do not allow identification of individuals. Credit card details are collected via the Stripe payment gateway and stored in encrypted form until service completion.

4. LEGAL BASIS FOR PROCESSING
We process personal data based on the following legal grounds:

• Processing necessary for the performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR).
• Consent given for one or more specific purposes, revocable at any time (Article 6(1)(a) GDPR).
• Legitimate interests pursued by the Data Controller, including service security and direct marketing to existing customers (Article 6(1)(f) GDPR).

5. PLACE OF DATA PROCESSING
Data processing related to the web service provided by QUOVAI S.r.l. takes place at the company’s headquarters and on data centers operated by HETZNER located in Germany. No data is transferred outside the European Union.

Some data may be shared with services located outside Italy, in particular Google Analytics 4. Data transfers may occur outside the EU in compliance with the EU-U.S. Data Privacy Framework. All data is processed securely and transparently.

6. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We do not sell, transfer, or disclose personal data to unrelated third parties. Data may be accessed by employees and service providers involved in contract execution, legal or accounting services, public authorities, or regulatory bodies as required by law.

7. COOKIES
For information about cookies, please refer to our dedicated Cookie Policy.

8. DATA RETENTION
Personal data is retained only as long as necessary to fulfill processing purposes and legal obligations, generally up to 10 years in accordance with Italian law. After this period, data will be deleted or anonymized.

9. DATA SECURITY
We implement appropriate technical and organizational measures to protect personal data. SSL encryption is used where personal data is transmitted.

10. CHILDREN’S PRIVACY
This website is not intended for minors under 18 years of age. If personal data of a minor is identified, it will be promptly deleted.

11. YOUR RIGHTS
Under Regulation (EU) 2016/679, you may exercise rights including access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.

12. CONTACT INFORMATION
For any request regarding personal data processing:

• Email: info@gardabeds.com
• Phone: +39 371 382 7684

13. CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may be updated at any time. The updated version will be published on this page.

This Privacy Policy was last updated on 18/12/2025.