Vela Blu Ltd (C91535) ("Waivy", "we", "us", "our") operates the Waivy damage waiver platform at waivy.eu. Vela Blu Ltd is the data controller responsible for your personal data, as described in this policy.
If you have any questions about how we handle your data, contact us at [email protected].
We collect personal data in the following contexts:
| Category | Data collected | Source |
|---|---|---|
| Host enquiry | Full name, email address, phone number, number of properties, PMS name | Registration form on waivy.eu |
| Host account | Business name, bank account details (for payouts), property addresses, PMS credentials (encrypted) | Onboarding process |
| Guest waiver | Full name, email address, payment card details (tokenised), booking reference | Guest waiver payment flow |
| Claims | Damage photos, check-in/check-out timestamps, damage descriptions | Host dashboard submissions |
| Website usage | IP address, browser type, pages visited, referral source | Automatically via cookies and server logs |
We do not collect sensitive personal data (as defined under GDPR) such as health information, biometric data, or financial account numbers beyond what is strictly necessary for payment processing.
We do not use your data for automated decision-making or profiling that produces legal effects.
Under the GDPR (applicable to EU/EEA users), we rely on the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Delivering the waiver service and processing payments | Performance of a contract |
| Sending service communications and claim updates | Performance of a contract |
| Retaining financial records | Legal obligation |
| Fraud detection and security | Legitimate interests |
| Marketing communications (if opted in) | Consent |
| Website analytics | Legitimate interests / Consent (where cookies are used) |
We do not sell your personal data. We share data only with the following sub-processors, and only to the extent necessary for the purpose described:
| Sub-processor | Purpose | Data involved |
|---|---|---|
| Payment processors | Collecting waiver fees and processing Host payouts | Name, email, tokenised card data |
| Property management systems (PMS) | Retrieving booking data and syncing waiver status | Booking reference, check-in/out dates |
| Airtable | Managing Host records and onboarding data | Host name, email, property details |
| Automation tools (Zapier, Make) | Orchestrating internal workflows such as onboarding notifications and booking syncs | Host and booking data, as required by each workflow |
| AI image processing services (including services by Anthropic and OpenAI) | Analysing damage photos submitted as part of a claim to assist our review process | Damage photographs only — no personal identifying information is included |
| Cloud infrastructure providers | Hosting the platform and storing data securely | All data stored on platform |
| Legal and regulatory authorities | Compliance with lawful requests | As required by law |
We do not share Guest personal data with Hosts beyond the booking reference required to match a waiver to a stay, except in the context of a supplementary damage charge as set out in our Terms & Conditions.
Waivy is operated by Vela Blu Ltd (C91535), a company incorporated within the European Union (Malta). Data may be processed within the EU and by third-party service providers in other jurisdictions. We ensure that all transfers are subject to appropriate contractual safeguards.
When the retention period expires, data is securely deleted or anonymised.
Depending on your location, you have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Request that inaccurate or incomplete data is corrected.
Request deletion of your data, subject to legal retention obligations.
Request that we limit processing of your data in certain circumstances.
Receive your data in a structured, machine-readable format (GDPR users).
Object to processing based on legitimate interests or for direct marketing.
Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
Our website uses a limited number of cookies to enable core functionality (session management, form submission). We do not currently use third-party advertising or tracking cookies.
You can control cookie settings through your browser. Disabling essential cookies may affect the functionality of the site.
For any privacy-related questions or requests, contact us at: