Vela Blu Ltd (C91535) ("Waivy", "we", "us", "our") operates the Waivy damage waiver platform at waivy.eu. Vela Blu Ltd is the data controller responsible for your personal data, as described in this policy.
If you have any questions about how we handle your data, contact us at [email protected].
We collect personal data in the following contexts:
| Category | Data collected | Source |
|---|---|---|
| Host enquiry | Full name, email address, phone number, number of properties, PMS name | Registration form on waivy.eu |
| Host account | Business name, bank account details (for payouts), property addresses, PMS credentials (encrypted) | Onboarding process |
| Guest waiver | Full name, email address, payment card details (tokenised), booking reference | Guest waiver payment flow |
| Claims | Damage photos, damage descriptions, repair quotes or proforma invoices, booking timestamps | Host dashboard submissions |
| Website usage | IP address, browser type, pages visited, referral source | Automatically via cookies and server logs |
We do not collect sensitive personal data (as defined under GDPR) such as health information, biometric data, or financial account numbers beyond what is strictly necessary for payment processing.
We do not use your data for automated decision-making or profiling that produces legal effects.
Under the GDPR (applicable to EU/EEA users), we rely on the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Delivering the waiver service and processing payments | Performance of a contract |
| Sending service communications and claim updates | Performance of a contract |
| Retaining financial records | Legal obligation |
| Fraud detection and security | Legitimate interests |
| Marketing communications (if opted in) | Consent |
| Website analytics | Legitimate interests / Consent (where cookies are used) |
We do not sell your personal data. We share data only with the following sub-processors, and only to the extent necessary for the purpose described:
| Sub-processor | Purpose | Data involved |
|---|---|---|
| Stripe (Stripe Payments Europe, Ltd.) | Collecting waiver and deposit payments and processing Host payouts (Stripe Connect) | Name, email, tokenised card data |
| Omocom AB (insurance partner) | Underwriting the damage-waiver cover and handling insured claims | Booking reference, stay dates, claim details |
| Google (Analytics & Ads) | Website analytics and advertising measurement (consent-based) | Pseudonymous usage/device data, cookie identifiers |
| Meta Platforms (Pixel) | Advertising measurement and conversion attribution (consent-based) | Pseudonymous usage/device data, cookie identifiers |
| Property management systems (PMS) | Retrieving booking data and syncing waiver status | Booking reference, check-in/out dates |
| Airtable | Managing Host records and onboarding data | Host name, email, property details |
| Automation tools (Zapier, Make) | Orchestrating internal workflows such as onboarding notifications and booking syncs | Host and booking data, as required by each workflow |
| AI image processing services (including services by Anthropic and OpenAI) | Analysing damage photos submitted as part of a claim to assist our review process | Damage photographs only — no personal identifying information is included |
| Cloud infrastructure providers | Hosting the platform and storing data securely | All data stored on platform |
| Legal and regulatory authorities | Compliance with lawful requests | As required by law |
We do not share Guest personal data with Hosts beyond the booking reference required to match a waiver to a stay, except in the context of a supplementary damage charge as set out in our Terms & Conditions.
Waivy is operated by Vela Blu Ltd (C91535), a company incorporated within the European Union (Malta). Data may be processed within the EU and by third-party service providers in other jurisdictions. We ensure that all transfers are subject to appropriate contractual safeguards.
When the retention period expires, data is securely deleted or anonymised.
Depending on your location, you have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Request that inaccurate or incomplete data is corrected.
Request deletion of your data, subject to legal retention obligations.
Request that we limit processing of your data in certain circumstances.
Receive your data in a structured, machine-readable format (GDPR users).
Object to processing based on legitimate interests or for direct marketing.
Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your data protection supervisory authority (in Malta, the Information and Data Protection Commissioner; in Italy, the Garante per la protezione dei dati personali).
Our website uses cookies and similar technologies for core functionality, analytics, and advertising measurement. Non-essential cookies (analytics and advertising) are set only after you give consent through our cookie banner, and you can withdraw consent at any time.
We apply Google Consent Mode and activate analytics and advertising tags only after you accept. You can change or revoke your choice at any time via our cookie banner or your browser settings.
For any privacy-related questions or requests, contact us at: