Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Or paying customer - you, the entity/organization/company that purchased a YAROOMS subscription and allows your end-users to access the tenant allotted to this subscription.
An individual, accessing and using a tenant under the YAROOMS platform with an account created or provided by you, as a Customer.
A user with the highest level of permissions in your tenant, who can manage all settings, configurations and content, including your users’ personal data stored in the Platform.
Refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person's physical, physiological, genetic, mental, economic, cultural or social identity.
Means any services provided by YAROOMS to the Customer, regarding the use of YAROOMS Platform, such as the right to access and use the YAROOMS Platform, within the limits of the Agreement concluded between the Customer and Yarooms
The whole of the YAROOMS Workplace Experience software suite, comprising, but not limited to: web application, mobile applications, plugins, integrations, functionality modules, features.
1.1 This document is created on the basis and in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 with the purpose to inform you regarding your rights under GDPR legislation.
1.2 This document applies to you, as a Customer of the YAROOMS Platform and in relation with the use of the Platform and all self or third-party Applications, Plugins and Services that make use of the Platform or integrate it, completely or partially.
1.3 This document does not apply to a user / end-user of the YAROOMS platform - for that please access this link.
3.1 We collect the following personal data, made available by you or your users under the Platform such as: name, email, role within the organisation, the users bookings/reservations under the Platform, any other personal data that will be made available under the Platform.
The data is collected with the purpose of providing with the Service.
The minimum following data is mandatory to be provided: name and email. Without these, we will not be able to provide the Service. As a consequence, your users will not be able to use the Platform.
3.2 We also collect the following personal data, for marketing purposes: name and email. We will collect such data only based on your users’ consent. They can withdraw their consent at any time.
For the avoidance of any doubt, if some personal data will be obtained from the Customer and not directly from the end-users, the Customer will be considered Controller and Yarooms will be considered Processor in relation with such data.
4.1 We will process the data mentioned under clause 3.1 based on GDPR Regulation article 6 paragraph 1, letter b and with the exclusive purpose of providing you the Service (the right to access and use the Platform via all available means: main Web app, external Applications, Services, Plugins).
4.2 We will process the data mentioned under clause 3.2. based on GDPR Regulation article 6 paragraph 1, letter a, for marketing purposes. Therefore, based on your users’ consent, we will send them from time to time marketing emails to promote our Service. Also, from time to time we will target the subscribed users in our social media marketing campaigns.
4.3 If one or more of your users are listed as billing contacts for you, we will process the following personal data: billing information based on GDPR Regulation article 6 paragraph 1 letter c, taking into consideration that we have a legal obligation to store the billing details for accounting reasons.
5.1 We will not share your users’ data with third parties unless:
5.2 We may also share your users’ data with our service providers or subprocessors, as listed below:
Additionally, some of users personal data might be divulged to other users from the Customer’s organization as follows: a) when a user makes a reservation within the Platform, the reservation will be visible for the other users, unless the user chooses to anonymize the reservation; b) the user’s personal data will be visible for the higher level users from your organization, according to your organization’s main account set-up.
6.1. We will store the other data mentioned under clause 3.1. as long as we provide the Services to you in accordance with the Terms and Conditions (on the basis of a paid subscription plan) and for a 30 days period after that.
6.2. The data mentioned under clause 3.1 can be removed at any time by your Administrators, rendering the deleted users’ accounts unusable and anonymizing all their activity in the platform.
6.3 We will store your billing information for the period required by the applicable laws.
6.4. We will store the data mentioned under clause 3.2. as long as we have the user’s consent, regarding the data processing for marketing purposes, but no more than 10 years. Therefore, we will delete such data: a) at the moment the user cancels his consent; and/or b) at the expiration of the 10 years period.
7.1 The data is stored in the cloud, in the European Union, United States and/or Canada, depending on your geographical location or preference at the time of onboarding.
7.2 If transferring data outside of the EEA can’t be avoided, we will verify if a similar level of protection can be obtained following such transfer.
Therefore:
We will verify if the country to which we consider transferring your users' personal data is subject to an adequacy decision adopted by the European Commission and if possible, we will perform the transfer on the basis of such adequacy decision. You can read more info about this mechanism of data transfer here:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
In the absence of an adequacy decision, we will perform the transfer of your users’ data outside EEA based on the Standard Contractual Clauses approved by the European Commission. In this respect, we will conclude Standard Contractual Clauses with our providers to whom we consider transferring the personal data outside EEA. You can read more info about this mechanism of data transfer here:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
Also, we may use other appropriate safeguards for the transfer, accordingly with clauses no. 46 and 47 of the GDPR Regulation.
In this respect, at the moment in case of a transfer of your users’ personal data to the US, we will use the Standard Contractual Clauses mechanism, considering that the Privacy Shield has been invalidated by the CJUE.
In order to obtain more detailed information about the protection mechanisms we use when we transfer your users’ data, and/or in order to obtain a copy of the Standard Contractual Clauses that we have signed with our providers in case of an international data transfer, you can contact us by email.
8.1 In order to protect your users’ data, we have implemented security measures in accordance with the applicable laws and the best industry practices. We will protect the data against any security incidents, but we cannot guarantee that such incidents cannot occur.
8.2 In case of personal data breach, which is likely to result in a high risk to your users’ rights and freedoms, we will communicate the personal data breach to you and your users, without undue delay.
9.1 A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to the browser from a website’s computers and stored on the device’s hard drive or storage disk. Cookies are required to use the YAROOMS service via all available means: web app, mobile or tablet apps, plugins, embedding services.
9.2 We use cookies to record current session information, but do not use permanent cookies. Users are required to log-in to their YAROOMS account after a certain period of time has elapsed to protect against others accidentally accessing the account’s contents.
10.1 According to GDPR Regulation, users have the right to lodge a complaint with a supervisory authority. Usually a complaint will be lodged with the supervisory authority headquartered in the user’s country or in the data controller’s country (Romania). Please find the Data Protection Authorities contact information here:
http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
11.1 For any question or request regarding personal data, please contact us at the following email address: office@yarooms.com