1.1 This document is created on the basis and in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 with the purpose to inform you regarding your rights under GDPR legislation.
1.2 This document applies to you, as a user of the Yarooms.com Platform and in relation with the use of the Platform and all self or third-party Applications, Plugins and Services that make use of the Platform or integrate it, completely or partially.
Who is collecting your personal data?
2.1 Your personal data is collected by Yarooms International S.R.L., a Romanian Company registered with the Trade Registry Office attached to Bucharest under no. J40/16047/2016, having sole registration code 36814476 who is entitled to provide and sell the Service (the right to use the Platform) in the conditions stipulated under the Terms of Service.
What data is being collected?
3.1 We collect the following personal data, made available by you under the Platform: Name, email, telephone, company name, billing information, your activity on the Platform and all Applications, Plugins and Services that make use of the Platform or integrate it, completely or partially.
The data is collected with the purpose to provide you with the Service.
The minimum following data is mandatory to be provided: name and email, billing information, without which we will not be able to provide the Service to you. As a consequence, you will not be able to use the Platform.
3.2 We also collect the following personal data, for marketing purposes: name and email. We will collect such data based on your consent. You can withdraw you consent, anytime.
What is the legal basis for processing the data? How will the information be used?
4.1 We will process the data mentioned under clause 3.1. based on GDPR Regulation article 6 paragraph 1, letter b and with the exclusive purpose of providing you the Service (the right to access and use the Platform via all available means: main Web app, external Applications, Services, Plugins).
4.2 We will process the following personal data: billing information based on GDPR Regulation article 6 paragraph 1 letter c, taking into consideration that we have a legal obligation to store your billing details for accounting reasons.
4.3 We will process the data mentioned under clause 3.2. based on GDPR Regulation article 6 paragraph 1, letter a, for marketing purposes. Therefore, based on your consent, we will send you from time to time marketing emails to promote our Service. Also, from time to time we will target you in our social media marketing campaigns.
Will the data be shared with any third parties?
5.1 We will not share your data with third parties unless: we will have such a legal obligation; we will have your consent; it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law. We may also share your data with our service providers such as Intercom R&D Unlimited Company and other similar service providers.
How long will the data be stored for?
6.1 We will store the data mentioned under clause 3.1.: name and email as long as you have a user account on the Platform, taking into consideration that we cannot keep your user account active without this information.
6.2 We will store your billing information for the period required by the applicable laws.
6.3 We will store the other data mentioned under clause 3.1. as long as we will provide you Services in accordance with the Terms and Conditions (on the basis of a trial or paid subscription plan) and for a 30 days period after that.
6.4 We will store the data mentioned under clause 3.2. as long as we have your consent regarding the data processing for marketing purposes, but no more than 10 years. Therefore, we will delete your data: a) at the moment you cancel your consent; and/or b) at the expiration of the 10 years period.
Please be advised that we decided to store your information for a period up to 10 years (unless you withdraw your consent earlier), taking into consideration that during that time we might develop some functions or services related to the Platform, that you might want to use. Therefore, we want to be able to notify you each time we develop a new function and/or a new service that might be fit for you.
We will delete your data at the end of the storage period.
Where do we store the data?
7.1 The data is stored in the cloud, in the European Union and/or United States.
7.2. Before transferring your data outside EEA, we will verify if a similar level of protection can be obtained following such transfer.
- We will verify if the country to whom we consider transferring your personal data is subject to an adequacy decision adopted by the European Commission and if possible, we will perform the transfer on the basis of such adequacy decision. You can read more info about this mechanism of data transfer here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
- In the absence of an adequacy decision, we will perform the transfer of your data outside EEA based on the Standard Contractual Clauses approved by the European Commission. In this respect, we will conclude Standard Contractual Clauses with our providers to whom we consider transferring the personal data outside EEA. You can read more info about this mechanism of data transfer here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
- Also, we may use other appropriate safeguards for the transfer, accordingly with clauses no. 46 and 47 of the GDPR Regulation
In this respect, at the moment in case of a transfer of your personal data to US, we will use the Standard Contractual Clauses mechanism, considering that the Privacy Shield has been invalidated by the CJUE.
In order to obtain more detailed information about the protection mechanisms we use when we transfer your data, you can contact us by email.
What security measures we have implemented?
8.1 In order to protect your data, we have implemented security measures in accordance with the applicable laws and the best industry practices. We will protect your data against any security incidents, but we cannot guarantee that such incidents cannot occur.
8.2 In case of personal data breach which is likely to result in a high risk to your rights and freedoms we will communicate the personal data breach to you, without undue delay.
What rights do you have?
9.1 According to GDPR Regulation, you have the right to:
- information about the processing of your personal data;
- obtain access to the personal data held about you;
- ask for incorrect, inaccurate or incomplete personal data to be corrected;
- request that personal data be erased when it’s no longer needed or if processing it is unlawful;
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
- request the restriction of the processing of your personal data in specific cases;
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.
9.2 To exercise your rights, please contact us by email: email@example.com. We will try to respond to your request as fast as we can, but no later than 1 month since we received your request.
9.3 We might ask you to provide information to confirm your identity (such as, clicking a verification link, entering a username or password, id copies or others) in order to be able to respond to your request.
Do we use automated individual decision-making, including profiling?
10.1 No, you will not be subject to any decision based solely on automated processing, including profiling.
11.1 A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site’s computers and stored on your computer’s hard drive. Cookies are required to use the YAROOMS service via all available means: web app, mobile or tablet apps, plugins, embedding services.
How can you raise a complaint?
12.1 According to GDPR Regulation, you have the right to lodge a complaint with a supervisory authority. Usually you will lodge a complaint with the supervisory authority headquartered in your country or in the data controller’s country (Romania). Please find the Data Protection Authorities contact information here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
How can you contact us?
13.1 For any question or request regarding your data, please contact us at the following email address: firstname.lastname@example.org
This document has been updated and is applicable since: 11 Sep 2020