YAROOMS

Privacy Policy

Document updated and applicable since: October 20th, 2025

Definitions

GDPR: Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Customer: The entity/organization/company that purchased a YAROOMS subscription and allows end-users to access the tenant allotted to this subscription.

User/end-user: An individual accessing and using a tenant under the YAROOMS platform with an account created or provided by the Customer.

Administrator: A user with the highest level of permissions in a tenant, who can manage all settings, configurations, content, and users’ personal data stored in the Platform.

Data subject: Any individual person who can be identified, directly or indirectly, via an identifier such as a name, ID number, location data, or factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity.

Service: Services provided by YAROOMS to the Customer regarding use of YAROOMS Platform, including the right to access and use the Platform within limits of the Agreement.

Platform: The whole of the YAROOMS Workplace Experience software suite, comprising web application, mobile applications, plugins, integrations, functionality modules, and features.

Introduction

1.1 This document is created in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 to inform customers regarding their rights under GDPR legislation.

1.2 The document applies to customers of the YAROOMS Platform in relation with use of the Platform and all self or third-party Applications, Plugins and Services that make use of or integrate the Platform.

1.3 This document does not apply to end-users of the YAROOMS platform—for that, refer to the separate end-user privacy policy .

Who is collecting data?

2.1 End-users’ personal data is collected by Yarooms International SA, a Romanian Company registered with the Trade Registry Office under no. J12/5628/2022, EUID J2022005628124, having sole registration code 36814476, who is entitled to provide and sell the Service under the Terms of Service.

What data is being collected?

3.1 The following personal data is collected: name, email, role within the organisation, users’ bookings/reservations under the Platform, and any other personal data made available under the Platform.

Data is collected for the purpose of providing the Service. Mandatory minimum data required: name and email. Without these, the Service cannot be provided and users cannot use the Platform.

3.2 Personal data is not collected for marketing purposes.

If personal data is obtained from the Customer and not directly from end-users, the Customer is considered the Controller and Yarooms is considered the Processor in relation with such data.

4.1 Data mentioned in clause 3.1 will be processed based on “GDPR Regulation article 6 paragraph 1, letter b” with the exclusive purpose of providing the Service (access and use of the Platform via all available means: web app, external Applications, Services, Plugins).

4.2 If users are listed as billing contacts, the following personal data will be processed: billing information based on “GDPR Regulation article 6 paragraph 1 letter c,” considering the legal obligation to store billing details for accounting reasons.

Will the data be shared with any third parties?

5.1 Users’ data will not be shared with third parties unless:

  • There is a legal obligation
  • Users have given consent
  • It is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, potential threats to physical safety, violations of Terms of Service, or as otherwise required by law

5.2 Users’ data may be shared with service providers or subprocessors:

For EU and UK Customers:

  • Microsoft Azure NL
  • Hubspot EU

For Canada:

  • Microsoft Azure CA
  • Hubspot US

For US and rest of the world:

  • Microsoft Azure US
  • Hubspot US

Additionally, some users’ personal data might be divulged to other users from the Customer’s organization as follows:

a) When a user makes a reservation within the Platform, the reservation will be visible to other users, unless the user chooses to anonymize the reservation;

b) The user’s personal data will be visible for higher-level users from the organization, according to the organization’s main account set-up.

How long will the data be stored for?

6.1 Data mentioned in clause 3.1 will be stored as long as Services are provided in accordance with the Terms and Conditions (on the basis of a paid subscription plan) and for a 30-day period after that.

6.2 Data mentioned in clause 3.1 can be removed at any time by Administrators, rendering deleted users’ accounts unusable and anonymizing all their activity in the platform.

6.3 Billing information will be stored for the period required by applicable laws.

Where do we store the data?

7.1 Data is stored in the cloud, in the European Union, United States and/or Canada, depending on geographical location or preference at onboarding.

7.2 If transferring data outside of the EEA cannot be avoided, verification is performed to ensure a similar level of protection can be obtained following such transfer.

Therefore:

Verification is performed to determine if the country to which personal data would be transferred is subject to an adequacy decision adopted by the European Commission. If possible, the transfer will be performed on the basis of such adequacy decision. More information: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

In the absence of an adequacy decision, the transfer of users’ data outside EEA will be performed based on Standard Contractual Clauses approved by the European Commission. Standard Contractual Clauses will be concluded with providers to whom personal data is transferred outside EEA. More information: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Other appropriate safeguards for transfer may be used in accordance with clauses no. 46 and 47 of the GDPR Regulation.

Currently, in case of transfer of users’ personal data to the US, Standard Contractual Clauses mechanism will be used, as the Privacy Shield has been invalidated by the CJUE.

For detailed information about protection mechanisms used for international data transfer and/or to obtain a copy of Standard Contractual Clauses signed with providers, contact via email.

What security measures have we implemented?

8.1 To protect users’ data, security measures have been implemented in accordance with applicable laws and best industry practices. Data will be protected against security incidents, but such incidents cannot be guaranteed not to occur.

8.2 In case of personal data breach likely to result in a high risk to users’ rights and freedoms, the personal data breach will be communicated to the Customer and users without undue delay.

Cookies

9.1 A cookie is a small amount of data, often including an anonymous unique identifier, sent to a browser from a website’s computers and stored on the device’s hard drive or storage disk. Cookies are required to use the YAROOMS service via all available means: web app, mobile or tablet apps, plugins, embedding services.

9.2 Cookies are used to record current session information, but permanent cookies are not used. Users are required to log in to their YAROOMS account after a certain period of time has elapsed to protect against others accidentally accessing the account’s contents.

How can a complaint be raised?

10.1 According to GDPR Regulation, users have the right to lodge a complaint with a supervisory authority. Usually a complaint will be lodged with the supervisory authority headquartered in the user’s country or in the data controller’s country (Romania). Data Protection Authorities contact information: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

How can you contact us?

11.1 For any question or request regarding personal data, contact: office@yarooms.com

YAROOMS

Become a partner

Join our growing network of partners worldwide

Application received!

We'll review your details and get back to you soon.

We use cookies to analyze traffic and improve your experience.

Cookie preferences

Essential

Required for the site to function

Always on
Analytics

Help us understand how visitors use the site

Marketing

Used to deliver relevant ads

Talk to Sales or Support