YAROOMS

Privacy Policy - End User

Definitions

GDPR

Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Customer

Or paying customer - the entity/organization/company that purchased a YAROOMS subscription and allows you, as a user, to access the tenant allotted to this subscription.

User / end-user

You, as an individual, accessing and using a tenant under the YAROOMS platform with an account created or provided by your employer/organization that represents a Customer.

Data subject

Refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person's physical, physiological, genetic, mental, economic, cultural or social identity.

Service

Means any services provided by YAROOMS to you, meaning the right to access and use the YAROOMS Platform within the limits of the Agreement concluded between the Customer and Yarooms. 

Platform

The whole of the YAROOMS Workplace Experience software suite, comprising, but not limited to: web application, mobile applications, plugins, integrations, functionality modules, features.

Intro

1.1 This document is created on the basis and in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 with the purpose to inform you regarding your rights under GDPR legislation.

1.2 This document applies to you, as a user of the YAROOMS Platform and in relation with the use of the Platform and all self or third-party Applications, Plugins and Services that make use of the Platform or integrate it, completely or partially.

1.3 This document does not apply to a Customer of the YAROOMS platform - for that please consult the contractual documentation concluded between the Customer and Yarooms.

Who is collecting your data?

2.1 Your personal data is collected by Yarooms International S.R.L., a Romanian Company registered with the Trade Registry Office under no. J12/5628/2022, having sole registration code 36814476, who is entitled to provide and sell the Service (the right to use the Platform) in the conditions stipulated under the Terms of Service.

What data is being collected?

3.1 We collect the following personal data, made available by you under the Platform such as: name, email, company name, role within the organization, any other personal data that you will make available under the Platform, your bookings/reservations under the Platform.

The data is collected with the purpose to provide you the Service.

The minimum following data is mandatory to be provided: name and email. Without these, we will not be able to provide the Service to you. As a consequence, you will not be able to use the Platform.

3.2 We also collect the following personal data, for marketing purposes: name and email. We will collect such data only based on your consent. You can withdraw your consent anytime.

What is the legal basis for processing the data? How will the information be used?

4.1 We will process the data mentioned under clause 3.1 based on GDPR Regulation article 6 paragraph 1, letter b with the purpose of providing you the Service (the right to access and use the Platform via all available means: main Web app, external Applications, Services, Plugins).

4.2 We will process the data mentioned under clause 3.2. based on GDPR Regulation article 6 paragraph 1, letter a, for marketing purposes. Therefore, based on your consent, we will send you from time to time marketing emails to promote our Service. Also, from time to time we will target you in our social media marketing campaigns.

4.3 If you are listed as a billing contact for a Customer, we will process the following personal data: billing information based on GDPR Regulation article 6 paragraph 1 letter c, taking into consideration that we have a legal obligation to store your billing details for accounting reasons.

Will the data be shared with any third parties?

5.1 We will not share your data with third parties unless: 

  • we will have such a legal obligation and/or
  • we will have your consent and/or
  • it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law. 

Additionally, some of your personal data will be divulged to other users from the Customer’s organization as follows: a) when you make a reservation within the Platform,  your reservation will be visible for the other users, unless you chose to anonymize your reservation; b) your personal data will be visible for the higher level users of the Customer’s organization, according to the Customer’s Organization main account set-up.

5.2 We may also share your data with our service providers or subprocessors, as listed below:

  • For EU and UK Customers
    • Microsoft Azure NL
    • Hubspot EU
  • For Canada 
    • Microsoft Azure CA
    • Hubspot US
  • For US and rest of the world
    • Microsoft Azure US
    • Hubspot US

 

How long will the data be stored for?

6.2 We will store the data mentioned under clause 3.1. as long as we will provide services to our Customer  and for a 30 days period after that. No user account and/or no data mentioned under clause 3.1. can be deleted earlier, except with the Customer’s approval.

6.3 We will store the data mentioned under clause 3.2. as long as we have your consent regarding the data processing for marketing purposes, but no more than 10 years. Therefore, we will delete your data: a) at the moment you cancel your consent; and/or b) at the expiration of the 10 years period.

Please be advised that we decided to store your information for a period up to 10 years (unless you withdraw your consent earlier), taking into consideration that during that time we might develop some functions or services related to the Platform that you might want to use. Therefore, we want to be able to notify you each time we develop a new function and/or a new service that might be fit for you.

6.4 We will store your billing information for the period required by the applicable laws.

Where do we store the data?

7.1 The data is stored in the cloud, in the European Union, United States and/or Canada, depending on the Customer’s geographical location or preference at the time of onboarding.

7.2 If transferring data outside of the EEA can’t be avoided, we will verify if a similar level of protection can be obtained following such transfer.

Therefore:

We will verify if the country to which we consider transferring your personal data is subject to an adequacy decision adopted by the European Commission and if possible, we will perform the transfer on the basis of such adequacy decision. You can read more info about this mechanism of data transfer here:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

In the absence of an adequacy decision, we will perform the transfer of your data outside EEA based on the Standard Contractual Clauses approved by the European Commission. In this respect, we will conclude Standard Contractual Clauses with our providers to whom we consider transferring the personal data outside EEA. You can read more info about this mechanism of data transfer here: 

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Also, we may use other appropriate safeguards for the transfer, accordingly with clauses no. 46 and 47 of the GDPR Regulation.

In this respect, at the moment in case of a transfer of your personal data to the US, we will use the Standard Contractual Clauses mechanism, considering that the Privacy Shield has been invalidated by the CJUE.

In order to obtain more detailed information about the protection mechanisms we use when we transfer your data, and/or in order to obtain a copy of the Standard Contractual Clauses that we have signed with our providers in case of an international data transfer, you can contact us by email.

What security measures have we implemented?

8.1 In order to protect your data, we have implemented security measures in accordance with the applicable laws and the best industry practices. We will protect your data against any security incidents, but we cannot guarantee that such incidents cannot occur.

8.2 In case of personal data breach, which is likely to result in a high risk to your rights and freedoms, we will communicate the personal data breach to you, without undue delay.

What rights do you have?

9.1 According to GDPR Regulation, you have the right to:

  • information about the processing of your personal data;
  • obtain access to the personal data held about you;
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request that personal data be erased when it’s no longer needed or if processing it is unlawful;
  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
  • request the restriction of the processing of your personal data in specific cases;
  • receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
  • request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.

9.2 To exercise your rights, please contact us by email: office@yarooms.com. We will try to respond to your request as fast as we can, but no later than 30 days since we received your request.

9.3 We might ask you to provide information to confirm your identity (such as, clicking a verification link, entering a username or password, id copies or others) in order to be able to respond to your request.

Right to be forgotten

10.1. You can exercise the right to be forgotten, within the limits of the applicable law, by filling and submitting this form.

10.2. All requests for the right to be forgotten will be manually reviewed by our professionals within 30 days from the request.

10.3. Considering the legal basis that we use for processing your personal data, please be advised that:

- you cannot ask to erase the personal data mentioned under clause 3.1. while the Customer has an active subscription under the Platform, and your data is required to provide the services;

- you can ask to erase the personal data mentioned under clause 3.2 at any time

Do we use automated individual decision-making, including profiling?

11.1 No, you will not be subject to any decision based solely on automated processing, including profiling.

Cookies

12.1 A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site’s computers and stored on your device’s hard drive or storage disk. Cookies are required to use the YAROOMS service via all available means: web app, mobile or tablet apps, plugins, embedding services.

12.2 We use cookies to record current session information, but do not use permanent cookies. You are required to log-in to your YAROOMS account after a certain period of time has elapsed to protect you against others accidentally accessing your account’s contents.

How can you raise a complaint?

13.1 According to GDPR Regulation, you have the right to lodge a complaint with a supervisory authority. Usually you will lodge a complaint with the supervisory authority headquartered in your country or in the data controller’s country (Romania). Please find the Data Protection Authorities contact information here:
http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

How can you contact us?

14.1 For any question or request regarding your data, please contact us at the following email address: office@yarooms.com 

 

This document has been updated and is applicable since: 15-December-2023