GDPR + Cookie Policy for YUBA

Effective Date: August 25, 2025 Last Updated: August 25, 2025

1. Introduction

COMPLETE COMMUNICATION PROVIDER S.R.L. ("we," "our," "us," or "YUBA"), with headquarters at Gen. Gheorghe Magheru Street, No. 21, Building 21, Apartment 152, Oradea, Bihor County, Romania, VAT Registration Number RO45954142, registered at the Trade Registry under no. J05/962/2022, legally represented by administrator Cristian Maier, is committed to protecting and respecting your privacy in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Romanian data protection laws.

This policy explains how we collect, use, share, and protect your personal data when you visit our website www.yuba.app and use our drag-and-drop ERP platform services. It also provides information about cookies and similar technologies we use.

2. Data Controller Information

Data Controller: COMPLETE COMMUNICATION PROVIDER S.R.L. Gen. Gheorghe Magheru Street, No. 21, Building 21, Apartment 152 Oradea, Bihor County, Romania Email: legal@yuba.app Phone: +40743009125

Data Protection Contact: For all data protection matters, please contact us at: legal@yuba.app

3. Categories of Personal Data We Process

3.1 Account and Contact Data

Name, surname, job title
Email address, telephone number
Company name and business address
User credentials and account settings

3.2 Usage and Technical Data

IP address and device identifiers
Browser type and version
Operating system and device information
Pages visited and time spent on our website
Click patterns and user interactions
Log files and error reports

3.3 Business Data

Information about your company's structure and processes
ERP configurations and customizations
Business workflows and templates
Communication records and support tickets

3.4 Marketing and Communication Data

Newsletter subscription preferences
Marketing communication history
Event attendance and webinar participation
Survey responses and feedback

4. How We Collect Personal Data

4.1 Direct Collection

Account registration and service setup
Contact forms and support requests
Newsletter subscriptions
Event registrations and surveys
Phone calls and email communications

4.2 Automatic Collection

Website cookies and tracking technologies
Server logs and analytics tools
Mobile application usage (when available)
Security monitoring systems

4.3 Third-Party Sources

Business contact databases (publicly available)
Social media platforms (with your consent)
Business partners and referrals
Integration with third-party business tools

5. Legal Basis for Processing Under GDPR

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

5.1 Legitimate Interest (Article 6(1)(f))

Website analytics and improvement: Understanding user behavior to enhance our services
Security and fraud prevention: Protecting our systems and preventing unauthorized access
Business communications: Sending relevant business information to existing customers
Marketing to business contacts: Promoting our services to potential business customers
Customer support optimization: Improving our support processes and response times

5.2 Contract Performance (Article 6(1)(b))

Account management and service provision
Billing and payment processing
Technical support and customer service
Service updates and maintenance notifications

5.3 Legal Obligation (Article 6(1)(c))

Tax and accounting record keeping
Compliance with regulatory requirements
Response to lawful requests from authorities

5.4 Consent (Article 6(1)(a))

Marketing email newsletters (explicit opt-in)
Non-essential cookies and tracking
Special categories of data (if applicable)
Sharing data with third parties for marketing purposes

6. How We Use Your Personal Data

6.1 Service Provision

Creating and managing user accounts
Providing access to the YUBA platform
Processing payments and billing
Delivering customer support
Sending service-related communications

6.2 Service Improvement

Analyzing usage patterns and user behavior
Identifying technical issues and bugs
Developing new features and functionalities
Conducting user experience research
Performance monitoring and optimization

6.3 Business Operations

Managing our relationship with you
Processing your requests and inquiries
Maintaining business records
Ensuring security and preventing fraud
Compliance with legal obligations

6.4 Marketing and Communications

Sending marketing emails (with consent)
Providing information about updates and new features
Inviting you to events and webinars
Conducting market research and surveys
Creating anonymized analytics and reports

7. Data Sharing and Recipients

7.1 Service Providers

We share personal data with trusted service providers who process data on our behalf:

Cloud hosting providers (data storage and processing)
Payment processors (billing and payment handling)
Customer support tools (help desk and communication)
Analytics providers (Google Analytics, usage analysis)
Marketing platforms (email marketing, CRM systems)
Security services (fraud prevention, monitoring)

7.2 Legal Requirements

We may disclose personal data when required by law or to:

Comply with legal processes or government requests
Protect our rights, property, or safety
Protect the rights, property, or safety of others
Prevent fraud or security issues

7.3 Business Transfers

In case of merger, acquisition, or sale of assets, personal data may be transferred to the new entity, subject to the same privacy protections.

8. International Data Transfers

8.1 Transfers Outside the EU/EEA

We may transfer personal data to countries outside the European Economic Area, including the United States, for service provision and business operations.

8.2 Safeguards

When transferring data internationally, we implement appropriate safeguards:

EU-US Data Privacy Framework (certification planned)
Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Technical and organizational measures for data protection

8.3 Right to Information

You can request information about specific international transfers and the safeguards in place by contacting us at legal@yuba.app.

9. Data Retention

9.1 Retention Principles

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

9.2 Retention Periods

Active customer accounts: Duration of the contractual relationship
Inactive accounts: 12 months after last activity, then anonymized or deleted
Marketing data: Until consent is withdrawn, then immediately deleted
Legal compliance data: As required by applicable laws (typically 5-7 years)
Security logs: 24 months for incident investigation purposes

9.3 Deletion Process

When retention periods expire, we securely delete or anonymize personal data using industry-standard methods.

10. Your Rights Under GDPR

10.1 Right of Access (Article 15)

You can request confirmation of whether we process your personal data and obtain a copy of that data.

10.2 Right to Rectification (Article 16)

You can request correction of inaccurate personal data and completion of incomplete data.

10.3 Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances, including:

The data is no longer necessary for the original purpose
You withdraw consent (where processing is based on consent)
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed

10.4 Right to Restriction of Processing (Article 18)

You can request limitation of processing in specific situations:

You contest the accuracy of the data
Processing is unlawful but you prefer restriction over deletion
We no longer need the data but you need it for legal claims
You object to processing pending verification of our legitimate grounds

10.5 Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

10.6 Right to Object (Article 21)

You can object to processing based on legitimate interests, including profiling and direct marketing.

10.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you.

10.8 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: legal@yuba.app
Phone: +40743009125
Post: Gen. Gheorghe Magheru Street, No. 21, Building 21, Apartment 152, Oradea, Bihor County, Romania

We will respond within one month of receiving your request. In complex cases, we may extend this period by two months.

11. Cookie Policy

11.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience and allow certain features to work properly.

11.2 Types of Cookies We Use

11.2.1 Strictly Necessary Cookies

These cookies are essential for the website to function properly:

Session cookies: Maintain your login status and preferences
Security cookies: Protect against fraud and unauthorized access
Load balancing cookies: Ensure optimal server performance

Legal basis: Legitimate interest (essential for service provision)

11.2.2 Performance and Analytics Cookies

These cookies help us understand how visitors use our website:

Google Analytics

Purpose: Website traffic analysis and user behavior insights
Data collected: Page views, session duration, bounce rate, demographics
Retention: 26 months
Opt-out: Available through Google Analytics Opt-out Browser Add-on

Google Tag Manager

Purpose: Managing tracking codes and marketing tags
Data collected: Page interactions, conversion events
Retention: Varies by configured tags

Legal basis: Legitimate interest (website optimization and business improvement)

11.2.3 Marketing and Advertising Cookies

These cookies are used for marketing purposes (requires consent):

Facebook Pixel

Purpose: Track conversions and create custom audiences
Data collected: Page visits, button clicks, form submissions
Retention: 180 days
Opt-out: Available through Facebook Ad Preferences

Marketing Automation Tools

Purpose: Email campaign tracking and lead scoring
Data collected: Email opens, clicks, website visits
Retention: Varies by platform (typically 12-24 months)

Legal basis: Consent (explicit opt-in required)

11.2.4 Functional Cookies

These cookies enhance your experience:

Language preferences: Remember your language choice
Chat widgets: Enable customer support functionality
Form data: Remember partially completed forms

Legal basis: Legitimate interest (improving user experience)

11.3 Third-Party Cookies

Some cookies are set by third-party services:

Social media plugins (Facebook, LinkedIn, Twitter)
Video content (YouTube, Vimeo)
Maps and location services (Google Maps)
Customer support tools (chatbots, help desk)

11.4 Managing Cookie Preferences

11.4.1 Cookie Consent Banner

When you first visit our website, you'll see a cookie consent banner allowing you to:

Accept all cookies
Accept only necessary cookies
Customize your preferences

11.4.2 Browser Settings

You can control cookies through your browser settings:

Chrome: Settings > Privacy and Security > Cookies and other site data Firefox: Options > Privacy & Security > Cookies and Site Data Safari: Preferences > Privacy > Manage Website Data Edge: Settings > Cookies and site permissions

11.4.3 Changing Preferences

You can change your cookie preferences at any time by:

Clearing your browser cookies and revisiting our site
Using browser settings to block specific cookies
Contacting us at legal@yuba.app to update your preferences

11.5 Impact of Disabling Cookies

Disabling certain cookies may affect:

Website functionality and user experience
Ability to remember your preferences
Access to personalized content
Analytics and improvement of our services

12. Data Security Measures

12.1 Technical Measures

Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access controls: Multi-factor authentication and role-based permissions
Network security: Firewalls, intrusion detection, and monitoring
Regular updates: Security patches and software updates
Backup systems: Secure, encrypted data backups

12.2 Organizational Measures

Staff training: Regular data protection and security training
Confidentiality agreements: All employees bound by confidentiality
Access limitation: Data access limited to authorized personnel only
Incident procedures: Defined processes for security incident response
Regular audits: Internal and external security assessments

12.3 Data Breach Notification

In case of a personal data breach, we will:

Notify the Romanian supervisory authority within 72 hours (if high risk)
Inform affected individuals without undue delay (if high risk to rights)
Document the breach and our response measures
Implement measures to prevent similar incidents

13. Children's Privacy

Our services are designed for businesses and are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it immediately.

Parents or guardians who believe their child has provided personal data to us should contact us at legal@yuba.app.

14. Data Protection Impact Assessments

When processing personal data that is likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) to:

Identify and minimize data protection risks
Demonstrate compliance with GDPR requirements
Consult with the supervisory authority when necessary

15. Records of Processing Activities

In accordance with Article 30 of the GDPR, we maintain records of our processing activities, including:

Purposes of processing and legal basis
Categories of data subjects and personal data
Recipients of personal data
International transfers and safeguards
Retention periods and security measures

These records are available to the supervisory authority upon request.

16. Supervisory Authority and Complaints

16.1 Romanian Supervisory Authority

You have the right to lodge a complaint with the competent supervisory authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, 010336, Romania Phone: +40.318.059.211 Email: anspdcp@dataprotection.ro Website: www.dataprotection.ro

16.2 Right to Effective Remedy

You also have the right to an effective judicial remedy in relation to your rights under the GDPR.

17. Policy Updates

17.1 Changes to This Policy

We may update this policy to reflect changes in our practices, technology, legal requirements, or other factors.

17.2 Notification of Changes

For material changes, we will notify you by:

Email notification to registered users
Prominent notice on our website
In-app notification when you log in

17.3 Your Continued Use

Your continued use of our services after policy updates constitutes acceptance of the revised terms.

18. Contact Information

18.1 General Privacy Inquiries

Email: legal@yuba.app Phone: +40743009125

18.2 Data Subject Rights Requests

To exercise your rights under GDPR, please contact us with:

Clear identification of yourself
Specific description of your request
Proof of identity (for security purposes)

18.3 Postal Address

COMPLETE COMMUNICATION PROVIDER S.R.L. Gen. Gheorghe Magheru Street, No. 21, Building 21, Apartment 152 Oradea, Bihor County, Romania

19. Legal Framework

This policy is governed by:

General Data Protection Regulation (EU) 2016/679
Romanian Law 190/2018 on data protection measures
Romanian Law 506/2004 on personal data processing
ePrivacy Directive 2002/58/EC and implementing Romanian legislation

20. Language and Interpretation

This policy is available in English and Romanian. In case of any discrepancy between language versions, the Romanian version shall prevail for users based in Romania.

Last Updated: August 25, 2025 Version: 1.0

By using our website and services, you acknowledge that you have read, understood, and agree to this GDPR + Cookie Policy.