Legal · GDPR · Data Pro

Data Processing Agreement

📅 Version: January 2026

📌

Introduction

This Data Processing Agreement (Data Pro Statement), together with the Standard Processing Clauses (Chapter 2 of the NLdigital Terms 2020), forms the complete data processing agreement for the services delivered by Yuvo.

🏢

1. General information

  • 📍 Address: Loosduinseweg 65H, 2571 AA The Hague, Netherlands
  • 📧 Data Protection Officer: reach+dpo@yuvo.me
  • 📞 Phone: +31 6 48667790
  • 🌐 Website: yuvo.me
  • 📅 Effective from: 29 January 2026

We regularly update our security measures. Changes to this agreement are communicated via email or our website.

🛠️

2. Which services are covered?

This agreement applies to:

  • WordPress Maintenance – updates, security monitoring, backups, and optimisation of existing websites
⚙️

3. What exactly do we do?

Technical management of existing WordPress websites on the client’s hosting environment. This includes: WordPress core, plugin, and theme updates; security monitoring; performance optimisation; and creating encrypted backups via WP Umbrella on their own servers in France.

ℹ️
We work on your existing installation. We do not provide hosting ourselves.

🌍

4. Where is your data stored?

All data processing takes place within the EU/EEA, with the following exceptions:

ProcessingLocationBasis
Email🇨🇭 Switzerland (ProtonMail)End-to-end encrypted, adequately protected
Form spam prevention🇺🇸 United States (Cloudflare Turnstile)Standard Contractual Clauses (SCCs, Art. 46 GDPR)

🔗

5. Who do we work with? (sub-processors)

We use the following parties for our service delivery:

Service providerServiceLocation
WP UmbrellaManagement, monitoring & backups of WordPress websites🇫🇷 France (EU)
ProtonMailSecure email services🇨🇭 Switzerland
JorttFinancial administration🇳🇱 Netherlands
KnabBanking services🇳🇱 Netherlands
MolliePayment processing🇳🇱 Netherlands
CrispLive chat support🇫🇷 France (EU)
Cloudflare TurnstileForm spam prevention (CAPTCHA)🇺🇸 United States (SCCs)
Cloud86Server infrastructure & firewall🇳🇱 Netherlands

All these parties have agreed with us to process data only within the EU/EEA or in adequately protected countries. For Cloudflare Turnstile (US), Standard Contractual Clauses (SCCs) apply pursuant to Art. 46 GDPR. Cloudflare is used solely for form CAPTCHA verification — no site traffic is routed through Cloudflare.

🔒

6. How do we protect your data?

🔒

TransmissionTLS/SSL encryption for all data traffic

📧

CommunicationEnd-to-end encryption via ProtonMail

💾

BackupsEncrypted storage on WP Umbrella’s own servers in France (EU)

🛡️

Server securityFirewall and DDoS protection (Cloud86)

✉️

Email securityDKIM, SPF, and DMARC

🌐

DNSDNSSEC protection against redirection

🔐

AccessTwo-factor authentication where possible, strong passwords, strict access controls

🔍

MonitoringSecurity scans of WordPress sites

🔄

UpdatesRegular patches for WordPress and plugins

We have no routine access to your data. We only look at your data when you explicitly ask us to for support purposes.

7. Rights of your website visitors (data subjects)

Support with data subject requests (access, rectification, erasure) is handled as described in our Privacy Policy.

🗓️

8. How long do we retain data?

When our engagement ends:

TimingAction
ImmediatelyLogin credentials are deleted
Within 6 monthsAll personal data is irreversibly deleted
TransferYou may transfer your data to your own systems within 6 months

You indemnify Yuvo against consequences of deletion, unless we have agreed otherwise in writing.

🚨

9. What do we do in the event of a data breach?

ℹ️
What is a data breach? A security incident in which personal data is accidentally or unlawfully destroyed, lost, altered, or accessed or shared without authorisation.
AspectDescription
NotificationIf a breach affects your website (for example, during our maintenance work), we will notify your contact person within 24 hours.
Your responsibilityAs controller, you determine whether notification to the Dutch Data Protection Authority is required.
Our actionsWe document the incident, resolve it immediately (for example by restoring a backup or installing a security patch), and inform you of the extent of the breach and the measures taken.