Legal · Privacy · GDPR
Privacy Policy
Who we are
Yuvo, registered at Loosduinseweg 65H, 2571 AA, The Hague, Netherlands, is responsible for the processing of personal data as described in this privacy policy.
Contact details
- 📍 Address: Loosduinseweg 65H, 2571 AA, The Hague, Netherlands
- 🌐 Website: yuvo.me
- 📞 Phone: +31 6 48667790
- 📧 Data Protection Officer: reach+dpo@yuvo.me
Our role: Controller vs. Processor
We act as controller for:
- Our own client relationships (billing, contact, marketing)
- Visitors to our own website (yuvo.me)
We act as processor for:
- Visitor data on the WordPress websites we manage on behalf of clients. Our Data Pro Statement and the Standard Processing Clauses from Chapter 2 of the NLdigital Terms 2020 apply in this context. The client (website owner) is the controller.
What personal data do we process?
Yuvo processes your personal data because you use our services and/or because you have provided it to us yourself:
- First and last name
- Internet browser and device type
- Bank account number (IBAN)
- Address details
- Telephone number
- Email address
- IP address
- Location data
- Data about your activity on our website
Our website is not intended to collect data from visitors under the age of 16, unless they have consent from a parent or guardian. If you believe we have collected data from a minor without consent, please contact us at reach+dpo@yuvo.me — we will delete this information immediately.
Legal bases for processing (Art. 6 GDPR)
We process your data on the following legal bases:
Performance of a contract: delivering WordPress maintenance services and invoicing for them.
Legal obligation: tax administration (7-year retention requirement), compliance with laws and regulations.
Consent: newsletter, marketing communications, and non-essential cookies.
Legitimate interest: website security, fraud prevention, and website usage analysis to improve our services.
Why do we process your personal data?
Yuvo processes your data for the following purposes:
- Processing payments (basis: performance of contract / legal obligation)
- Sending our newsletter and promotional material (basis: consent)
- Contacting you by phone or email for service delivery (basis: performance of contract)
- Informing you about changes to our services and products (basis: performance of contract / legitimate interest)
- Delivering goods and services (basis: performance of contract)
- Analysing behaviour on our website to improve the user experience (basis: consent / legitimate interest)
- Compliance with legal obligations (basis: legal obligation)
Sub-processors and international data transfers
We use the following sub-processors:
| Service provider | Service | Location |
|---|---|---|
| WP Umbrella | Management, monitoring & backups of WordPress websites | 🇫🇷 France (EU) |
| ProtonMail | Email services | 🇨🇭 Switzerland |
| Jortt | Financial administration | 🇳🇱 Netherlands |
| Knab | Banking services | 🇳🇱 Netherlands |
| Mollie | Payment processing | 🇳🇱 Netherlands |
| Crisp | Live chat support | 🇫🇷 France (EU) |
| Cloudflare Turnstile | Form spam prevention (CAPTCHA) | 🇺🇸 United States (SCCs) |
For transfers to Switzerland (ProtonMail), an adequacy decision by the European Commission applies. WP Umbrella backups are stored on WP Umbrella’s own servers in France — fully within the EU, no adequacy decision required.
For transfers to the United States (Cloudflare Turnstile), Standard Contractual Clauses (SCCs) apply pursuant to Art. 46 GDPR.
How long do we retain your data?
Yuvo does not retain personal data longer than necessary:
| Data type | Retention period |
|---|---|
| Invoice data and administration | 7 years (statutory obligation — Dutch Tax Authority) |
| Backups of client websites | 90 days to 6 months (depending on plan) |
| Contact details and correspondence | 6 months after termination of the agreement |
| Newsletter subscribers | Until unsubscription |
| Website logs and cookies | Session to 1 year (depending on cookie type) |
After termination of our services, personal data is not retained for more than 6 months, unless a longer period is legally required.
Sharing personal data with third parties
Yuvo shares personal data only where necessary for service delivery (as listed under sub-processors above) or where we are legally required to do so.
Cookies and similar technologies
Yuvo uses functional cookies to ensure the website works properly and to save your preferences. On your first visit, we ask for your consent to place cookies via Complianz.
You can update your cookie preferences at any time using the button below. For more information, please visit VeiligInternetten.nl.
| Service provider | Cookie | Category | Retention |
|---|---|---|---|
| Crisp | crisp-client/session/* | Functional | Session / 6 months |
| Crisp | crisp-clientsession/* | Functional | Session |
| WordPress | wpEmojiSettingsSupports | Functional | Session |
| Complianz | cmplz_functional | Functional | 365 days |
| Complianz | cmplz_preferences | Functional | 365 days |
| Complianz | cmplz_marketing | Functional | 365 days |
| Complianz | cmplz_consented_services | Functional | 365 days |
Your rights
You have the following rights with regard to your personal data:
Right of access, rectification, or erasure of your personal data
Right to withdraw consent for data processing
Right to object to the processing of your data
Right to data portability
Right to lodge a complaint with the Dutch Data Protection Authority
To exercise these rights:
| Action | Details |
|---|---|
| 📩 Submit a request | Send an email to reach+dpo@yuvo.me. Please include a copy of your ID (with photo, MRZ, passport number, and BSN blacked out). |
| ⏳ Response time | Within 1 month. |
| 🔗 Lodge a complaint | Via autoriteitpersoonsgegevens.nl. |
How do we protect your data?
Yuvo takes the protection of your data seriously and has implemented the following measures:
Data breaches
In the event of a data breach, we follow this protocol:
- We notify the affected client within 24 hours of discovery
- We document the incident and take immediate steps to prevent recurrence
- For serious breaches with high privacy risk, the client (as controller) determines whether notification to the Dutch Data Protection Authority is required
Data Processing Agreement (for our clients)
When you take out a WordPress maintenance subscription with us, we enter into a Data Processing Agreement with you in accordance with the NLdigital Terms 2020. This consists of:
- Our Data Pro Statement (practical implementation)
- The Standard Processing Clauses from Chapter 2 of the NLdigital Terms (legal clauses)
Changes to this privacy policy
We reserve the right to update this privacy policy. Changes will be published on our website. For significant changes, we will notify you proactively by email.
Questions? Feel free to contact us at reach+dpo@yuvo.me.
