Privacy Policy

This notice is to inform our users or prospective users how YokiHub ("we", "us", "our") collects, processes and protects personal information in the course of providing our services. It also explains the rights of individuals under applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR").

Key Definitions

How Do We Collect Information About You?

• Directly from you when you create an account, use our application, subscribe to newsletters or wish to receive marketing material, request support, or communicate with us.
• Using automated technologies when you access or use our application and services, we may collect technical data such as device and browser information, IP address, and usage logs through cookies. Non-essential cookies are used only with your consent. For more information and options regarding our use of cookies please visit our Cookie Policy. The Company does not at the moment use any cookies.
• From our clients when Parent Associations, Tutoring Centers, Utilities Companies or any other type of organizations use our platform and enter data about their clients, members, students, or parents. In these cases, we act as a Data Processor and process data only on their instructions. Data is isolated per tenant schema and is never used for our own purposes.

What Information We Collect From You and Why

(a) When we act as a Data Controller

We collect and process personal information necessary to operate our business, provide access to our application and manage our relationships with clients, prospective clients, and end users of our application:

• Identity and contact information: name, email, telephone number, organization, and position to create and manage user accounts, provide services, and respond to inquiries.
• Account and usage data: login credentials, application usage statistics, preferences, and feedback to maintain security, improve our platform, and deliver relevant content.
• Communication data: contents of communications through email, chat, or support tickets to manage customer service and technical support.
• Technical data: device identifiers, IP address, browser type, operating system, and usage analytics to ensure application functionality and performance.
• Marketing and consent data: Currently, YokiHub does not conduct marketing activities. All communications tracked in the system are operational or service-related, such as invoices and notifications. If marketing activities are introduced in the future, they will be conducted only based on user consent or legitimate interest.

We process these data based on:

• the performance of our contract with you (Art. 6(1)(b) GDPR),
• our legitimate interests in providing and improving our services (Art. 6(1)(f)),
• or your consent (Art. 6(1)(a)) where applicable, for example for non-essential cookies or marketing.

(b) When we act as a Data Processor

When Subscribers use our platform to manage their End Users (members, parents, students, clients or other individuals), we process the personal data entered into the system strictly on their behalf and according to their instructions.

In these cases:

• The Subscriber is the Data Controller: They are responsible for determining the purposes and means of processing.
• Tenant Data: The moment you share Vault data with a Subscriber, that copy constitutes Tenant Data, and we act as a Data Processor for that specific copy.
• Isolation: Each Subscriber's data is fully isolated in its own database schema.
• DPA Governance: Data processing is governed by our Data Processing Agreement (DPA) with each Subscriber.

With Whom Do We Share Your Personal Information?

• Internal concerned parties such as authorized employees and contractors. We limit access to those employees or partners who need to know the information in order to provide you with our services.
• Financial providers and payment processors to process payments made through our platform. When you make a payment, your payment information, such as card or account details, is collected and processed directly by the payment provider in accordance with its own privacy policy. We only receive limited information necessary to confirm and record the transaction, such as payment status, amount, and timestamp.
• Business partners and sub-processors such as storage and analytics providers, IT services, or other database and infrastructure system support providers, under strict confidentiality and GDPR-compliant agreements.
• Professional advisers such as auditors, accountants, and legal consultants, where necessary for compliance or business operations.
• Public authorities where required by law or to protect our rights and users.
• Business transactions in case of merger, acquisition, or restructuring, where data may be shared as part of that process under strict confidentiality safeguards.

Transfer of data outside the EEA: Some data recipients may be located outside the EEA. In such cases data is transferred only to countries approved by the European Commission as providing adequate level of data protection, or under legal agreements ensuring an adequate level of data protection in accordance with the latest guidelines and opinions issued by the European Data Protection Board (EDPB).

How We Protect Your Information and For How Long We Keep It

We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your personal information. Your information is stored on secure servers and is not publicly available. We limit access to your information only to those employees or partners that need to know in order to provide our services.

We will retain your personal information for as long as necessary to provide our services, to comply with our legal obligations and resolve disputes. Retention periods will be determined by legal requirements, by the type of information that is collected and the purpose for which it is collected, bearing in mind the applicable requirements to the situation and the need to destroy outdated and unused information at the earliest reasonable time.

Your Rights

You have the right to:

• Request a copy of your information and details of how it is processed.
• Request correction of the information that we hold about you. Please inform us if your personal data changes during your relationship with us.
• Request erasure of your information, except where retention is required by law.
• Object to processing where we rely on legitimate interests.
• Request the restriction of processing of your information. This enables you to ask us to suspend the processing of personal information we hold about you.
• Request the transfer of your information to another party in a structured, commonly used and machine-readable format.

Marketing and opting out: We will occasionally send you marketing information where you have provided your consent. You are free to withdraw your consent at any time by opting out using the unsubscribe link at the bottom of each marketing email, or by contacting our Data Protection Officer (DPO). Please note that even if you unsubscribe from marketing material, we may continue to send you service-related updates and notifications, or reply to your queries.

How to Contact Us and How to Make a Request

If you wish to exercise your rights, file a request or receive more information:

You also have the right to file a complaint with the relevant Data Protection Authority. For Cyprus, the relevant Data Protection Authority is the Office of the Commissioner for Personal Data Protection.