top of page

Privacy Policy (Yuvara / KAS Marketing UG (haftungsbeschränkt))

 

Last updated: 21 October 2025

 

This Privacy Policy explains how KAS Marketing UG (haftungsbeschränkt) (“KAS”, “we”, “us”) processes personal data when you visit yuvara.io (the “Website”) and when customers and their users access our software and related services (the “Service”).

 

We process data in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and—regarding cookies and similar technologies—the German Telecommunications-Telemedia Data Protection Act (TTDSG). Consent for non-essential cookies/device access is required under §25 TTDSG and, for subsequent processing, Art. 6(1)(a) GDPR.  

 

 

1) Controller & contact

 

KAS Marketing UG (haftungsbeschränkt)

Brand/Product: Yuvara (yuvara.io)

Kiefernweg 20B, 46539 Dinslaken, Germany

Email: karabi@kas-marketing.com · Phone: +49 163 3849375

 

We have not appointed a data protection officer because the statutory thresholds are not met. Please contact us for all privacy matters using the details above.

 

 

2) What this notice covers

    •    Website visitors (marketing pages, contact/demo forms).

    •    Prospects & business contacts (B2B outreach, events).

    •    Customers & users of the Service. For personal data you upload or generate inside the Service, we act as processor under a separate Data Processing Agreement (DPA); your organization is the controller. (See Section 10 below.)

 

 

3) Categories of data we process

 

Technical & log data (Website/Service): IP address, date/time, URLs, referrer, device/OS/browser info, basic diagnostics.

Usage data (Service): account identifiers, feature usage, timestamps, audit logs.

Contact data: name, role, company, email, phone (e.g., form submissions, sign-ups, support).

Support data: messages, attachments, troubleshooting information.

Billing data (if applicable): company details, billing address, VAT/tax fields where provided, transaction metadata (we do not store full card numbers if a payment processor is used).

Prospect data (B2B): business contact details from you, from referrals, or from publicly available sources consistent with applicable law.

 

 

4) Purposes & legal bases (Art. 6 GDPR)

    •    Provide & secure Website/Service (incl. logs, fraud prevention, availability): Art. 6(1)(f) (legitimate interests) and, for contract users, Art. 6(1)(b) (performance of contract).

    •    Respond to inquiries, demos, support: Art. 6(1)(b)/(f).

    •    B2B marketing communications (where permitted) and analytics (if enabled) with consent: Art. 6(1)(a); without consent only where legally allowed and subject to opt-out.

    •    Compliance (e.g., bookkeeping, tax, legal claims): Art. 6(1)(c) / Art. 6(1)(f).

    •    Cookies & device access beyond strictly necessary: §25 TTDSG consent + Art. 6(1)(a) for subsequent processing.  

 

 

 

5) Cookies, local storage & similar tech (TTDSG)

 

We use strictly necessary cookies to operate the site (e.g., load balancing, security, session). Any analytics/marketing tools or other device access (including non-cookie storage or fingerprinting) are opt-in only via our consent banner. You can withdraw consent at any time via “Cookie settings.” Requirements for consent (informed, specific, freely given, granular, easy to withdraw, prior to non-essential storage) apply.  

 

Note: If you do not consent, non-essential tools will not load.

 

Cookie categories we may use:

    •    Essential (required) – site operation and security.

    •    Preferences/functional – remembering choices (when expressly requested).

    •    Analytics – understanding traffic and usage (consent-based).

    •    Marketing/ads – measuring campaigns, retargeting (consent-based).

 

6) Website tools & processors 

 

We work with vetted processors under Art. 28 GDPR (hosting, email delivery, monitoring, CRM, analytics if enabled). Some providers may process data outside the EEA; where they do, we rely on adequacy decisions (e.g., EU-U.S. Data Privacy Framework for certified U.S. providers) or Standard Contractual Clauses (SCCs) plus supplementary measures.  

 

Current default: No non-essential analytics/ads tools are loaded without consent. If/when we enable specific services (e.g., Google Analytics/Tag Manager, Google Ads, Meta pixel, Microsoft Advertising, cookie consent platform), we will (i) reflect them in the banner, (ii) list them here with provider, purpose, legal basis, data, transfers, retention and opt-out links, and (iii) load them only after consent. (This meets GDPR transparency duties and TTDSG §25.)  

 

 

7) Sources of data

    •    Directly from you (forms, sign-up, support).

    •    Automatically via our systems (logs/usage).

    •    From your organization (when you are an invited user).

    •    B2B prospect data from lawful public sources or providers, in line with applicable direct-marketing rules.

 

 

8) Retention

 

We keep personal data only as long as necessary for the above purposes:

    •    Server logs: typically 30–90 days, unless needed for security investigations.

    •    Account/contract data: for the contract term plus statutory retention (generally 6–10 years under commercial/tax law).

    •    Support tickets: until resolved and per audit/defense needs.

    •    Marketing contacts: until you opt out or per CRM hygiene schedules.

 

 

9) Recipients

    •    IT/hosting/security providers, email & support tools, CRM, payment processors (if used).

    •    Professional advisers (tax/legal), authorities where legally required.

All processors are bound by data processing agreements and confidentiality.

 

​

10) Processing as processor (our DPA)

 

When your organization uses the Service and uploads personal data (e.g., leads, end-customers), we process that data on your instructions as a processor under Art. 28 GDPR. Our Data Processing Agreement (DPA) applies and includes SCCs where relevant. Data subject requests relating to controller data should be addressed to your organization; we will assist as required.

 

 

11) Your rights (Arts. 12–22 GDPR)

 

You have the right to access, rectification, erasure, restriction, data portability, and to object to processing (including direct marketing). Where processing is based on consent, you may withdraw it at any time with future effect via the banner or by contacting us. We respond to requests in a concise, transparent, and accessible manner.  

 

 

12) Supervisory authority

 

You may lodge a complaint with any supervisory authority, in particular at your habitual residence or workplace, or our seat. For North Rhine-Westphalia:

 

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)

Postfach 20 04 44, 40102 Düsseldorf, Germany

Phone: +49 211 38424-0 · Email: poststelle@ldi.nrw.de · Website: ldi.nrw.de.  

 

 

13) Security

 

We implement appropriate technical and organizational measures (encryption in transit, access controls, least-privilege, monitoring, backups). Access to personal data is limited to authorized personnel and processors under contract.

 

 

14) Children

 

The Website and Service are intended for business users and are not directed to children.

 

 

15) Direct marketing (B2B)

 

We may contact business recipients about Yuvara where legally permitted and always provide a clear opt-out. Where consent is required, we will request it in advance.

 

 

16) Changes to this Policy

 

We may update this Policy to reflect legal or operational changes. The current version is published here with the effective date.

​

​

svgviewer-png-output-4.png

Yuvara

The AI-powered lead-capturing and customer engagement platform designed for real estate agencies.

Company
Careers
About us
Roadmap
Contact
Resources
Login
Integrations
Pricing
Support
Legal
Terms of Service
Privacy Policy
DPA
Imprint

© Powered by KAS Marketing UG. All rights reserved.   Update cookie settings.

bottom of page