Privacy notice
Date of last modification: May 6th 2022
At Yoast we value your privacy. This Privacy Policy provides information on how we collect and process your personal data when you visit our website (https://staging-4.yoast.com/) or use our services. In this Privacy Policy we also inform you about your rights as a data subject.
We do not collect any of your personal data beyond what is described in this policy. We do not process personal data in a way that contradicts the purpose for which the personal data was obtained. When processing your personal information, we will comply with the rules of the General Data Protection Regulation (GDPR).
Who handles your personal data?
Controller
Yoast is located at Don Emanuelstraat 3 6602GX, Wijchen, the Netherlands. Our registration number at the Dutch Chamber of Commerce is 55404367.
We are the Controller with respect to any personal data that you provide us. This means that we determine the purposes and means of the processing of your personal data.
(Sub-)processors
We (may) make use of (sub-)processors. (Sub-)processors only process personal data limited to the extent that it is necessary for them to complete their specific task or service. We only provide your personal data with relevant protection measures in place. Those measures can be: a data processing agreement to ensure confidentiality; technical measures to ensure security while transferring the data; the obligation for the (sub-)processor to use all information in accordance with applicable privacy legislation and to not use the data for its own purposes.
Transfer outside the European Economic Area
We may transfer your personal data to a country outside the European Economic Area or international organisation. In these scenarios we will ensure that the appropriate, suitable and required safeguards and transfer mechanisms shall be in place
This means a transfer may take place on the basis of an adequacy decision by the European Commision. In case of the absence of such an adequacy decision, we will use the standard contractual clauses in all our contracts for the transfer of personal data to third countries as provided by the European Commission.
If you want to receive a copy of any documentation showing the suitable safeguards that have been taken, you can make a request via legal@yoast.com.
Why and how do we process your personal data?
We process your personal data for the below mentioned purposes. In these circumstances we require the data to provide to you our services. We might share your personal information with one of our processors for the same purpose. If we want to process your personal data beyond this purpose, we will ask for your explicit consent.
Your personal information will not be distributed to anyone else for any purpose.
Buying products
When you buy one of our products we collect the following data during the order process:
- Your first and last name;
- Your address and country;
- Your email address;
- Your company name and VAT number (if applicable);
- Your IP address. We need to collect this information because of two reasons: one is to be able to provide you with proper support service and two is because of EU VAT law compliance.
We need to obtain this information to comply with Dutch legislation. This information is saved on the Yoast datasite server and in your Yoast.com, MyYoast & Yoast Academy account where you can access the information.
We save your order (payment) data for as long as is necessary to comply with Dutch legislation.
We share your information with Postmark. Postmark is the processor who sends out all emails from Yoast regarding our contractual relationship (e.g. confirmation emails). Therefore it is necessary to share the following data. The information we send to Postmark, is:
- First name
- Email address
- Subscription number
- Product names of bought products
- Currency
- Order number, onder date, price, payment method.
Postmark saves this information for a period of 45 days. After this period, all data is being removed.
We do not process your payment details (e.g. credit card information) on our checkout page. This information is only being visually displayed on our website but technically belongs to Paypal or Adyen. Yoast only processes an encrypted code because we do not need to see the details and this way data protection is increased. PayPal and Adyen are considered independent controllers. A restrictive group of Yoast support engineers can access the following data in the Paypal and Adyen environment: email addresses, transaction numbers, time of transaction and issuer of the card. This access is needed to confirm payments and/or refunds to you by our support engineers.
Sharing customer data with Newfold Digital Inc.
Yoast is owned by Newfold Capital Inc. (Newfold). In order to meet international legal and compliance standards, we may share customer data with Newfold. Both Yoast and Newfold are considered ‘Controllers’ regarding this information because we jointly determine the purpose and means of this processing. Because we send this information to the United States, a data processing agreement is in place.
Newfold retains the personal information as long as necessary to comply with U.S. legislation.
Subscription to our newsletter
Do you want to stay informed about Yoast’s products and services? Great! When subscribing to the Yoast newsletter on the website, you will have to provide Yoast with consent to send you our newsletter. Withdrawing said consent can be easily done by clicking “Unsubscribe” underneath any newsletter-mail. When subscribing to the Yoast newsletter, we will ask you the following information:
- Your first and last name;
- Your email address.
Everyone who buys a Yoast product will automatically receive our newsletter. Reason for this is that our newsletter contains a lot of product-related content that can be very useful for you as a user of our product. You can easily unsubscribe by clicking the “unsubscribe” button underneath any newsletter-mail at any time.
We transfer the above information to Mailblue, the processor who sends out the Yoast newsletter. When you unsubscribe, Mailblue will remove your email address from the mailing list.
Support
When you are a premium customer, we deliver you support via Help Scout and email. When you ask us a question via the Help Scout beacon we will collect your city, country, IP address, operating system, device and web browser. We will not collect this data if you send a regular email. In that case, only your email address will be collected. The information is saved in Help Scout and only used to provide you with proper support and analyze the use of our support service. Therefore it is necessary to save this information for a period of four (4) years. After a period of four (4) years, all data in Help Scout will be removed and destroyed.
Commenting
When you comment on one of our posts on the website, such as on the blog, we will request your name and email address. This is for the necessity of commenting on the blog post. This information will be stored on that particular web page for as long as it exists.
Webinars
As you might know, Yoast hosts very interesting webinars! These webinars are hosted on Crowdcast. When you register for a Yoast webinar, Crowdcast collects the following personal data:
- Email address (to create a Crowdcast account)
- Name
When you sign up for a webinar through Facebook, Crowdcast will receive the same information through a Zapier integration. As soon as you actually attend a webinar, Crowdcast collects the following of your personal data:
- Username
- Location (country and city)
- Way of logging in
- Your answers to questions the webinar hosts may have posted, if applicable.
Crowdcast stores and saves this information until Yoast deletes an event.
AI Services
When you make use of our AI Services, we will register your website url and email address / userID to perform our services. We need this information to administer your consent to our AI Services terms. Consent is stored:
- On the site on which the plugin is installed
- As the user’s usermeta in the database
- In our API’s database
- We take the ID of the user on their own WP site + the domain of their WP site and hash that value, so it is anonymised. For every hash, we keep track of consent.
An example of such a hashed “user id”:2536c9b452094cc8a52be36deb4a51072e033f7cfcfd0e018712a428d7ccc251
- We take the ID of the user on their own WP site + the domain of their WP site and hash that value, so it is anonymised. For every hash, we keep track of consent.
Authentication
Some of our products will ask you to identify with either Google or Facebook so we can retrieve information on your behalf. We will not look at your individual data. We do reserve the right to aggregate usage data to measure the performance of our applications, but no identifiable personal information will ever be disclosed to third parties.
External links
Our website contains (affiliate) links to some other sites. Yoast.com and its authors are not responsible for the privacy practices or the content of such websites
Your rights as a data subject
Under the GDPR, you have a number of rights as a data subject. This chapter of the privacy policy states your data subject rights and how you can invoke these rights.
The right of access
You have the right to access the personal data we process of you and retain a copy of this data. In your yoast.com, MyYoast & Yoast Academy account you can easily access the personal data we collect and save when you have placed an order.
The right to rectification
If your personal data is incorrect, you have the right to ask us to rectify your personal data. We will rectify your personal data accordingly.
The right to erasure (‘to be forgotten’)
If you want us to delete your personal data, you have the right to request us to delete your personal data. We will delete your personal data, unless we have a legal obligation to keep processing your personal data.
The right to restrict processing
If you are of the opinion that the processing of your personal data is unlawful, or your personal data is incorrect, or you require the personal data for legal claims after the retention period, or you have objected to the processing of your personal data, you can request us to restrict your personal data. In this case we cannot process your personal data unless you grant us permission.
The right to data portability (when processing under consent or performance agreement)
You can request us for an export of all the personal data that is processed by Yoast. We will provide you with an export of your collected and processed personal data.
The right to object to processing.
You have the right to object to our processing of your personal data, under certain conditions. If you wish to make use of your data subject rights as mentioned in this paragraph, please send your request via e-mail to legal@yoast.com. For data deletion requests, please contact support@yoast.com.
Security
We have taken appropriate technical and organizational security measures in order to protect your personal data against loss, misuse, alteration and/or destruction. Although we exercise reasonable care in providing secure transmission of information between your equipment and our systems, we cannot ensure or warrant the security of any information transmitted to us over the internet. Access to relevant personal data is only granted to those authorized employees who require access to the relevant personal data for performance of their work. We have our guidelines and provisions preserving the security of our data and technology infrastructure, as well as the software we build and distribute to our users outlined in our internal cyber security policy.
Contacting Yoast
If you have any questions or complaints about this privacy statement, the practices of this site, or your dealings with this website, you can contact us via our contact page or send an email to legal@yoast.com.
You may also lodge a complaint at the Dutch DPA: Autoriteit persoonsgegevens.
Contact details:
Yoast B.V.
Don Emanuelstraat 3
6602 GX Wijchen
Netherlands
E-mail: legal@yoast.com
Newfold Digital Inc.
5335 Gate Pkwy
Jacksonville, FL 32256
U.S.A.
Attn: Data Protection Officer
CCPA Rights and Choices
The CCPA provides consumers that are California residents with specific rights regarding their personal information. Your CCPA rights and how to exercise those rights are described here.
Right to Access
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed research in accordance with Section 1798.105 (d)(6) of the CCPA.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us an email at legal@yoast.com.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We aim to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If we cannot comply with a request, we will tell you why. For data portability requests we will choose a format that will allow you to easily transfer your data elsewhere.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights, unless permitted by the CCPA.
Contact Details
Yoast B.V.
Don Emanuelstraat 3
6602 GX Wijchen
Netherlands
E-mail: legal@yoast.com
Newfold Digital Inc.
5335 Gate Pkwy
Jacksonville, FL 32256
U.S.A.
Attn: Data Protection Officer