Date of last modification: May 6th 2022
We do not collect any of your personal data beyond what is described in this policy. We do not process personal data in a way that contradicts the purpose for which the personal data was obtained. When processing your personal information, we will comply with the rules of the General Data Protection Regulation (GDPR).
Who handles your personal data?
Yoast is located at Don Emanuelstraat 3 6602GX, Wijchen, the Netherlands. Our registration number at the Dutch Chamber of Commerce is 55404367.
We are the Controller with respect to any personal data that you provide us. This means that we determine the purposes and means of the processing of your personal data.
We (may) make use of (sub-)processors. (Sub-)processors only process personal data limited to the extent that it is necessary for them to complete their specific task or service. We only provide your personal data with relevant protection measures in place. Those measures can be: a data processing agreement to ensure confidentiality; technical measures to ensure security while transferring the data; the obligation for the (sub-)processor to use all information in accordance with applicable privacy legislation and to not use the data for its own purposes.
Transfer outside the European Economic Area
We may transfer your personal data to a country outside the European Economic Area or international organisation. In these scenarios we will ensure that the appropriate, suitable and required safeguards and transfer mechanisms shall be in place
This means a transfer may take place on the basis of an adequacy decision by the European Commision. In case of the absence of such an adequacy decision, we will use the standard contractual clauses in all our contracts for the transfer of personal data to third countries as provided by the European Commission.
If you want to receive a copy of any documentation showing the suitable safeguards that have been taken, you can make a request via firstname.lastname@example.org.
Why and how do we process your personal data?
We process your personal data for the below mentioned purposes. In these circumstances we require the data to provide to you our services. We might share your personal information with one of our processors for the same purpose. If we want to process your personal data beyond this purpose, we will ask for your explicit consent.
Your personal information will not be distributed to anyone else for any purpose.
When you buy one of our products we collect the following data during the order process:
- Your first and last name;
- Your address and country;
- Your email address;
- Your company name and VAT number (if applicable);
- Your IP address. We need to collect this information because of two reasons: one is to be able to provide you with proper support service and two is because of EU VAT law compliance.
We need to obtain this information to comply with Dutch legislation. This information is saved on the Yoast datasite server and in your Yoast.com, MyYoast & Yoast Academy account where you can access the information.
We save your order (payment) data for as long as is necessary to comply with Dutch legislation.
We share your information with Postmark. Postmark is the processor who sends out all emails from Yoast regarding our contractual relationship (e.g. confirmation emails). Therefore it is necessary to share the following data. The information we send to Postmark, is:
- First name
- Email address
- Subscription number
- Product names of bought products
- Order number, onder date, price, payment method.
Postmark saves this information for a period of 45 days. After this period, all data is being removed.
We do not process your payment details (e.g. credit card information) on our checkout page. This information is only being visually displayed on our website but technically belongs to Paypal or Adyen. Yoast only processes an encrypted code because we do not need to see the details and this way data protection is increased. PayPal and Adyen are considered independent controllers. A restrictive group of Yoast support engineers can access the following data in the Paypal and Adyen environment: email addresses, transaction numbers, time of transaction and issuer of the card. This access is needed to confirm payments and/or refunds to you by our support engineers.
Sharing customer data with Newfold Digital Inc.
Yoast is owned by Newfold Capital Inc. (Newfold). In order to meet international legal and compliance standards, we may share customer data with Newfold. Both Yoast and Newfold are considered ‘Controllers’ regarding this information because we jointly determine the purpose and means of this processing. Because we send this information to the United States, a data processing agreement is in place.
Newfold retains the personal information as long as necessary to comply with U.S. legislation.
Subscription to our newsletter
Do you want to stay informed about Yoast’s products and services? Great! When subscribing to the Yoast newsletter on the website, you will have to provide Yoast with consent to send you our newsletter. Withdrawing said consent can be easily done by clicking “Unsubscribe” underneath any newsletter-mail. When subscribing to the Yoast newsletter, we will ask you the following information:
- Your first and last name;
- Your email address.
Everyone who buys a Yoast product will automatically receive our newsletter. Reason for this is that our newsletter contains a lot of product-related content that can be very useful for you as a user of our product. You can easily unsubscribe by clicking the “unsubscribe” button underneath any newsletter-mail at any time.
We transfer the above information to Mailblue, the processor who sends out the Yoast newsletter. When you unsubscribe, Mailblue will remove your email address from the mailing list.
When you are a premium customer, we deliver you support via Help Scout and email. When you ask us a question via the Help Scout beacon we will collect your city, country, IP address, operating system, device and web browser. We will not collect this data if you send a regular email. In that case, only your email address will be collected. The information is saved in Help Scout and only used to provide you with proper support and analyze the use of our support service. Therefore it is necessary to save this information for a period of four (4) years. After a period of four (4) years, all data in Help Scout will be removed and destroyed.
When you comment on one of our posts on the website, such as on the blog, we will request your name and email address. This is for the necessity of commenting on the blog post. This information will be stored on that particular web page for as long as it exists.
As you might know, Yoast hosts very interesting webinars! These webinars are hosted on Crowdcast. When you register for a Yoast webinar, Crowdcast collects the following personal data:
- Email address (to create a Crowdcast account)
When you sign up for a webinar through Facebook, Crowdcast will receive the same information through a Zapier integration.
As soon as you actually attend a webinar, Crowdcast collects the following of your personal data:
- Location (country and city)
- Way of logging in
- Your answers to questions the webinar hosts may have posted, if applicable.
Crowdcast stores and saves this information until Yoast deletes an event.
Some of our products will ask you to identify with either Google or Facebook so we can retrieve information on your behalf. We will not look at your individual data. We do reserve the right to aggregate usage data to measure the performance of our applications, but no identifiable personal information will ever be disclosed to third parties.
Our website contains (affiliate) links to some other sites. Yoast.com and its authors are not responsible for the privacy practices or the content of such websites
Automatically logged information when visiting our website
On our website we use web analytics tools from third parties (Google Analytics and Google Tag Manager, Hotjar) and ourselves to help analyze how users use our site. These tools use ‘cookies’, which are text files placed on your computer, to collect standard internet log information and visitor behavior information.
- Enable functionalities of our website (session, technical and functional cookies);
- Analyze the use of the website and to make the website more user-friendly on that basis (analytical cookies);
We collect the following personal data:
- IP address;
- Information about your use of our website (such as visited pages and clicks);
- Device type and browser;
- Location (country and city);
- Landing page (referrer-URL);
- Screen resolution;
- Requests and responses sent from and to your device.
With the Yoast-owned tool no identification with data subjects takes place and the cookies are purely functional. Your IP address is saved in access logs on our server and saved for 90 days and used only for security and incident response purposes. This server is hosted by SiteGround. After this period of time, the data is being removed and destroyed. The reason we save this information is incident response. The other information we collect are so called ‘session cookies’ and ‘functional cookies’. They are used to enable you to make use of our website.
These cookies have no consequences for the privacy of visitors. Because of these aspects the Yoast-owned tool is allowed without asking for prior consent. The information generated by the cookie about your use of the website is transmitted to our hosting company SiteGround. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for yoast.com.
With Google Analytics and Google Tag Manager, anonymized IP’ is used and we follow the guidelines of the Dutch Data Protection Authority to set Google analytics in a privacy friendly way. Google may transfer the collected information to third parties when legally required. We have no influence on this. We will never allow Google to use the gathered analytics information for other Google services or purposes.
Hotjar Automatically obfuscates input fields, forms, phone numbers etc. which results in no personal data being recorded. Google saves the information for a period of 26 months.
The processing of your IP address for the use of our website is seperate from when you place an order. This information is not linked together and the processing by third parties of your IP address to analyze the use of our website remains anonymized.
Disabling and enabling cookies
If you do not want to have cookies stored on your computer or want to remove cookies that have already been stored, you can arrange this via the settings screen in your browser settings. The adjustment of these settings differs per browser.
If you want to remove cookies that have already been stored, you can arrange this via the settings screen in your browser settings. The adjustment of these settings differs per browser.
Your rights as a data subject
The right of access
You have the right to access the personal data we process of you and retain a copy of this data. In your yoast.com, MyYoast & Yoast Academy account you can easily access the personal data we collect and save when you have placed an order.
The right to rectification
If your personal data is incorrect, you have the right to ask us to rectify your personal data. We will rectify your personal data accordingly.
The right to erasure (‘to be forgotten’)
If you want us to delete your personal data, you have the right to request us to delete your personal data. We will delete your personal data, unless we have a legal obligation to keep processing your personal data.
The right to restrict processing
If you are of the opinion that the processing of your personal data is unlawful, or your personal data is incorrect, or you require the personal data for legal claims after the retention period, or you have objected to the processing of your personal data, you can request us to restrict your personal data. In this case we cannot process your personal data unless you grant us permission.
The right to data portability (when processing under consent or performance agreement)
You can request us for an export of all the personal data that is processed by Yoast. We will provide you with an export of your collected and processed personal data.
The right to object to processing.
You have the right to object to our processing of your personal data, under certain conditions.
If you wish to make use of your data subject rights as mentioned in this paragraph, please send your request via e-mail to email@example.com. For data deletion requests, please contact firstname.lastname@example.org.
We have taken appropriate technical and organizational security measures in order to protect your personal data against loss, misuse, alteration and/or destruction. Although we exercise reasonable care in providing secure transmission of information between your equipment and our systems, we cannot ensure or warrant the security of any information transmitted to us over the internet. Access to relevant personal data is only granted to those authorized employees who require access to the relevant personal data for performance of their work. We have our guidelines and provisions preserving the security of our data and technology infrastructure, as well as the software we build and distribute to our users outlined in our internal cyber security policy.
If you have any questions or complaints about this privacy statement, the practices of this site, or your dealings with this website, you can contact us via our contact page or send an email to email@example.com.
You may also lodge a complaint at the Dutch DPA: Autoriteit persoonsgegevens.
Don Emanuelstraat 3
6602 GX Wijchen
Newfold Digital Inc.
5335 Gate Pkwy
Jacksonville, FL 32256
Attn: Data Protection Officer
CCPA Rights and Choices
The CCPA provides consumers that are California residents with specific rights regarding their personal information. Your CCPA rights and how to exercise those rights are described here.
Right to Access
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed research in accordance with Section 1798.105 (d)(6) of the CCPA.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us an email at firstname.lastname@example.org.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We aim to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If we cannot comply with a request, we will tell you why. For data portability requests we will choose a format that will allow you to easily transfer your data elsewhere.
We will not discriminate against you for exercising any of your CCPA rights, unless permitted by the CCPA.
Don Emanuelstraat 3
6602 GX Wijchen
Newfold Digital Inc.
5335 Gate Pkwy
Jacksonville, FL 32256
Attn: Data Protection Officer