Skip to content

Privacy Policy

Yoast SEO for Shopify

At Yoast we value your privacy. This Privacy Notice provides information on how we collect and process your personal data when you visit our website (https://yoast.com/) or use our Yoast Shopify App. In this Privacy Notice we also inform you about your rights as a data subject.  

We do not collect any of your personal data beyond what is described in this policy. We do not process personal data in a way that contradicts the purpose for which the personal data was obtained. When processing your personal information, we will comply with the rules of the General Data Protection Regulation (GDPR). 

Who handles your personal data? 

Controller 

Yoast is located at Don Emanuelstraat 3 6602GX, Wijchen, the Netherlands. Our registration number at the Dutch Chamber of Commerce is 55404367.  

We are the Controller with respect to any personal data that you provide us when using the Yoast Shopify App. This means that we determine the purposes and means of the processing of your personal data.  

(Sub-)processors 

We (may) make use of (sub-)processors. (Sub-)processors only process personal data limited to the extent that it is necessary for them to complete their specific task or service. We only provide your personal data with relevant protection measures in place. Those measures can be: a data processing agreement to ensure confidentiality; technical measures to ensure security while transferring the data; the obligation for the (sub-)processor to use all information in accordance with applicable privacy legislation and to not use the data for its own purposes.  

Why and how do we process your personal data? 

We process your personal data for the below mentioned purposes. In these circumstances we require the data to provide to you our Services. We might share your personal information with one of our processors for the same purpose. If we want to process your personal data beyond this purpose, we will ask for your explicit consent.  

Order process 

Let’s begin at the start: buying the Yoast Shopify App or registering for a Trial Period. You can buy the Yoast Shopify App or register for a Trial Period on the Shopify website. This process (the order process) takes place at the Shopify website. We do not process payment details since the payment takes place on the Shopify website. After you bought the Yoast Shopify App or registered for a Trial Period, we obtain the following information about you from Shopify: your Shopify ID, your email address, the domain name of your website and the information that you either activated or renewed our app.  

This information is being saved on the Yoast database server. This information will only be used to provide you with our Services. We won’t distribute your personal information to anyone for any purpose. 

My Yoast  

When you have bought the Yoast Shopify App or registered for a Trial Period, we will automatically create a MyYoast account for you. This is necessary to give you access to the Yoast Academy. The information that we collect in your MyYoast account is your email address and your progress on the Yoast SEO courses. You can freely add more personal information on your MyYoast account, such as your name, last name and avatar.  

We need the collected information to provide you with our Services. We will use this information only in alignment with that purpose. Your personal information will not be distributed to anyone for any purpose. We save this personal data for as long as you have installed the Yoast Shopify App.  

Tracking & automatically logging of information 

When you express your intention to buy the Yoast Shopify App, Shopify asks you for your permission to share data with us. If you agree, Shopify shares with us which shop you are installing the Yoast Shopify App on. You have the ability to decline.  

We use cookies, which are text files placed on your computer, to collect standard internet log information and visitor behavior information both in our app and on the MyYoast web page.  

Both the Yoast Cookie notice and Shopify Cookie Policy are applicable. 

Disabling and enabling cookies 

If you do not want to have cookies stored on your computer or want to remove cookies that have already been stored, you can arrange this via the settings screen in your browser settings. The adjustment of these settings differs per browser. 

If you want to remove cookies that have already been stored, you can arrange this via the settings screen in your browser settings. The adjustment of these settings differs per browser. 

Retention period  

We save all of the above mentioned personal information as long as you have installed the Yoast Shopify App.  

When you uninstall your Yoast Shopify App, we will delete all information we gathered from you after two weeks of the un-installment. After the deletion, we won’t have any information about you besides your possible support requests in Help Scout. If you don’t have any other active Yoast subscriptions, your MyYoast account will also be removed when you uninstall your Yoast Shopify App.    

If you choose to not renew your trial period of the Yoast Shopify App, we will also remove almost all information collected. In that case, the only information we keep is the domain name of your shop, the start and end date of your trial and the duration of your trial. This is necessary for Yoast to be able to keep the trials fair.   

Retention period 

Under the GDPR, you have a number of rights as a data subject. This chapter of the privacy policy states your data subject rights and how you can invoke these rights. 

The right of access. You have the right to access the personal data we process of you and retain a copy of this data. In your yoast.com, MyYoast & Yoast Academy account you can easily access the personal data we collect and save when you have placed an order.  

The right to rectification. If your personal data is incorrect, you have the right to ask us to rectify your personal data. We will rectify your personal data accordingly. 

The right to erasure (‘to be forgotten’). If you want us to delete your personal data, you have the right to request us to delete your personal data. We will delete your personal data, unless we have a legal obligation to keep processing your personal data. 

The right to restrict processing. If you are of the opinion that the processing of your personal data is unlawful, or your personal data is incorrect, or you require the personal data for legal claims after the retention period, or you have objected to the processing of your personal data, you can request us to restrict your personal data. In this case we cannot process your personal data unless you grant us permission. 

The right to data portability (when processing under consent or performance agreement). You can request us for an export of all the personal data that is processed by Yoast. We will provide you with an export of your collected and processed personal data. 

The right to object to processing. You have the right to object to our processing of your personal data, under certain conditions. 

If you wish to make use of your data subject rights as mentioned in this paragraph, please send your request via e-mail to legal@yoast.com. For data deletion requests, please contact support@yoast.com

Security  

We have taken appropriate technical and organizational security measures in order to protect your personal data against loss, misuse, alteration and/or destruction. Although we exercise reasonable care in providing secure transmission of information between your equipment and our systems, we cannot ensure or warrant the security of any information transmitted to us over the internet. Access to relevant personal data is only granted to those authorized employees who require access to the relevant personal data for performance of their work. We have our guidelines and provisions preserving the security of our data and technology infrastructure, as well as the software we build and distribute to our users outlined in our internal cyber security policy.   

Contacting Yoast  

If you have any questions or complaints about this privacy statement, the practices of this site, or your dealings with this website, you can contact us via our contact page or send an email to legal@yoast.com.  

You may also lodge a complaint at the Dutch DPA: Autoriteit persoonsgegevens

Contact details:  

Yoast B.V. 
Don Emanuelstraat 3  
6602 GX Wijchen  
The Netherlands  
Legal@yoast.com  
Registration number: 55404367 

Yoast is a subsidiary of Newfold Capital Inc. (Newfold). In order to meet international legal and compliance standards, we share our customer database with Newfold. Both Yoast and Newfold are considered ‘Controllers’ regarding this information because we jointly determine the purpose and means of this processing. Because this information is being sent to the United States, a data protection agreement is in place.  

Newfold retains the personal information as long as necessary to comply with U.S. legislation.   

Newfold Digital Inc. 
Newfold Digital Inc. 
5335 Gate Pkwy 
Jacksonville, FL 32256 
U.S.A. 
Attn: Data Protection Officer 

CCPA Rights and Choices 

The CCPA provides consumers that are California residents with specific rights regarding their personal information. Your CCPA rights and how to exercise those rights are described here. 
 
Right to Access 

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you: 

  • The categories of personal information we collected about you. 
  • The categories of sources for the personal information we collected about you. 
  • Our business or commercial purpose for collecting or selling that personal information. 
  • The categories of third parties with whom we share that personal information. 
  • The specific pieces of personal information we collected about you (also called a data portability request). 
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: 
    • sales, identifying the personal information categories that each category of recipient purchased; and 
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained. 

Deletion Request Rights 

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. 

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to: 

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you. 
  1. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities. 
  1. Debug products to identify and repair errors that impair existing intended functionality. 
  1. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law. 
  1. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.). 
  1. Engage in public or peer-reviewed research in accordance with Section 1798.105 (d)(6) of the CCPA. 
  1. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us. 
  1. Comply with a legal obligation. 
  1. Make other internal and lawful uses of that information that are compatible with the context in which you provided it. 

Exercising Access, Data Portability, and Deletion Rights 

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us an email at legal@yoast.com. 

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. 

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: 

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. 
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. 

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. 

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. 

Response Timing and Format. We aim to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. 

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If we cannot comply with a request, we will tell you why. For data portability requests we will choose a format that will allow you to easily transfer your data elsewhere. 

Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights, unless permitted by the CCPA.