Yoast SEO for Shopify
We do not collect any of your personal data beyond what is described in this policy. We do not process personal data in a way that contradicts the purpose for which the personal data was obtained. When processing your personal information, we will comply with the rules of the General Data Protection Regulation (GDPR).
Who handles your personal data?
Yoast is located at Don Emanuelstraat 3 6602GX, Wijchen, the Netherlands. Our registration number at the Dutch Chamber of Commerce is 55404367.
We are the Controller with respect to any personal data that you provide us when using the Yoast Shopify app. This means that we determine the purposes and means of the processing of your personal data.
We (may) make use of (sub-)processors. (Sub-)processors only process personal data limited to the extent that it is necessary for them to complete their specific task or service. We only provide your personal data with relevant protection measures in place. Those measures can be: a data processing agreement to ensure confidentiality; technical measures to ensure security while transferring the data; the obligation for the (sub-)processor to use all information in accordance with applicable privacy legislation and to not use the data for its own purposes.
Why and how do we process your personal data?
We process your personal data for the below mentioned purposes. In these circumstances we require the data to provide to you our services. We might share your personal information with one of our processors for the same purpose. If we want to process your personal data beyond this purpose, we will ask for your explicit consent.
Let’s begin at the start: buying our app or registering for a trial period. You can buy the Yoast Shopify app or register for a trial period on the Shopify website. This process (the order process) takes place at the Shopify website. We do not process payment details since the payment takes place on the Shopify website. After you bought our app or registered for a trial period, we obtain the following information about you from Shopify: your Shopify ID, your email address, the domain name of your website and the information that you either activated or renewed our app.
This information is being saved on the Yoast database server. This information will only be used to provide you with our services. We won’t distribute your personal information to anyone for any purpose.
When you have bought the Yoast Shopify app or registered for a trial period, we will automatically create a ‘MyYoast’ account for you. This is necessary to give you access to the Yoast SEO courses. The information that we collect in your MyYoast account is your email address and your progress on the Yoast SEO courses. You can freely add more personal information on your MyYoast account, such as your name, last name and avatar.
We need this information to provide you with our services. We will use this information only in alignment with that purpose. Your personal information will not be distributed to anyone for any purpose. We save this personal data for as long as you have installed the Yoast Shopify app.
Tracking & automatically logging of information
When you express your intention to buy the Yoast Shopify app, Shopify asks you for your permission to share data with us. If you agree, Shopify shares with us which shop you are installing the app on. You have the ability to decline.
In the Yoast Shopify app, we run Help Scout, Google Analytics 4 (‘GA4’) and HotJar. On your MyYoast account we run Google Analytics, HotJar, our own tracking and Help Scout. GA4 collects the same data in a comparable way as Google Analytics does.
We use Help Scout for our customer support service. Help Scout gathers your city, country, IP address, operating system, device and web browser, name and email address. This information is stored in your own browser and is sent to us when you make a support request in the beacon in our app or start a chat session with our support team. You can also send us a support request by email. In that case we will only collect your email address and the data you provide us in your email.
After we have solved your problem, we store the information in the Help Scout history so that we are able to view your customer history. We save this information for a period of 4 years because we need this information to provide you with support (e.g. resolving an access or authentication problem). You can always make a GDPR removal request by sending us an email at email@example.com.
We use Google Analytics/GA4, HotJar and our own tracking to analyze how you use our app and your MyYoast account for improvement. We collect the following information:
- IP address;
- Information about your use of our website (such as visited pages and clicks);
- Device type and browser;
- Location (country and city);
- Landing page (referrer-URL);
- Screen resolution;
- Requests and responses sent from and to your device.
With the Yoast-owned tool no identification with data subjects takes place and the cookies are purely functional. Your IP address is saved in access logs on our server and saved for 90 days and used only for security and incident response purposes. This server is hosted by SiteGround. After this period of time, the data is being removed and destroyed. The reason we save this information is incident response. The other information we collect are so called ‘session cookies’ and ‘functional cookies’. They are used to enable you to make use of our website.
These cookies have no consequences for the privacy of visitors. Because of these aspects the Yoast-owned tool is allowed without asking for prior consent. The information generated by the cookie about your use of the website is transmitted to our hosting company SiteGround. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for yoast.com.
With Google Analytics and Google Tag Manager, anonymized IP’ is used and we follow the guidelines of the Dutch Data Protection Authority to set Google analytics in a privacy friendly way. Google may transfer the collected information to third parties when legally required. We have no influence on this. We will never allow Google to use the gathered analytics information for other Google services or purposes.
Hotjar Automatically obfuscates input fields, forms, phone numbers etc. which results in no personal data being recorded. The information is saved for a period of 26 months.
The processing of your IP address for the use of our website is separate from when you place an order. This information is not linked together and the processing by third parties of your IP address to analyze the use of our website remains anonymized.
Disabling and enabling cookies
If you do not want to have cookies stored on your computer or want to remove cookies that have already been stored, you can arrange this via the settings screen in your browser settings. The adjustment of these settings differs per browser.
If you want to remove cookies that have already been stored, you can arrange this via the settings screen in your browser settings. The adjustment of these settings differs per browser.
We save all of the above mentioned personal information as long as you have installed the Yoast Shopify app.
When you uninstall your Yoast Shopify app, we will delete all information we gathered from you after two weeks of the uninstallment. After the deletion, we won’t have any information about you besides your possible support requests in Help Scout. If you don’t have any other active Yoast subscriptions, your MyYoast account will also be removed when you uninstall your Yoast Shopify app.
If you choose to not renew your trial period of the Yoast Shopify app, we will also remove almost all information collected. In that case, the only information we keep is the domain name of your shop, the start and end date of your trial and the duration of your trial. This is necessary for Yoast to be able to keep the trials fair.
Your rights as a data subject
The right of access
You have the right to access the personal data we process of you and retain a copy of this data. In your yoast.com, MyYoast & Yoast Academy account you can easily access the personal data we collect and save when you have placed an order.
The right to rectification
If your personal data is incorrect, you have the right to ask us to rectify your personal data. We will rectify your personal data accordingly.
The right to erasure (‘to be forgotten’)
If you want us to delete your personal data, you have the right to request us to delete your personal data. We will delete your personal data, unless we have a legal obligation to keep processing your personal data.
The right to restrict processing
If you are of the opinion that the processing of your personal data is unlawful, or your personal data is incorrect, or you require the personal data for legal claims after the retention period, or you have objected to the processing of your personal data, you can request us to restrict your personal data. In this case we cannot process your personal data unless you grant us permission.
The right to data portability (when processing under consent or performance agreement)
You can request us for an export of all the personal data that is processed by Yoast. We will provide you with an export of your collected and processed personal data.
The right to object to processing.
You have the right to object to our processing of your personal data, under certain conditions.
If you wish to make use of your data subject rights as mentioned in this paragraph, please send your request via e-mail to firstname.lastname@example.org. For data deletion requests, please contact email@example.com.
We have taken appropriate technical and organizational security measures in order to protect your personal data against loss, misuse, alteration and/or destruction. Although we exercise reasonable care in providing secure transmission of information between your equipment and our systems, we cannot ensure or warrant the security of any information transmitted to us over the internet. Access to relevant personal data is only granted to those authorized employees who require access to the relevant personal data for performance of their work. We have our guidelines and provisions preserving the security of our data and technology infrastructure, as well as the software we build and distribute to our users outlined in our internal cyber security policy.
If you have any questions or complaints about this privacy statement, the practices of this site, or your dealings with this website, you can contact us via our contact page or send an email to firstname.lastname@example.org.
You may also lodge a complaint at the Dutch DPA: Autoriteit persoonsgegevens.
Don Emanuelstraat 3
6602 GX Wijchen
Registration number: 55404367
Yoast is owned by Newfold Capital Inc. (Newfold). In order to meet international legal and compliance standards, we share our customer database with Newfold. Both Yoast and Newfold are considered ‘Controllers’ regarding this information because we jointly determine the purpose and means of this processing. Because we send this information to the United States, a data protection agreement is in place.
Newfold retains the personal information as long as necessary to comply with U.S. legislation.
Newfold Digital Inc.
c/o Corporation service Company
25 Little Falls Drive
Wilmington, Delaware, 19808
United States of America
Registration number: 2739803
CCPA Rights and Choices
The CCPA provides consumers that are California residents with specific rights regarding their personal information. Your CCPA rights and how to exercise those rights are described here.
Right to Access
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed research in accordance with Section 1798.105 (d)(6) of the CCPA.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us an email at email@example.com.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We aim to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If we cannot comply with a request, we will tell you why. For data portability requests we will choose a format that will allow you to easily transfer your data elsewhere.
We will not discriminate against you for exercising any of your CCPA rights, unless permitted by the CCPA.