This privacy- and cookie statement has been drawn up within the framework of the website (https://www.yields.io/, referred to as the “Website”) offered by YIELDS NV, a public limited company (“naamloze vennootschap”) with a registered office at Kranenburg 6, 8200 Brugge, Belgium, registered with the Crossroads Bank for Enterprises under number 0674.499.495 (LER Ghent, division Brugge) (hereinafter referred to as “YIELDS” or “we”).
YIELDS offers a software solution platform (the “Yields Solution”), developed as a technology solution leveraging AI for automated model risk management on an enterprise-wide scale. The Yields Solution is only available upon entrance into a SaaS-agreement or the software trial conditions.
For the use of the Yields Solution under the SaaS agreement, the Yields Solution User agrees that the processing of any Personal Data shall be covered by the in the course thereof concluded data processing agreement. For the use of the Yields Solution under the software trial conditions, the Yields Solution User acknowledges not to use any Personal Data (as defined below), but solely public data (see section 2.B).
2. PROCESSING OF PERSONAL DATA – CONTROLLER & PROCESSOR IDENTITY
YIELDS takes the measures set forth in this privacy- and cookie statement (“Privacy- and Cookie Statement”) to protect your privacy.
The protection of the privacy of (i) users of our Website (“Website Users”) and (ii) users of our Yields Solution (“Yields Solution Users”) is required by law, as we want to clarify this, we have prepared this Privacy- and Cookie Statement.
By means of this Privacy- and Cookie Statement we want to inform you in the best possible way on (i) what Personal Data we collect, (ii) how we use and process your Personal Data, (iii) why we do so and how you control it, and (iv) what cookies or similar technologies we use on our Website and why we use them.
We will only use your Personal Data for the purposes set forth in this Privacy- and Cookie Statement, and we will not disclose your Personal Data in any way to any natural person, legal entity, or entity other than ourselves (“Third Party(ies)”), except as provided in Section 8 of this Privacy- and Cookie Statement.
Any processing of your Personal Data will always be in accordance with applicable privacy legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (the “Privacy Laws”). We have made agreements with other companies that place cookies about the use of the cookies. However, we do not have full control over what they do with the cookies themselves. You should therefore also read their privacy and cookie statements to which reference is made in this Privacy- and Cookie Statement, if applicable.
2.B. Processing of Personal Data
When processing Personal Data either through our Website or our Yields Solution, our processing capacity differs:
YIELDS acts as a controller (the “Controller”) in connection with the processing activities through its Website as regards the Website Users within the meaning of the Privacy Laws and in that capacity we would like to inform you on the processing of your Personal Data.
When YIELDS processes any Personal Data of Yields Solution Users through the Yields Solution, either offered under a SaaS-agreement or software trial conditions, it shall act as a processor (the “Processor”) within the meaning of the Privacy Laws. In this respect and capacity:
- Personal Data may be transferred or stored in any country of the European Union, in order to carry out YIELDS’ obligations under the SaaS-agreement or the software trial conditions;
- YIELDS acknowledges that no Personal Data will be transferred or stored outside the European Union, unless it has the Yields Solution User’s specific consent and such transfer and/or storage is in compliance with Chapter V of the Privacy Laws;
- the Yields Solution User will ensure that the Yields Solution User is entitled to transfer the relevant Personal Data to YIELDS so that YIELDS may lawfully use, process, store and transfer the Personal Data in accordance with the SaaS-agreement or the software trial conditions on the Yields Solution User’s behalf;
- YIELDS will process the Personal Data in accordance with the terms of the SaaS-agreement or the software trial conditions and in strict compliance with any lawful instructions given by the Yields Solution User from time to time, and in any case in accordance with the applicable Privacy Laws;
- both YIELDS and the Yields Solution User shall take appropriate technical and organizational measures against unauthorized or unlawful processing of the Personal Data or its accidental loss, destruction or damage, and YIELDS agrees to promptly notify the Yields Solution User as soon as YIELDS, as the case may be, takes knowledge of a security breach likely to affect the privacy of the data subjects;
- YIELDS will assist the Yields Solution User in ensuring compliance with the obligations pursuant to the Privacy Laws taking into account the nature of processing and the information available to YIELDS;
- YIELDS will, at the choice of the Yields Solution User, and to the extent applicable, delete or return all Personal Data in possession of YIELDS to the Yields Solution User upon termination of the SaaS-agreement or the software trial conditions, and delete any copies thereof, unless the storage would be required by law; and
- YIELDS will provide to the Yields Solution User all information necessary to demonstrate compliance with the Privacy Laws and allow for and contribute to audits, including inspections, conducted by the Yields Solution User or another auditor mandated by the Yields Solution User.
It should be reiterated however that for the use of the Yields Solution under the software trial conditions, Yields Solution Users are not allowed to use any Personal Data, but solely public data.
3. LEGAL BASIS FOR PROCESSING OF PERSONAL DATA
On the one hand, we process your Personal Data on the basis of your consent, while on the other hand we process it to enable us to provide our services for the performance of an agreement where you are a party to or for the performance of the required precontractual measures.
We will ensure that your Personal Data is treated with the necessary care and confidentiality.
4. COLLECTION AND PROCESSING OF PERSONAL DATA
We collect and process the following Personal Data through the Website:
- first name and surname;
- email address;
- job title; and
5. PURPOSES OF DATA COLLECTION AND PROCESSING
We will collect and process your Personal Data for the following purposes (the “Processing Purposes”):
In case of collection of Personal Data through the Website:
- to contact you when you ask us to contact you via the contact form;
- to provide you with a demo video;
- to perform our services;
- to deal with any complaints relating to our services;
- to manage our user relationships;
- to inform customers about new products/services; and
- to send you (personalized) marketing, advertising and promotional messages, as well as other information you might be interested in and that concern the services and events offered by YIELDS.
Furthermore, we have free access to your Personal Data, and may store and disclose your Personal Data freely in the following cases:
- to comply with applicable laws or regulations;
- if officially requested to do so by a law enforcement authority or other public body;
- for the investigation of suspicious or actual fraudulent or illegal activities; and
- to protect your safety and/or your rights or ours.
6. STORAGE OF AND ACCESS TO PERSONAL DATA
We will ensure that your Personal Data is not kept longer than necessary to fulfill the above Processing Purposes.
Unless otherwise allowed or required by the applicable legislation, Personal Data collected in the context of your use of the Website and/or the Yields Solution will be deleted in any case within a period of two (2) years after the end of the use of the Website and/or the Yields Solution.
The Personal Data of prospects will be retained for a period of three (3) years after the last contact for (direct) marketing purposes. With regard to Personal Data of clients, the Personal Data shall be deleted within two (2) years after the ending of the relevant agreement.
All Personal Data will be retained for their retention period in accordance with the provisions of this Privacy- and Cookie Statement.
7. SECURITY OF YOUR PERSONAL DATA
We take appropriate and necessary organizational and technical security measures to protect your Personal Data and your privacy in order to prevent the loss, unlawful use or alteration of information we receive. Such measures include (i) log-on protection of the Personal Data, (ii) encryption of the Personal Data, (iii) anti-virus systems, (iv) anonymization of Personal Data; and (v) confidentiality obligations applying to all employees involved.
8. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
Unless otherwise set forth in this Privacy- and Cookie Statement, we will not transfer, transmit or otherwise disclose your Personal Data to Third Parties without your prior express consent unless necessary for the Processing Purposes set forth in this Privacy- and Cookie Statement or unless we are required to do so by law.
Such Third Parties will only have access to the Personal Data they need to perform their tasks, and may not use such data for other purposes. The Third Parties to whom the Personal Data is transferred are also subject to an obligation of confidentiality, and must provide the necessary guarantees that appropriate organizational and technical security measures are taken to protect your Personal Data and privacy.
9. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
In the event that we use processors outside the European Economic Area, your Personal Data may be transferred, stored and processed outside the European Economic Area. This transfer, storage and processing can only be carried out with the prior written consent of YIELDS and subject to compliance with Chapter V of the Privacy Laws.
10. WHAT ARE MY RIGHTS AS A DATA SUBJECT?
We want to ensure safe and lawful processing of your Personal Data, and we assure you that your Personal Data will be processed fairly and lawfully. This means that Personal Data will only be processed for the above Processing Purposes. We also ensure that Personal Data will always be processed in an adequate, relevant and non-excessive manner.
10.1. My right of access
You have the right to be informed whether we are processing your Personal Data and, if so, to obtain access to such Personal Data and to receive the following information:
- the Processing Purposes;
- the categories of Personal Data concerned;
- the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organisations;
- the period for which the Personal Data will be stored or the criteria for determining such storage period;
- if we obtain Personal Data from Third Parties, information regarding the source of such Personal Data; and
- the existence of automated decision-making (including profiling) regarding your Personal Data, and where applicable, useful information about the underlying logic, as well as the importance and possible consequences of such automated decision-making.
Furthermore, you also have the right to receive a copy of the Personal Data that you have provided to us in a structured, common and machine-readable format (via the email address that you have provided us with) so that you can pass it on to another data controller or so that we can pass it on to another data controller at your request and if technically possible. Requesting a copy is free of charge. If you request additional copies of your Personal Data, we may charge a reasonable fee to cover administrative costs.
In order to exercise your right of access, and to prevent any unauthorized disclosure of your Personal Data, you must provide us with proof of your identity. When exercising your right of access, we therefore ask you to add a copy of the front side of your identity card to your written request by email or post.
10.2. My right to rectification and completion
You have the right to have your Personal Data corrected or have inaccuracies rectified free of charge if your Personal Data is incomplete or inaccurate or is processed in an unlawful manner. Furthermore, you also have the right to complete incomplete Personal Data, including by providing a supplementary statement.
10.3. My right to erasure of data (“right to be forgotten”)
You have the right to request the deletion of your Personal Data as collected by us in the following cases:
- your Personal Data is no longer required for the Processing Purposes set forth in this Privacy- and Cookie Statement;
- you revoke your previous consent for the processing of your Personal Data and there is no other legal basis on which we can rely for the (further) processing of your Personal Data;
- you object to the processing (or further processing) of your Personal Data and there are no compelling legal grounds for the processing of your Personal Data by us;
- your Personal Data has been processed unlawfully;
- your Personal Data must be deleted in order to comply with a legal obligation incumbent upon us;
- your Personal Data was collected when you were a minor.
In the event of a deletion request, you should be aware that we need to retain certain Personal Data in order to comply with our legal obligations.
10.4. My right to restriction of further processing
Furthermore, you also have the right to have the processing of your Personal Data restricted when:
- you contest the accuracy of this Personal Data (in this context, the use of your Personal Data shall be limited during a certain period of time in order for us to verify the accuracy of your Personal Data);
- the processing of your Personal Data is unlawful and instead of its deletion, you request us to limit the processing of your Personal Data and its use;
- we no longer need your Personal Data for the Processing Purposes as described above, but you need this Personal Data for the initiation, exercise or substantiation of a legal claim;
- when after exercising your right to object to the processing of your personal data and as long as no decision has been made on the exercise of such right, you request us to limit the use of your Personal Data.
Furthermore, you have the right to revoke your consent to the processing of your Personal Data at any time without prejudice to the lawfulness of the processing prior to the revocation of your consent.
10.5. My right to file a complaint
If you have a complaint about the processing of your Personal Data or on the exercise of your rights, please send an email to email@example.com. We undertake to respond to any request to exercise the aforementioned rights within thirty (30) calendar days.
Furthermore, you always have the right to lodge a complaint or initiate proceedings with the data protection supervisory authority (“Data Protection Authority” or “Gegevensbeschermingsautoriteit”) with the following contact details: Data Protection Authority (GBA), rue de la Press 35, 1000 Brussels, +32(0)2 274 48 00/+32(0)2 274 48 35; firstname.lastname@example.org; https://www.dataprotectionauthority.be.
11. DELETION AND DISABLEMENT OF COOKIES
Most Internet browsers are set up to accept cookies automatically. However, the browser settings on your device allow you to delete cookies that have already been installed and to refuse the installation of new cookies. How this is done differs from browser to browser. If needed, consult the help function of your browser or use these links to go directly to the manual of your browser: Internet Explorer, Mozilla Firefox, Chrome and Safari.
On https://www.youronlinechoices.com/be-nl/ you can indicate which companies are and which are not allowed to record your browsing behaviour.
12. EXERCISE OF YOUR RIGHTS
If you wish to exercise the above rights, this will be possible by email to email@example.com.
We undertake to reply to any request to exercise the aforementioned rights within thirty (30) calendar days.
13. DATA BREACHES
In the event of a data breach, we will report this to the Data Protection Authority in time. A data breach constitutes a breach of the security of your Personal Data. As a result, all parties involved will also be informed about this data breach and the risks that may arise or be run by you as a result of this data breach will be identified as a matter of urgency.
If you are aware of a data breach, or if you suspect a data breach, we ask you to report this immediately by sending an email to firstname.lastname@example.org.
14. MODIFICATION OF PRIVACY AND COOKIE STATEMENT
We may make improvements, additions or changes to this Privacy- and Cookie Statement for a variety of reasons. We will post a notice of those changes on our Website.
This version was drawn up on 16 October 2020.
Older versions of this Privacy- and Cookie Statement will be stored in our archive and can be retrieved at any time by sending an email to email@example.com.