Privacy Policy

Yoshki Privacy Notice.

This Privacy Notice was last updated in January 2022

This policy describes what information we collect, how it is used, and kept safe.

Introduction

Yoshki Ltd is committed to data security and the fair and transparent processing of personal data. This privacy notice sets out how we will treat the personal data which you provide to us in compliance with applicable data protection law, in particular, the General Data Protection Regulation (EU) 2016/679 (GDPR).

Please read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data, how to contact us and supervisory authorities in the event that you would like to report a concern about the way in which we process your data.

Who are we?

Yoshki Ltd (Company No. 07102208) of Thames Valley Park , 400 Thames Valley Park Drive, Reading, RG6 1PT, United Kingdom (Yoshki) owns and operates the Yoshki website and associated services (Yoshki Smart Badge & Yoshki Radar).  For the purposes of the GDPR, Yoshki is the ‘controller’ of the personal data you provide to us via our website or the data we obtain through our Yoshki Smart Badge reports (described below).

If you have any queries about this privacy notice, the way in which Yoshki processes personal data, or about exercising any of your rights, please send an email to gdpr@yoshki.com or write to Data Protection, Yoshki Ltd, Thames Valley Park , 400 Thames Valley Park Drive, Reading, RG6 1PT.

This privacy notice, together with and any other documents referred to in them, sets out the basis on which Yoshki processes personal data provided via this website.

How we collect your personal data

There are several touchpoints where we collect your data:

Online forms (www.yoshki.com & yoshki.freshdesk.com)

  • When you fill in any form to ‘contact us’ or to ‘request a demonstration’ of our solutions

Through Google Analytics (Smart Badge Service)

  • When you add a digital Smart Badge to your website, Yoshki (through Google Analytics) accesses certain data to power its reporting functionality

What personal data do we collect

We may collect and process the following personal data:

Online forms (www.yoshki.com & yoshki.freshdesk.com)

  • Personal details, such as your name, location, and contact details like your address, email address and phone number

Through Google Analytics (Smart Badge Service)

Through Google Analytics, Yoshki (acting as the data processor) has access to the following data:

  • A list of websites (domains and sub-domains) that have implemented a Digital Badge code
  • Statistics relating to how many times a digital badge has been viewed, hovered over and clicked

At no point, does Yoshki access, record or store any additional data such as IP addresses, page navigation behaviour, etc.

How do we use your personal data?

When we ask you to supply us with personal data we will make it clear whether the personal data we are asking for must be supplied so that we can provide the products and services to you, or whether the supply of any personal data we ask for is optional.

Online forms (www.yoshki.com & yoshki.freshdesk.com)

  • to provide the products and/or services to you;
  • to communicate with you in relation to the provision of the contracted products and services;
  • to provide you with administrative support such as account creation, security, and responding to issues; and
  • provide you with industry information, digital badge insights, surveys, information about our awards and events, offers and promotions, related to the products and/or services.

Through Google Analytics (Smart Badge Service)

Using Google Analytics, Yoshki (acting as the data processor) shares the following information with the client (data controller and Smart badge issuer):

  • A list of websites (domains and sub-domains) that has implemented a Digital Badge code
  • Statistics relating to how many times a digital badge has been viewed, hovered over and clicked

The purpose of accessing and sharing this information with the client (Smart badge issuer) is to:

  • help prevent inappropriate use of a digital badge;

Who do we share your personal data with?

We take all reasonable steps to ensure that our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to know it.

From the data we access via Google Analytics, Yoshki (acting as the data processor) shares the following with our client (the data controller and Smart badge issuer)

  • A list of websites (domains and sub-domains) has implemented a Digital Badge code
  • Statistics relating to how many times a digital badge has been viewed hovered over and clicked

Outside of the Smart badge reporting process, no data is ever shared or accessed by a third party.

If required by applicable law, we will share personal data with law enforcement or other authorities.

How long will you keep your personal data?

Where there is a contract between us, we will retain your personal data for the duration of the contract, and for a period of 6 years following its termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities.

Data accessed through Google Analytics for smart badge reporting purposes will be retained for a period of 3 months.

Where you have consented to marketing communications, you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in an email from us.

Where do we store your personal data and how is it protected?

We store data on servers located within the European Union and the US. We take reasonable steps to protect your personal data from loss or destruction. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Where you have a username or password (or other identification information) which enables you to access certain services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Your rights

Under the GDPR, you have various rights with respect to our use of your personal data:

Right to Access

You have the right to request a copy of the personal data that we hold about you by contacting us at the email or postal address is given below. Please include with your request information that will enable us to verify your identity. We will respond within 1 month of the request. Please note that there are exceptions to this right. We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information, or if your request is manifestly unfounded or excessive.

Right to rectification

We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changed so that we can keep your personal data up-to-date.

Right to erasure

You have the right to request the deletion of your personal data where, for example, the personal data are no longer necessary for the purposes for which they were collected, where you withdraw your consent to the processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data be erased, please contact us using the contact details provided below.

Right to object

In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the processing of your personal data, please contact us using the contact details provided below.

Right to restrict processing

In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have queried the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. Please contact us using the contact details provided below.

Right to data portability

In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to request that your personal data be ported to you, please contact us using the contact details provided below.

Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception we will explain this to you in our response.

 

Contact

If you have any queries about this privacy notice, the way in which Yoshki processes personal data, or about exercising any of your rights, please send an email to gdpr@yoshki.com or write to Data Protection, Yoshki Ltd, Thames Valley Park, 400 Thames Valley Park Drive, Reading, RG6 1PT.

Complaints

If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint with the applicable supervisory authority or seek a remedy through the courts. Please visit ico.org.uk/concerns/ for more information on how to report a concern to the UK Information Commissioner’s Office.

Changes to our Policy

Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.

APPENDIX A: SMART BADGE SPECIFIC DATA SECURITY POLICY

OVERVIEW

A Smart Badge issuer has their image(s) hosted and managed by Yoshki Ltd, along with an associated list of approved companies and website addresses. Typically, this data is already in the public domain. However, data security still aims to comply with data protection laws and follows good practices.

SECURITY MEASURES

  • The badge images can only be updated when approved by at least two service administrators. (Through the administration interface a single user can’t change any image.)
  • Administration access is restricted by IP address.
  • Administration access uses 2-factor authentication.
  • Server and database passwords are strong and changed at intervals.
  • Database backups are encrypted.
  • Passwords are not stored in plain text but are hashed and salted.
  • All admin functionality is forced to run over SSL.

APPENDIX B: USE OF GOOGLE ANALYTICS

Yoshki uses Google Analytics to power its Smart Badge reporting functionality.

Through this reporting functionality, Yoshki and the Smart Badge issuer has access to the following data:

  • A list of websites (domains and sub-domains) that has implemented a Digital Badge code
  • Statistics relating to how many times a digital badge has been viewed hovered over and clicked

At no point, does Yoshki access, record or store any additional data such as IP addresses, page navigation behaviour, etc.

Of the information Yoshki does access (noted above), it is only ever shared between the badge issuer (our client) and Yoshki, to facilitate the Smart Badge service.

APPENDIX C: KEY PARTNERS

Yoshki Ltd uses key partners for Internet hosting, worldwide content delivery, and analytics:

Level3 http://www.level3.com/en/privacy/
UKFAST https://www.ukfast.co.uk/terms/data-protection-policy.html
Google https://www.google.com/intl/en/policies/privacy/