Yetinel
Get started

gdpr

GDPR compliance

This page is maintained by Yetinel to explain how we comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR. It supplements our privacy policy.

your right

Access & portability

Request a copy of the personal data we hold about you in a structured, machine readable format.

your right

Rectification

Correct inaccurate or incomplete personal data directly in Settings or by contacting privacy@yetinel.com.

your right

Erasure

Delete your account and associated personal data, subject to retention required by law or to defend legal claims.

your right

Restriction & objection

Restrict processing or object to processing based on legitimate interests, including profiling for product analytics.

your right

Regional residency

EU and UK customer data is stored in regional buckets. Cross border transfers rely on EU Standard Contractual Clauses and the UK Addendum.

your right

Lodge a complaint

You can complain to your supervisory authority. We would prefer the chance to address concerns first, write to dpo@yetinel.com.

Roles

For learner accounts created directly with Yetinel, we act as the data controller. For learners enrolled by a sponsoring organization, the sponsor is the controller and Yetinel acts as a processor under a data processing addendum (DPA).

Lawful bases

We rely on contract (to deliver the platform you signed up for), legitimate interests (product security, fraud prevention, aggregated analytics), legal obligation (tax, accounting, lawful requests), and consent where required (optional marketing communications, non essential cookies).

Categories of data

Account identifiers, learning activity, billing metadata, support communications, and limited device or network metadata for security. We do not request special category data and ask learners not to submit it through free text fields.

International transfers

Where personal data leaves the EEA or UK, we rely on the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, supplemented by technical safeguards (encryption in transit and at rest, access controls, audit logging).

Retention

Account data is retained for the life of the account plus the period required by law. Learning records may be retained longer when needed to issue or verify a certificate. Deleted accounts are removed from production within 30 days and from backups within 90 days.

Subprocessors

We use a small set of subprocessors for hosting, email delivery, and payments. Each is bound by a DPA with GDPR aligned terms. A current list is available on request to privacy@yetinel.com.

Exercising your rights

Submit a request from Settings, or email privacy@yetinel.com. We respond within 30 days. We may ask for proof of identity to protect your account. There is no fee for reasonable requests.

Data Protection Officer

Yetinel Data Protection Officer, dpo@yetinel.com. EU and UK representatives can be appointed for enterprise customers on request.

cookies

You're in control of your data

We use strictly necessary cookies to run the platform. With your permission we'd also like to use functional, analytics, and marketing cookies. You can change your choice at any time from the footer. See our privacy policy and GDPR notice.