Privacy policy & cookies

Our website address is: https://weareyard.com

Yard Associates Limited (“Yard”, “we”, “us” or “our”) takes your privacy seriously and is committed to protecting the personal data that we process in compliance with the UK General Data Protection Regulation (GDPR) and other applicable data protection laws. This privacy policy explains how and why we collect, use, share and protect personal data, and the rights available to data subjects. This public privacy policy reflects Yard’s internal Data Protection Policy.

Yard Associates Limited is the data controller for personal data processed for our business activities.
Registered office: The Maltings, East Tyndall Street, Cardiff, CF24 5EA.

Data Protection Officer (DPO): Paul Newbury

For all queries relating to this privacy policy, please contact us at hello@yarddigital.com

We may collect and process personal data including, but not limited to:

• Identity and contact information (name, job title, company, postal address, email, telephone);
• Transactional and contractual data (details of services provided, invoices);
• Website and IT data (IP address, cookies, analytics data, details of your visits to our site);
• Recruitment and employment data for job applicants and employees; and
• Any other information you choose to provide (e.g., correspondence, feedback).

We aim to collect only the personal data that is necessary for the purposes described below.

Cookies are files with small amount of data that is commonly used an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer’s hard drive.

Our website uses these cookies to collection information and to improve our services and measure the impact of our marketing efforts. You have the option to either accept or refuse these cookies, and know when a cookie is being sent to your computer.

These are the cookies that we use:

To learn more about these cookies visit Adobe cookies

We process personal data for purposes such as:

• delivering services and managing client relationships;
• recruitment, payroll and HR administration;
• providing, maintaining and improving our website and services;
• complying with legal and regulatory obligations;
• preventing and detecting fraud and ensuring IT security; and
• communicating with you about our services and managing customer support.

Where required by law, or where appropriate, we rely on one or more lawful bases for processing including:

• Contract — necessary to perform a contract with you;
• Legal obligation — to comply with legal duties;
• Legitimate interests — where processing is necessary for our legitimate business interests (subject to data subject rights and safeguards); and
• Consent — where you have freely given consent (for example, marketing communications or certain cookies).

We apply the GDPR principles — lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation and security — in all processing activities.

We collect data via:

• Information you give us directly (e.g., contact forms, email, applications);
• Automated technologies when you use our website (cookies and similar technologies); and
• Third parties or public sources (for example, client referrals or contracted service providers).

We do not normally use external companies to process client data, but where we do, we ensure that processors provide sufficient guarantees about security and that processing is governed by written contractual terms (a Data Processing Agreement). We may share data with:

• service providers and agents who deliver services on our behalf (hosting, IT, analytics, payroll, legal and professional advisors); and
• regulators, law enforcement or other public authorities where required by law.

Where we engage processors, we take reasonable steps to ensure appropriate technical and organisational measures are in place

No personal data is ever transferred outside of the UK/EEA.

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. These measures are reviewed at least annually. Yard is ISO27001 accredited for Data Security under UKAS, and take our obligations for data security very seriously.

You have rights under data protection law, including:

• the right to withdraw consent where processing is based on consent;
• the right to access the personal data we hold about you and to obtain copies;
• the right to request rectification of inaccurate data or completion of incomplete data;
• the right to request erasure in certain circumstances;
• the right to restrict processing in certain circumstances;
• the right to object to processing where we rely on legitimate interests;
• the right to object to direct marketing;
• the right to receive details of safeguards where data is transferred outside the EEA;
• rights relating to automated decision-making and profiling; and
• the right to complain to the UK Information Commissioner’s Office (ICO).

Yard will verify the identity of anyone making a request and ordinarily aims to respond to access requests within one month. Please direct requests to hello@yarddigital.com.

We may update this policy from time to time to reflect legal, regulatory or operational changes. Material changes will be published on our website.

Our Services do not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.