Last updated: 9 June, 2026
YLD
Privacy Policy
INTRODUCTION
At YLD we take your privacy seriously and we are committed to protecting it.
YLD is a tech consultancy specialising in software engineering, AI engineering, product and design.
This policy explains when and why we collect or receive personal information about you (including when you visit our website at www.yld.com) as well as how this information is used, with whom we share that information and the rights they have over it. This policy was last updated on the date set out at the top of this page.
If you submit an application form or resume in relation to a job vacancy or on a prospective basis our Job Applicant Privacy Policy will apply.
WHO WE ARE AND OUR ROLE
We are YLD Limited (we/us/our) and, for the purposes of applicable data protection laws, we are the controller of the processing activities described below in this policy. If we share your personal information with our group companies, this policy also describes their use of your personal information as separate controllers.
A controller is a person that decides why and how your personal information is processed. As the controller, we are responsible to you for the handling and treatment of that information.
We may act as a processor of personal information for certain processing activities and in relation to such information, our relevant customer’s privacy policy will apply, and not ours.
Please see the section at the end of this policy for contact and company information for us and our group companies.
HOW WE COLLECT YOUR PERSONAL INFORMATION
We receive personal information about you in a variety of ways when you use our website.
Personal information you give to us voluntarily
This is information about you that you give to us when:
- completing webforms on our website, including when you make enquiries, complete surveys or sign up to events that we organise or promote; and
- corresponding with us by phone, email or in another way.
This information is provided by you entirely voluntarily. If we do not receive this information, you may be unable to communicate with us effectively.
Information we collect about you including using automated methods
We may automatically collect information about your use of our website, such as the number and duration of visits to our website and details of which particular pages or parts have been visited. We may also anonymise any personal information we receive about you by amending it, combining it with other data or by using other anonymisation techniques (Anonymised Information). After we anonymise your information, it will not be attributable to you.
We also automatically collect technical information, including Internet protocol (IP) addresses used to connect your device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform as well as mobile identifiers cookie, tracking pixel and beacon identification information. Please see our Cookie Policy for further information (Technical Information).
We use any collected Technical Information and Anonymised Information to analyse how our website is functioning and how it is used by users, for insight purposes and to help us maintain and improve our website on an ongoing basis. We may share Technical Information and Anonymised Information with third parties with whom we work, including our commercial partners.
Information we receive from other sources
We may also obtain the following personal information about you from the following sources:
THE PERSONAL INFORMATION WE PROCESS ABOUT YOU
We may process the following types of personal information about you, which we have categorised as follows:
HOW WE USE YOUR PERSONAL INFORMATION
Data protection laws require us to have a valid reason to process your personal information for each of the different purposes for which we use that information. These laws refer to each reason as a ‘lawful basis’. The purposes for which we use your personal information are explained below, together with the lawful basis under data protection laws on which we rely to do this.
Where you have provided consent
We may use and process your personal information where you have consented for us to do so for the following purposes:
- in relation to any personal email address or mobile number we hold, to make electronic marketing communications including by email, SMS; and
- any purpose we communicate to you at the time you opt-in to allow us to process your personal
We also process personal information we obtain from non-essential cookies that we set on our website based on your consent. For more information, please see our Cookie Policy.
Where processing is necessary for us to pursue our legitimate interests
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, for the following purposes:
Processing necessary for our legitimate interests in promoting our products and services and our business
- to contact you from time to time with marketing information where the law allows us to do so without your consent e.g. by telephone or to your work email address or work mobile number (you have the right to object to us using your personal information for this purpose at any time);
Processing necessary for us to respond to changing market conditions and our customers’ and website users’ needs
- for market research, insight and intelligence in order to improve our understanding of you or your business;
Processing necessary for our legitimate interests in to operate the administrative and technical aspects of our business efficiently and effectively
- to administer our website and for our internal operations, including troubleshooting, testing and statistical reporting purposes;
- for the detection and prevention of fraud and other criminal activities;
- to verify the accuracy of information we hold about you;
- for network and information security purposes in order for us to take steps to protect your and our information and property against loss or damage, theft or unauthorised access;
- to comply with a request from you in connection with the exercise of your rights where required under applicable data protection law;
- for the purposes of a corporate restructure or reorganisation or sale of our business or assets;
- for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we hold about you;
- to place and read cookies that are essential for our website to function properly, as described in our Cookie Policy;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and
- for general administration including financial planning, control and reporting and managing your queries, complaints, or claims, to send service messages and to provide you with important information about our business.
Where required to comply with our legal obligations
We will use your personal information to comply with our legal obligations:
- to assist any public authority or criminal investigatory body, where we are under a legal obligation to do so;
- to identify you when you contact us where we are obliged under applicable law to do so;
- to verify the accuracy of data we hold about you; and
- to respond to and resolve your complaints in relation to our services where we are obliged under applicable law to do so.
OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
Other companies in our group
We may share your information with other companies in our group and they may use your personal information for the purposes and ways set out in “How we use your personal information”, in connection with the services they provide, including where they complement our own services.
Our suppliers, service providers and other recipients
We may share your information with our third party service providers, agents, subcontractors and other organisations (as listed below) for the purposes of providing services to us or directly to you on our behalf.
When we use third party service providers as our data processors, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
When we share your personal information with third parties that are controllers of that information, they may disclose or transfer it to other organisations in accordance with their data protection policies. This does not affect any of your data subject rights as detailed below. In particular, where you ask us to rectify, erase or restrict the processing of your information, we take reasonable steps to pass this request on to any such third parties with whom we have shared your personal information.
Other ways we may share your personal information
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information to public authorities, courts or tribunals if we are under a duty to disclose or share it in order to comply with any legal obligation, to detect, prevent or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our customers. This may involve disclosing your personal information to our customers, the police and other public authorities, criminal investigatory bodies, courts, regulators or the emergency services. We will always take steps with the aim of ensuring that your privacy rights continue to be protected.
WHERE WE TRANSFER YOUR PERSONAL INFORMATION
Information you provide to us may be transferred to countries outside the UK, including to companies in our group or if any of our servers or those of our third party service providers are from time to time located outside the UK. These countries may not have data protection laws similar to those of the UK and so may not protect the use of your personal information to the same standard.
If we transfer your information outside of the UK, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include:
- relying on adequacy decisions issued by the relevant UK Secretary of State where we send personal data to Andorra, Argentina, commercial organisations in Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan, South Korea, Gibraltar or the Economic European Areas;
- where the above does not apply, all transfers of personal data between our group companies rely on the UK International Data Transfer Agreement or Addendum issued by the Information Commissioner’s Office;
- for transfers to US entities, relying on the EU-US Data Privacy Framework and the UK-US Data Bridge that extends that framework to the UK, where such entities are registered with the EU-US Data Privacy Framework;
- in a limited number of circumstances, relying on binding corporate rules; and
- ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection, such as the UK-US Data Bridge that extends the EU-US Data Privacy Framework to the UK.
Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
SECURITY
We care about protecting your information. We put in place appropriate measures that are designed to prevent unauthorised or unlawful processing and accidental loss, destruction, or damage. We do this by having in place a range of appropriate technical and organisational measures, including encryption measures and disaster recovery plans.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR
The length of time for which we retain your personal information is determined by a number of factors including the purpose for which we use that information and our obligations under data protection and other laws in the jurisdictions that apply to us. We do not retain personal information for longer than is necessary for our processing purposes or for longer than the law otherwise permits.
We will usually retain your personal information 7 years after the date it is no longer needed by us for any of the purposes listed above under How we use your personal information. We may derogate from this retention period in the following circumstances:
- you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further Erasing your personal information or restricting its processing);
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Erasing your personal information or restricting its processing below);
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
AUTOMATED DECISION MAKING
We do not envisage that any decisions that have a legal or significant effect on you will be taken about you using purely automated means, however we will update this policy and inform you if this position changes.
YOUR RIGHTS
You have certain rights in relation to your personal information. In relation to certain rights, we may ask you for further information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either the date that we have confirmed your identity or, where we do not need to do this because we already have this information, from the date we received your request.
Where the law permits, we may charge a reasonable administration fee to fulfil your rights request, or in rare cases may reject part or all of your request, where it is manifestly unfounded, or excessive (for example, in the case of repetitive or overlapping requests).
- Accessing your personal information
You have the right to ask for a copy of the personal data that we hold about you (e.g., by emailing or writing to us at the address at the end of this policy). Where provided for under the applicable data protection law, we may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
- Correcting and updating your personal information
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us via any of the details described at the end of this policy.
- Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal information, as set out under “How we use your personal information”, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so, for example, using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
- Objecting to our use of your personal information
Where we rely on your legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out under “How we use your personal information”, you may object to us using your personal information for these purposes, e.g., by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise, we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe tool.
- Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our systems (e.g., by emailing or writing to us at the address at the end of this policy). Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information where you believe it is unlawful for us to continue processing, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
- Transferring your personal information in a structured data file ('data portability’)
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under “How we use your personal information”, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
- Making a complaint
You have the right to complain to us if you think that there is an infringement of data protection law in connection with your personal data. You can write to us using our contact details at the end of this policy.
We will acknowledge receipt of your complaint within 30 days starting when the complaint is received and without undue delay, we will:
- take appropriate steps to respond to your complaint, which will include making appropriate enquiries into it and informing you about its progress; and
- inform you of the outcome of the complaint.
If you contact us through social media it may take us longer to respond and we may invite you to use one of the secure channels above.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the data protection regulator in the UK (or in relation to our group companies in Portugal, the Comissão Nacional de Protecção de Dados (CNPD), the data protection regulator in Portugal). However, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
The contact details for the ICO are below:
Post:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone:
0303 123 1113
Email:
CHANGES TO THIS POLICY
We may update this policy from time to time and where possible and appropriate may notify you of changes by email. We recommend you regularly check for changes and review all updates to this policy
CONTACT AND COMPANY INFORMATION
Please direct any queries about this policy or about the way we process your personal information to our data protection team using our contact details below.
If you wish to write to us or our group companies, please write to Data Protection, YLD Limited, 20 Old Bailey, London, EC4M 7AN.
Our email address for data protection queries is privacy@yld.com.
YLD Limited is a limited liability company incorporated in England and Wales with company number 08761606 with its registered office address at Third Floor, 20 Old Bailey, London, United Kingdom, EC4M 7AN.
Our group companies, Parallel Promises Unip. Lda and Trainbits Unip. Lda, are limited liability companies incorporated in Portugal with their registered office address at Rua Sá da Bandeira 819, 2º Esq., 4000-438 Porto.