By clicking on 'Accept all cookies', you agree to the storage of cookies on your device to improve navigation on the site, analyze site usage, and assist with our marketing efforts. View our Privacy Policy for more information.
Preferences
Last updated
August 2025

Privacy Policy

At Yields, weare committed to safeguarding your personal data and respecting your privacy.We strive to offer transparency, respect, and control regarding how your personal information is handled.

Yields processes your personal data strictly in compliance with all relevant European and Belgian data protection laws. This includes Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, commonly known as the General Data Protection Regulation (“GDPR”)- as well as the Belgian Act of 30 July 2018 regarding the protection of natural persons in relation to the processing of personal data.

This privacy policy is designed to inform you as visitor to Yields’ website (www.yields.io) (“Website”) clearly and comprehensively about how we collect, use, and protect your personal data. Yields acts as a data controller regarding the processing activities outlined in this privacy policy.

Should you have any questions after reviewing this policy, we encourage you to contact us for further clarification.

When does this privacy policy apply?

This privacy policy explains how we collect, use, and process your personal data when you visit and interact with our Website, or when you apply for job vacancies.

When does this privacy policy not apply? When delivering our services and offering our software to the market, Yields typically acts as a data processor on behalf of its customers. In such cases, the processing of personal data by Yields is governed by a data processing agreement concluded with our customer and is subject to the instructions we receive from them. If you have any questions regarding the processing of your personal data in this context, we recommend that you contact the data controller directly — in this case, the entity using our software (i.e. our customer).

Please note that if our Website redirects you to a third-party website or application, the terms, conditions, and privacy policy of that third party may apply instead. We encourage you to review the relevant privacy policies and applicable terms before providing any personal data to those external platforms or websites.

Yields is an international software company based in Belgium, specializing in Model Risk Management and AI Governance. We develop and license a SaaS platform that supports the full model and AI lifecycle — from development to monitoring — with a focus on automation, transparency, and compliance.

  • Yields NV
  • BE 0674.499.495
  • Oktrooiplein 1, bus 201
  • 9000 Ghent (Belgium)
  • RPR Ghent, Dpt. Ghent
  • gdpr@yields.io

Which personal data do we process and how do we obtain it?

Depending on the interactions you have with Yields and our Website, we might process the following types of personal data:

When you visit our Website:
Technical information, usage data, history and logs We may process specific personal data through cookies (and similar technologies) installed on our Website (e.g. IP address, browser type, operating system, etc.). We refer to our cookie policy for a complete overview of all cookies we use and all relevant information in this regard.

When through our Website you contact us, subscribe to our newsletter, request a demo of our products, register for events or download our whitepapers
Identification and contact details; personal characteristics We may process your name, gender, address, email address, company name, job title, phone number, communication preferences and any other personal data you share with us via fill-in fields.
Professional information We may process your professional contact information, your job function, the company you work for and the category of Yields products you are interested in.
Technical information, usage data, history and logs We may collect specific personal data through cookies (and similar technologies) installed on our Website (e.g. IP address, browser type, operating system, etc.). We refer to our cookie policy for a complete overview of all cookies we use and all relevant information in this regard.

When you apply for a job vacancy
Identification and contact details; personal characteristics We may process your name, gender, address, email address, company name, job title, phone number, marital status, date of birth, nationality, communication preferences and any other personal data you share with us via fill-in fields.
Professional information We may process your professional contact information, working experience, financial information, curriculum vitae including your education- and employment history and any other relevant personal data (e.g. photo) you might share with us during the recruitment procedure.

For which purposes do we process your personal data and what is the legal basis?

We collect and process your personal data for various reasons, but only insofar as necessary to achieve the intended purpose. Below, you can find an overview of why we process specific categories of personal data, including the associated legal basis for such processing.

Purpose of processing Categories of personal data Legal basis
Responding to your questions submitted via our Website (or via email) • Identification and contact details; personal characteristics
• Professional information 		Performance of the agreement
Sales and Marketing campaigns • Identification and contact details; personal characteristics
• Professional information 		Consent (or legitimate interest for existing customers)
Sending our newsletters • Identification and contact details; personal characteristics
• Professional information 		Consent (or legitimate interest for existing customers)
Request for a demo of our products • Identification and contact details; personal characteristics
• Professional information 		Performance of the agreement
Registering to events • Identification and contact details; personal characteristics
• Professional information 		Performance of the agreement
Managing job applications and assessing your suitability for the job and for recruitment purposes in general • Identification and contact details; personal characteristics
• Professional information 		Legitimate interest (or consent in case you allow us to keep your data for future job vacancies)
Management of our Website • Technical information, usage data, history and logs Please read our cookie policy

Each processing activity we perform using your personal data is based on a specific legal basis. The legal basis on which our processing activities are based arec learly stated in the above overview, but we believe it is important to provide you with further explanation of each of these concepts:

Each processing activity we carry out involving your personal data is grounded in a specific legal basis, as required by applicable data protection legislation. We have indicated the relevant legal basis for each purpose of processing outlined above. However, we believe it is important to give you a clearer understanding of what these legal bases mean in practice:

Legal basis Explanation
Performance of the agreement This legal basis means your data is processed when necessary to enter into or fulfill our (pre)contractual obligations to you.
Legitimate interest This legal basis means your data is processed when it is necessary for our legitimate interests, provided that such interests are not overridden by your fundamental rights and freedoms. We always strive to maintain the correct balance. The legitimate interests we are pursuing are:
  • Making the best possible recruitment decisions possible
  • Ensuring business development by marketing our services and products
  • Offering outstanding client service and experience possible.
Consent This legal basis means your data is processed based on your explicit consent (e.g. via opt-in) for specific purposes.
Legal obligation This legal basis means our processing of your personal data is based upon a legal obligation which is imposed upon us.

We always seek to process as little personal data as necessary for the purpose we are aiming to achieve. As an example, the personal data we request is often essential to enable us to help you or for offering the services you requests.Without processing such personal data, we would often not be able to respond to your request.

Does Yields use automated individual decision-making?

No, we will never take any individual decisions through automated processes such as profiling which produces legal effects concerning you or similarly significantly affects you. You can count on a true personal approach when interacting with Yields.

Will my personal data be shared with any third-party services?

We may share your personal data with third parties depending on the type of personal data you provide and the purposes for which it is processed. These third parties may include service providers, partners, or other entities necessary to support our operations, comply with legal obligations, or fulfil contractual requirements. Below you can find an overview:

Recipient Explanation
Yields’ affiliates We may share your personal data with other affiliates within our corporate group in order to follow up on your requests or to deliver our services as efficiently and effectively as possible.
Suppliers, subcontractors and other service providers We work with a number of external companies, independent service providers, suppliers, subcontractors, communication providers, and intermediaries to support the delivery of our services and the operations of our business. These may include IT and software vendors (such as CRM platforms like HubSpot), legal advisors, consultants, accountants, and other professional service providers. These third parties may process your personal data when necessary for the provision of their services to us.

Where such parties act as data processors on our behalf, we enter into a data processing agreement with them to ensure compliance with applicable data protection laws. We also require them to implement appropriate technical and organisational measures to safeguard your personal data at all times.
Partners Depending on the service you request from us, we might need to share your personal data with the partners we are engaging.
Authorities and auditors If required by law, under a legal procedure or in case of an audit, we may share your personal data with specific authorities, government institutions or auditors.
Business transfer In the event of a merger, acquisition, or other corporate restructuring in which Yields is involved, your personal data may be transferred to third parties involved in this process, subject to appropriate safeguards.

Security

Yields is committed to make sure your personal data is safe and secure. We implement adequate technical and organizational measures to safeguard your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. For example, we implement network security, physical security, access management, incident management procedures and business continuity policies. Yields is ISO 27001 certified.

However, you should know the internet is an open environment and we cannot guarantee that unauthorised third parties will never be able to defeat the measures we implement for security reasons or use your personal data for improper purposes.

Will your personal data be shared outside of the EEA?

When we share your personal data with third parties or sub-processors we engage, there is a possibility that your personal data will be transferred outside of the European Economic Area (“EEA”). In this case, we will ensure such transfer outside the EEA is always GDPR compliant, that we have a lawful basis for transferring your personal data and that we ensure appropriate safeguards are in place in order to provide an adequate level of protection for your personal data. For example, we can do so by including the Standard Contractual Clauses as issued by the European Commission in our agreements with these companies or by implementing any other mechanism for international data transfers included in the applicable (data protection)legislation (e.g. binding corporate rules, adequacy decisions issued by the European Commission, etc.). Any other (future) mechanisms accepted under applicable data protection legislation may also be used in this regard.

How long do we retain your personal data?

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, or contractual obligations. Retention periods prescribed by applicable laws may also influence how long certain personal data must be kept.

Categories of personal data Retention period
Identification and contact details of Website visitors, prospects, clients and partners
  • 24 months if no customer relationship exists.
  • Until the end of the commercial relationship plus an additional 6 months in the case of an active business relationship.
  • Until the withdrawal of your consent, for processing based solely on consent.
Professional information
  • 24 months if no customer relationship exists.
  • Until the end of the commercial relationship plus an additional 6 months in the case of an active business relationship.
  • Until the withdrawal of your consent, for processing based solely on consent.
  • 4 weeks after receipt, until the end of the application round or (in case the applicant has consented hereto) 1 year after the receipt.
Technical information, usage data, history and logs Reference is made to our cookie policy.

If we process your personal data solely on the basis of your consent, you have the right to withdraw that consent at any time. Once withdrawn, we will no longer process your data for those purposes and will delete it accordingly.

Depending on the category of personal data and the specific purposes for which it is being processed, we may retain certain data for extended periods—typically up to 5 or 10 years after its receipt. These longer retention periods are applied to meet legal or regulatory obligations, preserve evidence for potential legal proceedings, or comply with professional indemnity and accountability requirements.

Will we use your personal data for direct marketing?

If you are an existing customer (based upon our legitimate interest) or if you have given us the required consent, we may process your personal data for direct marketing purposes. It enables us to keep you informed about the products we offer, any applicable promotions, events we may organize and in general the services we provide.

In case you wish to withdraw the consent you have given us to process your personal data for direct marketing purposes, or you wish to object to processing your personal data for direct marketing purposes in case such processing is based on our legitimate interest, you can do so at any time by contacting us or by changing your preferences using the “unsubscribe link” we include in our direct marketing mailings. In case you would like to withdraw your consent regarding the use of cookies on our website and web shop, we refer to our cookie policy.

What are my rights?

We want to ensure that you are fully informed about the rights you have regarding your personal data. If you wish to exercise any of these rights, you are welcome to contact us. To protect your privacy and ensure that your personal data is not disclosed to anyone else, we may need to verify your identity using appropriate means before processing your request.

The right of access – You have the right to request access to the personal data we process about you at any time. This includes information such as the purposes for which your data is being processed, who receives your personal data, how long we store your personal data etc. You are also welcome to visit our headquarters to have physical access to your personal data, but if you prefer us to send you a copy of your personal data we process, this is also available on request.

The right to rectification – If you believe that any of the personal data we hold about you is inaccurate or outdated, please let us know so that we can correct or update it without undue delay.

The right to erasure – You can askus to permanently erase the personal data of yours which we process. This is the so called “right to be forgotten”. It applies in several circumstances, for example when we process your personal data based upon your consent, when processing your personal data is no longer necessary for its original purposes, when we have no overriding legitimate interest to process your personal data and you object to the processing of your personal data, when we should erase your personal data to comply with a legal obligation or ruling, or when we processed your personal data unlawfully.

The right to restriction – You have the right to ask us to restrict the processing activities we perform on your personal data. It applies in several circumstances, for example when you contest the accuracy of your personal data and we need to verify your contestation, when we process your personal data unlawfully and you oppose to the erasure of your personal data and asks restriction instead, when we no longer need your personal data for the purpose of processing but it is required in relation to legal claims, or when you object to the processing of your personal data but the verification of our legitimate grounds is still pending.

The right to data portability – You have the right to receive the personal data we process about you in a structured, commonly used, and machine-readable format. You may also request that we transmit this data directly to another data controller, where technically feasible.

The right to object – You have the right to object to processing of your personal data (including any profiling activities) based on our (or a third party’s) legitimate interest or on grounds of public interest. You also have the right to object to any direct marketing activities we perform using your personal data. Any direct marketing we may send always contains a link to unsubscribe, making it as convenient as possible for you to unsubscribe.

The right to submit a complaint – We do encourage you to reach out to us first in case you have any concerns on how we process your personal data, but you have the right to submit a complaint to the competent Data Protection Authority in case you believe we breached your rights or our responsibilities under the applicable legislation. The relevant contactdetails of the Belgian Data Protection Authority can be found at the end of this privacy policy.

How can you contact us?

We are hereto assist you with any questions you may have regarding this privacy policy or the processing of your personal data. Please do not hesitate to get in touch with us:

  • Yields NV
  • BE 0674.499.495
  • Oktrooiplein 1, bus 201
  • 9000 Ghent (Belgium)
  • RPR Ghent, Dpt. Ghent
  • gdpr@yields.io

How can you contact the Data Protection Authority?

We encourage you to contact us first if you have any questions, concerns, or complaints regarding how we handle your personal data. We are committed to addressing your inquiries promptly and transparently. If you remain unsatisfied with our response, or if you believe that your personal data has been processed unlawfully, you can file a complaint with the Belgian Data Protection Authority:

Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our data processing practices or to comply with evolving legal and regulatory requirements. Any updates will be published on our Website, ensuring that you always have access to the most current version. We encourage you to review this privacy policy periodically to stay informed about how we collect, use, and protect your personal data. Where applicable, we will notify you of any material changes by email or through a prominent notice on our Website.

Most recent update: August 13th, 2025

AI governance and compliance. Everything you need. Built in.

Yields' AI Governance platform gives you full control over your AI systems. Without consultants, spreadsheets, or guesswork.

Book a demo
Get your AI Risk Management guide