Yahoo EMEA Limited Privacy Policy

Yahoo EMEA Limited Privacy Policy

Version 3.2, last updated May 2025 (see the previous privacy policy here).

1. About us

Yahoo EMEA Limited provides digital advertising services that help advertisers, agencies and publishers reach individuals by showing ads that are relevant to them.

Our Demand Side Platform (DSP) helps advertisers and agencies buy ad space to display ads across other companies’ sites and apps that use our digital advertising services.

We help make the ads you see on other companies’ sites and apps that use our digital advertising services relevant to you based on the information that advertisers and agencies share with us and by collecting or inferring information about your interests and activities across the sites and apps that use Yahoo EMEA Limited’s digital advertising services. We process this information in our data management platform (DMP) to improve ad targeting. Learn more about why you see an ad.

This privacy policy explains how Yahoo EMEA Limited collects, uses, processes and shares your personal information when you use sites and apps that use our digital advertising services in Europe, the Middle East or Africa.

Yahoo EMEA Limited is a company established under the laws of Ireland, with headquarters at ####Dublin-v2address#### Ireland.

We are the data controller for the personal information that we collect and process for our own purposes when you interact with websites, apps, connected TVs and other digital properties that use our digital advertising services.

In some cases, such as when we process personal information on behalf of an advertiser, agency or other partner (for example, when they provide their own data for targeted advertising), we act as a data processor. In those cases, the advertiser or agency is responsible for determining how your personal information is used, and you should contact them directly to exercise your data protection rights.

Yahoo EMEA Limited is part of the IAB Europe Transparency & Consent Framework and keeps to its specifications and policies. Our vendor identification number is 25.

References in this privacy policy to Yahoo EMEA Limited’s digital advertising services only apply to our services, and not to the services of advertisers, agencies or other companies’ sites and apps that use our digital advertising services.

Our advertising policies do not allow the processing of data from children known to be under 18 for targeted advertising purposes.

2. Information we collect

When you use other companies' sites or apps that use our digital advertising services, we collect and obtain your information from these third parties and we store it with your unique identifiers.

We collect data from:

  • partners and third-party data providers through contractual agreements
  • partners sending us requests for ads and through the delivery of ads
  • using cookies and similar technologies
  • information from your device, like IP address and mobile advertising identifiers
  • advertisers and agencies uploading data such as hashed emails or other pseudonymous IDs to our DMP
  • publicly available sources.

 

The information we collect and obtain comprises the following categories of information:

Information Category

Description

Demographic Information

This includes your age, gender, marital status and socioeconomic information (for example, your level of education, employment status and income range).

Online Activity Information

Information about your interaction or purchases on partners’ sites or apps such as which ads or articles you clicked on and the membership or subscriptions you have with them.

Approximate Geolocation Information

Information about your approximate location (for example, the country or city you are in). This does not include precise geolocation information (as described below).

Identifiers

We create and use identifiers to help deliver, personalise, and measure ads. Identifiers are unique sets of letters and numbers that allow us to recognise a browser, device, account or individual over time and across different services.

This includes:

  • Identifiers stored in cookies or similar technologies (such as cookie IDs and mobile device IDs)
  • Hashed versions of email addresses, phone numbers or usernames
  • Other unique account identifiers that advertisers, agencies or partners may share with us
  • IP addresses and similar network identifiers

 

Learn more about how we use cookies and identifiers in our cookie policy.

Device Information

Information about your device, such as your browser (and the version), operating system (and the version), screen resolution and device type.

Precise Geolocation Information

Information that describes where you are in a precise way. This can include the coordinates (latitude and longitude) of your device, which are precise enough to locate it at a specific place (for example, an address).

Inferred Interests

Interests that we think you have, based on your activity on partners’ sites or apps or the information they share with us such as the interests you’ve expressed on their services. For example, we assume that you are interested in finance if you visit finance sites and apps.

3. How we use your information and the legal bases we rely on

To provide our digital advertising services, we process the Information we collect for the purposes set out in this section. When we process information in connection with these purposes, we rely on the following legal bases.

  1. With your consent

    When we use your information based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before it was withdrawn.

    Why we process this information

    Information Categories Processed

    To target and deliver personalised ads on the sites and apps that use our digital advertising services.

    This includes enabling advertisers and agencies to run coordinated ad campaigns across multiple channels, including display, video, mobile, and social media.

    Approximate geolocation information

    Identifiers

    Inferred interests

    Demographic information

    Device information

    Online activity information

    Precise geolocation information

    To measure how effective our digital advertising services are and to create advertising interest profiles based on your activity and inferred interests and the activity of others with similar inferred interests.

    This includes using machine learning to improve scale and accuracy.

    Approximate geolocation information

    Identifiers

    Inferred interests

    Demographic information

    Device information

    Online activity information

    Precise geolocation information

    To measure, understand, develop, and improve our advertising services.

    This includes, performing data analytics to improve the effectiveness and efficiency of ad campaigns.

    All categories of information

  2. Based on legitimate interests

    We rely on our and our partners legitimate interests. Where we rely on legitimate interests, you have the right to object to this processing. See the Exercising your privacy rights section for more information on how to exercise your right to object.

    Why we process this information

    Legitimate Interest Relied On

    Information Categories Processed

    For security purposes, including to prevent and detect fraudulent, abusive or unlawful activity.

    It is in our interest and the interest of the general public to prevent and address fraud and unauthorized use of our digital advertising services.

    All categories of information

    To investigate, identify, bring or defend against legal claims, to share information with other relevant parties, including law-enforcement agencies, and to respond to legal requests.

    This includes responding to legal requests, legal claims, litigation or other disputes where appropriate.

    It is in our interest and the interest of the general public to ensure that our digital advertising services are used for lawful purposes.

    All categories of information

    To detect, investigate or tackle:

    • fraud and other illegal activity; or
    • security and technical issues.

     

    This may involve sharing information with other technology companies to protect against security threats and report illegal activities to law-enforcement agencies, government departments or other authorities.

    It is in our interest and the interest of the general public to ensure that our digital advertising services are used for lawful purposes.

    All categories of information

    We share your information with our external advisors when we get legal advice, or with others in connection with legal claims and other disputes.

    It is in our interest and the interest of the general public to ensure that our digital advertising services are used for lawful purposes.

    All categories of information

  3. To meet our legal obligations

    We process your information when it is necessary for us to do so in order to meet our legal obligations.

    Why we process this information

    Information Categories Processed

    To respond to a valid legal request from a regulator, law-enforcement agency, court, or other public authority. Examples of valid legal requests include search warrants or court orders.

    The following are examples of our legal obligations under Irish and EU laws:

    • If Irish law-enforcement agencies ask us for information relating to a criminal investigation, we must keep to the Criminal Justice (Miscellaneous Provisions) Act 1997 (as amended), where it applies.
    • We must keep to any court order requiring us to provide information relating to legal proceedings, including orders made under regulation (EU) No 1215/2012 on jurisdiction and recognising and enforcing judgments in civil and commercial matters.

     

    All categories of information

    We will process your IP address to determine the jurisdiction and legal terms that apply to you.

    Approximate geolocation information

    Precise geolocation information

    Identifiers

  4. To protect vital interests

    We process your information when it is necessary for us to do so in order to protect your vital interests or those of another person.

    Why we process this information

    Information Categories Processed

    To review and share information, including with law-enforcement agencies and others, in circumstances where your or someone else’s vital interests need to be protected, such as in an emergency.

    Vital interests include protecting your (and other people’s) life and physical or mental wellbeing, and detecting, removing and reporting illegal content.

    All categories of information

4. Sharing your information

Below are the categories of recipients we share your information with in order to provide our digital advertising services. Yahoo EMEA Limited ensures that all vendors comply with Yahoo EMEA Limited certification and privacy standards.

Third Party

Why we share your information

Yahoo companies

We share your information with other Yahoo companies for a variety of purposes, including to:

  • provide the digital advertising services that other companies sites and apps use
  • protect our digital advertising services and systems, by preventing and detecting unauthorised access or use
  • understand how our digital advertising services work, and
  • improve existing services and features, and develop new ones.

Processors acting on our behalf

We share your information with processors that work on our behalf and process your information as instructed by us. Processors include:

  • providers of cloud services
  • application service providers, and
  • security partners and service providers.

Advertisers, agencies and other companies that use our digital advertising services

We share your information with advertisers, agencies, and other companies that use our digital advertising services, and other third parties as part of our digital advertising services for the purposes described in Section 3.

Yahoo EMEA Limited will also share the Inferred interests we have created about you with Taboola. To learn more about Taboola, you can read their Privacy Policy.

Government, law enforcement, and regulatory agencies

We share information with third parties and law-enforcement agencies to:

  • keep to a court order or similar legal procedure, or to prevent fraud or other illegal activity
  • protect the rights, property and safety of us and our users. For example, we may provide information (such as your IP address) to law-enforcement agencies in an emergency where someone’s safety is at risk
  • detect, investigate or tackle, for example, fraud, illegal activity, security issues and technical issues. This includes sharing information with other technology companies to protect against security threats
  • meet legal or regulatory requirements, and
  • exercise our legal rights, including investigating cases of our Yahoo EMEA Limited Terms of Service being broken.

New owners

If the ownership or control of all or part of Yahoo EMEA limited (or one or more of our digital advertising services) changes or is proposed to change as a result of a merger, acquisition, or sale of any assets, we may transfer your information to the new (or prospective) owner or controller.

5. Exercising your privacy rights

Depending on where you live, you may be able to exercise certain privacy rights related to your personal information. This includes the right to receive a copy of your personal information, to control how we process certain information, and to correct or delete personal information. This section provides further information on your rights and how to exercise them.

  1. Withdraw your consent

    If you have given your consent, you can withdraw your consent at any time. You can do this using our online privacy form. When our digital advertising services are used by third parties, they are responsible for obtaining your consent and providing you with controls over the use of your data.

  2. Object to the processing of your information

    You have the right to object to us processing your personal information based on our legitimate interests. We may continue to process your personal information where permitted or required by applicable law. You can object by using our online privacy form.

  3. Restrict the processing of your information

    In certain circumstances you can restrict the processing of your information for a period of time, as long as there are valid reasons for doing so. To do this please contact us using our online privacy form.

  4. Get copies of your information

    You have the right to ask us for a copy of the personal information we hold about you. The right to data portability, allows you to receive information that is accessible and machine-readable, and to ask an organisation to transfer your information to another organisation. To do this please contact us using our online privacy form.

  5. Delete your information

    You have the right, in certain cases, to ask us to delete your information. We will delete the information unless we are required by law to keep it or we have a valid business reason for keeping it. To do this please contact us using our online privacy form.

  6. Correct your information

    You have the right to request us to rectify or update the information you provided if it is no longer accurate or is incomplete. To do this please contact us using our online privacy form.

  7. Raise a concern

    If you have any questions or concerns about how your information is processed, you can contact our Data Protection Officer by emailing dpo-contact@yahooinc.com or by writing to us at the address provided in the how to contact us section below. If you are not satisfied with our response, you also have the right to make a complaint to the data protection regulator in the country you live or work in. Find your local data protection regulator.

    If you live in Switzerland, you can contact the Federal Data Protection and Information Commissioner (FDPIC).

    If you live in the UK you can contact the Information Commissioner’s Office (ICO).

6. How long we keep your information

We keep your personal information for as long as necessary for the purposes described in Section 3 of this privacy policy, as well as for other legitimate purposes such as meeting our legal obligations, maintaining security, and ensuring the continuity of our services.

The length of time we keep information depends on factors such as:

  • the type of information
  • the purpose for which it was collected and processed
  • business needs (for example, maintaining service backups)
  • any applicable legal or regulatory requirements.

Retention of identifiers and advertising data

  • Cookies:

    Most cookies we use to associate targeting data with your device expire 13 months after your last interaction with our services. Each time you visit, this expiry period is refreshed. This means we may continue to associate new data with the same cookie for up to 13 months from your last visit to a site or app that uses our digital advertising services, unless you clear your cookies. Some other cookies we use may have different expiry periods depending on their purpose. See our cookie policy for more information and to learn how you can control our use of cookies and similar technologies.

  • Device identifiers:

    Device identifiers generally do not expire on their own. However, if we do not receive activity associated with a device ID for up to 13 months, it will expire from our system use by deleting associated segments.

  • Advertising targeting profiles:

    Information about your interests expires from our systems at varying times depending on the type of interest it relates to. This is generally within 12 months from the time it was created.<

7. International Transfers

To facilitate our global operations, we work with companies, partners, and service providers in different countries. When we transfer your information, we rely on appropriate safeguards being in place to protect information that is transferred to these countries.

The safeguards we rely on are:

  • Adequacy decisions, if the recipient is in a country that is considered to provide adequate level of data protection as determined by the European Commission.
  • Standard Contractual Clauses adopted by the European Commission or the United Kingdom.
  • The EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and the Data Privacy Framework Principles as set forth by the U.S. Department of Commerce.

The countries we transfer personal information to include Australia, the United Kingdom, India, the United States, Canada, Singapore, Taiwan and Israel.

8. How to contact us

If you have any questions about this privacy policy, want to raise a concern with us, or want to exercise your privacy rights, the quickest and easiest way to do so is to get in touch with us using our online privacy form.

You can also write to us at:

The Privacy Team
Yahoo EMEA Limited
The EXO Building
North Wall Quay
Dublin 1
D01 W5Y2
Ireland

If you want to contact our Data Protection Officer, you can email dpo-contact@yahooinc.com or write to:

The Data Protection Officer
Yahoo EMEA Limited
The EXO Building
North Wall Quay
Dublin 1
D01 W5Y2
Ireland

UK residents can also contact our UK GDPR representative by emailing YahooUKGDPRrepresentative@mhcldn.com or writing to:

MHC U.K. GDPR Representative
Mason Hayes & Curran LLP
1 Cornhill, London
EC3V 3ND
United Kingdom