Who We Are

Youatox operates from Ireland, providing investment awareness education and financial literacy resources. We're the data controller for information you share with us through our website and services. Our registered address is Loricas, Carrowkeale, Co. Tipperary, V94 A8R5, Ireland.

When we say "personal data," we mean any information that could identify you as an individual. This might be obvious stuff like your name and email, or less obvious things like your IP address or learning preferences.

Information We Collect

Information You Give Us Directly

When you interact with our site, you might share:

• Contact details like your name, email address, and phone number when you sign up for resources or get in touch
• Educational background and investment experience level to help us tailor content
• Questions or feedback you send through our contact forms
• Program enrollment information if you register for courses or workshops

Information We Collect Automatically

Like most websites, we gather some technical data when you visit:

• Your IP address and general location (usually just city level)
• Browser type and device information
• Which pages you visit and how long you spend on them
• How you found us (search engine, another website, direct visit)
• Date and time of your visits

How We Use Your Information

We're not in the business of collecting data for the sake of it. Everything we gather serves a purpose:

We personalize content based on what you've told us about your experience level. If you're new to investing, we won't bombard you with advanced portfolio theory. And if you're experienced, we won't waste your time with basics you already know.

Sharing Your Information

We're not selling your data to anyone. Period. But we do work with some trusted partners to run our operations:

• Service providers: Companies that help us with email delivery, website hosting, and analytics. They only access what they need to do their job, and they're contractually bound to protect your information.
• Legal requirements: If we're legally required to disclose information (like a court order), we will. But we'll notify you first unless we're prohibited from doing so.
• Business transfers: If Youatox is acquired or merged with another organization, your data would transfer to the new owners. We'd notify you beforehand.

Some of our service providers are based outside Ireland, including cloud hosting services in other EU countries. When data leaves the EU, we ensure appropriate safeguards are in place through standard contractual clauses approved by the European Commission.

Your Rights Under Irish and EU Law

The GDPR gives you strong rights over your personal data. Here's what you can do:

How We Protect Your Information

Security is something we take seriously, not just because we're legally required to, but because it's the right thing to do. Here's what we do to keep your data safe:

• All data transmission to and from our website uses SSL/TLS encryption (that's the padlock you see in your browser)
• Our servers are hosted in secure facilities with restricted physical access
• We use firewalls and intrusion detection systems to monitor for suspicious activity
• Access to personal data is restricted to employees who need it for their work, and they're trained in data protection
• We regularly back up data and test our recovery procedures
• Our systems are updated regularly to address security vulnerabilities

No system is completely bulletproof. If we discover a breach that poses a risk to your rights, we'll notify you and the Data Protection Commission within 72 hours, as required by law.

How Long We Keep Your Data

We don't keep information longer than necessary. How long that is depends on why we collected it:

• Newsletter subscribers: Until you unsubscribe or ask us to delete your information
• Contact form inquiries: Generally 2 years after our last interaction, unless there's an ongoing matter
• Course participants: Educational records kept for 7 years to maintain academic integrity and provide references if needed
• Website analytics: Aggregated data kept indefinitely (it's anonymized), individual session data for 26 months
• Financial records: 7 years as required by Irish tax law

When we no longer need information, we securely delete or anonymize it. Deletion means it's gone completely. Anonymization means we remove identifying details so the data can't be traced back to you.

Children's Privacy

Our services are designed for adults. We don't knowingly collect information from anyone under 16 without parental consent. If you're a parent and believe your child has given us personal information, please contact us and we'll delete it.

For young people aged 16-18, we recommend discussing your interest in investment education with a parent or guardian before sharing personal information with us.

International Data Transfers

While we're based in Ireland and most of our operations stay within the EU, some services we use might involve data transfers outside the European Economic Area. When this happens, we ensure proper safeguards:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions confirming the receiving country has appropriate data protection laws
• Additional security measures where needed to ensure equivalent protection

You can request information about specific safeguards we've implemented for international transfers by contacting us.

Marketing Communications

We'll only send you marketing emails if you've explicitly agreed to receive them. These might include educational updates, new course announcements, or investment awareness content we think you'll find useful.

Every marketing email includes an unsubscribe link at the bottom. One click and you're off the list. It might take a few days to process, so you might receive one or two more emails, but then it stops.

Unsubscribing from marketing doesn't affect essential communications related to services you've requested, like course materials or responses to your inquiries.

Third-Party Links

Our website might link to external sites for additional resources or references. We're not responsible for the privacy practices of those sites. When you click through to another website, their privacy policy applies, not ours. We recommend reading their policies before sharing personal information.

Changes to This Policy

We review and update this policy periodically to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by email (if we have your address) or through a prominent notice on our website.

The "Last Updated" date at the top tells you when we last revised this policy. We encourage you to check back occasionally to stay informed about how we're protecting your information.

Data Protection Officer

Given the nature and scale of our operations, we're not currently required to appoint a dedicated Data Protection Officer under GDPR Article 37. However, our team collectively handles data protection responsibilities with the same care and attention.

For any data protection questions or concerns, contact us directly through the details below. We treat these matters seriously and respond promptly.