Privacy & policy

Privacy & policy

Privacy policy 

Since privacy and data protection are at the core of our business, it is of paramount importance to us that when processing personal data, we do so in lawful and responsible manner. With personal data we mean any piece of information relating to an identified or identifiable person (‘data subject’) that allows us to identify a person directly or indirectly. Processing of personal data refers to any operation or set of operations which is performed on personal data, such as collection and storing of personal data. 

The standard for our personal data processing operations are the relevant national and international regulations and we adhere to the rules and principles set out in the Jamaican Data Protection Bill as soon as the Act is passed will review same and ensure it complies with the law as promulgated. 

We want to be transparent about our data processing. You can find more information about Right Yahso ’s data processing below. We may update this Privacy Notice from time to time. If we make any substantial changes to our processing, we openly seek to inform you.

Right Yahso as a Controller and Processor

Right Yahso acts as a controller for the personal data concerning our business contacts, namely the representatives of our corporate clients, potential corporate clients and other stakeholders such as suppliers and their representatives. If you are our business contact, this statement explains how Right Yahso processes your personal data.

Right Yahso  as controller 

Controller refers to a company or other party which is in charge of the processing and determines how the personal data is processed. 

Right Yahso  as a processor 

Processor refers to a company or other party which is processing personal data on behalf of the controller and according to the instructions received from the controller. 

Right Yahso a acts as processor for some of the personal data that we process in the context of providing our cloud-based tools and services.

Contact Information 

If you have any questions or comments, please contact us by using Right Yahso’s email address ([email protected]).

Right Yahso 

Collection and Use of Personal Data

Our core business is not the collection of your personal data. Therefore, we process only a minimum amount of personal data necessary to operate our business, to offer and provide our services. We will only process your personal data for predefined purposes and we make sure that we have legal grounds for it.

We process personal data for the following purposes:

To provide our services. This includes processing of contact information, billing information and other information which you have provided to us in the context of requests or the provision of services.

To market and advertise our products. This includes processing of, for exae, contact information, information about purchases, your requests and information about your preferences. We may obtain your personal data also from publicly available sources, such as from your company’s website or Facebook.

To conduct market research. This includes processing of necessary contact information and the answers you have provided for us. The contact details of the potential participants are collected among our business contacts and from publicly available sources. 

The processing is based on our interest to establish new business relationships and to maintain the existing ones. Our annual marketing research is based on our interest to gain insights from customers, potential customers and other stakeholders. With regards to electronic direct marketing, we process your data only if you have given your consent for it. 

As we are a company dependent on business operations, we do marketing for our business contacts. We keep records of our clients’ and potential clients’ details to market and provide more information about our products and services. This could mean for example invitations to our events and other marketing activities to promote our services. 

We use online advertising networks, social media companies and other third-party services to send marketing communication and display ads on other websites and services you may use. You can ask us to remove your data from these channels at any time by contacting us. You can unsubscribe from our mailing list by using the unsubscribe link in the relevant email. 

Disclosures and Data Sharing

We use third-party service providers to provide our services and to help operate our business efficiently. As a responsible company, we always use various contractual and other arrangements to ensure that our service providers process your personal data in accordance with the laws and good data processing practices. Some of our service providers or their support functions are located outside Jamaica. 

To ensure the confidentiality and high level of protection for your data, we are in the process of entering into data processing agreement with every service provider we use for the personal data processing. Our processors do not have the permission to process your information in any ways beyond the agreed services and Right Yahso  remains the sole controller of such data. 

We may have to disclose certain information to public or law enforcement authorities when this is required by law. We only do so on the basis of an adequate legal warrant or subpoena issues by a Jamaican or other relevant Court.  

In case of mergers or acquisitions, the acquiring entity may obtain access to relevant customer data assets. 

Data Security

Right Yahso  has appropriate security policy and procedures in place to protect personal data from loss, misuse or unauthorized access.

Right Yahso  environment is PCI (payment card industry) compliant, meaning that it provides a high level of data security comparable to that of a major Bank or financial institution. 

All sensitive data (Bank Account, Credit Card, etc) are transmitted over secure channels (HTTPS, VPN) using industry best practices. 

Additionally, all sensitive data are encrypted during transmission and storage to prevent unauthorized access. 

We guarantee that your data is kept confidential and secure. All employees authorized to process your data have committed themselves to confidentiality. We have a role-based access control, meaning that each employee is given access to resources and information based on the employee’s needs and job description. All networks, systems and services are protected with appropriate security measures and best practices. 

We have a formal policy and procedure to manage potential data breaches which allow us to assess the possible risks and alert you in case your personal data may have been affected. We regularly educate all employees to ensure the protection of your personal data.

Your Rights

You have several rights concerning your personal data, such as right to access, update, delete and have a copy of such data. We seek to ensure that you can exercise your rights efficiently. 

When you have given consent for the processing, and you do not want us to continue processing your data, you have a right to withdraw your consent at any point. You can unsubscribe from mailing list by using the unsubscribe link in the relevant email. 

When we process your data, we have taken your rights and interests into consideration. Especially when we process your data on the basis of our legitimate interests, for example for marketing and research purposes. We have assessed the processing and we ensure that it will not cause any significant intrusion into your privacy, or any other undue impact on your interests and rights. If you wish to hear more about the conducted assessments, please contact us. You have the right object to such processing at any time by contacting us.  

You have the right to obtain a confirmation whether your personal data is being processed or not and if you wish, receive a copy of such data.

We want that your personal data is correct and up to date. You can always contact us to have your data corrected, updated and completed. This right is known as the right to rectification.

In principle, you have right to have your personal data erased in part or in full. If you request the erasure of your personal data, we will assess whether we can erase such data. Please notice that we may have a legal right or obligation to keep your data for certain period of time. This right is known as the right to erasure or the right to be forgotten. 

If you wish to exercise your rights, or if you have any other question relating to the processing of your data or this privacy statement, please contact us


We use cookies and other similar technologies to collect data on the usage of our website. By analysing our website usage, we aim to maintain and further develop our websites. For example, we get information on which service pages you go to, what blog texts you might be interested in and how you navigate between the pages. In order to develop our website, it is important to know what kind of website content is most efficient and functional. The collected data also helps us to provide more personalised services and marketing to you. We can for example create target audiences and send them more relevant and personalised communication such as advertising and messages. You can always disable cookies altogether in the browser settings or you can delete cookies from the browser and disable all targeted advertising and communication based on your previous visits on our website.  


When you visit this website your online device will automatically receive one or several cookies, which are transferred from this website to your internet browser. 

What is a cookie?

A cookie is a small text file. It does not contain any personal information and is not able to collect information.  Two types of cookies can be used, “session-only” and “persistent”. “Session-only” cookies are deleted when you end your browser session. “Persistent cookies” remain on your device for the time period set in the cookie after which time they delete themselves. However, these cookies may be renewed every time you visit the website. 

Cookie types

It is common to distinguish between first-party cookies and-third party cookies. First-party cookies are allocated to the website that you visit while third-party cookies come from a third-party, such as a web analytics program. 

Why do we use cookies?

We use cookies to assess content usage and to compile statistics about the use of the website in order to improve the user experience. This data may be used to define where the visitors come from, what content is viewed and for how long. This information cannot be used to identify a visitor as an individual.  Both first-party and third-party cookies may be used on this website. 

How long will cookies be stored on my computer?

Cookie lifetime may vary. Some cookies will disappear when you close the browser while others exist for longer. For more information on cookie expiry see the cookie declaration.  


Pixels are codes on our website, which allows us to optimize marketing (retarget website visitors, reports) and track conversions. By using pixels, we can offer well-targeted and interesting content. Read more about pixels we use: Linkedin’s Insight Tag and Facebook pixel. In addition, we use HubSpot tracking in our newsletters and other content.  

Can I still visit the website if the cookie-function is disabled?

Yes. Should you have cookies disabled on your online device, you will continue to have the same access to the website content as with cookies enabled. However, some functions such as surveys and tools might operate with reduced functionality or not at all.  

Retention Periods

We have determined retention periods based on the purpose of the processing and the applicable legislation. For example, the accounting related laws require us to store your personal data for a certain period. We review the personal data we collect (e.g. the information of our business contacts) regularly to ensure that the personal data we have is up to date and is not retained longer than needed or required by the relevant laws. 

When not limited by applicable legislation, the retention periods are defined as follows: 

We retain your personal data for two years after the termination of the service agreement unless no other retention times are defined in the agreement.

If you are listed as a potential customer, your personal data is erased when we have no reason to assume that you would be interested in our services. This usually takes place if we have not been in touch with you for past 12 months.