Legal

Privacy Policy

We take your privacy seriously. This policy explains exactly what data we collect, how we use it, and the rights you have under GDPR and international law.

Last updated:  ·  Effective: 1 January 2025

1. Overview

Yezidi Community ("we", "us", or "our") operates the website yezidicommunity.com and the Yezidi Community mobile application (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform.

We are committed to protecting the privacy and dignity of the Êzîdî community. We do not sell your data. We do not use your data for advertising. We designed this platform with the safety and privacy of a historically persecuted community in mind.

Plain language summary: We collect only what we need to run the platform. We never sell your data. You control your information and can delete it at any time. We comply with the EU General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for your personal data is:

Yezidi Community
Email: privacy@yezidicommunity.com
Website: www.yezidicommunity.com

For all privacy-related enquiries, including data access requests and complaints, please contact our designated Data Protection contact at the email above.

3. Data We Collect

We collect different types of information depending on how you use the Platform.

3.1 Information you provide directly

  • Account information: name (or chosen display name), email address, phone number (optional), date of birth (for age verification), and password (stored as a one-way cryptographic hash).
  • Profile information: profile photo, bio, location (city or country level), language preferences, and any cultural or heritage information you voluntarily share.
  • Content: posts, photos, videos, comments, messages, and other content you create or share on the Platform.
  • Communications: messages you send to other users (which may be end-to-end encrypted) and correspondence you send to us.
  • Survey and feedback responses: when you choose to participate in research or provide feedback.

3.2 Information collected automatically

  • Device information: device type, operating system and version, browser type, unique device identifiers.
  • Usage data: pages visited, features used, time spent, click patterns, and interactions within the Platform.
  • Log data: IP address, timestamps, referring URLs, and error logs.
  • Location data: general geographic location inferred from IP address. We do not collect precise GPS location without explicit permission.

3.3 Information from third parties

  • If you register using a third-party authentication service (e.g., Google, Apple), we receive basic profile information from that service as permitted by your settings there.
  • We may receive information from community moderators regarding reported content or conduct.

3.4 Sensitive data

We are aware that certain information on this platform — including ethnoreligious identity, cultural practices, and community affiliation — may be considered sensitive personal data under GDPR Article 9. We collect and process this information only where you have given explicit consent, and we implement enhanced protections for it.

4. How We Use Your Data

We use your personal data for the following purposes and legal bases:

4.1 To provide and operate the Platform

Legal basis: Contract performance (Article 6(1)(b) GDPR)

  • Creating and managing your account
  • Enabling you to post content, message others, and join groups
  • Processing your interactions with other users
  • Providing customer support

4.2 For safety and security

Legal basis: Legitimate interests (Article 6(1)(f) GDPR)

  • Detecting and preventing fraud, abuse, spam, and illegal activity
  • Enforcing our Terms & Conditions and Community Guidelines
  • Verifying user identity where necessary
  • Protecting the safety of community members

4.3 To improve the Platform

Legal basis: Legitimate interests (Article 6(1)(f) GDPR)

  • Analysing usage patterns to improve features and performance
  • Conducting anonymised research on community trends
  • Debugging and fixing technical issues

4.4 To communicate with you

Legal basis: Consent (Article 6(1)(a) GDPR) or Legitimate interests

  • Sending service-related notifications (e.g., account activity, security alerts)
  • Sending community updates and newsletters (only if you opted in)
  • Responding to your enquiries

We do not use your data for targeted advertising. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Sharing & Disclosure

We do not sell your personal data. We share data only in the following limited circumstances:

5.1 With other users

Information you make public on your profile (display name, profile photo, bio) is visible to other users. Content you post in public groups is visible to all members of those groups. You control what you share via your privacy settings.

5.2 With service providers

We use carefully vetted third-party providers to operate the Platform (e.g., cloud hosting, email delivery, push notifications). These providers process data only on our behalf under strict data processing agreements and may not use your data for their own purposes.

5.3 For legal compliance

We may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect the safety of any person, or to protect the rights and property of Yezidi Community.

5.4 Business transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your personal data for as long as your account is active, or as long as necessary to provide you with the Platform's services. Specifically:

  • Account data: retained while your account is active. Deleted within 30 days of account deletion request.
  • Content (posts, photos, videos): deleted when you remove it or within 30 days of account deletion.
  • Log data and usage data: retained for up to 12 months for security and operational purposes.
  • Financial records (if applicable): retained for 7 years as required by applicable law.

When you delete your account, we will delete or anonymise your personal data unless we are required to retain it for legal obligations.

7. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve the Platform. You can manage cookie preferences through your browser settings or our cookie consent tool.

7.1 Types of cookies we use

  • Essential cookies: Required for the Platform to function (e.g., session cookies, security tokens). These cannot be disabled.
  • Functional cookies: Remember your preferences (e.g., language, theme settings).
  • Analytics cookies: Help us understand how users interact with the Platform. We use privacy-respecting analytics (no IP tracking, no cross-site tracking). Only active with your consent.

7.2 What we do NOT use

  • We do not use advertising or tracking cookies from third-party ad networks.
  • We do not use cross-site tracking technologies.
  • We do not participate in behavioural advertising ecosystems.

You can opt out of analytics cookies at any time. Opting out of essential cookies will affect platform functionality.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access (Article 15): You can request a copy of all personal data we hold about you.
  • Right to rectification (Article 16): You can request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): You can request deletion of your personal data ("right to be forgotten") in certain circumstances.
  • Right to restrict processing (Article 18): You can ask us to limit how we use your data in certain circumstances.
  • Right to data portability (Article 20): You can request your data in a structured, machine-readable format.
  • Right to object (Article 21): You can object to processing based on our legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
  • Right not to be subject to automated decision-making: You are not subject to solely automated decisions that significantly affect you.

To exercise any of these rights, email us at privacy@yezidicommunity.com. We will respond within 30 days. We will never charge a fee for reasonable requests.

You also have the right to lodge a complaint with your local Data Protection Authority. In Germany, this is the Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI).

9. Security

We implement industry-standard security measures to protect your personal data, including:

  • Encryption of data in transit using TLS 1.3
  • Encryption of data at rest using AES-256
  • End-to-end encryption for private messages
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Strict access controls — only authorised personnel can access personal data

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you discover a security vulnerability, please report it responsibly to security@yezidicommunity.com.

10. Children's Privacy

The Platform is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you are between 13 and 16 years of age, parental or guardian consent is required in certain EEA jurisdictions.

If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly. Please contact privacy@yezidicommunity.com if you believe we have inadvertently collected data from a child.

11. International Data Transfers

As a global platform, your data may be transferred to and processed in countries outside the EEA. When this occurs, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules where applicable

By using the Platform, you acknowledge that your data may be transferred internationally. We take all reasonable steps to ensure your data receives an equivalent level of protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via the Platform or email (for material changes)
  • Where required by law, obtain your consent for the new processing

Your continued use of the Platform after a policy update constitutes acceptance of the updated terms, subject to your rights under GDPR.

13. Contact Us

For all privacy-related questions, data access requests, or concerns, please contact:

Yezidi Community — Data Privacy
Email: privacy@yezidicommunity.com
Website: www.yezidicommunity.com

We aim to respond to all requests within 30 days. For complex requests, we may extend this by an additional 60 days, and will notify you accordingly.