European Residents Privacy Rights (GDPR)

What it is

If you live in the EU, EEA, UK, or Switzerland, Yelp Ireland Ltd. is responsible for your data under GDPR, and you have rights to access, correct, delete, restrict, port your data, and object to how it is used, and you can complain to your national data protection authority.

Why it matters (compliance & governance perspective)

This provision structures Yelp's operational compliance obligations under GDPR by designating the responsible entity and delineating the procedural rights users may exercise regarding their personal information. The specification of these rights establishes the framework through which European residents can direct how their data is processed.

Consumer impact (what this means for users)

EU, EEA, UK, and Swiss residents can exercise GDPR rights including data deletion and objection to processing directly with Yelp Ireland Ltd. and can escalate to their national supervisory authority if their request is not handled appropriately.

What you can do

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: GDPR (Regulation (EU) 2016/679) and the UK GDPR apply to Yelp Ireland Ltd.'s processing of European Residents' personal data. The Irish Data Protection Commission (DPC) is the lead supervisory authority for Yelp Ireland Ltd. under the GDPR's one-stop-shop mechanism, though other EEA national authorities may also have jurisdiction for local matters. UK users fall under the UK Information Commissioner's Office (ICO) oversight. GOVERNANCE EXPOSURE: Medium. Yelp Ireland Ltd.'s status as data controller for European Residents is clearly stated, which is a positive transparency indicator. However, the policy does not enumerate the specific legal bases relied upon for each processing purpose, which is a GDPR Article 13/14 transparency requirement. The right to withdraw consent and the right to object are both mentioned, but the practical mechanism for exercising these rights and the consequences of doing so are not fully detailed in the publicly available policy text. JURISDICTION FLAGS: EEA residents fall under Yelp Ireland Ltd. jurisdiction with the Irish DPC as lead supervisory authority. UK residents fall under UK GDPR with the ICO as competent authority. Swiss residents' data protection is governed by the revised Swiss Federal Act on Data Protection. Transfers of European Residents' data outside the EEA must comply with GDPR Chapter V transfer mechanisms. CONTRACT AND VENDOR IMPLICATIONS: Data processing agreements between Yelp Ireland Ltd. and sub-processors must comply with GDPR Article 28 requirements. International data transfer mechanisms (standard contractual clauses, adequacy decisions) should be documented and maintained. Business customers in the EU using Yelp for advertising services should confirm their own controller/processor roles. COMPLIANCE CONSIDERATIONS: Compliance teams should request Yelp Ireland Ltd.'s Records of Processing Activities (ROPA) documentation to verify that all processing purposes and legal bases are documented as required by GDPR Article 30. The mechanism for exercising data portability should be tested to confirm it provides data in a commonly used, machine-readable format as required by GDPR. Response timelines for GDPR rights requests (one month, extendable to three months with notice) should be operationally verified.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• AI Training Use of User Content medium
• Precise Geolocation Data Collection medium
• Third-Party Advertising Data Sharing medium
• Data Retention Post-Account Closure medium
• Sensitive Data Collection Including Health Information medium
• Children's Privacy and Age Restriction medium