WHAT’S NEW
Validity has chosen to comply with the principles outlined in the Data Privacy Framework as part of its commitment to protecting personal privacy. Please see Section XV below. The company also made updates regarding which personal data is collected and used and more details about our processing and use of your information, including for marketing and related purposes, in compliance with applicable regulatory changes and requirements. Finally, we have updated the format of the Privacy Policy and California Privacy Notice to make it easier to read. It is important that you review the Privacy Policy and California Privacy Notice (if applicable) carefully.
Privacy Policy
- Information about Validity
- Introduction to the Privacy Policy coverage and Validity’s role.
- What do we collect, How do we collect it, and What’s the basis and purpose of processing
- De-identified data
- Profiling and automated decision-making
- Disclosure of Personal Data
- No Sale of Personal Data
- How we secure Personal Data
- How we use cookies and other tracking technologies
- Data retention
- Third-party sites
- Privacy notice regarding children
- Sensitive information
- International transfers
- Data Privacy Framework
- Privacy rights
- How to exercise privacy rights
- Opt-out of marketing communications
- Privacy Policy updates
- Contacting Validity
- Information about Validity
Validity is a company that focuses on data-driven solutions for marketing and sales, operating in the data management and email marketing sectors. We offer a range of products that provide services including email address verification, inbox deliverability, CRM data management, and campaign intelligence for ecommerce teams.
Validity provides SaaS and on-prem applications to businesses via a business-to-business (B2B) model. Our customers range from large enterprises to smaller companies. Validity’s products and services are sold online and directly to organizations via other sale channels around the world. Our products are not designed for personal or non-commercial use. Generally, our customers control the data they enter into our applications and decide how it should be used.
- Introduction to the Privacy Policy coverage and Validity’s role.
Validity, Inc., and its Affiliates (“Validity,” “we,” “our,” “us”) respect your privacy rights and value your trust. This Privacy Policy describes how we collect, receive, use, store, share, transfer, and process information about you that directly or indirectly identifies you (“Personal Data” or “Personal Information”), as well as your rights in determining what we do with the information that we collect or hold about you.
This Privacy Policy applies when Validity is the data controller of your Personal Data (unless a different Validity privacy notice is presented when we collect your Personal Data) and describes if and how Validity processes your Personal Data for its own purposes.
A data controller (or business) determines the purposes and means of processing your Personal Data. (There may be some variations in the definition among global data privacy laws, but the concept is generally the same.) The data controller decides the how and why of a data processing operation.
This Privacy Policy applies in connection with the receipt and use of Validity’s content, communications (including emails), and services (“Offerings”) or from any of the websites operated by Validity (the “Sites”), and other services provided by us both online and offline that link to this Privacy Policy (together with the Offerings and the Sites, the “Services”). By using the Services, you accept and agree to the practices that this Privacy Policy describes.
- This Privacy Policy does not cover how we process Personal Data on behalf of our customers as a data processor.
- If you are an employee, a client, or a customer of an organization that uses a Validity’s product or service and you have questions or concerns about the Personal Data that an organization holds about you or would like to exercise your privacy rights, please send your request directly to that organization (as Validity is required to direct your requests under current laws and regulations to that organization).
- If you are a Validity’s job applicant, please refer to the Applicant Privacy Notice.
- If you are a Validity’s current or former employee or contractor, please refer to internal policies or contact us at [email protected].
- Additionally, this Privacy Policy does not apply to the practices of third parties that Validity does not own or control or to those of individuals that Validity does not employ or manage.
California Residents
Please refer to our California Privacy Notice here for more details on California-specific privacy rights and other locally required information concerning our processing of Personal Data. - What do we collect, How do we collect it, and What’s the basis and purpose of processing
Validity collects and uses Personal Data for a variety of purposes and in compliance with applicable laws. Below, we describe (i) some of the common ways we collect your information, (ii) data points we collect in those instances, and (iii) the legal bases and purpose for collection. You will be informed at the time of collection if we need to collect any other Personal Data about you.
If you submit any Personal Data to us or our vendors, consultants, agents, or service providers (collectively, “Service Provider(s)”) in connection with the Services, you represent that you have the authority to do so and permit us to use the information in accordance with this Privacy Policy.
We and our Service Providers collect Personal Data in a variety of ways, including:
- Through the Sites: We collect information when you use Validity’s sign up forms or Sites to submit a request for a free trial or demo, to register for a webinar, to sign up for an event, to contact us, to use online chatbot functionality, to leave feedback, to answer survey, to subscribe to our email newsletters, to register to use the Sites (including Validity Blog, Validity Help Center and Validity Customer Community), to download content (e.g. FAQs, whitepapers); or to submit online support tickets (etc.).
Examples of data points Legal basis and purpose for processing Business contact information such as first and last name, email, telephone number, company name, job title, country; IP address; feedback provided; content of the submitted request/issue; time zone and country or city-level location based on your public IP address. We rely on our legitimate interests or your consent to carry out business activities when we respond to your communication(s); process your request(s); provide you with information about our products; support our marketing activities (including information about events and new products); fulfill contract requirements; manage, plan, and host event(s) (including to send related communications); provide you with appropriate online form based on your location; and use your feedback to develop, enhance, and update our Services. - Online meetings and sales/support calls: We collect Personal Data (including audio and video content, if applicable) when you contact our sales or support teams or participate in online meetings with them. We may record such calls and online meetings for our staff training, quality assurance, and business administration purposes. To gain better insights into our interactions with our customers and prospects, we may use Artificial Intelligence (AI) powered tools to analyze the content of such calls and recordings. In compliance with applicable laws, we will always notify you before recording a call or a meeting.
Examples of data points Legal basis and purpose for processing Business contact information such as first and last name, email, company name, job title, video and audio content/image(s). We rely on your consent (where required under applicable law) or our legitimate interests (where applicable) to process that data to enhance our sales/support processes and make our sales/support calls more effective; keep our CRM records up to date; generate automated call transcripts for analysis and audit; and train our sales and support teams. - Offline: We collect information from you offline, such as when you attend one of our events (or co-hosted events) and share your business card/info with us, or when you sign up at Validity’s event booths.
Examples of data points Legal basis and purpose for processing Business contact information (often presented on a business card) such as first and last name, email, telephone number, company name, job title, country. We rely on your consent (where required under applicable law) to follow up with you with information about our products and services; support our marketing activities (including information about future events and products). - Information from Other Sources: Besides collecting information directly from you (as described above), we may obtain information about you from othersources, such as public databases, joint marketing partners, your organization’s website, and social media platforms, as well as from other third parties whose services we may use to validate or update your business contact information or who help us with our Services.
Examples of data points Legal basis and purpose for processing Business contact information such as first and last name, email, telephone number, company name, job title, industry, country. We rely on our legitimate interests or your consent (if applicable) to carry out business activities such as to deliver interest-based content to you, including marketing and advertising material; identify potential customer opportunities and understand our market in order to grow and manage the business; and to keep our customer business contact records accurate, complete and up-to-date. - Through Your Browser or Device: When you visit our Sites, we may collect information related to your interaction with the Sites. If you use a mobile device to access our Sites, we may receive information about the location of your device. In some cases, even if you are not using a mobile device, information about your general location may be discernible from your device’s IP address or the URLs we receive.
Examples of data points Legal basis and purpose for processing MAC (Media Access Control) address, IP address, Internet browser type and version, your computer type (Windows or Macintosh), along with the time of visit and the pages you visited; or country or city-level location based on your public IP address. We rely on our legitimate interests to carry out business activities such as to improve the content of our Services; administer our Services, including by monitoring and analyzing traffic and usage patterns; and prevent fraud, illegal activity or security vulnerabilities. - Through Your Use of the Services: We may track Services usage data, such as what features you use, your actions and the date and time within those Services; how you interact with our emails (for example, when you open a marketing email or click on an embedded link), or your use of a chatbot. To gain better insights into your interactions with Services, we may use AI-powered tools to analyze the aggregated usage data.
Examples of data points Legal basis and purpose for processing MAC (Media Access Control) address, IP address, country or city-level location based on your public IP address, Internet browser type and version, your computer type (Windows or Macintosh), along with the time of visit and the pages you visited; click-activity and date/time stamps of your use; and movements across the Sites. We rely on our legitimate interests to carry out business activities, including to perform internal analytics and improve the content of our Services; administer our Services and manage content, including by monitoring and analyzing traffic and usage patterns; prevent fraud, illegal activity or security vulnerabilities; and enforce our policies and terms of use. - Through Cookies and other Similar Technologies: When you visit our Sites, we use cookies and similar technology to store and retrieve information on your browser. See the Section IX below titled “How we use cookies and other tracking technologies” for more details.
Examples of data points Legal basis and purpose for processing MAC (Media Access Control) address, IP address, Internet browser type and version, your computer type (Windows or Macintosh), along with the time of visit and the pages you visited, country or city-level location based on your public IP address, language preference, interactions with our advertising and social media content. We rely on consent (as applicable) and our legitimate interests to carry out business activities such as to improve the content of our Services; administer our Services, including by monitoring and analyzing traffic and usage patterns; to serve you with more tailored information about Services including advertisements, to facilitate your ongoing access to and use of the Sites (including authentication); prevent fraud, illegal activity or security vulnerabilities; monitor your navigation of the Sites, and to gather demographic information about our user base to use for future business planning and marketing strategy. - Information Specific to Validity’s Feedback Loop: Validity provides Feedback Loop services to you on behalf of select Internet Service Providers (“ISPs”) partnered with us. To provide the Service to you, we will make your registration information (first name, last name, and email address, along with any domain or IP data you provide) available to our ISP partners. This information is provided so that they may evaluate, approve, and administer Feedback Loop Services for you. We provide your registration information to these partners, but they are not permitted to retain or use your information for any purpose other than administering this Feedback Loop Service. Refer to the Data Processing Addendum for more information, as applicable.
- Information Specific to Data Feed Services: We collect Personal Data only when you provide such information directly to us in connection with Data Feed Services. We ask for Personal Data such as your name and e-mail address when you correspond with us for information or support. We may also retain any messages you send to us through the Data Feed Service and may collect content and information you provide when you post on the Site or Service (“User Content”). We use this information to identify malicious traffic for security companies to help them improve internet security efforts. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to Data Feed Service(s).
In addition to the examples described in this Section III above, Validity may use your Personal Data and any inferences drawn from such Personal Data for the following purposes:
- When necessary to fulfill a contract or take steps to enter into a contract with you.
- If you have consented or requested to receive communications from us.
- If it is necessary for our legitimate interest, including: (i) to keep our records updated; (ii) to explore how our Offerings are used; (iii) to offer additional features to our customers; (iv) for provision of Services, (v) to prevent fraud or monitor for security vulnerabilities; (vi) in the context of a business reorganization or group restructuring exercise; (vii) to keep our Sites updated and relevant; (viii) to develop our business; and (ix) to inform our marketing strategy (by delivering Sites content and advertising to you).
- For our business purposes, such as data analysis, audits, fraud and abuse monitoring and prevention, detecting security vulnerabilities, identifying technical errors, for testing products and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
- As we believe to be necessary or appropriate: (i) under applicable law, including laws outside your country of residence; (ii) to comply with legal process; (iii) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (iv) to enforce our terms and conditions; (v) to protect our operations or those of any of our Affiliates; (vi) to protect our rights, privacy, safety, or property, and/or that of our Affiliates, you, or others; and (vii) to allow us to pursue available remedies or limit the damages that we may sustain.
If you would like more information on the legal basis under which we have collected and/or are processing your Personal Data, please contact us at [email protected].
- Through the Sites: We collect information when you use Validity’s sign up forms or Sites to submit a request for a free trial or demo, to register for a webinar, to sign up for an event, to contact us, to use online chatbot functionality, to leave feedback, to answer survey, to subscribe to our email newsletters, to register to use the Sites (including Validity Blog, Validity Help Center and Validity Customer Community), to download content (e.g. FAQs, whitepapers); or to submit online support tickets (etc.).
- De-identified data
Validity may create, collect, maintain, and use de-identified data to analyze and improve our products and Services. Validity will not attempt to re-identify you if your personal data has been de-identified and aggregated or otherwise processed such that you are no longer reasonably identifiable.
- Profiling and automated decision-making
Validity combines data obtained by the methods described above to help us determine what products and services might be of interest to you and when you might be ready to make a purchase based on repeated interaction with Validity websites, emails, and content. Validity marketing and sales personnel are involved in this process and no automated decisions are made that would result in legal effects or similarly significantly affect an individual.
- Disclosure of Personal Data
Subsidiaries and Affiliates
We may disclose Personal Data to Affiliates where necessary to fulfill a request you have submitted or for customer support, marketing, technical operations, event registration, and account management purposes.Service Providers
We contract with Service Providers to perform tasks on our behalf, and we may share your Personal Data with some of them to provide our products or Services to you, or to otherwise communicate with you, such as to perform marketing outreach or make offers on our behalf, including online advertisements (refer to “How we use cookies and other tracking technology” section for more information). Additional examples include removing redundant or outdated information from customer lists, analyzing data, providing marketing assistance, requesting and using your feedback, conducting billing,processing credit card payments, engaging technical support for our Services, providing customer service, hosting our Services, and performing analysis related to our products or Services. We also provide your Personal Data to Service Providers (ex: Google Analytics, NextRoll) to verify or compile aggregate usage data that we provide to our partners. When we share your Personal Data, we require the Service Providers to comply with applicable laws and maintain the privacy, confidentiality and security of your Personal Data.Business Partners and Sweepstakes
With your prior consent, we may share Personal Data with business partners or other third-party sponsors of sweepstakes, contests and similar promotions from time to time. When you sign up for co-hosted webinars or any other events and consent (as applicable), we may disclose the business contact information you provided to us to these third-parties to communicate with you about their offerings.Validity Blog, Validity Help Center, Validity Customer Community, and Social Media Pages
You may disclose Personal Data on or through the Sites, message boards, chatbot, profile pages, blogs, and other
Services to which you are able to post information and materials (including, without limitation, our Validity Blog at https://www.validity.com/blog/, Validity Help Center at https://knowledge.validity.com/, and Validity Customer Community at https://mycommunity.validity.com, and Validity’s social media pages). This information can appear in public ways, such as through search engines or other publicly available platforms and can be “crawled” or searched by third-parties. Please do not post any information to Sites or Services that you do not want to reveal to the public at large.Business Transfers
In the event Validity buys or sells assets or businesses, user information may be one of the business assets that is transferred. Validity may disclose Personal Data to a third- party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).Protection of Validity and Others
We may release Personal Data as we believe necessary and appropriate to law enforcement, tax, fraud prevention, credit risk agencies and other companies and organizations. - No Sale of Personal Data
We do not “sell” your Personal Data, as defined in CA AB 375 and NV SB 220, for consideration. California residents should refer to the California Privacy Notice here for more information.
- How we secure Personal Data
We have implemented appropriate organizational, technical, and administrative measures to protect Personal Data within our organization, including security controls to prevent unauthorized access to our networks and systems. While we take reasonable steps to secure your Personal Data from loss, misuse, interference and unauthorized access, modification and disclosure, you should be aware no security procedures or protocols can be 100 percent secure from intrusion or hacking, and there is therefore always some risk assumed by sharing Personal Data online. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us at [email protected].
- Data retention
We retain the Personal Data we collect where we have an ongoing legitimate business need to do so (for example to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process your Personal Data, we will either delete or aggregate it or, if this is not possible due to practical or legal requirements, then we will securely store your Personal Data. If you wish to cancel your account or request that we no longer use your information to provide you with Services, contact our support team by emailing us at [email protected].
- Third-party sites
Our Sites include social media features, such as the Facebook button and X Tweet button or interactive mini-programs that run on our website (the “Features”). Your interactions with these Features are governed by the privacy policy of the company providing it.
Please be aware that when you are on the Sites, or when you receive an email message from us through the Offerings, you could be directed to other sites that are beyond our control. There may be links to other sites from the Site’s pages or from the email message we send to you that take you outside our Services. These other sites may send their own cookies to visitors, collect data, or solicit Personal Data. The privacy policies of these other sites may be significantly different from this Privacy Policy. We are not responsible for the privacy practices of these other sites and cannot guarantee the security of any of your Personal Data collected there.
- Privacy notice regarding children
Validity does not knowingly collect information from children under the age of 16 on the Site or through the Service. If you are under the age of 16, please do not provide any information to us. If we become aware that we have collected information from a child under the age of 16, we will make commercially reasonable efforts to delete such information from our systems.
- Sensitive information
We ask that you not send us or disclose any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, sexual orientation, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Sites or via other means.
- International transfers
Your Personal Data may be stored and processed in any country (including the United States) where we have facilities or in which we engage Service Providers, and by using the Sites or disclosing information to us you consent to the transfer of information to countries outside of your country of residence, which could have different data protection laws than those of your country or the country in which you were located when you initially provided the information. Validity will take steps to ensure that your Personal Data is subject to appropriate safeguards, including, where required, by implementing appropriate transfer mechanisms such as the Data Privacy Framework (DPF) and European Commission standard contractual clauses (as amended and approved) for the transfer of Personal Data to third countries, supported by appropriate technical and organizational measures. For additional information regarding the DPF please refer to the Data Privacy Framework section below.
- Data Privacy Framework
Consistent with its commitment to protect personal privacy, Validity has decided to voluntarily adhere to the principles set forth in the Data Privacy Framework. As such, Validity complies with the EU-U.S. Data DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF as set forth by the U.S. Department of Commerce.
Validity has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.Validity has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.Independent Dispute Resolution / Binding Arbitration
In compliance with the EU-U.S. DP and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Validity commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Validity at: [email protected]
or
Attention: SVP of Legal and Privacy
Validity, Inc.
100 Summer Street, Suite 2900
Boston, MA 02110In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Validity commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Judicial Arbitration and Mediation Services, Inc. (“JAMS”), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If JAMS does not resolve the matter, you may be able to invoke binding arbitration when other dispute resolution procedures have been exhausted. For more information: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.Oversight, Liability and Accountability
The Federal Trade Commission has jurisdiction over Validity’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Validity retains accountability for any onward transfer of the third parties. This requirement limits transfers of personal data to third parties, for only specified purposes, and the third parties must provide the same level of protection as required under the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. - Privacy rights
Applicable data privacy laws and regulations may afford you specific privacy rights (which depend on your location and jurisdiction), which may include and are not limited to the right:
- to know what Personal Data we hold and process about you and to access it
- to correct any inaccurate Personal Data we may have about you;
- to erase your Personal Data;
- to cease or to restrict the processing of your Personal Data;
- to request to furnish you with the Personal Data which you provide us in a structured, commonly used, and machine-readable format;
- to withdraw your consent (to the extent our processing of your Personal Data is based on your consent);
- to object to legitimate reasons for the processing of your Personal Data;
- to opt-out of targeted advertising, profiling, the sale or sharing of Personal Data;
- to receive non-discriminatory treatment for the exercise of privacy rights;
- to lodge a complaint with the appropriate data protection authority if you have any concerns with regards to the processing of your Personal Data.
A full list of EEA data protection authorities is available here. Also here is the link to the Information Commissioner’s Office (ICO) which is the UK supervisory authority.
California Residents
Please refer to our California Privacy Notice here for more details on California specific privacy rights and other required information concerning our processing of Personal Data. - How to exercise privacy rights
Validity responds to all privacy rights requests in accordance with applicable data privacy laws and regulations, which may provide certain restrictions on the extent to which you may exercise them. When a privacy right request is submitted, Validity will respond within a reasonable time frame the length of which depends on how complex or voluminous the request is (to the extent permitted by applicable law or regulation). Validity will promptly notify you if the response time will be extended.
Validity does not make decisions solely based on automated processing that produces legal or similarly significant effects (as described in applicable laws and regulations) as part of the processing activities covered by this Privacy Policy.
You may exercise applicable privacy rights by submitting your request to [email protected].
Please indicate which privacy right you are exercising in the request with the corresponding data privacy law or regulation. We also need to know your email address which is associated with Validity to initiate your request. Please note we may request additional information to verify your identity, depending on the request type.
To opt out of the “sharing” of your Personal Data for targeted advertising, as defined by applicable laws, please disable Targeting Cookies in our “Privacy Preferences Center” by clicking “Cookies Settings” (which is also accessible via an icon located at the bottom left corner of the Site) within our cookie setting functionality. If you visit us from a different device or browser or clear cookies, then you may need to return to this screen to re-select your preferences. You may also implement the Global Privacy Control (GPC). For instructions on how to download and use GPC, please visit https://globalprivacycontrol.org.
California Residents
Please refer to our California Privacy Notice here for more details on California specific privacy rights and how to exercise them. - Opt-out of marketing communications
You can opt-out of receiving marketing communications from Validity by unsubscribing through the Unsubscribe or Opt-out link in an email. Please note that if you opt-out of receiving marketing or related emails from us, we may still send you important administrative and transactional messages.
- Privacy Policy updates
We update the Privacy Policy from time to time, so please review it regularly. If we materially change our Privacy Policy, we will notify you by posting a notice during the log-in process or on validity.com. Your continued use of the Services will be deemed your agreement that your information may be used in accordance with the new Privacy Policy. If you do not agree with the changes, then you should stop using the Services and notify us at [email protected] that you do not want your information used in accordance with the changes.
- Contacting Validity
We welcome any questions, comments, or concerns you may have regarding this Privacy Policy. Validity, Inc is the data controller (business) for your Personal Data. Please do not hesitate to contact us as follows:
Validity, Inc.
Attn: Privacy Department
100 Summer Street
Suite 2900
Boston, MA 02110
(800)-961-8205(US toll-free)
[email protected]The Charter Building
Uxbridge, UB8 1JG
London
EC4R 3TTV
[email protected]
Effective Date: March 2024