Last Updated: April 15, 2019
INFORMATION WE COLLECT
When you use the Service Offerings, we may collect and use personal information about you, as well as other information “Personal Information” may include your name, email address, and other similar information that can be used to identify you. We also may collect usage information, which is information generated automatically as you navigate through the Service Offerings. More specifically, we may collect:
- Information that you provide directly to us by filling in forms on our Service Offerings, including your name, email address, street address, telephone number, or other information.
- Information provided when you communicate with us for any reason, including information you provide in any emails to us.
USE OF YOUR INFORMATION
We use the information we collect from you primarily to enable us to provide our Service Offerings, based on your consent, to perform Validity’s business purpose, or otherwise on Validity’s legitimate interest in providing and making such Service Offerings available to you in the best possible manner. In addition, your information may be used for the following purposes:
- To identify repeat visitors to our Service Offerings and to customize our content for each individual visitor;
- To register customer
- To manage relationship with customer
- To improve the content of our Service Offerings and its associated services and products;
- To deliver interest-based content to you, including marketing and advertising material;
- To carry out research on customer demographics, interests and behaviors; and
- To administer our Service Offerings, including by monitoring and analyzing traffic and usage patterns.
If we ask you to provide your personal information, we will advise you upon collection whether the provision of your personal information is mandatory. If we ask for personal information through one of our registration pages, you will have the option of not providing the information, in which case you may still be able to access other portions of the Site, although you may not be able to access the Services Offerings in its entirety. If you have any questions or would like more information regarding the legal basis on which we collect your personal information, please contact us at email@example.com
HOW WE USE TRACKING TECHNOLOGIES
A “cookie” is a small computer file that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. We make removing our cookie easy for any user who wishes to do so. Users that do not want our personalized advertisements should email firstname.lastname@example.org with the subject “COOKIES AND WEB BEACON REMOVAL.”
Do Not Track
Certain browsers like Internet Explorer, Firefox and Safari offer a “Do Not Track” or “DNT” option that sends a signal to websites visited by the user about the user’s browser DNT preference setting. Because uniform standards for “Do Not Track” have not been established, Validity does not process or respond to “Do Not Track” signals.
GENERAL DATA PROTECTION REGULATION (“GDPR”)
We understand and comply with all responsibilities outlined in the General Data Protection Regulation. To the extent we process any personal information on your behalf,
EU-U.S. PRIVACY SHIELD AND SWISS-U.S. PRIVACY SHIELD
We participate in and have certified compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list
We are responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Validity complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal information received or transferred pursuant to the Privacy Shield Framework, Validity is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
We place great importance on the security of all personal information associated with our customers. We use commercially suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect. These procedures include, but are not limited to, firewalls, encryption, intrusion detection, and Service Offerings monitoring. We also limit access to any personal information we receive to authorized personnel that need access in order to perform their jobs. However, no data protection procedures are entirely infallible. As a result, while we strive to protect your personal information, we cannot guarantee that it will be 100% secure.
INFORMATION LEARNED DURING THE VERIFICATION PROCESS
We may collect and retain any information learned as a part of the provision of the Services Offerings and will use this information to improve system performance, provide fraud management services, and protect users of the Services Offerings.
- Authentication and Fraud Detection: In order to help protect you from fraud and misuse of your personal information, we may collect information about you and your interactions with our Service Offerings. We may also evaluate your computer, mobile phone or other access device to identify any malicious software or activity.
When you use our mobile applications, or access one of our mobile optimized sites, we may receive information about your location and your mobile device, including a unique identifier for your device. Most mobile devices allow you to control or disable location services in the device’s settings menu. If you have questions about how to disable your device’s location services, we recommend you contact your mobile service carrier or the manufacture of your particular device.
SHARING YOUR INFORMATION
We may share your personal information with trusted third parties or our affiliates to:
- Assist us in providing our services to you, including by acting on our behalf to send postal mail and email, remove repetitive information from mailing lists, analyze data, provide marketing assistance, process credit card payments, and provide website assistance;
- Compile statistics and reports regarding our audience and the visitors of our Service Offerings and services; or
- Deliver interest-based emails.
Such third parties have access to Personally Identifiable Information as needed to perform their functions, but they are not allowed to use it for other purposes. We do not sell or rent Personally Identifiable Information collected through our Service Offerings to anyone.
Amazon Web Services (“AWS”) provides cloud hosting solutions to Validity. Validity stores information on data subjects obtained (as a Controller) and information on data subjects supplied by Controllers (as a Processor) in AWS facilities. AWS is considered a sub-processor of Validity and, as such, AWS has a Data Processing Addendum (DPA) outlining AWS’ obligations in place. Information on AWS’ DPA is available for review here.
If you wish to not have your personal information used or disclosed to third-parties you may opt-out by sending us an email to email@example.com or firstname.lastname@example.org.
Other Circumstances: We may disclose your personal information to third parties if we have a good faith belief that disclosure is necessary to:
- Comply with applicable laws, regulations, legal process (such as a subpoena), or enforceable government request; or
- Protect against harm to our rights, property, or safety, our visitors, or the public as required or permitted by law; or
The transmission of data from the Service Offerings occurs in the United States (“US”). By using the Service Offerings, you are consenting to the transfer of your personal information to the US. We only engage in transfers of personal data outside the European Economic Area (“EEA”) to a country whose data protection laws have not been approved by the European Commission as providing adequate protection for data subjects’ rights if there is an adequate level of protection for the rights of data subjects. For example, since Validity is headquartered in the United States (US), Validity entities in the EEA may need to send your personal information to our servers located in the US for legitimate business purposes. In assessing adequacy, we consider general adequacy criteria and legal adequacy criteria. If our assessment of the ‘general adequacy criteria’ reveals that, in the particular circumstances of the case, the risk to the rights of data subjects associated with the transfer is low, we may consider that an exhaustive analysis of the ‘legal adequacy criteria’ may not be necessary. If a high risk is identified, then a more comprehensive investigation of the legal adequacy criteria would be carried out. The criteria we consider in making the assessment is as set out below:
General Adequacy Criteria:
- The nature of the personal data;
- The purposes for which the data is intended to be processed;
- The period during which the data is intended to be processed;
- The country or territory of origin of the information contained the data;
- The country or territory of the final destination of the information;
- Any security measures taken in respect of the data in the country or territory of destination.
Legal Adequacy Criteria:
- The law in force in the country or territory in question;
- The international obligation of the recipient country or territory;
- The rules or codes of practice which govern the processing of personal data in the third country.
- If adequacy is established by way of our assessment, then we would proceed with the transfer of the data. If adequacy is not established by way of our assessment, then we would seek to enter into a contractual relationship with the data controller or data processor in question to ensure that the security of the data is maintained to our required standards before any transfer takes place.
We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.
VISITORS ONLY OF LEGAL AGE OF MAJORITY
Our Service Offerings are designed and intended for those who are at least 18 years old. By using our Service Offerings, you affirm that you are at least 18 years of age or older. We are not liable for any damages that may result from a visitor’s misrepresentation of age. No one under age 13 is authorized to submit any information, including Personally Identifiable Information, on our Service Offerings or website. Under no circumstances may anyone under age 13 use our Service Offerings. Parents or legal guardians of children under age 13 cannot consent to these terms on their behalf.
We implement a variety of security measures to maintain the safety of your personal information when you register for a Validity account or supply us with data for verification purposes. All credit card information provided during sign-up is transmitted via Transport Layer Security (TLS) technology and encrypted in our payment gateway providers’ database. This information is only accessible by those with special access rights to such systems. Anyone with this access is required to keep this information confidential. Any credit card information supplied will be kept on file in order to process future payments rendered. Credit card information may be deleted at any time should you choose to stop such services by sending a written request to email@example.com
REVIEW AND CORRECTION OF YOUR INFORMATION
European Union Residents
If you are a European citizen, you have the right to request that we:
- Provide you with information regarding whether we process your data, including any details related to such processing;
- Correct any inaccurate data we may have about you without undue delay;
- Complete any incomplete information that we may have about you;
- Under certain circumstances, erase your personal information without undue delay;
- Under certain circumstances, be restricted from processing your data;
- Under certain circumstances, furnish you with the personal data which you provide us within a structured commonly used and machine-readable format.
Where we process your information solely on the basis of your consent, European citizens have the right to withdraw consent to our processing at any time. This will not affect the lawfulness of our processing before the withdrawal. European citizens also have the right to lodge a complaint with their data protection supervisory authority at any time. The exercise of the above rights may be subject to certain conditions and we may require further information before we can respond to your request.
If you reside in California, you have the right to ask us one (1) time each year if we have shared personal information with third parties for their direct marketing purposes. At the present time we do not release information to third parties for marketing purposes. To make a request, please send us an email firstname.lastname@example.org. Please put “SHINE THE LIGHT INQUIRY” in the subject line.
You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Service Offering account settings menu, or by contacting us at email@example.com to have your contact information removed from our promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Service Offering.
Attn: Legal Department
200 Clarendon Street
Boston, MA 02116