WHAT’S NEW

Validity has chosen to comply with the principles outlined in the Data Privacy Framework as part of its commitment to protecting personal privacy. Please see Section XV below. The company also made updates regarding which personal data is collected and used and more details about our processing and use of your information, including for marketing and related purposes, in compliance with applicable regulatory changes and requirements. Finally, we have updated the format of the Privacy Policy and California Privacy Notice to make it easier to read. It is important that you review the Privacy Policy and California Privacy Notice (if applicable) carefully.

Privacy Policy

  1. Information about Validity
  2. Introduction to the Privacy Policy coverage and Validity’s role.
  3. What do we collect, How do we collect it, and What’s the basis and purpose of processing
  4. De-identified data
  5. Profiling and automated decision-making
  6. Disclosure of Personal Data
  7. No Sale of Personal Data
  8. How we secure Personal Data
  9. How we use cookies and other tracking technologies
  10. Data retention
  11. Third-party sites
  12. Privacy notice regarding children
  13. Sensitive information
  14. International transfers
  15. Data Privacy Framework
  16. Privacy rights
  17. How to exercise privacy rights
  18. Opt-out of marketing communications
  19. Privacy Policy updates
  20. Contacting Validity

  1. Information about Validity

    Validity is a company that focuses on data-driven solutions for marketing and sales, operating in the data management and email marketing sectors. We offer a range of products that provide services including email address verification, inbox deliverability, CRM data management, and campaign intelligence for ecommerce teams.

    Validity provides SaaS and on-prem applications to businesses via a business-to-business (B2B) model. Our customers range from large enterprises to smaller companies. Validity’s products and services are sold online and directly to organizations via other sale channels around the world. Our products are not designed for personal or non-commercial use. Generally, our customers control the data they enter into our applications and decide how it should be used.

  2. Introduction to the Privacy Policy coverage and Validity’s role.

    Validity, Inc., and its Affiliates (“Validity,” “we,” “our,” “us”) respect your privacy rights and value your trust. This Privacy Policy describes how we collect, receive, use, store, share, transfer, and process information about you that directly or indirectly identifies you (“Personal Data” or “Personal Information”), as well as your rights in determining what we do with the information that we collect or hold about you.

    This Privacy Policy applies when Validity is the data controller of your Personal Data (unless a different Validity privacy notice is presented when we collect your Personal Data) and describes if and how Validity processes your Personal Data for its own purposes.

    A data controller (or business) determines the purposes and means of processing your Personal Data. (There may be some variations in the definition among global data privacy laws, but the concept is generally the same.) The data controller decides the how and why of a data processing operation.

    This Privacy Policy applies in connection with the receipt and use of Validity’s content, communications (including emails), and services (“Offerings”) or from any of the websites operated by Validity (the “Sites”), and other services provided by us both online and offline that link to this Privacy Policy (together with the Offerings and the Sites, the “Services”). By using the Services, you accept and agree to the practices that this Privacy Policy describes.

    • This Privacy Policy does not cover how we process Personal Data on behalf of our customers as a data processor.
    • If you are an employee, a client, or a customer of an organization that uses a Validity’s product or service and you have questions or concerns about the Personal Data that an organization holds about you or would like to exercise your privacy rights, please send your request directly to that organization (as Validity is required to direct your requests under current laws and regulations to that organization).
    • If you are a Validity’s job applicant, please refer to the Applicant Privacy Notice.
    • If you are a Validity’s current or former employee or contractor, please refer to internal policies or contact us at [email protected].
    • Additionally, this Privacy Policy does not apply to the practices of third parties that Validity does not own or control or to those of individuals that Validity does not employ or manage.

    California Residents
    Please refer to our California Privacy Notice here for more details on California-specific privacy rights and other locally required information concerning our processing of Personal Data.

  3. What do we collect, How do we collect it, and What’s the basis and purpose of processing

    Validity collects and uses Personal Data for a variety of purposes and in compliance with applicable laws. Below, we describe (i) some of the common ways we collect your information, (ii) data points we collect in those instances, and (iii) the legal bases and purpose for collection. You will be informed at the time of collection if we need to collect any other Personal Data about you.

    If you submit any Personal Data to us or our vendors, consultants, agents, or service providers (collectively, “Service Provider(s)”) in connection with the Services, you represent that you have the authority to do so and permit us to use the information in accordance with this Privacy Policy.

    We and our Service Providers collect Personal Data in a variety of ways, including:

    • Through the Sites: We collect information when you use Validity’s sign up forms or Sites to submit a request for a free trial or demo, to register for a webinar, to sign up for an event, to contact us, to use online chatbot functionality, to leave feedback, to answer survey, to subscribe to our email newsletters, to register to use the Sites (including Validity Blog, Validity Help Center and Validity Customer Community), to download content (e.g. FAQs, whitepapers); or to submit online support tickets (etc.).
      Examples of data points Legal basis and purpose for processing
      Business contact information such as first and last name, email, telephone number, company name, job title, country; IP address; feedback provided; content of the submitted request/issue; time zone and country or city-level location based on your public IP address. We rely on our legitimate interests or your consent to carry out business activities when we respond to your communication(s); process your request(s); provide you with information about our products; support our marketing activities (including information about events and new products); fulfill contract requirements; manage, plan, and host event(s) (including to send related communications); provide you with appropriate online form based on your location; and use your feedback to develop, enhance, and update our Services.
    • Online meetings and sales/support calls: We collect Personal Data (including audio and video content, if applicable) when you contact our sales or support teams or participate in online meetings with them. We may record such calls and online meetings for our staff training, quality assurance, and business administration purposes. To gain better insights into our interactions with our customers and prospects, we may use Artificial Intelligence (AI) powered tools to analyze the content of such calls and recordings. In compliance with applicable laws, we will always notify you before recording a call or a meeting.
      Examples of data points Legal basis and purpose for processing
      Business contact information such as first and last name, email, company name, job title, video and audio content/image(s). We rely on your consent (where required under applicable law) or our legitimate interests (where applicable) to process that data to enhance our sales/support processes and make our sales/support calls more effective; keep our CRM records up to date; generate automated call transcripts for analysis and audit; and train our sales and support teams.
    • Offline: We collect information from you offline, such as when you attend one of our events (or co-hosted events) and share your business card/info with us, or when you sign up at Validity’s event booths.
      Examples of data points Legal basis and purpose for processing
      Business contact information (often presented on a business card) such as first and last name, email, telephone number, company name, job title, country. We rely on your consent (where required under applicable law) to follow up with you with information about our products and services; support our marketing activities (including information about future events and products).
    • Information from Other Sources: Besides collecting information directly from you (as described above), we may obtain information about you from othersources, such as public databases, joint marketing partners, your organization’s website, and social media platforms, as well as from other third parties whose services we may use to validate or update your business contact information or who help us with our Services.
      Examples of data points Legal basis and purpose for processing
      Business contact information such as first and last name, email, telephone number, company name, job title, industry, country. We rely on our legitimate interests or your consent (if applicable) to carry out business activities such as to deliver interest-based content to you, including marketing and advertising material; identify potential customer opportunities and understand our market in order to grow and manage the business; and to keep our customer business contact records accurate, complete and up-to-date.
    • Through Your Browser or Device: When you visit our Sites, we may collect information related to your interaction with the Sites. If you use a mobile device to access our Sites, we may receive information about the location of your device. In some cases, even if you are not using a mobile device, information about your general location may be discernible from your device’s IP address or the URLs we receive.
      Examples of data points Legal basis and purpose for processing
      MAC (Media Access Control) address, IP address, Internet browser type and version, your computer type (Windows or Macintosh), along with the time of visit and the pages you visited; or country or city-level location based on your public IP address. We rely on our legitimate interests to carry out business activities such as to improve the content of our Services; administer our Services, including by monitoring and analyzing traffic and usage patterns; and prevent fraud, illegal activity or security vulnerabilities.
    • Through Your Use of the Services: We may track Services usage data, such as what features you use, your actions and the date and time within those Services; how you interact with our emails (for example, when you open a marketing email or click on an embedded link), or your use of a chatbot. To gain better insights into your interactions with Services, we may use AI-powered tools to analyze the aggregated usage data.
      Examples of data points Legal basis and purpose for processing
      MAC (Media Access Control) address, IP address, country or city-level location based on your public IP address, Internet browser type and version, your computer type (Windows or Macintosh), along with the time of visit and the pages you visited; click-activity and date/time stamps of your use; and movements across the Sites. We rely on our legitimate interests to carry out business activities, including to perform internal analytics and improve the content of our Services; administer our Services and manage content, including by monitoring and analyzing traffic and usage patterns; prevent fraud, illegal activity or security vulnerabilities; and enforce our policies and terms of use.
    • Through Cookies and other Similar Technologies: When you visit our Sites, we use cookies and similar technology to store and retrieve information on your browser. See the Section IX below titled “How we use cookies and other tracking technologies” for more details.
      Examples of data points Legal basis and purpose for processing
      MAC (Media Access Control) address, IP address, Internet browser type and version, your computer type (Windows or Macintosh), along with the time of visit and the pages you visited, country or city-level location based on your public IP address, language preference, interactions with our advertising and social media content. We rely on consent (as applicable) and our legitimate interests to carry out business activities such as to improve the content of our Services; administer our Services, including by monitoring and analyzing traffic and usage patterns; to serve you with more tailored information about Services including advertisements, to facilitate your ongoing access to and use of the Sites (including authentication); prevent fraud, illegal activity or security vulnerabilities; monitor your navigation of the Sites, and to gather demographic information about our user base to use for future business planning and marketing strategy.
    • Information Specific to Validity’s Feedback Loop: Validity provides Feedback Loop services to you on behalf of select Internet Service Providers (“ISPs”) partnered with us. To provide the Service to you, we will make your registration information (first name, last name, and email address, along with any domain or IP data you provide) available to our ISP partners. This information is provided so that they may evaluate, approve, and administer Feedback Loop Services for you. We provide your registration information to these partners, but they are not permitted to retain or use your information for any purpose other than administering this Feedback Loop Service. Refer to the Data Processing Addendum for more information, as applicable.
    • Information Specific to Data Feed Services: We collect Personal Data only when you provide such information directly to us in connection with Data Feed Services. We ask for Personal Data such as your name and e-mail address when you correspond with us for information or support. We may also retain any messages you send to us through the Data Feed Service and may collect content and information you provide when you post on the Site or Service (“User Content”). We use this information to identify malicious traffic for security companies to help them improve internet security efforts. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to Data Feed Service(s).

    In addition to the examples described in this Section III above, Validity may use your Personal Data and any inferences drawn from such Personal Data for the following purposes:

    • When necessary to fulfill a contract or take steps to enter into a contract with you.
    • If you have consented or requested to receive communications from us.
    • If it is necessary for our legitimate interest, including: (i) to keep our records updated; (ii) to explore how our Offerings are used; (iii) to offer additional features to our customers; (iv) for provision of Services, (v) to prevent fraud or monitor for security vulnerabilities; (vi) in the context of a business reorganization or group restructuring exercise; (vii) to keep our Sites updated and relevant; (viii) to develop our business; and (ix) to inform our marketing strategy (by delivering Sites content and advertising to you).
    • For our business purposes, such as data analysis, audits, fraud and abuse monitoring and prevention, detecting security vulnerabilities, identifying technical errors, for testing products and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
    • As we believe to be necessary or appropriate: (i) under applicable law, including laws outside your country of residence; (ii) to comply with legal process; (iii) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (iv) to enforce our terms and conditions; (v) to protect our operations or those of any of our Affiliates; (vi) to protect our rights, privacy, safety, or property, and/or that of our Affiliates, you, or others; and (vii) to allow us to pursue available remedies or limit the damages that we may sustain.

    If you would like more information on the legal basis under which we have collected and/or are processing your Personal Data, please contact us at [email protected].

  4. De-identified data

    Validity may create, collect, maintain, and use de-identified data to analyze and improve our products and Services. Validity will not attempt to re-identify you if your personal data has been de-identified and aggregated or otherwise processed such that you are no longer reasonably identifiable.

  5. Profiling and automated decision-making

    Validity combines data obtained by the methods described above to help us determine what products and services might be of interest to you and when you might be ready to make a purchase based on repeated interaction with Validity websites, emails, and content. Validity marketing and sales personnel are involved in this process and no automated decisions are made that would result in legal effects or similarly significantly affect an individual.

  6. Disclosure of Personal Data

    Subsidiaries and Affiliates
    We may disclose Personal Data to Affiliates where necessary to fulfill a request you have submitted or for customer support, marketing, technical operations, event registration, and account management purposes.

    Service Providers
    We contract with Service Providers to perform tasks on our behalf, and we may share your Personal Data with some of them to provide our products or Services to you, or to otherwise communicate with you, such as to perform marketing outreach or make offers on our behalf, including online advertisements (refer to “How we use cookies and other tracking technology” section for more information). Additional examples include removing redundant or outdated information from customer lists, analyzing data, providing marketing assistance, requesting and using your feedback, conducting billing,processing credit card payments, engaging technical support for our Services, providing customer service, hosting our Services, and performing analysis related to our products or Services. We also provide your Personal Data to Service Providers (ex: Google Analytics, NextRoll) to verify or compile aggregate usage data that we provide to our partners. When we share your Personal Data, we require the Service Providers to comply with applicable laws and maintain the privacy, confidentiality and security of your Personal Data.

    Business Partners and Sweepstakes
    With your prior consent, we may share Personal Data with business partners or other third-party sponsors of sweepstakes, contests and similar promotions from time to time. When you sign up for co-hosted webinars or any other events and consent (as applicable), we may disclose the business contact information you provided to us to these third-parties to communicate with you about their offerings.

    Validity Blog, Validity Help Center, Validity Customer Community, and Social Media Pages
    You may disclose Personal Data on or through the Sites, message boards, chatbot, profile pages, blogs, and other
    Services to which you are able to post information and materials (including, without limitation, our Validity Blog at https://www.validity.com/blog/, Validity Help Center at https://knowledge.validity.com/hc/en-us, and Validity Customer Community at https://mycommunity.validity.com, and Validity’s social media pages). This information can appear in public ways, such as through search engines or other publicly available platforms and can be “crawled” or searched by third-parties. Please do not post any information to Sites or Services that you do not want to reveal to the public at large.

    Business Transfers
    In the event Validity buys or sells assets or businesses, user information may be one of the business assets that is transferred. Validity may disclose Personal Data to a third- party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

    Protection of Validity and Others
    We may release Personal Data as we believe necessary and appropriate to law enforcement, tax, fraud prevention, credit risk agencies and other companies and organizations.

  7. No Sale of Personal Data

    We do not “sell” your Personal Data, as defined in CA AB 375 and NV SB 220, for consideration. California residents should refer to the California Privacy Notice here for more information.

  8. How we secure Personal Data

    We have implemented appropriate organizational, technical, and administrative measures to protect Personal Data within our organization, including security controls to prevent unauthorized access to our networks and systems. While we take reasonable steps to secure your Personal Data from loss, misuse, interference and unauthorized access, modification and disclosure, you should be aware no security procedures or protocols can be 100 percent secure from intrusion or hacking, and there is therefore always some risk assumed by sharing Personal Data online. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us at [email protected].

  9. How we use cookies and other tracking technologies

    We and our Service Providers may collect and store your usage information in log files and by using cookies, web beacons, pixel tags, embedded scripts, and other industry standard tracking technologies (“Tracking Technologies”). Among other things, we use Tracking Technologies to better serve you with more tailored information about Validity Services, to facilitate your ongoing access to and use of the Sites, to analyze the Sites usage trends, administer the Sites, monitor your navigation of the Sites, and to gather demographic information about our user base. We may receive reports based on this data from these companies on an individual and on an aggregated basis.

    1. Cookies“Cookies” include small files that are placed on an individual’s device to enable them to more easily communicate and interact with web sites. To learn more about cookies and web beacons, visit allaboutcookies.org. When you visit our Sites, we may send one or more cookies to your device. They enable us to store information about your device which helps us, among other things, to provide you with a good experience when you browse our Sites and to enhance the Services we provide. We also use third parties to serve advertisements on other websites that may be of interest to you, based on information collected about your use of our Sites. To do so, these companies may place or recognize a unique cookie (or similar technology) on your browser. We use cookies to remember users’ settings (such as language preference), to provide you with relevant marketing materials, and for authentication. To manage your preferences relating to the use of cookies on the Sites, including opt-out options, or to get more details on the cookies we use please click on the Cookies Settings or the icon at the bottom left corner of the Site. If you reject cookies, you may still use our Sites, but your ability to use some features or areas of our Site may be limited. Please note you are not able to decline Strictly Necessary Cookies. Those type of cookies always stay active. See the section below for more information on each type.There are four types of cookies that may be utilized on our Sites:

      Strictly Necessary Cookies
      These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

      Performance Cookies
      These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Site. They help us to know which pages are the most and least popular and see how visitors move around the Site. All information these cookies collect is aggregated (and so anonymous). If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.

      Functional Cookies
      These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by Service Providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.

      Targeting Cookies
      These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They do not store directly Personal Data but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

    2. Other Technologies
      Log Files and Local Storage Objects (HTML5)
      We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you. We use Local Storage, such as HTML5, to store content information and preferences. Various browsers may offer their own management tools for removing HTML5.

      Clear Gifs, Pixels, & Web Beacons
      Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of internet users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly in HTML files and are about the size of the period at the end of this sentence. We may use clear gifs in our HTML-based email to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.
    3. Advertising
      We partner with Service Providers to either display advertising on our website or to manage our content and advertising on other sites (for example, on social media sites). They may use technologies such as cookies to gather information about your activities on our Sites in order to provide you with advertising based upon your browsing activities and interests. Email addresses provided may be hashed, stored, and combined with other identifiers for cross-device recognition purposes and targeted advertising and measurement and analytics by NextRoll or other Service Providers (as applicable).Under some data protection laws, our disclosure of this information with third-parties through cookies and other trackers for targeted advertising may be considered a “share” of Personal Data. If you have Targeting Cookies enabled, third-party advertisers may place cookies on your device allowing them to show you advertising relevant to you on other websites. To opt out of the “sharing” of your Personal Data for targeted advertising, as defined by applicable laws, please disable Targeting Cookies in our “Privacy Preferences Center” (which also accessible via an icon located at the bottom left corner of the Site) within our cookie setting functionality.

      Our Service Providers may use non-cookie technologies that may not be managed via your browser settings that block cookies. In those cases, you can use third-party tools to decline the collection and use of information for the purpose of serving you interest based advertising such as provided on: http://www.networkadvertising.org/choices/; http://optout.aboutads.info/?c=2&lang=EN; https://youronlinechoices.eu/

    4. Additional Information
      We store information that we collect through cookies, pixel, and clear gifs to create a record of your preferences. We tie your Personal Data to information in your record to provide tailored promotions and marketing offers or to improve the content of the Sites for you. We do not share that record with unapproved third-parties. We strive to ensure that your Personal Data is kept strictly confidential and is not disclosed to third-parties without your permission. Details will be used only by our staff and/or approved agents to support the necessary terms and conditions for use of service (such as our Service Providers who help with our business operations and technology services). Our contracts with our Service Providers dictate that these Service Providers only use your information in connection with the services they perform for us and not for their own benefit.We may use Google Analytics, Facebook, NextRoll, and LinkedIn cookies, ads, and pixels on our website. These technologies will only be used as described in this Privacy Policy. For more information and available opt-out settings, please refer to their respective pages below:

    5. Do Not Track
      Certain browsers like Chrome, Edge, Internet Explorer, Firefox, and Safari offer a “Do Not Track” or “DNT” option that sends a signal to websites visited by the user about the user’s browser DNT preference setting. Please click on each browser name or go directly to the provider’s webpages to obtain more information on the availability of such settings. We do not currently honor Do Not Track browser settings or signals. For information about Do Not Track, please visit: allaboutdnt.com/.
  10. Data retention

    We retain the Personal Data we collect where we have an ongoing legitimate business need to do so (for example to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process your Personal Data, we will either delete or aggregate it or, if this is not possible due to practical or legal requirements, then we will securely store your Personal Data. If you wish to cancel your account or request that we no longer use your information to provide you with Services, contact our support team by emailing us at [email protected].

  11. Third-party sites

    Our Sites include social media features, such as the Facebook button and X Tweet button or interactive mini-programs that run on our website (the “Features”). Your interactions with these Features are governed by the privacy policy of the company providing it.

    Please be aware that when you are on the Sites, or when you receive an email message from us through the Offerings, you could be directed to other sites that are beyond our control. There may be links to other sites from the Site’s pages or from the email message we send to you that take you outside our Services. These other sites may send their own cookies to visitors, collect data, or solicit Personal Data. The privacy policies of these other sites may be significantly different from this Privacy Policy. We are not responsible for the privacy practices of these other sites and cannot guarantee the security of any of your Personal Data collected there.

  12. Privacy notice regarding children

    Validity does not knowingly collect information from children under the age of 16 on the Site or through the Service. If you are under the age of 16, please do not provide any information to us. If we become aware that we have collected information from a child under the age of 16, we will make commercially reasonable efforts to delete such information from our systems.

  13. Sensitive information

    We ask that you not send us or disclose any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, sexual orientation, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Sites or via other means.

  14. International transfers

    Your Personal Data may be stored and processed in any country (including the United States) where we have facilities or in which we engage Service Providers, and by using the Sites or disclosing information to us you consent to the transfer of information to countries outside of your country of residence, which could have different data protection laws than those of your country or the country in which you were located when you initially provided the information. Validity will take steps to ensure that your Personal Data is subject to appropriate safeguards, including, where required, by implementing appropriate transfer mechanisms such as the Data Privacy Framework (DPF) and European Commission standard contractual clauses (as amended and approved) for the transfer of Personal Data to third countries, supported by appropriate technical and organizational measures. For additional information regarding the DPF please refer to the Data Privacy Framework section below.

  15. Data Privacy Framework

    Consistent with its commitment to protect personal privacy, Validity has decided to voluntarily adhere to the principles set forth in the Data Privacy Framework. As such, Validity complies with the EU-U.S. Data DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF as set forth by the U.S. Department of Commerce.
    Validity has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

    Validity has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
    If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

    Independent Dispute Resolution / Binding Arbitration
    In compliance with the EU-U.S. DP and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Validity commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Validity at: [email protected]
    or
    Attention: SVP of Legal and Privacy
    Validity, Inc.
    100 Summer Street, Suite 2900
    Boston, MA 02110

    In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Validity commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Judicial Arbitration and Mediation Services, Inc. (“JAMS”), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you.
    If JAMS does not resolve the matter, you may be able to invoke binding arbitration when other dispute resolution procedures have been exhausted. For more information: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

    Oversight, Liability and Accountability
    The Federal Trade Commission has jurisdiction over Validity’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
    Validity retains accountability for any onward transfer of the third parties. This requirement limits transfers of personal data to third parties, for only specified purposes, and the third parties must provide the same level of protection as required under the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

  16. Privacy rights

    Applicable data privacy laws and regulations may afford you specific privacy rights (which depend on your location and jurisdiction), which may include and are not limited to the right:

    • to know what Personal Data we hold and process about you and to access it
    • to correct any inaccurate Personal Data we may have about you;
    • to erase your Personal Data;
    • to cease or to restrict the processing of your Personal Data;
    • to request to furnish you with the Personal Data which you provide us in a structured, commonly used, and machine-readable format;
    • to withdraw your consent (to the extent our processing of your Personal Data is based on your consent);
    • to object to legitimate reasons for the processing of your Personal Data;
    • to opt-out of targeted advertising, profiling, the sale or sharing of Personal Data;
    • to receive non-discriminatory treatment for the exercise of privacy rights;
    • to lodge a complaint with the appropriate data protection authority if you have any concerns with regards to the processing of your Personal Data.

    A full list of EEA data protection authorities is available here. Also here is the link to the Information Commissioner’s Office (ICO) which is the UK supervisory authority.

    California Residents
    Please refer to our California Privacy Notice here for more details on California specific privacy rights and other required information concerning our processing of Personal Data.

  17. How to exercise privacy rights

    Validity responds to all privacy rights requests in accordance with applicable data privacy laws and regulations, which may provide certain restrictions on the extent to which you may exercise them. When a privacy right request is submitted, Validity will respond within a reasonable time frame the length of which depends on how complex or voluminous the request is (to the extent permitted by applicable law or regulation). Validity will promptly notify you if the response time will be extended.

    Validity does not make decisions solely based on automated processing that produces legal or similarly significant effects (as described in applicable laws and regulations) as part of the processing activities covered by this Privacy Policy.

    You may exercise applicable privacy rights by submitting your request to [email protected].

    Please indicate which privacy right you are exercising in the request with the corresponding data privacy law or regulation. We also need to know your email address which is associated with Validity to initiate your request. Please note we may request additional information to verify your identity, depending on the request type.

    To opt out of the “sharing” of your Personal Data for targeted advertising, as defined by applicable laws, please disable Targeting Cookies in our “Privacy Preferences Center” by clicking “Cookies Settings” (which is also accessible via an icon located at the bottom left corner of the Site) within our cookie setting functionality. If you visit us from a different device or browser or clear cookies, then you may need to return to this screen to re-select your preferences. You may also implement the Global Privacy Control (GPC). For instructions on how to download and use GPC, please visit https://globalprivacycontrol.org.

    California Residents
    Please refer to our California Privacy Notice here for more details on California specific privacy rights and how to exercise them.

  18. Opt-out of marketing communications

    You can opt-out of receiving marketing communications from Validity by unsubscribing through the Unsubscribe or Opt-out link in an email. Please note that if you opt-out of receiving marketing or related emails from us, we may still send you important administrative and transactional messages.

  19. Privacy Policy updates

    We update the Privacy Policy from time to time, so please review it regularly. If we materially change our Privacy Policy, we will notify you by posting a notice during the log-in process or on validity.com. Your continued use of the Services will be deemed your agreement that your information may be used in accordance with the new Privacy Policy. If you do not agree with the changes, then you should stop using the Services and notify us at [email protected] that you do not want your information used in accordance with the changes.

  20. Contacting Validity

    We welcome any questions, comments, or concerns you may have regarding this Privacy Policy. Validity, Inc is the data controller (business) for your Personal Data. Please do not hesitate to contact us as follows:

    Validity, Inc.
    Attn: Privacy Department
    100 Summer Street
    Suite 2900
    Boston, MA 02110
    (800)-961-8205(US toll-free)
    [email protected]

    The Charter Building
    Uxbridge, UB8 1JG
    London
    EC4R 3TTV
    [email protected]

Effective Date: March 2024