Privacy Policy

This Privacy Policy was last updated on January 7, 2025.

1.0 General Statement

 Validic, Inc., a Delaware corporation (“Validic,” the “Company”, “we”, “us” or “our”), provides the website located at www.validic.com (the “Website”) and certain mobile applications (the “Applications”), to support healthcare application or website providers (the “Healthcare Portal Providers”) by providing their end users with access to certain third-party applications, programs, and/or devices that the end users may elect to connect to using the Website (collectively, the “Service”).  Validic, Inc., may also provide Services through it’s wholly-owned subsidiary, Validic Logistics, LLC. 

This privacy policy (“Privacy Policy”) applies to the Website, the Applications, and to the Validic Services and describes: (i) the information we collect; (ii) how we use it; (iii) with whom we share it; and (iv) other related matters.  If and to the extent we process personally identifiable information subject to requirements not outlined in this Privacy Policy and mandated by data privacy laws applicable to our business, upon request, we will provide you with a data processing addendum to govern our compliance therewith.

The Company controls, owns, and manages the information collected on the Website, and processes information collected by and through the Application and Service on behalf of your Healthcare Portal Provider, and may use such information to provide the Service and to build and grow our business in the manner as described in this Privacy Policy.  In connection with our provision of the Application and Service, you understand and acknowledge we are a data processor and not a controller (as such terms are defined under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data) and a service provider and not a business (as such terms are defined under California Civil Code Title 1.81.5, The California Consumer Privacy Act of 2018).

The United States Federal Trade Commission (FTC) is the enforcement authority with jurisdiction over this compliance. 

For persons residing in or citizens of the European Union, Validic complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) set forth by the U.S. Department of Commerce. Validic has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union, the United Kingdom, and Switzerland in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/ 

As such, you may have the right, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by other DPF mechanisms. Validic is obligated to arbitrate claims and follow the terms set forth in Annex I of the DPF Principles when an individual has properly invoked binding arbitration. To initiate this process, you must provide notice to our organization and adhere to the procedures and conditions outlined in Annex I of the DPF Principles. This arbitration option is available only for these purposes. Notably, arbitration is not available for claims concerning the exceptions to the Principles or allegations regarding the adequacy of the DPF. For comprehensive information about the binding arbitration process, including its scope, procedures, and conditions, please refer to Annex I of the DPF Principles, available at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

 

2.0 THE INFORMATION WE COLLECT

In this section, we provide you with details about some of the information we currently collect about users of our Website, Applications, and/or Service (collectively, “User Data”), the categories of sources of that information, and the business purpose for collecting that information. 

  • User Key. Your Healthcare Portal Provider provides us with a user key (the “User Key”) that identifies you as a registered member of the healthcare application or website. This allows us to verify that we are authorized to collect your User Data and provide you with the Service, based on the permission you provided to your Healthcare Portal Provider in connection with your use of such Service.
  • Personal Information. Depending on the Service and/or Applications you use, we may collect information by which you may be personally identified, such as name, date of birth, address, e-mail address and/or telephone number (“Personal Information”). We may also collect Personal Information that you submit to us in connection with your use of the Website, such as when you submit a contact request form.  If the Applications you use require us to contact you using your Personal Information, we will contact you based on the permissions you provided to your Healthcare Portal Provider in connection with your use of such Applications.
  • Program Data. We will collect User Data produced by your use of, or uploaded by you to, certain integrated third-party applications, programs and/or devices that you may elect to use in connection with the Website, Application and/or the Service (“Programs”). We provide you with information about Programs that connect with the Service. These Programs typically have features that collect and store data and/or other information about you and/or permit you to upload the same to your user account with the Program. When you choose to integrate these Programs with the Service, they will be able to provide us with access to some or all of that data and/or other information (the “Program Data”). You should review information from the Programs, including their privacy statements and terms of use, prior to using them or allowing them access to any information about you. These Programs are not sold, designed or manufactured by the Company. All support for these Programs is provided by the Program provider. The Company does not warrant and is not responsible for the quality, use or operation of the Programs and your use of any such Programs is governed by separate terms of use and privacy statements by the Program provider. We then share the Program Data with your Healthcare Portal Provider, limiting such shared data to what is necessary for the intended purposes.
  • Company Applications. Certain Applications (e.g., HealthBridge) may collect and use your Personal Information to link you to the program that has been created for you by your Healthcare Portal Provider and to identify you to your Healthcare Portal Provider. Also, we will collect Program Data and other health and wellness User Data produced by your use of, or uploaded by you to, the Applications.  We provide you with information about Applications that connect with the Service or that are used in connection with the Website and/or the Service. These Applications have features that collect and store data and/or other information about you, including Program Data and health and wellness User Data. When you choose to access or use the Applications, they will be able to provide us with access to some or all of such data and/or other information (the “Application Data”).  We will share Application Data only with your Healthcare Portal Provider.
  • Cookie Information. “Cookies” are small files that a site or its service provider transfers (if you allow) to your computer, mobile phone or other device with a web browser and data storage capability that enables the sites or service provider’s systems to recognize your browser and capture and remember certain information. Most web browsers will accept cookies by default, but they can be set to reject cookies, either from all websites or from specific sites. You can also manually delete cookies from your web browser. These options are generally set through a “Privacy” setting in your browser setup, but you should know that in some cases blocking, rejecting or deleting cookies may impact your ability to use the Website or the Service. We use cookies to help remember you as a user. We may also use cookies in the future in other ways to provide and to improve the Service, to make the Website easier to use, or for other similar purposes. The Application does not use Cookies, but utilizes session information, which exists for the duration of an online session.  Such information disappears from your device when you close the Application or turn off your device.
  • Navigational Information. We may collect and use information and data from you when you are using the Service, Applications, and/or Website through the standard operation of our Internet servers. Information collected from you may include user Internet Protocol (IP) addresses, browser type and version, domain names, referring/exit pages, devices, operating system, date/time stamp, click stream data and anonymous statistical data regarding your use of the Service and/or Website. For example, we can tell which Internet Service Provider our users use, but not the names, addresses or other information that would allow us to identify particular users. We use this information to analyze trends, to administer and to improve the Service, Applications, and Website, to track users’ movements around the Applications, and Website and to gather demographic and other aggregate information (as described in more detail below) about our user base as a whole. The Application does not collect Navigational Information.
  • Clear Gifs. We may also employ a software technology called “clear gifs” (also known as “web beacons” or “web bugs”) that helps us better manage content on the Website by providing us feedback as to what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of users. In contrast to cookies, which are stored on your web-enabled device’s hard drive, clear gifs are embedded invisibly on a website page, web-based document, or email message and are about the size of the period at the end of this sentence. Clear gifs may be used in our HTML-based emails to confirm receipt of, and response to our emails, including those that you forward to other recipients. The Application does not utilize Clear Gifs.
  • Site Information. Due to communications standards on the internet, when you visit the Website, we typically automatically receive the URL of the site from which you came and the site to which you are going when you leave our Website. We also receive the internet protocol address of your computer (or the proxy server you use to access the Internet), your computer operating system and type of web browser you are using, email patterns, your mobile device and mobile operating system, as well as the name of your ISP or your mobile carrier. We may also receive location data on our Website from third-party services or GPS-enabled devices you have enabled. The Application may request access to location services on Android devices in order to initiate Bluetooth pairing; however, we do not collect your geo-location or GPS data by or through the Application.
  • Site Analytics. We may analyze your use of the Website, Applications, and/or Service with third party software that allows us to monitor and record your navigation and usage activities, in order to better customize and improve our Website, Applications, Service and other products. The Application does not monitor or record your navigation and usage activities.
  • Aggregated User Data. In an ongoing effort to better understand and serve the users of the Website, Applications, and the Services, we may analyze the User Data and conduct research on demographics, interests, behavior and other topics based on User Data of our end users, including you, that is provided to, collected by or otherwise available to us. We use the User Data from you and other users and reformat, supplement, compile, analyze and/or aggregate these datasets together to create what we term “Aggregated User Data.” We use such Aggregated User Data for product development and to improve our products and services and may share certain components of this User Data and/or Aggregated User Data with our affiliates, agents and business partners as described below.
  • Sensitive Information.  For most Services, Validic is a subcontractor or Business Associate to its Clients, which may include Business Associates or Covered Entities.  When you participate in Programs provided by Validic’s clients, there are opportunities to consent or decline to consent to sharing Sensitive Information, which may include personal information related to medical or health conditions.  In the event you do not wish to share this information with Validic, you must either opt out of data sharing or, if you are already sharing your data through a Program, promptly inform your Program provider to disenroll you from the Program.  If you do not agree to share certain types of data with Validic, your program provider will not receive it and some Services may not be available to you.  A clear, conspicuous, and readily available mechanism to opt out of data sharing is presented when you are synchronizing any of your devices to our Services.  In accordance with our commitment to data minimization, we collect and process only the Program Data that is relevant and necessary for the specified purposes of providing and improving our Service, for example, Validic will not collect Sensitive Information on you that is not related to the Program you are participating in. We regularly review the types and amount of Program Data we collect to ensure we are not collecting excessive information.

3.0 HOW WE USE THE INFORMATION WE COLLECT

  • Sharing with Healthcare Portal Providers. We share the Program Data we collect from the Programs only with your Healthcare Portal Provider.
  • Outside Contractors. We may employ independent contractors, vendors, suppliers and other third parties to support our services and products (including the Website, Applications, and the Service), such as hosting, monitoring and maintaining the Website, Applications, and/or the Service, administering or monitoring emails, analyzing our users’ preferences, developing or improving applications for the Website, Applications, and the Service and providing other related services. These parties may sometimes have limited access to User Data, in the course of providing products or services to us. Access to your User Data by these parties is limited to the information that we determine, in our sole discretion, to be reasonably necessary in order for them to perform their function for us. We use commercially reasonable efforts to require outside contractors to protect the privacy of your User Data under privacy policies or confidentiality agreements that are at least as protective of your User Data as this Privacy Policy, and do not authorize them to use your User Data except for the express purpose for which it is provided.  You acknowledge and understand, however, we have no control over the actions or policies of such outside contractors and do not bear any responsibility for any such actions or policies of these parties.
  • Business Transfers. We may also disclose and/or transfer your User Data to third parties in connection with a corporate transaction, such as a merger, acquisition by another company or sale or other transfer of all or a portion of our business or assets.
  • Lawful requests by public authorities. We will disclose personal information in response to lawful requests by public authorities, including when there is a need to meet national security or law enforcement requirements.
  • Do Not Sell. The Company does not sell your personal information.
  • Third-Party Transfers and Data Protection Framework Liability.  Validic does not currently transfer personal information to third parties. However, in the event that Validic decides in the future to transfer personal information to a third party acting as an agent on its behalf, Validic shall remain liable under the Data Privacy Framework (DPF) Principles if such agent processes the personal information in a manner inconsistent with the DPF Principles. This liability will persist unless Validic can prove that it is not responsible for the event giving rise to the damage. Validic is committed to ensuring the protection and proper handling of personal information in accordance with the EU-U.S. DPF, its UK Extension, and the Swiss-U.S. DPF, both in its current operations and in any potential future arrangements involving third-party data processors.

4.0 REVIEWING, UPDATING, AND DELETING YOUR INFORMATION

We provide your Healthcare Portal Provider with the capability to review, update, and delete your User Data, including your personal data, if and to the extent applicable based on the Service and/or Applications you use. We require your permission before any of your User Data (including your personal data) is accessed, retrieved, or made available to your Healthcare Portal Provider. You may change your level of permission at any time to enhance or limit the collection, use, and/or disclosure of your User Data (including your personal data). In addition, we provide your Healthcare Portal Provider the ability to allow you to revoke permission to access your User Data (including your personal data) and will permanently delete any records that we have of your User Data (including your personal data). You may revoke your consent to allow the Applications to connect to any Program, including, but not limited to, by accessing your Bluetooth settings and selecting “Forget this Device” option.

Furthermore, upon receiving a verifiable request from you, we will delete any consumer or marketing information we have collected about you. This includes any data used for consumer profiling, marketing purposes, or any other non-essential business operations. To submit a verifiable request for deletion of your consumer or marketing information, please contact our Privacy Officer at the email address provided in the Contact Information section. We will process your request within a reasonable timeframe and in accordance with applicable data protection laws.

Please note that certain information may be retained as required by law or for legitimate business purposes, such as maintaining the security and integrity of our systems or complying with legal obligations. However, we will ensure that any retained data is used solely for these purposes and not for marketing or consumer profiling.

5.0 LINKS AND ADVERTISING

 We do not advertise on our Website, Applications, or through the Service and do not provide any User Data to advertisers or otherwise to third parties for the purpose of advertising or marketing. From time to time, the Website and/or Applications may contain hyperlinks (“Links”) to third parties, including third-party providers of certain Programs. Such Links are for your reference only, and we neither control the privacy policies of such linked websites nor are we liable or responsible in any way for the use of any personally identifiable information that you may provide such sites. We recommend that you remain aware when you leave the Website and/or Applications and review the terms of use and privacy policies of each and every linked website.

You should also be aware that if you voluntarily disclose personally identifiable information in an email or other communications with any third party listed on the Website, Applications, or in other materials, that information, along with any other information disclosed in your communication, can be collected and correlated and used by such third parties and may result in your receiving unsolicited messages from other persons. Such collection, correlation, use and messages are beyond our control.

6.0 SECURITY

  • Steps we take to keep your information secure. The security of your User Data is important to us. We have implemented commercially reasonable physical, electronic, and managerial procedures to safeguard and secure User Data from unauthorized access, including as set forth in more detail in our Company Security Policy available at https://validic.com/legal/data-security (the “Security Policy”).

Risks inherent in sharing information. Notwithstanding our commitment to protect your information, you should be aware that there is always some risk involved in transmitting information over the internet. In addition to the risk that the employees, contractors and others subject to our Security Policy may fail to follow required procedures, there is also some risk your or our network and/or security systems could be circumvented or breached, including by third parties who use our Website, Applications, or Service in order to do so. As a result, while we strive to use commercially reasonable means to protect your User Data, we cannot ensure or warrant the security and privacy of your User Data, Application Data, or any other information you transmit to us, or of your or our network and/or security systems. If you have any questions regarding the security of the Website, Applications, or the Service you can contact our privacy team at the email address set forth above

 

7.0 CHILDREN’S POLICY

The Website and the Service are for general audiences and neither is directed toward those under 18 years of age. We do not knowingly collect Personal Information from children under 13 without parental consent. If you become aware that a child has provided us with Personal Information, please contact our Privacy Officer at the email address in the Contact Information section. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to remove such information and terminate the child’s account.

 

8.0 California Privacy Rights

California Civil Code Sec. 1798.100, et seq. (also known as the California Consumer Privacy Act of 2018) (“CCPA”) provides certain rights to California residents regarding their Personal Information. A California resident has the right to request that we disclose certain information, including: (1) the categories of Personal Information it has collected about that California resident, (2) the categories of sources from which the Personal Information is collected, (3) the business or commercial purpose for collecting or selling the Personal Information, (4) the categories of third parties with whom the Company shares Personal Information, and (5) the specific pieces of Personal Information it has collected about that resident. A California resident has the right to request that we delete his/her Personal Information. Finally, a California resident has the right not to be discriminated against for exercising his/her privacy rights under the CCPA. You can request such Personal Information and change your Personal Information by emailing us at privacy@validic.com. In the event of a conflict between a term set forth in this Section 8.0 and a term set forth in our standard data processing addendum that was provided to you in connection with the agreement into which you entered with us to govern your use of the Services, the latter prevails.

Pursuant to California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Compliant Assistance Unit of the Division of Consumer Services for the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.

 

9.0 ENFORCEMENT

We regularly review our compliance with this Privacy Policy. Please let us know of any questions or concerns you have regarding this Privacy Policy or our compliance with this Privacy Policy by contacting our Privacy Officer at the email address in the Contact Information section. When we receive formal written complaints, it is our policy to contact that complaining user regarding his/her concerns. We will cooperate with the appropriate regulatory authorities to resolve any complaints regarding the transfer of personal data that cannot be resolved between the Company and an individual or entity.

Please remember that your use of the Website and the Service is also governed by our legal terms, which are available at https://validic.com/legal/terms.

 

10.0 DATA PROTECTION OFFICER

 The Company designates the Chief Information Security Officer as the Data Protection Officer in compliance with the General Data Protection Regulation (EU) 2016/679 and can be contacted at security@validic.com.

Data Protection Officer

11.0 RIGHT TO SUBMIT REQUESTS

You shall have the right to request that Company disclose the categories and specific pieces of personal information that Company has collected, used or disclosed about you.  You shall not be treated differently based on exercising your rights as provided herein.

 We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Data Privacy Framework Principles.

In the event we are unable to resolve your concern, and in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Validic commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

 In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Validic commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, should first contact Validic at the address below.

Requests may be submitted to privacy@validic.com or

Validic, Inc. Privacy Officer

privacy@validic.com

 

12.0 CHANGES TO THIS PRIVACY POLICY 

We may revise this Privacy Policy from time to time. When we do so, we will revise the “Updated” date at the top of this Privacy Policy. Any such change will be effective immediately upon posting on the Website. You are responsible for checking the Privacy Policy for such changes.

13.0 CONTACT INFORMATION

If you have questions or complaints regarding this Policy or our practices, or wish to your personal data deleted from our records, please contact the Company at:

Validic, Inc Privacy Officer

privacy@validic.com