PRIVACY POLICY

This Privacy Policy was last updated on October 7, 2020.

Reviewed December 2022

VALIDIC, INC.
PRIVACY POLICY

1.0 GENERAL STATEMENT

Validic, Inc., a Delaware corporation (the “Company”, “we”, “us” or “our”), provides the website located at www.validic.com (the “Website”) and certain mobile applications (the “Applications”), to support healthcare application or website providers (the “Healthcare Portal Providers”) by providing their end users with access to certain third party applications, programs, and/or devices that the end users may elect to connect to using the Website (collectively, the “Service”).

This privacy policy (“Privacy Policy”) applies to the Website, the Applications, and to the Service and describes: (i) the information we collect; (ii) how we use it; (iii) with whom we share it; and (iv) other related matters.  If and to the extent we process personally identifiable information that is subject to requirements not set forth in this Privacy Policy and mandated by data privacy laws applicable to our business, upon request, we will provide you with a data processing addendum to govern our compliance therewith.

The Company controls, owns, and manages the information collected on the Website, and processes information collected by and through the Application and Service on behalf of your Healthcare Portal Provider, and may use such information to provide the Service and to build and grow our business in the manner as described in this Privacy Policy.  In connection with our provision of the Application and Service, you understand and acknowledge we are a data processor and not a controller (as such terms are defined under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data) and a service provider and not a business (as such terms are defined under California Civil Code Title 1.81.5, The California Consumer Privacy Act of 2018).

The United States Federal Trade Commission (FTC) is the enforcement authority with jurisdiction over this compliance.

2.0 THE INFORMATION WE COLLECT

In this section, we provide you with details about some of the information we currently collect about users of our Website, Applications, and/or Service (collectively, “User Data”), the categories of sources of that information, and the business purpose for collecting that information.

  • User Key. Your Healthcare Portal Provider provides us with a user key (the “User Key”) that identifies you as a registered member of the healthcare application or website. This allows us to verify that we are authorized to collect your User Data and provide you with the Service, based on the permission you provided to your Healthcare Portal Provider in connection with your use of such Service.
  • Personal Information. Depending on the Service and/or Applications you use, we may collect information by which you may be personally identified, such as name, date of birth, address, e-mail address and/or telephone number (“Personal Information”). We may also collect Personal Information that you submit to us in connection with your use of the Website, such as when you submit a contact request form.  If the Applications you use require us to contact you using your Personal Information, we will contact you based on the permissions you provided to your Healthcare Portal Provider in connection with your use of such Applications.
  • Program Data. We will collect User Data produced by your use of, or uploaded by you to, certain integrated third party applications, programs and/or devices that you may elect to use in connection with the Website, Application and/or the Service (“Programs”). We provide you with information about Programs that connect with the Service. These Programs typically have features that collect and store data and/or other information about you and/or permit you to upload the same to your user account with the Program. When you choose to integrate these Programs with the Service, they will be able to provide us with access to some or all of that data and/or other information (the “Program Data”). You should review information from the Programs, including their privacy statements and terms of use, prior to using them or allowing them access to any information about you. These Programs are not sold, designed or manufactured by the Company. All support for these Programs is provided by the Program provider. The Company does not warrant and is not responsible for the quality, use or operation of the Programs and your use of any such Programs is governed by separate terms of use and privacy statements by the Program provider. We then share the Program Data with your Healthcare Portal Provider.
  • Company Applications. Certain Applications (e.g., HealthBridge) may collect and use your Personal Information to link you to the program that has been created for you by your Healthcare Portal Provider and to identify you to your Healthcare Portal Provider. Also, we will collect Program Data and other health and wellness User Data produced by your use of, or uploaded by you to, the Applications.  We provide you with information about Applications that connect with the Service or that are used in connection with the Website and/or the Service. These Applications have features that collect and store data and/or other information about you, including Program Data and health and wellness User Data. When you choose to access or use the Applications, they will be able to provide us with access to some or all of such data and/or other information (the “Application Data”).  We will share Application Data only with your Healthcare Portal Provider.
  • Cookie Information. “Cookies” are small files that a site or its service provider transfers (if you allow) to your computer, mobile phone or other device with a web browser and data storage capability that enables the sites or service provider’s systems to recognize your browser and capture and remember certain information. Most web browsers will accept cookies by default, but they can be set to reject cookies, either from all websites or from specific sites. You can also manually delete cookies from your web browser. These options are generally set through a “Privacy” setting in your browser setup, but you should know that in some cases blocking, rejecting or deleting cookies may impact your ability to use the Website or the Service. We use cookies to help remember you as a user. We may also use cookies in the future in other ways to provide and to improve the Service, to make the Website easier to use, or for other similar purposes. The Application does not use Cookies, but utilizes session information, which exists for the duration of an online session.  Such information disappears from your device when you close the Application or turn off your device.
  • Navigational Information. We may collect and use information and data from you when you are using the Service, Applications, and/or Website through the standard operation of our Internet servers. Information collected from you may include user Internet Protocol (IP) addresses, browser type and version, domain names, referring/exit pages, devices, operating system, date/time stamp, click stream data and anonymous statistical data regarding your use of the Service and/or Website. For example, we can tell which Internet Service Provider our users use, but not the names, addresses or other information that would allow us to identify particular users. We use this information to analyze trends, to administer and to improve the Service, Applications, and Website, to track users’ movements around the Applications, and Website and to gather demographic and other aggregate information (as described in more detail below) about our user base as a whole. The Application does not collect Navigational Information.
  • Clear Gifs. We may also employ a software technology called “clear gifs” (also known as “web beacons” or “web bugs”) that helps us better manage content on the Website by providing us feedback as to what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of users. In contrast to cookies, which are stored on your web enabled device’s hard drive, clear gifs are embedded invisibly on a website page, web-based document or email message and are about the size of the period at the end of this sentence. Clear gifs may be used in our HTML-based emails to confirm receipt of, and response to our emails, including those that you forward to other recipients. The Application does not utilize Clear Gifs.
  • Site Information. Due to communications standards on the internet, when you visit the Website we typically automatically receive the URL of the site from which you came and the site to which you are going when you leave our Website. We also receive the internet protocol address of your computer (or the proxy server you use to access the Internet), your computer operating system and type of web browser you are using, email patterns, your mobile device and mobile operating system, as well as the name of your ISP or your mobile carrier. We may also receive location data on our Website passed to us from third-party services or GPS-enabled devices that you have enabled. The Application may request access to location services, on Android devices, in order to initiate Bluetooth pairing; however, we do not collect your geo-location or GPS data by or through the Application.
  • Site Analytics. We may analyze your use of the Website, Applications, and/or Service with third party software that allows us to monitor and record your navigation and usage activities, in order to better customize and improve our Website, Applications, Service and other products. The Application does not monitor or record your navigation and usage activities.
  • Aggregated User Data. In an ongoing effort to better understand and serve the users of the Website, Applications, and the Services, we may analyze the User Data and conduct research on demographics, interests, behavior and other topics based on User Data of our end users, including you, that is provided to, collected by or otherwise available to us. We use the User Data from you and other users and reformat, supplement, compile, analyze and/or aggregate these datasets together to create what we term “Aggregated User Data.” We use such Aggregated User Data for product development and to improve our products and services and may share certain components of this User Data and/or Aggregated User Data with our affiliates, agents and business partners as described below.

3.0 HOW WE USE THE INFORMATION WE COLLECT

  • Sharing with Healthcare Portal Providers. We share the Program Data we collect from the Programs only with your Healthcare Portal Provider.
  • Outside Contractors. We may employ independent contractors, vendors, suppliers and other third parties to support our services and products (including the Website, Applications, and the Service), such as hosting, monitoring and maintaining the Website, Applications, and/or the Service, administering or monitoring emails, analyzing our users’ preferences, developing or improving applications for the Website, Applications, and the Service and providing other related services. These parties may sometimes have limited access to User Data, in the course of providing products or services to us. Access to your User Data by these parties is limited to the information that we determine, in our sole discretion, to be reasonably necessary in order for them to perform their function for us. We use commercially reasonable efforts to require outside contractors to protect the privacy of your User Data under privacy policies or confidentiality agreements that are at least as protective of your User Data as this Privacy Policy, and do not authorize them to use your User Data except for the express purpose for which it is provided.  You acknowledge and understand, however, we have no control over the actions or policies of such outside contractors and do not bear any responsibility for any such actions or policies of these parties.
  • Business Transfers. We may also disclose and/or transfer your User Data to third parties in connection with a corporate transaction, such as a merger, acquisition by another company or sale or other transfer of all or a portion of our business or assets.
  • Lawful requests by public authorities. We will disclose personal information in response to lawful requests by public authorities, including when there is a need to meet national security or law enforcement requirements.
  • Do Not Sell. The Company does not sell your personal information.

4.0 REVIEWING, UPDATING AND DELETING YOUR INFORMATION

We provide your Healthcare Portal Provider with the capability to review, update and delete your User Data, including your personal data, if and to the extent applicable based on the Service and/or Applications you use. We require your permission before any of your User Data (including your personal data) is accessed, retrieved or made available to your Healthcare Portal Provider. You may change your level of permission at any time to enhance or limit the collection, use, and/or disclosure of your User Data (including your personal data). In addition, we provide your Healthcare Portal Provider the ability to allow you to revoke permission to access your User Data (including your personal data) and will permanently delete any records that we have of your User Data (including your personal data). You may revoke your consent to allow the Applications to connect to any Program, including, but not limited to, by accessing your Bluetooth settings and selecting “Forget this Device” option.

5.0 LINKS AND ADVERTISING

We do not advertise on our Website, Applications, or through the Service and do not provide any User Data to advertisers or otherwise to third parties for the purpose of advertising or marketing. From time to time, the Website and/or Applications may contain hyperlinks (“Links”) to third parties, including third party providers of certain Programs. Such Links are for your reference only, and we neither control the privacy policies of such linked websites nor are we liable or responsible in any way for the use of any personally identifiable information that you may provide such sites. We recommend that you remain aware when you leave the Website and/or Applications and review the terms of use and privacy policies of each and every linked website.

You should also be aware that if you voluntarily disclose personally identifiable information in an email or other communications with any third party listed on the Website, Applications, or in other materials, that information, along with any other information disclosed in your communication, can be collected and correlated and used by such third parties and may result in your receiving unsolicited messages from other persons. Such collection, correlation, use and messages are beyond our control.

6.0 SECURITY

  • Steps we take to keep your information secure. The security of your User Data is important to us. We have put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and secure User Data from unauthorized access, including as set forth in more detail in our Company Security Policy available at https://validic.com/legal/data-security (the “Security Policy”).
  • Risks inherent in sharing information. Notwithstanding our commitment to protect your information, you should be aware that there is always some risk involved in transmitting information over the internet. In addition to the risk that the employees, contractors and others subject to our Security Policy may fail to follow required procedures, there is also some risk your or our network and/or security systems could be circumvented or breached, including by third parties who use our Website, Applications, or Service in order to do so. As a result, while we strive to use commercially reasonable means to protect your User Data, we cannot ensure or warrant the security and privacy of your User Data, Application Data, or any other information you transmit to us, or of your or our network and/or security systems. If you have any questions regarding the security of the Website, Applications, or the Service you can contact our privacy team at the email address set forth above.

7.0 CHILDREN’S POLICY

The Website and the Service are for general audiences and neither is directed toward those under 18 years of age. We do not knowingly collect Personal Information from children under 13 without parental consent. If you become aware that a child has provided us with Personal Information, please contact our Privacy Officer at the email address in the Contact Information section. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to remove such information and terminate the child’s account.

8.0 CALIFORNIA PRIVACY RIGHTS

California Civil Code Sec. 1798.100, et seq. (also known as the California Consumer Privacy Act of 2018) (“CCPA”) provides certain rights to California residents regarding their Personal Information. A California resident has the right to request that we disclose certain information, including: (1) the categories of Personal Information it has collected about that California resident, (2) the categories of sources from which the Personal Information is collected, (3) the business or commercial purpose for collecting or selling the Personal Information, (4) the categories of third parties with whom the Company shares Personal Information, and (5) the specific pieces of Personal Information it has collected about that resident. A California resident has the right to request that we delete his/her Personal Information. Finally, a California resident has the right not to be discriminated against for exercising his/her privacy rights under the CCPA. You can request such Personal Information and change your Personal Information by emailing us at privacy@validic.com. In the event of a conflict between a term set forth in this Section 8.0 and a term set forth in our standard data processing addendum that was provided to you in connection with the agreement into which you entered with us to govern your use of the Services, the latter prevails.

Pursuant to California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Compliant Assistance Unit of the Division of Consumer Services for the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.

9.0 ENFORCEMENT

We regularly review our compliance with this Privacy Policy. Please let us know of any questions or concerns you have regarding this Privacy Policy or our compliance with this Privacy Policy by contacting our Privacy Officer at the email address in the Contact Information section. When we receive formal written complaints, it is our policy to contact that complaining user regarding his/her concerns. We will cooperate with the appropriate regulatory authorities to resolve any complaints regarding the transfer of personal data that cannot be resolved between the Company and an individual or entity.

Please remember that your use of the Website and the Service is also governed by our legal terms, which are available at https://validic.com/legal/terms.

10.0 DATA PROTECTION OFFICER

The Company designates the Senior Privacy and Security Manager as the Data Protection Officer in compliance with the General Data Protection Regulation (EU) 2016/679 and can be contacted at security@validic.com.

Data Protection Officer
701 W. Main Street, Suite 620
Durham, NC 27701

11.0 RIGHT TO SUBMIT REQUESTS

You shall have the right to request that Company disclose the categories and specific pieces of personal information that Company has collected, used or disclosed about you. You shall not be treated differently based on exercising your rights as provided herein.

Requests may be submitted to privacy@validic.com or
Validic, Inc.
Privacy Officer
701 W. Main Street, Suite 620
Durham, NC 27701
privacy@validic.com

12.0 CHANGES TO THIS PRIVACY POLICY

We may revise this Privacy Policy from time to time. When we do so, we will revise the “Updated” date at the top of this Privacy Policy. Any such change will be effective immediately upon posting on the Website. You are responsible for checking the Privacy Policy for such changes.

13.0 CONTACT INFORMATION

If you have questions or complaints regarding this Policy or our practices, or wish your personal data deleted from our records, please contact the Company at:

Validic, Inc.
Privacy Officer
701 W. Main Street, Suite 620
Durham, NC 27701
privacy@validic.com