Privacy Policy

• This Privacy Policy was last updated on January 20, 2026.

  1.0 General Statement

  Validic, Inc., a Delaware corporation (“Validic,” the “Company”, “we”, “us” or “our”), provides data integration services that connect health information from devices and applications to our business customers ("Clients"). Our Clients include corporate wellness programs, healthcare providers, insurance companies, and integrated health systems that use our services to collect and manage health data from their members, patients, employees, or beneficiaries ("End Users"). We maintain an informational website at www.validic.com (the "Website") and may develop certain mobile applications (the "Applications", such as HealthBridge) that End Users may use as part of programs offered by our Clients. Our data integration platform (the "Service") allows End Users' health data from various devices and third-party applications to be securely transmitted to our Clients. Validic, Inc., may also provide Services through its wholly-owned subsidiary, Validic Logistics, LLC. 

  This privacy policy (“Privacy Policy”) applies to the Website, the Applications, and the Validic Services and describes: (i) the information we collect; (ii) how we use it; (iii) with whom we share it; and (iv) other related matters. If and to the extent we process personally identifiable information subject to requirements not outlined in this Privacy Policy and mandated by data privacy laws applicable to our business, upon request, we will provide Clients with a data processing addendum to govern our compliance therewith. The Website Terms of Use are available at www.validic.com/terms-and-conditions. 

  Validic operates primarily as a business-to-business (B2B) service provider, processing data on behalf of its Clients. Our Clients are responsible for their own privacy practices and for informing End Users about how their data is processed, including any processing performed by Validic on the Client's behalf. When End Users interact with Applications provided by Validic, they do so through arrangements established by our Clients. 

  The Company controls, owns, and manages the information collected on the Website. Our Website (www.validic.com) is primarily informational and serves our business interests. While the Website may collect limited information as described in this Policy, it is separate from our core data processing Services and Applications, which are provided to Clients and their End Users. 

  The Company processes information collected by and through the Application and Service on behalf of its Clients , and may use such information to provide the Service and to build and grow our business in the manner described in this Privacy Policy. In connection with our provision of the Application and Service, each End User understands and acknowledges we are a data processor and not a controller (as such terms are defined under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data) and a service provider and not a business (as such terms are defined under California Civil Code Title 1.81.5, The California Consumer Privacy Act of 2018). 

  Under the EU Data Act, our Clients typically serve as 'data holders' with direct responsibility for End User data, while Validic operates as a data processor. End Users should direct data access, modification, or deletion requests to our Clients, with whom they have a direct relationship. Validic provides the technical infrastructure that enables our Clients to fulfill their data access obligations. The technical diagnostic data we collect from our SDKs is designed to exclude personal information as defined by applicable privacy laws, including the EU-U.S. DPF, its UK Extension, and the Swiss-U.S. DPF. In the event such technical diagnostic data is transferred to third parties acting as our agents, the protections described in this section will apply. 

  Validic has appointed Data Rep as its legal representative in the European Union for data protection matters. This representative may be contacted regarding any matters related to our compliance with EU data regulations. 

  The United States Federal Trade Commission (FTC) is the enforcement authority with jurisdiction over Validic's compliance with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. 

  For persons residing in or citizens of the European Union, Validic complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) set forth by the U.S. Department of Commerce. Validic has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union, the United Kingdom, and Switzerland in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Under the EU Data Act, Validic primarily operates as a data processor for its Clients, who typically serve as the 'data holders' with direct control over End User data. Validic provides the technical infrastructure and services that enable our Clients to fulfill their daa access obligations to End Users. End Users should direct data access, modification, or deletion requests to the Client with whom they have a direct relationship. 

  As such, an End User may have the right, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by other DPF mechanisms. Validic is obligated to arbitrate claims and follow the terms set forth in Annex I of the DPF Principles when an individual has properly invoked binding arbitration. To initiate this process, an End User must provide notice to our organization and adhere to the procedures and conditions outlined in Annex I of the DPF Principles. This arbitration option is available only for these purposes. Notably, arbitration is not available for claims concerning the exceptions to the Principles or allegations regarding the adequacy of the DPF. For comprehensive information about the binding arbitration process, including its scope, procedures, and conditions, please refer to Annex I of the DPF Principles, available at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction. 

  2.0 THE INFORMATION WE COLLECT
  

  In this section, we provide details about some of the information we currently collect about users of our Website, Applications, and/or Service (collectively, “User Data”), the categories of sources of that information, and the business purpose for collecting that information. Our primary purpose is to process data on behalf of our Clients. Our Clients provide us with access credentials that allow us to collect health data on their behalf. End Users provide permission to our Clients for this data collection, not directly to Validic. We then process this data according to our agreement with our Clients and transmit it to them for their use in providing healthcare services. 

  ● User Key. Each provides us with a user key (the “User Key”) that identifies an End User as an enrolled participant in a Client program . This allows us to verify that we are authorized to collect each End User’s User Data and provide our Clients with the Service, based on the permission provided in our Agreement. 
  

  ● Personal Information. Depending on the Service and/or Applications used, we may collect information by which an End User may be personally identified, such as name, date of birth, address, e-mail address and/or telephone number (“Personal Information”). We may also collect Personal Information submitted to us in connection with use of the Website, such as submitting contact request form. If the Applications in a Client Program require us to contact an End User using Personal Information, we will contact each End User based on the permissions provided to the Client. 
  

  ● Program Data. Validic's Service connects with various third-party health applications, devices, and programs ("Programs"). When End Users utilize these Programs through a Client's offering, Validic collects the resulting data ("Program Data"). These Programs have features that collect, store, and allow uploading of health information. When a Client integrates these Programs with Validic's Service, Validic receives access to this Program Data. Clients should review each Program’s privacy statements and terms of use before offering them to End Users. These Programs are not sold, designed, or manufactured by Validic, and all Program support comes directly from the Program providers. Validic is not responsible for the quality or operation of these Programs. 

  Validic shares the collected Program Data with the respective Client who offered the Program, limiting shared data to what is necessary for the intended purposes. Importantly, End Users’ use of any Program is governed by that Program’s own terms and privacy policies. 
  

  ● Company Applications. Certain Applications (e.g., HealthBridge) may collect and use End Users’ Personal Information to link individual End Users to the program that has been created for a Client and to identify individual End Users to that Client. Also, we will collect Program Data and other health and wellness User Data produced by the Applications. We provide Clients with information about Applications that connect with the Service or that are used in connection with the Service. These Applications have features that collect and store data and/or other information about End Users, including Program Data and health and wellness User Data. When an End User accesses or uses the Applications, the Applications provide to some or all of such data and/or other information to Validic (the “Application Data”). We will share Application Data only with the appropriate Client for each End User. 
  

  ● Cookie Information. Our Website may use cookies, web beacons, and similar technologies to provide functionality, analyze performance, and support marketing activities. When you first visit our Website, a consent banner allows you to accept or reject non-essential cookies by category. Cookies are small text files stored on your device that enable our systems to recognize your browser. We use strictly necessary cookies required for Website operation, performance cookies for analytics, and marketing cookies for targeted advertising and behavioral tracking (including heat mapping, session recording, and intent data collection through third-party services). You can manage your preferences at any time through the "Cookie Settings" link in our Website footer or through your browser settings, though disabling certain cookies may affect Website functionality. A complete, current list of cookies, including provider names, purposes, and durations, is maintained in our 

  The Application does not use cookies, but instead utilizes session information that exists only during an active online session only and disappears when you close the Application or turn off your device. 

  ● Navigational Information. Validic collects minimal navigational data (such as pages visited or click patterns) and only when End Users interact with the Validic Website. The Service itself operates primarily through API calls, Bluetooth, and cellular connections rather than through browsable interfaces, so traditional website navigation tracking doesn't apply to most Service interactions. When End Users access Client-managed interfaces that display Validic data, any navigational information would be collected by the Client rather than Validic. This distinction is important for understanding data collection responsibilities under privacy regulations such as the CCPA. 
  

  ● Clear Gifs. We may also employ software called “clear gifs” (also known as “web beacons” or “tracking pixels ”) that help us manage content on the Website by providing us feedback as to which content is effective, track email engagement, and enable third-party analytics. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, used to track the online movements of Website visitors . Clear gifs may be used in our HTML-based emails to track delivery, opens, and clicks; you can disable email tracking by disabling images in your email client or unsubscribing via the link in each message. Third-party clear gifs on our Website are managed through our Cookie Preference Center The Application does not utilize Clear Gifs. 
  

  ● Marketing Email Communications. We collect email addresses through our Website contact forms and marketing activities. We use a double opt-in process for all marketing communications, meaning you must confirm your subscription before receiving marketing emails from us. You can unsubscribe from marketing emails at any time through the unsubscribe link in each message or by contacting privacy@validic.com. We do not use email addresses collected for marketing purposes for any other purpose without your separate consent. Note that even if you unsubscribe from marketing emails, we may still send you transactional or service-related emails necessary for our business relationship with your Client. 
  

  ● Site Information. Due to standard internet communications protocols, when End Users visit the Website, Validic automatically receives certain technical information. This includes the referring website URL, the destination URL upon leaving the Website, internet protocol addresses, proxy server information, computer operating system details, web browser type, time zone data, mobile device information, mobile operating system identification, and internet service provider or mobile carrier names. 

  Validic does not collect precise location data of End Users at any time, either through the Website or the Service. The Application may request access to location services on Android devices solely to facilitate Bluetooth pairing functionality; however, even in these instances, Validic does not collect, store, or process the actual geo-location or GPS coordinates of End Users. 

  ● Site Analytics. We may use third-party analytics services to analyze Website, Application, and/or Service usage and improve our Service. These services may collect page visits, click patterns, device information, approximate location, referral sources, and behavioral data including session recordings and heat maps. Current providers and detailed information about data collection are available in our Cookie Preference Center. You can opt out through our Cookie Preference Center, browser settings, or provider-specific opt-out tools such as the Google Analytics Opt-Out Add-on. Data collected through these analytics tools is used in aggregate form to understand general usage patterns rather than to track specific individuals. The Application does not monitor or record End User navigation and usage activities. 
  

  ● Aggregated User Data. In an ongoing effort to better understand and serve the users of the Website, Applications, and the Services, we may analyze the User Data and conduct research on demographics, interests, behavior, and other topics based on User Data that is provided to, collected by, or otherwise available to us. Validic reformats, supplements, compiles, and analyzes these datasets to create derivatives of such data (“Aggregated User Data”). This Aggregated User Data is irreversibly de-identified and may include information, analysis, statistics, and other data generated by Validic. Validic uses Aggregated User Data for product development, analytics, and to improve products and services. Validic may share components of Aggregated User Data with affiliates, agents, and business partners, but only in a form that would not permit identification of individual End Users. 
  

  ● Sensitive Information. For most Services, Validic is a subcontractor or Business Associate to its Clients, which may include Business Associates or Covered Entities. When End Users participate in Programs provided by Validic’s Clients, they have opportunities to consent or decline to consent to sharing Sensitive Information, which may include personal information related to medical or health conditions. End Users who do not wish to share this information with Validic must either opt out of data sharing or, if already sharing data through a Program, promptly inform their .Program provider to disenroll them from the Program. If End Users do not agree to share certain types of data with Validic, the program provider will not receive it and some Services may not be available to them. 

  A clear, conspicuous, and readily available mechanism to opt out of data sharing is presented when End Users are synchronize devices to our Services. In accordance with our commitment to data minimization, we collect and process only the Program Data that is relevant and necessary for the specified purposes of providing and improving our Service. For example, Validic will not collect Sensitive Information on End Users that is not related to the Program they are participating in. Validic regularly review the types and amount of Program Data we collect to ensure we are not collecting excessive information. 
  

  3.0 HOW WE USE THE INFORMATION WE COLLECT

  • Sharing with Clients. We share the Program Data we collect from the Programs only with the respective Client for each End User. As a data processor working on behalf of healthcare providers and other data controllers, Validic supports the technical infrastructure that enables its clients to fulfill user requests to share data with third parties. Users should direct requests to share their data with third parties to their program manager, who may then instruct us to facilitate such sharing through our integration services, where technically feasible. 
    

  ● Technical Diagnostic Data. We collect and process non-identifiable technical log data from our SDKs for troubleshooting, quality assurance, and service improvement. This data explicitly excludes PHI (as defined by HIPAA) or personal information under applicable privacy laws. This data includes device connectivity, software operations, error patterns, timing, and performance metrics that help us resolve technical issues. Our SDKs are configured to send this data to Validic by default, but Clients can opt out at any time through SDK settings or by contacting support. Collected data is securely stored, retained for a limited period (typically 30 days), accessible only by authorized personnel, never combined with personal or health information, and limited to what's necessary for service improvement and troubleshooting. 

  ● Outside Contractors. We may employ independent contractors, vendors, suppliers, and other third parties to support our services and products (including the Website, Applications, and the Service). These providers may perform functions such as hosting, monitoring, and maintaining the Website, Applications, and/or the Service, administering or monitoring emails, analyzing our users’ preferences, developing or improving applications for the Website, Applications, and the Service and providing other related services. These parties may sometimes have limited access to User Data, including sharing non-identifiable technical diagnostic data, in the course of providing products or services to us. Access to User Data by these parties is limited to the information that we determine, in our sole discretion, to be reasonably necessary in order for them to perform their function for us. We use commercially reasonable efforts to require outside contractors to protect the privacy of User Data under privacy policies or confidentiality agreements that are at least as protective as this Privacy Policy, and does not authorize them to use User Data except for the express purpose for which it is provided. However, Validic has no control over the actions or policies of such outside contractors and does not bear any responsibility for any such actions or policies of these parties. 
  

  ● Business Transfers. We may also disclose and/or transfer User Data to third parties in connection with a corporate transaction, such as a merger, acquisition by another company, or sale or other transfer of all or a portion of our business or assets. 
  

  ● Lawful requests by public authorities. Validic will disclose personal information in response to lawful requests by public authorities only when accompanied by appropriate written evidence, such as a court order, subpoena, or other valid legal document. Validic requires this documentation to verify the legitimacy and scope of the request. Before responding to any such request, Validic will consult with legal counsel whenever possible to ensure compliance with applicable laws while protecting End User privacy to the extent permitted by law. This includes requests related to national security or law enforcement requirements. Validic will only disclose the specific information legally required by the documented request. . 
  

  ● Do Not Sell. Validic does not sell personal information. Third-party analytics and marketing tools used on our Website collect data through cookies and tracking technologies and are subject to their own privacy policies. For details about these tools and how to opt out, see our Cookie Preference Center or your browser settings. 
  

  ● Third-Party Transfers and Data Protection Framework Liability. Validic does not currently transfer personal information to third parties. However, in the event that Validic decides in the future to transfer personal information to a third party acting as an agent on its behalf, Validic shall remain liable under the Data Privacy Framework (DPF) Principles if such agent processes the personal information in a manner inconsistent with the DPF Principles. This liability will persist unless Validic can prove that it is not responsible for the event giving rise to the damage. Validic is committed to ensuring the protection and proper handling of personal information in accordance with the EU-U.S. DPF, its UK Extension, and the Swiss-U.S. DPF, both in its current operations and in any potential future arrangements involving third-party data processors. 

  4.0 REVIEWING, UPDATING, AND DELETING YOUR INFORMATION
  

  Who This Policy Applies To: This Privacy Policy describes how Validic processes data on behalf of our Clients (healthcare providers, wellness programs, etc.) and applies to End Users who participate in Client programs. If you are an End User, our Client is responsible for explaining how your Program Data is used. This Policy describes Validic's role as a data processor. 

  We provide our Clients with the capability to review, update, and delete End Users’User Data, including personal data, if and to the extent applicable based on the Service and/or Applications associated with each Client. We require each End User’s permission before any of User Data (including personal data) is accessed, retrieved, or made available to our Clients. An End User may change the level of permission at any time to enhance or limit the collection, use, and/or disclosure of their User Data (including personal data). In addition, we provide our Clients the ability to revoke permission to access an End Users’sUser Data (including personal data) and will permanently delete any records that we have of that End User’s User Data (including personal data). 

  An End User may revoke their consent to allow the Applications to connect to any Program at any time by disconnecting their devices through their Client's interface or device settings, including by accessing Bluetooth settings and selecting the "Forget this Device" option. This disconnection immediately stops the flow of new data to Validic's systems, providing End Users with direct control over their ongoing data collection. 

  To support compliance with the EU Data Act, Validic maintains a streaming API that enables continuous, real-time data access. This technical infrastructure supports our Clients in fulfilling their obligations to provide data access on fair, reasonable, and non-discriminatory terms to authorized third parties, as may be required under applicable regulations. 

  Furthermore, upon receiving a verifiable request from an End Us, we will delete any consumer or marketing information we have collected about that End User. This includes any data used for consumer profiling, marketing purposes, or any other non-essential business operations. To submit a verifiable request for deletion of consumer or marketing information, please contact our Privacy Officer at the email address provided in the Contact Information section. We will process any such request within a reasonable timeframe and in accordance with applicable data protection laws. 

  For data related to connected products in the EU, Validic supports its Clients in fulfilling their obligations to provide users with access to their data. As a data processor and integration service provider, we ensure that data is properly transmitted to healthcare providers in formats that enable them to provide users with access in accordance with EU Data Act requirements. 

  Upon termination of our contract with a healthcare provider client, we will coordinate with that client to ensure the orderly transition of data. We will maintain their data for a retrieval period as specified in our service agreement (typically at least 30 calendar days) to allow the healthcare provider to export relevant data for their patients or connected users in appropriate formats. After this period, we will erase the client's data unless retention is required by law or otherwise specified in our service agreement. End users should direct any data export requests to their healthcare provider, as Validic does not maintain direct contractual relationships with individual patients or device users. 

  Please note that certain information may be retained as required by law or for legitimate business purposes, such as maintaining the security and integrity of our systems or complying with legal obligations. However, we will ensure that any retained data is used solely for these purposes and not for marketing or consumer profiling. 

  5.0 LINKS AND ADVERTISING

  We do not advertise on our Website, Applications, or through the Service and do not provide any User Data to advertisers or otherwise to third parties for the purpose of advertising or marketing. From time to time, the Website and/or Applications may contain hyperlinks (“Links”) to third parties, including third-party providers of certain Programs. Such Links are for reference only, and we neither control the privacy policies of such linked websites nor are we liable or responsible in any way for the use of any personally identifiable information that an End User may provide such sites. 

  End Users should be aware that when they voluntarily disclose personally identifiable information in communications with any third party listed on the Website, Applications, or in other materials, that information, along with any other information disclosed in their communication, can be collected, stored, and used by such third parties. This may result in End Users receiving unsolicited messages from other persons or entities. For example, if an End User sends an email containing personal details to a third-party provider listed on the Website or Applications, that third party may collect and use that information for their own purposes, including marketing. Such collection, usage, and resulting communications are beyond Validic's control and are governed by the third party's own privacy policies. Validic recommends that End Users review third parties' privacy policies before sharing personal information with them. 

  6.0 SECURITY
  

  • Steps we take to keep information secure. The security of allUser Data is important to us. We have implemented commercially reasonable physical, electronic, and managerial procedures to safeguard and secure User Data from unauthorized access, including as set forth in more detail in our Company Security Policy available at https://validic.com/legal/data-security (the “Security Policy”). 
    

  ● Risks inherent in sharing information. Notwithstanding Validic's commitment to protect information, End Users should be aware that there is always some risk involved in transmitting information over the internet. In addition to the risk that employees, contractors and others subject to Validic's Security Policy may fail to follow required procedures, there is also some risk that End User or Validic network and/or security systems could be circumvented or breached, including by third parties who use the Website, Applications, or Service in order to do so. As a result, while Validic strives to use commercially reasonable means to protect End User Data, Validic cannot ensure or warrant the security and privacy of End User Data, Application Data, or any other information transmitted to Validic, or of End User or Validic network and/or security systems. For routine questions about data usage, End Users should first contact their healthcare provider, wellness program, or other Client entity with whom they have a direct relationship. These Clients may then contact Validic if additional information is required. End Users should refer to the relevant sections of this Privacy Policy regarding their data rights and how to exercise them, including the specific provisions for EU/UK/Swiss residents. 

  7.0 CHILDREN’S POLICY
  

  The Website and the Service are for general audiences and neither is directed toward those under 18 years of age. Given the nature of Validic's healthcare data integration services, End Users are typically adults participating in healthcare programs through our Clients. We do not knowingly collect Personal Information from children under 13 without parental consent. Should anyone become aware that a child has provided Personal Information to us, they should contact our Privacy Officer at the email address in the Contact Information section. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to remove such information and terminate the child’s account. 

  8.0 California Privacy Rights
  

  8.1 California Civil Code Sec. 1798.100, et seq. (also known as the California Consumer Privacy Act of 2018) (“CCPA”) provides certain rights to California residents regarding their Personal Information. A California resident has the right to request that Validic disclose certain information, including: (1) the categories of Personal Information Validic has collected about that California resident, (2) the categories of sources from which the Personal Information is collected, (3) the business or commercial purpose for collecting or selling the Personal Information, (4) the categories of third parties with whom the Company shares Personal Information, and (5) the specific pieces of Personal Information it has collected about that resident. A California resident has the right to request that Validic delete their Personal Information. Finally, a California resident has the right not to be discriminated against for exercising his/her privacy rights under the CCPA. 

  California residents can request such Personal Information and request changes to their Personal Information by emailing us at privacy@validic.com. For Clients of Validic, additional terms regarding CCPA compliance may be set forth in Validic's standard data processing addendum or master services agreement, but such terms do not limit the statutory rights of California residents. 

  Right to Opt-Out of Sale/Sharing. Validic does not sell health data, Program Data, or Client-related information collected through our Services and Applications. California residents can opt out of third-party data collection on our Website through our Cookie Preference Center. 

  Pursuant to California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Compliant Assistance Unit of the Division of Consumer Services for the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210. 

  8.2 ADDITIONAL STATE PRIVACY RIGHTS 

  In addition to the California privacy rights described above, residents of Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Florida, New Jersey, Maryland and other states with comprehensive privacy laws may have similar rights regarding their personal information, including: 

  - Right to confirm whether personal data is being processed 

  - Right to access personal data 

  - Right to correct inaccuracies in personal data 

  - Right to delete personal data 

  - Right to obtain a copy of the personal data previously provided to us in a portable format where technically feasible 

  - Right to opt out of processing for targeted advertising 

  - Right to opt out of the sale of personal data 

  - Right to opt out of profiling in certain circumstances 

  Validic honors these rights for all consumers regardless of residence. To exercise any of these rights, please contact our Privacy Officer at privacy@validic.com. We will respond to requests within the timeframe required by applicable law. We may verify identity before fulfilling these requests. 

  We do not discriminate against anyone for exercising any of these rights. 

  9.0 ENFORCEMENT
  

  Validic regularly reviews compliance with this Privacy Policy. End Users or Clients with questions or concerns regarding this Privacy Policy or Validic's compliance may contact Validic's Privacy Officer at the email address provided in the Contact Information section. 

  When Validic receives formal written complaints, it is Validic's policy to contact the complaining party regarding their concerns. Validic will cooperate with appropriate regulatory authorities to resolve any complaints regarding the transfer of personal data that cannot be resolved directly between Validic and the individual or entity involved. 

  Use of the Website is also governed by our legal terms, which are available at https://validic.com/legal/terms. 

  10.0 DATA PROTECTION OFFICER

  The Company designates the Chief Information Security Officer as the Data Protection Officer in compliance with the General Data Protection Regulation (EU) 2016/679 and can be contacted at security@validic.com. 

  Data Protection Officer 

  2093 Philadelphia Pike #7010 

  Claymont, DE 19703 

  11.0 RIGHT TO SUBMIT REQUESTS
  

  Individuals have the right to request that Company disclose the categories and specific pieces of personal information that Company has collected, used or disclosed about them . No individual shall be treated differently based on exercising the rights as provided herein. In accordance with our verification obligations, Validic requires data deletion requests to be submitted directly by the data subject or through a properly authorized representative with documented proof of authorization. Third-party data removal services (such as DeleteMe, Incogni, Optery, or similar vendors) must provide verifiable evidence of their legal authority to act on behalf of the individual data subject. Requests without proper authorization documentation will not be processed. 

  Validic investigates and attempts to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Data Privacy Framework Principles. 

  For data protection concerns from EU, UK, and Swiss residents that remain unresolved through Validic's standard complaint procedures, Validic has established additional recourse mechanisms: in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Validic commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. 

  In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Validic commits to resolving DPF Principles-related complaints about our collection and use of personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, should first contact Validic at the address below. 

  All requests for information disclosure or complaints may be submitted to privacy@validic.com or 

  Validic, Inc. Privacy Officer 2093 Philadelphia Pike #7010 

  Claymont, DE 19703 privacy@validic.com 

  Or, if you are an EU person, in the UK, or Switzerland, please contact: 

  DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom 

  12.0 PUBLIC SECTOR DATA ACCESS

  In cases of exceptional need as defined by the EU Data Act, we may be required to make certain data available to public sector bodies, the European Commission, the European Central Bank, or Union bodies. Such exceptional needs include responding to public emergencies or fulfilling specific tasks in the public interest. We will notify affected users when legally permitted. 

  13.0 CHANGES TO THIS PRIVACY POLICY 

  We may revise this Privacy Policy from time to time. When we do so, we will revise the “Updated” date at the top of this Privacy Policy. Any such change will be effective immediately upon posting on the Website. Clients are responsible for checking the Privacy Policy for such changes. 

  14.0 CONTACT INFORMATION
  

For questions or complaints regarding this Policy, our practices, or to make a personal data deletion request from our records, please contact the Company at: 

Validic, Inc Privacy Officer 2093 Philadelphia Pike #7010 

Claymont, DE 19703 privacy@validic.com