Effective Date: September 2022
When we process personal data (also referred to as personally identifiable information, PII), we can be subject to various data protection- or privacy laws including the EU General Data Protection Regulation (GDPR), the (largely still the same) UK GDPR, US state privacy laws such as the California Consumer Privacy Act (CCPA) (or, from 1 January 2023, the California Privacy Rights Act, CPRA), and other national laws. At the end of this policy, we note the way in which these different laws apply (often also extra-territorially) (see under the heading “Applicable law”). This policy seeks to ensure compliance in principle with all the relevant privacy/data protection laws, by following best practices under the most demanding instrument, the GDPR, as indicated in particular by the UK Information Commissioner’s Office (ICO). If any law applies other than the GDPR, we will abide by any stricter rules it may contain in any specific respect.
At the end of this policy we also provide basic information on how we build privacy- and data protection law compliance into all our solutions “Privacy and Data Protection by Design and Default” (see under that heading).
Scope of this policy
By “personal information or data” we mean any information or data that relates to an identified or identifiable living person. In the United States, this type of information is often referred to as “Personally Identifiable Information or PII, while in Europe, the term “personal data” is used.
(There are some differences between US-defined PII and Europe-defined personal data, but this policy takes the broadest view of the terms to include all data that relate to an identified or identifiable individual – referred to in European data protection law as the “data subject”.)
ValidSoft is an ISO27001 certified organization.
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some or any types of cookies (except for those strictly required to make the website function).
Click here to indicate your choices, to see more information on cookies, and to view a lst of all the cookies we set.
Your rights in relation to the personal data we collect from and on you when you visit our website
Right of Access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
For information on Right of Access, see:
Right to Rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. Any corrections will be shared with the other entities in the ValidSoft Group, and where necessary any third parties to which the data may have been disclosed, to ensure corrections are made by all parties.
For information on Right To Rectification, see:
Right to Erasure
You have the right to ask us to erase your personal information in certain circumstances.
For information on Right To Erasure, see:
You can unsubscribe at any time from our mailing list, contact list or partner subscription list.
European Union: The EU GDPR and the EU e-Privacy Directive (ePD) apply to any processing of personal data by companies established in the EU or in the European Economic Area (EEA)* as well as by companies outside the EU in relation to the offering of goods or services to individuals in the EU/EEA, or the monitoring of the behaviour of individuals in the EU/EEA by such a company. We therefore fully comply with these EU data protection laws when we collect or otherwise obtain data on visitors to our website from the EU/EEA, and the rights set out above will be granted in full compliance with the EU rules, by any ValidSoft entity.
* The European Economic Area consists of all the 27 EU Member States plus Iceland, Liechtenstein and Norway. EU data protection law including the GDPR and the ePD also applies to the non-EU EEA states.
United Kingdom: On 31 December 2020, the post-Brexit transition period ended, and since then the data protection law that applies in the UK consists essentially of the “UK GDPR” and the Privacy and Electronic Communications Regulations that implemented the EU e-Privacy Directive. For the time being, in substance, these remain effecitvely the same as the EU GDPR (but that may change over time). The rules on the territorial application of the UK rules also remain similar to the EU ones, in that they apply to any processing of personal data by companies established in the UK as well as by companies outside the UK in relation to the offering of goods or services to individuals in the UK, or the monitoring of the behaviour of individuals in the UK by such a company. We therefore fully comply with these UK data protection laws when we collect or otherwise obtain data on visitors to our website from the UK, and the rights set out above will be granted in full compliance with the UK rules, by any ValidSoft entity.
United States: An increasing number of US states have introduced or are introducing state privacy laws. The most advanced of these is the California Consumer Privacy Act (that will be further strengthened from 1 January 2023, when the California Privacy Rights Act comes into effect). It aplies to the collection and processing of personal information on consumers in California, even if the entity collecting the information is outside that state (or indeed outside the USA). By granting the above-mentioned rights (of access, rectification and erasure of data) in accordance with the EU GDPR, we also comply with the CCPA (and will also comply with the CPRA when it comes into effect).
Rest of the world: The EU GDPR and ePD are the strongest privacy laws in the world. We believe that (just as in relation to the Californian laws), by granting the above-mentioned rights (of access, rectification and erasure of data) in accordance with the EU GDPR, we will generally also comply with any other data protection- or privacy laws world-wide. However, if any law applies that is stricter than the EU GDPR in any particular respect, we will of course abide by any such stricter rules.
Privacy and Data Protection by Design and Default
All ValidSoft’s solutions are based on the principles of “Privacy and Data Protection by Design and Default”. This means we design all our solutions so as to implement all appropriate technical and organisational measures, such as pseudonymisation, data minimisation, encryption and other security measures, ensure full, built-in compliance with all applicable data-protection principles and requirements, including those relating to the rights of data subjects (Cf. Article 25 GDPR).
ValidSoft is the only company that has, over time, obtained four data protection certifications for its solutions from the most demanding European certification scheme currently in existence, the European Privacy Seal (EuroPriSE) scheme:
That scheme is currently being revised in order to become a – indeed probably the first – certification scheme to be formally accredited to issue data protection certifications as envisaged in the GDPR (see Article 42 and 43 GDPR). ValidSoft’s Voice Biometric Software-as-a-Service solution is the first such service to be evaluated under the new EuroPriSe arrangements, pending the formal accreditation of EuroPriSe as a GDPR-accredited scheme. ValidSoft’s other solution will follow once EuroPriSe has been so accredited.
If you want to exercise any of these rights, or to receive any further information on our processing of your personal information and data, please email our Data Protection Officer (DPO), at: DPO@validsoft.com
Our postal address for the United Kingdom is:
(UK Company Registration No: 4023940)
Our postal address for the US is:
100 Pearl Street
Links to third-party websites
The above ICO referenced content was included under Open Government Licence for public sector information (https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/), accessed via: https://ico.org.uk