ValidSoft Privacy Policy

Effective Date: November 2020

This Privacy Policy provides information about, and applies to, the processing (i.e., the collection, further processing, use and sharing) of personal data on visitors to our websites by all entities belonging to the ValidSoft Group: VSFT Holdings Inc. (USA), ValidSoft Limited (Ireland) and VS Labs (UK) (hereafter: “ValidSoft”). See:

For the time being, some special rules apply to processing by us that is subject to the European Union’s data protection rules including in particular the EU General Data Protection Regulation (GDPR), as explained under that heading, towards the end of this Policy.

At the end of this policy we also provide basic information on how we build privacy- and data protection law compliance into all our solutions “Privacy and Data Protection by Design and Default” (see under that heading).

Scope of this policy

Scope of this policy

This Privacy Policy applies to any personal information or data we obtain from and on you, our visitors to our websites, in connection with your visit to our website and in connection with any follow-up to that visit (e.g., the sending of email updates on our products if you have asked for those).[1]

By “personal information or data” we mean any information or data that relates to an identified or identifiable living person. In the United States, this type of information is often referred to as “Personally Identifiable Information or PII, while in Europe, the term “personal data” is used.

(There are some differences between US-defined PII and Europe-defined personal data, but this policy takes the broadest view of the terms to include all data that relate to an identified or identifiable individual – referred to in European data protection law as the “data subject”.)

Our Certifications

ValidSoft is an ISO27001 certified organization.

Your rights in relation to the personal data we collect from and on you when you visit our website

Right of Access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

For information on Right of Access, see:

Right to Rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. Any corrections will be shared with the other entities in the ValidSoft Group, and where necessary any third parties to which the data may have been disclosed, to ensure corrections are made by all parties.

For information on Right To Rectification, see:

Right to Erasure

You have the right to ask us to erase your personal information in certain circumstances.

For information on Right To Erasure, see:

As noted above, under “Lists and forms”, you can also unsubscribe at any time from our mailing list, contact list or partner subscription list.

Application of the EU General Data Protection Regulation

(and from 1 January 2021, the UK General Data Protection Regulation)

Some of the processing of personal data carried out by ValidSoft may be subject to the EU General Data Protection Regulation. This applies in particular to any processing of personal data by ValidSoft on clients and suppliers (and their staff) in the European Union or the European Economic Area (EEA).[3] Where ValidSoft is processing personal data on behalf of an EU/EEA-based client, in the use of a ValidSoft solution by that client, it processes the data on the relevant individuals (typically, customers of the client) in the capacity of an agent – what he GDPR calls a processor. In all these cases, ValidSoft will process the personal data in accordance with the EU GDPR, and the rights set out above will be granted in full compliance with the EU GDPR, by any ValidSoft entity (because the EU GDPR applies and will continue to apply to all such processing, also after the post-Brexit transition period during which the EU GDPR applies in the UK as if the UK were still a Member State).

On 31 December 2020, the post-Brexit transition period will end, and the data protection law that applies in the UK will then be the “UK GDPR” which is for the time being almost the same as the EU GDPR (but that may change over time). However, this does not affect the application of the EU GDPR to the processing of personal data set out above: that will remain subject to the EU GDPR because the EU GDPR applies to any processing by any entity outside the EU in relation to the offering of goods or services to individuals in the EU/EEA, or the monitoring of the behaviour of such individuals by such an entity, and to any processing by any entity acting as a processor for an entity that is subject to the EU GDPR (such as EU/EEA-based clients of ValidSoft).

In relation to clients and suppliers in the UK, ValidSoft will process all relevant personal data in accordance with the EU GDPR until the end of the post-Brexit transition period (because until then the EU GDPR continues to apply in the UK). From 1 January 2021, ValidSoft will process all personal data that will then become subject to the UK GDPR in accordance with that UK GDPR. If, after that date, the data are also subject to the EU GDPR (because of the stipulations on its applicability outlined above), ValidSoft will also process the data in accordance with the EU GDPR.

[3] The European Economic Area consists of all the 27 EU Member States plus Iceland, Liechtenstein and Norway. EU data protection law including the GDPR also applies to the non-EU EEA states.

Privacy and Data Protection by Design and Default

All ValidSoft’s solutions are based on the principles of “Privacy and Data Protection by Design and Default”. This means we design all our solutions so as to implement all appropriate technical and organisational measures, such as pseudonymisation, data minimisation, encryption and other security measures, ensure full, built-in compliance with all applicable data-protection principles and requirements, including those relating to the rights of data subjects (Cf. Article 25 GDPR).

ValidSoft is the only company that has, over time, obtained four data protection certifications for its solutions from the most demanding European certification scheme currently in existence, the European Privacy Seal (EuroPriSE) scheme:

That scheme is currently being revised in order to become a – indeed probably the first – certification scheme to be formally accredited to issue data protection certifications as envisaged in the GDPR (see Article 42 and 43 GDPR). ValidSoft’s Voice Biometric Software-as-a-Service solution is the first such service to be evaluated under the new EuroPriSe arrangements, pending the formal accreditation of EuroPriSe as a GDPR-accredited scheme. ValidSoft’s other solution will follow once EuroPriSe has been so accredited.

Further information

If you want to exercise any of these rights, or to receive any further information on our processing of your personal information and data, please email our Data Protection Officer (DPO), at:

Our postal address for the United Kingdom is:

25 Finsbury Circus




Our postal address for the US is:

14th Floor

100 Pearl Street


CT 06163


Links to third-party websites

Our website may contain occasional links to other websites, managed by other companies not related to ValidSoft. ValidSoft cannot assume any responsibility for compliance by such other parties with any applicable privacy or data protection laws. Where we provide links to websites of other organisations, this privacy policy does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.


The above ICO referenced content was included under Open Government Licence for public sector information (, accessed via: