Effective Date: July 2020
Some special rules apply to processing by us that is subject to the European Union’s data protection rules, as explained under that heading, towards the end of this Policy.
At the end this policy we also provide basic information on how we build privacy- and data protection law compliance into all our solutions “by design and default” (see under that heading).
Scope of this policy
By “personal information or data” we mean any information or data that relates to an identified or identifiable living person. In the Unites States, this type of information is often referred to as “Personally Identifiable Information or PII, while in Europe, the term “personal data” is used.
(There are some differences between US-defined PII and Europe-defined personal data, but this policy takes the broadest view of the terms to include all data that relate to an identified or identifiable individual – referred to in European data protection law as the “data subject”.)
We also collect some information on you and your device that we analyse in a de-personalized (pseudonymous) way to help us improve the user experience of visitors to our sites (“analytics cookies”). In addition to the essential information mentioned above, this may include your preferred language; geographic location using IP address, the location of an access point you access while using the Service, or the GPS or wireless technology on your device; date and time of your visit; any searches you conducted on our site; and areas of our site that you visited. We also may log the length of time of your visit and the number of times you visit our site. We may assign you one or more unique identifiers to help keep track of your future visits. This information is generated by various tracking technologies that may include “cookies,” “flash LSOs,” “web beacons” or “web bugs,” and “clear GIFs”.
We may use third party tools to analyse the above information and to create statistics in relation to our website use. In the process of creating the statistics, all identifying elements are removed: the statistical outcome data no longer contain any personal information or data. We use the statistical outcome data for the following purposes:
Lists and Forms
On our website, you can sign up to several lists and forms, i.e.:
The text on the pages where these lists and subscription forms are offered explain the purpose of the list or form and how the information will be used in more detail.
The signing up to any of these lists is of course entirely voluntary – but if you do want to sign up to any of them, you will have to provide the requested information (or least the information requested in the *mandatory fields in the relevant form).
We will only use the information you provide in these contexts to provide you with the service you requested, such as email updates on selected products, or a test account; and in a de-personalised form for analytical purposes (for instance, to see how many visitors from a particular industry sector or a particular country signed up for these services).
You can always unsubscribe from any of these lists, either by re-visiting the relevant webpage and clicking on “Unsubscribe” or, if the service involved the receipt of emails (such as email updates), by clicking on the “Unsubscribe” link that we will provide at the bottom of each such email.
Disclosures of personal data
We will only keep any information or data on you for as long as we need the information or data to interact with you (or in rare instances, where this may be needed for legal purposes). We clean our email-, contact- and partner lists at least every twelve (12) months, and will then delete any data on people with whom we have not interacted for that period (except that again, in rare instances we may retain data for longer, if this is necessary for legal reasons).
Use of Processors
We use other companies to assist us in the processing of your data, including Agiadv, MailChimp and Cloud providers. They only process the personal data on our behalf and as instructed or agreed by us. In EU data protection law, such agents are called processors. We have contracts in place between us and these processors that meet all the requirements of U.S. and EU privacy/data protection law.
On the requirements of the EU General Data Protection Regulation for contracts with processors, see Article 28 GDPR, available here:
Transfers of personal data on EU individuals to non-EU countries
When we collect information from and on individuals in the EU, we may transfer those data to servers and processors in non-EU countries, in particular in the USA. When we do so, we do this on the basis of standard data transfer contracts as approved by the Commission of the EU, or on the basis of the so-called “Privacy Shield” agreed between the EU and the USA, for service providers or processors who have self-certified their compliance with the Privacy Shield principles.
For information on the EU standard transfer contracts, see:
For information on the EU – USA Privacy Shield, see:https://www.privacyshield.gov/welcome
We use administrative, organizational, technical, and physical safeguards to protect the personal information and data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. We regularly test our website, data centers, systems, and other assets for security vulnerabilities, and require any companies that assist us in the processing of personal data on our websites, such as Agiadv and MailChimp, to also take all appropriate administrative, organizational, technical, and physical measures needed to ensure the security of the information and data they process.
If you ask us, we will provide you with a copy of the data we collected on you from your website visits (if we still have it in identifiable form), and we will of course gladly correct any errors you may point out. Any corrections will be shared with the other entities in the ValidSoft Group.
As already noted above, under “Lists and forms”, you can always unsubscribe from our mailing list, contact list or partner subscription list.
If you want to exercise any of these rights, or to receive any further information on our processing of your personal information and data, please email our Data Protection Officer (DPO), at: DPO@validsoft.com