Updated: August 15, 2023
The Validant Group (“Validant”/”we”/”us”/”our”) respects an individual’s right to privacy. This Privacy Notice (“Notice”) explains our approach to any Personal Information that we collect from and about you when you visit our website located at https://www.validant.com (“Website”), interact with us through our social media pages, or engage in any related interactions with us. Please read this Notice to understand how we will collect and use your information and the rights you have in relation to your information. “Personal Information” means any information or set of information that identifies or is used by or on behalf of Validant to identify an individual.
In particular, this Notice describes:
The Validant Group is a full-service global regulatory, compliance and quality consulting company.
The “Validant Group” refers to Kinsale Holdings, Inc. dba Validant, its parent companies and its and their respective subsidiaries. For the purposes of applicable data protection law, Personal Information will be controlled by the Validant Group entity that an individual is dealing or communicating with and each such entity is regarded as an independent data controller of the relevant Personal Information. This Notice applies to all such entities. The Validant Group has offices in the United States, the EU, China and Japan.
This website (validant.com) is operated by Validant, a Delaware corporation.
The Personal Information that we process includes that of individuals who:
The Personal Information that we may collect include:
As you navigate through and interact with our Website, we may also automatically collect certain information about the device you use to access the Website, and browsing actions and patterns, including device identifiers, traffic data, referrer headings, error logs, IP address, browser and operating system type, general location data associated with your IP address, and information about the resources that you access and use on our Website. This device and usage information may be collected through the use of cookies and similar technologies, which are further discussed below.
Information we collect from other sources. We may also receive information about you from other sources, such as business partners, marketers, researchers, analysts, social network services, and other parties to help us supplement our records. We will use such information in accordance with this Privacy Notice.
We may use Personal Information we collect about you in connection with the following:
Aggregate/De-Identified Information. We may aggregate and/or de-identify any information we collect so that such information can no longer be linked to you or your device. We may use such information for any purpose, including without limitation for research, and may also share such data with any third parties.
The types of Personal Information that we use depends on the relevant circumstances; however, some of the key types of Personal Information that we may use together with the relevant basis for such use and details of any third parties with whom such information is shared, are set out below.
*Such third parties may process applicant personal data to the extent necessary for providing their services and in accordance with applicable data privacy laws. Such data may be located, processed, accessed or stored in foreign jurisdictions and applicable data privacy laws might permit foreign governments, courts, and law enforcement or regulatory agencies to access such applicant data.
“Third-party organizations” does not include any companies within the Validant Group. However, we are an international business and any Personal Information provided to us may be disclosed to and used by an entity within the Validant Group (including those outside of the United States).
In cases where your Personal Information is covered by the Act on the Protection of Personal Information of Japan (“APPI”), we share and use your Personal Information among the Validant Group based on a joint-use structure, under which the items of Personal Information to be jointly used are name and e-mail address. The purposes of use of the Personal Information to be jointly used are in connection with day-to-day business operations.
The entity and representative responsible for managing joint use of personal data are set out at https://idec-inc.com/about-idec/.
Where necessary, or for the reasons set out in this Notice, Personal Information may also be disclosed to regulatory authorities, courts, tribunals, government agencies and law enforcement agencies as required to protect our rights and interests and the rights and interests of others. If we are required to disclose Personal Information to comply with legal or regulatory requirements, we will reasonably endeavour to notify the individual before we make such disclosures, unless we are legally restricted from doing so.
Cookies. Cookies are text files containing small amounts of information which are added to your device browser when you visit a website. Cookies are useful because they allow a website to recognize a user’s device, preferences and generally help to improve users’ online experience. See our Cookies Notice for more information on our use of Cookies.
Analytics. We may use third-party web analytics services on our Website to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; and provide certain features to you. If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to understand the effectiveness of our communications and marketing campaigns.
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our Services for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals.
Personal Information will be retained in accordance with our global data retention policy which categorizes all of the information held by us and specifies the appropriate retention period for each category of Personal Information. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our general business purposes.
A key principle of data protection legislation is that Personal Information must be dealt with securely by means of “appropriate technical and organizational measures”. This involves considering matters such as risk analysis, organizational policies, and physical and technical measures, all of which contribute to ensuring the confidentiality, integrity and availability of systems and processes. We also exercise appropriate supervision over our employees who handle Personal Information. However, the transmission of information via the internet can never be completely secure. Although we will do our best to try and protect your information, we cannot guarantee the security of your information transmitted to our websites; any transmission is at your own risk.
In cases where your Personal Information is covered by the APPI, you may obtain further details about the security measures we have in place in relation to the handling of your Personal Information by contacting us at privacy@validant.com.
We may need to transfer Personal Information to locations outside of the country where we originally collected such Personal Information.
The level of information protection in countries to which your Personal Information is transferred may be less than that offered within the original country. Where this is the case, we will implement appropriate measures (such as the EU standard clauses under the GDPR) to ensure that Personal Information remains adequately protected and secure in accordance with applicable data protection laws.
The Website may contain links to third-party websites and features. If you choose to visit these sites and use their services, please note that we are not responsible for their content or privacy practices. The collection, use, and disclosure of your information will be subject to the privacy notice of the third-party websites, and not this Notice. We urge you to read the privacy notice of these third parties.
Your rights. Under certain circumstances, local laws may provide an individual rights under certain data protection legislation with respect to their Personal Information, which may include some or all of the following:
Such individual may also have the right to lodge a complaint in relation to our use of Personal Information with a local supervisory authority.
If an individual objects to our use of their Personal Information, or withdraws their consent to our use after having initially provided it, we will respect that choice in accordance with our legal obligations but it is likely this will make it impractical for us with respect to any future dealings with the relevant individual. We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request that you provide us with information necessary to confirm your identity before responding to your request. To submit a request, please contact us at privacy@validant.com. As provided in applicable law, you also have the right to not be discriminated against for exercising your rights.
Depending on applicable law, you may have the right to appeal our decision to deny your request. We will provide information about how to exercise that right in our response denying the request.
Marketing Communications. If, in accordance with applicable legal requirements, we send you marketing communications regarding our services or the services of third parties that we believe will be interesting to you, you can ask us to stop sending such communications at any time by contacting us at privacy@validant.com. In our marketing email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and disclose certain information as permitted by this Notice or as required by applicable law. For example, you may not opt out of certain transactional emails from us, such as those confirming your requests or providing you with updates regarding our legal terms.
The California Consumer Protection Act (“CCPA”) also provides certain rights to California consumers. If you are a California resident, California law requires us to provide you with specific information regarding how we collect, use, and disclose your Personal Information. Throughout this Notice, we discuss in detail the specific pieces of Personal Information we collect from and about you. Please see the “How we collect Personal Information,” “What Personal Information we collect,” “How we use and disclose Personal Information, and the legal basis for use,” “Cookies and site analytics,” and “How long we keep Personal Information” sections above for more information.
The CCPA sets forth certain obligations for businesses that “sell” personal information or “share” personal information for purposes of “cross-context behavioral advertising”. Our use of certain analytics providers discussed above, may be considered a “sale” or “sharing” of personal information under the CCPA. To opt out of our use of Google Analytics, please use the Google Analytics Opt-Out Browser Add-on located here: https://tools.google.com/dlpage/gaoptout.
A California consumer is entitled to request details of the information we hold about them and how we use it and, under certain circumstances, has the right to request that their Personal Information be deleted. Such requests may be submitted by completing the Request Form.
We will promptly acknowledge receipt of any request and begin the process of verifying such request. Depending upon the sensitivity of the data collected and the nature of the request, we are required to verify an individual’s identity to a reasonable degree of certainty or a reasonably high degree of certainty. A reasonable degree of certainty requires matching at least two pieces of personal information provided via the toll free number or Request Form with information already maintained by us. Whereas, a reasonably high degree of certainty requires matching at least three pieces of personal information. The verification process also requires us to consider whether it is likely the submitted request is fraudulent.
A California consumer may also designate an authorized agent to make a request under the CCPA on the California consumer’s behalf. When a request is submitted by an authorized agent, we will require written evidence of the authorization and, except when the authorized agent has a power of attorney pursuant to California Probate Code sections 4000 to 4465, we will also need to verify the agent’s identity as well as the consumer’s identity.
Please note that the CCPA prohibits discriminatory treatment of a California consumer that exercises their right conferred by the CCPA.
The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA. Additionally, if we ever offer any financial incentives in exchange for your Personal Information, we will provide you with appropriate information about such incentives.
The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we disclose certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not disclose your personal information with third parties for their own direct marketing purposes.
Our Data Protection Officer can assist with any questions and can be contacted at either of the following:
By Email:privacy@validant.com
By Mail:Validant150 Sutter Street, #75San Francisco, CA 94104
Validant may revise or update this notice from time to time. We may modify this Notice from time to time to reflect our current privacy practices. When we make changes to this Notice, we will revise the date above. We encourage you to periodically review this notice to be informed about how we process your information.
By providing information to us, you acknowledge you have read this Notice, and, to the extent your consent is necessary and valid under applicable law, you consent to the collection, use and disclosure of such information by us and any third-party recipients in accordance with this Notice. If required by certain data protection legislation, we will obtain your consent to the changes in advance.
Please complete the form below and one of our team members will be in contact with you shortly.
First name
Last name
Your email
Relationship to Validant —Please choose an option—ClientEmployeeEmployee of a clientEmployee of a vendor
Are you making this request on behalf of yourself or as an authorized agent on behalf of a third party? If submitting as an authorized agent, please provide the agent’s name and email address.
I confirm and declare under penalty of perjury that I am the consumer whose personal information is the subject of this Request or I am the authorized agent for the consumer who is the subject of this Request.