Privacy Policy

This Validata Group Privacy Policy (also referred to as the ‘Privacy Policy’) provides information on the collection, use, sharing and processing of personal information by Validata Holdings Limited and its affiliates (“Validata”, “we” or “us”) in connection with your use of Validata website and social media pages that link to this Privacy Policy, your interactions with Validata during in-person meetings, and in the context of other offline sales and marketing activities. This Privacy Policy also explains the choices you have in relation to these processing activities.

In this Privacy Policy, you will find answers to the most important questions about how Validata processes your Personal Data, and what rights you have in this regard.

This Privacy Policy can change over time to comply with legal requirements or to meet changing business needs. The latest version of the Privacy Policy is available on our website, and we encourage you to regularly review this Privacy Policy for any updates.

As used in this Privacy Policy, ‘personal information’ or ‘personal data’ means information that relates to an identified individual or to an identifiable individual, this could include among other things your name, address, email address, business contact details, or information gathered through your interactions with us via our websites or social media pages. Personal information is also referred to as ‘information about you.’

SCOPE

This Privacy Policy applies to the processing of personal information by Validata of:

• visitors and users of our websites, and our social media pages that link to this Privacy Policy (collectively referred to as the sites);
• attendees of Validata events;
• customers and prospective customers and their representatives;
• subscribers to Validata newsletters, announcements, press releases etc;
• suppliers and business partners and their representatives.

This Privacy Policy applies to you – current, future and/or former Clients of Validata or persons related to them who have expressed a desire to use our services, are already using them, have previously used them or are in any other way related to the services provided by us, i.e. you are a representative of our Client, family member, guarantor, provider of security measures, etc., or you are a representative of Legal Clients, shareholder, member of management bodies, beneficial owner or other Data Subject specified in this Privacy Policy.

When interacting with our sites, you also have the ability to link or connect with non-Validata sites, services, social networks, applications or other features. Enabling these features will lead to other parties than Validata processing information about you. Validata does not have any control over these features of other parties. We encourage you to review the privacy policies of these parties before using these features.

We are regulated under applicable local data protection laws including in the European Union (“EU”) the General Data Protection Regulation (“GDPR”) where we are responsible as ‘controller’ of that personal information.

TERMS USED IN THE PRIVACY POLICY

Other terms used in the Privacy Policy shall be understood as defined in the GDPR and other legal acts regulating the protection of personal data.

WHO IS RESPONSIBLE FOR YOUR PERSONAL INFORMATION

For the purposes of EU law, Validata Holdings Limited (registered office GREG Tower, 7 Florinis st., Nicosia 1065, Cyprus) is the data controller and we have appointed George Anargyros as Data Protection Officer.

If you have any questions, requests or comments regarding this Privacy Policy, the processing of Personal data, complaints or other issues related to the protection of Personal data at Validata, please contact us at the following contact:

Validata Holdings Limited
GREG Tower, 7 Florinis st., Nicosia 1065, Cyprus
Email: [email protected]
Marked for the attention of Data Protection Officer

TYPES OF PERSONAL INFORMATION WE PROCESS

Validata can process information about you collected both offline and online.

• Offline information about you originates from our interactions with you during in-person meetings or at Validata events, conferences, workshops or gatherings;
• Online information about you originates from your activities on our sites, pre-sales inquiries or subscription to our newsletters, or from your interactions with Validata via electronic communication tools such as email or telephone. Information about you may also be provided by third party sources, such as data aggregators who may not have a relationship with you.

Online information about you may also originate from the use of cookies and similar technologies (for example, pixel tags and device identifiers) on our sites.

Information about you that Validata may collect and process includes:

• Personal identification data, such as name and physical address, email addresses, telephone numbers, and in some cases, personal identification document data;
• Demographic attributes, when tied to personal information that identifies you;
• Photographs and testimonials;
• Data about your transactions, including products and services ordered, financial details and payment methods;
• Company data such as the name, size and location of the company you work for and your role within the company;
• Data from surveys and publicly available information, such as social media posts;
• Identification data in self-services, such as your login details, unique IDs such as your mobile device identifier or cookie ID on your browser;
• IP address and information that may be derived from IP address, such as geographic location;
• Information about a device you use, such as browser, device type, operating system, the presence or use of “apps”, screen resolution, and the preferred language;
• Behavioral data of the internet connected computer or device you use when interacting with the sites, such as advertisements clicked or viewed, sites and content areas, date and time of activities or the web search used to locate and navigate to a site.
• Data about behavioral habits, preferences and satisfaction with the Services, such as data about activity in using the Services, the Services provided to you, your feedback about the Services, etc.

Please note that Validata does not control the content that you may post to Validata social networks; in some cases, such content may be publicly available on the Internet. You should carefully consider whether you wish to submit personal information to these social networks and whether you wish to make your profile available to other users, and you should tailor any content you submit accordingly.

The specific amount of Personal Data processed depends on the Services you order and use and your relationship with Validata. In order to use our Services, you must provide us with the information that is necessary for us to enter into or perform a Service Agreement with you or to provide you with a service, as well as the information that we are required to collect in accordance with legal requirements. If you do not provide us with the information requested, we have the right to refuse to provide you with the Services or to suspend the provision of the Services.

DATA SOURCES

We receive personal data directly from you, but depending on the Services provided or requested, we may also receive data from external data sources, such as:

• Public registers and databases (e.g., business registers, property registers);
• From state institutions and institutions, other persons performing functions assigned to them by law, supervisory institutions, tax administration, courts, other law enforcement institutions;
• From other financial institutions, payment service providers and organizations;
• From legal entities that act as intermediaries in providing personal data to financial institutions;
• From our service providers;
• Our Clients, when they provide your personal data;
• Legal entities, when you are a representative, employee, founder, shareholder, participant, beneficiary, management body, etc. of these legal entities;
• From social media administrators (e.g., Facebook, Instagram, YouTube, LinkedIn).

HOW DO WE USE YOUR PERSONAL INFORMATION

We may use personal information for the following purposes:

• To communicate and respond to your requests and inquiries to Validata;
• To deliver functionality on our sites and for their technical and functional management;
• To administer subscriptions of Validata newsletters, announcements, press releases etc;
• To market our products and services or related products and services, and to tailor our marketing and sales activities to your or your company’s interests;
• To engage in transactions with customers, suppliers and business partners and to process orders for Validata products and services;
• To analyze, develop, improve and optimize the use, function and performance of our sites and products and services;
• To manage the security of our sites, networks and systems;
• To comply with applicable laws and regulations and to operate our business;
• To prevent fraud, identify and investigate potential fraud cases by monitoring, reviewing, evaluating and taking measures on transactions.

OUR BASIS FOR PROCESSING INFORMATION ABOUT YOU

For personal information collected about you in the EU, our basis for processing is the following:

Legal basis — consent

We process personal data based on consent for the following purposes:

• To send marketing offers, ask for your opinion about the Services we provide;
• To organize and carry out promotions, campaigns and events for Customers;
• To record video or telephone conversations in order to ensure the quality of the Services provided and to protect interests;
• For other purposes where your specific consent is obtained.

You may withdraw your consent at any time, but please note that this does not affect the lawfulness of the processing of your personal data carried out prior to the withdrawal of consent.

Legal basis — performance of a contract or intention to conclude a contract

We process personal data on the basis of the performance of the contract for the following purposes:

• In order to take action at your request before concluding a Service contract, in order to perform a concluded contract and/or in order to terminate a contract to which you are a party;
• To update the data you have provided to Validata;
• To execute your transactions with us;
• Communicating with you about the Services you have selected and used, providing and administering access to the Services, ensuring control over the use of the Services and their operation.

Legal basis — compliance with a legal obligation

In order to fulfill legal obligations, i.e. on the basis of the fulfillment of the obligation, we process your personal data for the following purposes:

• To establish and verify your identity and maintain business relations (physically and remotely);
• To implement legal requirements and prevent circumvention of international sanctions or other restrictive measures;
• To examine your complaints and provide answers to requests, claims, to contact you and provide advice on the services you use;
• To comply with other legal requirements under applicable legislation.

Legal basis — legitimate interest

In order to pursue the legitimate interests of Validata and/or third parties to whom your data is provided, we process your personal data on the basis of legitimate interest for the following purposes:

• To ensure the accuracy and relevance of your data;
• To provide consultations based on your requests;
• To identify you and provide accurate information about your requested question;
• To prevent fraud and ensure security;
• To assert, enforce and defend legal claims;
• To carry out video surveillance in certain areas for security purposes;
• To maintain, expand, evaluate and improve our activities and the Services by analyzing customer data and compiling statistics;
• To ensure information protection, improve, develop and maintain our websites, technical systems and information technology infrastructure;
• Communicating with you in public space (on Validata’s accounts on social networks).

Under the conditions provided for by applicable law, one or more of the above-mentioned legal bases may apply to the processing of your personal data.

RETENTION OF YOUR PERSONAL INFORMATION

Validata will keep this information for the duration of our business relationship and to the extent permitted or required under applicable law, after termination of the business relationship. Laws may require Validata to hold certain information for specified periods. In other cases, Validata may retain data for an appropriate period after the business relationship ends to comply with its legal obligations, to meet regulatory requirements or to protect itself from legal claims.

We generally apply these retention periods:

• Business relationship information is stored for 10 (ten) years after you stop using our Services;
• Information collected for direct marketing purposes is stored for 5 (five) years from the date of your consent to direct marketing, unless you withdraw your consent earlier;
• Telephone conversation records for service quality purposes are stored for up to 6 months from their recording;
• Video surveillance recordings are stored for up to 40 calendar days;
• Consultation requests are stored until processed, but no longer than 6 months.

Personal data may be stored for a longer period if there is an ongoing dispute with you, legal proceedings or an investigation. In such a case, personal data may be stored for the duration of the dispute, investigation or legal proceedings.

HOW CAN WE SHARE YOUR PERSONAL INFORMATION

As a global organization, information about you may be shared globally throughout Validata’s worldwide organization. Validata employees are authorized to access personal information only to the extent necessary to serve the applicable purpose(s) and to perform their job functions.

We may share personal information with the following third parties:

• Third-party service providers (for example, credit card processing services, order fulfillment, analytics, event/campaign management, website management, information technology and related infrastructure provision, customer service, e-mail delivery, auditing, and other similar service providers) in order for those service providers to perform business functions on behalf of Validata;
• Validata distributors or resellers for further follow-up related to your interests, specific partners that offer complementary products and services or with third parties to facilitate interest-based advertising;
• State institutions and authorities when required by applicable laws;
• Natural or legal persons taking over rights and obligations under contracts, persons administering insolvency proceedings;
• Financial and payment institutions or other payment service providers;
• Persons providing financial and legal advice, auditing services or other services;
• Natural or legal persons who ensure the proper fulfillment of obligations to Validata;
• Other legal entities related to the provision of services, such as postal services, contract conclusion and administration, debt collection, mediation, cooperation, service quality assessment, market research, organization of promotions, etc.

When third parties are given access to personal information, we will take appropriate contractual, technical and organizational measures designed to ensure that personal information is processed only to the extent that such processing is necessary, consistent with this Privacy Policy, and in accordance with applicable law.

TRANSFER OF INFORMATION ABOUT YOU OUTSIDE THE EUROPEAN ECONOMIC AREA

In most cases, your Personal Data is processed in the European Union and only in specific cases is it transferred within the territory of the European Union and the European Economic Area. However, if necessary for the provision of certain services, data may be transferred and processed outside the aforementioned territories, but this is carried out in compliance with an adequate level of Personal Data protection, when there is a legal basis for the transfer of Personal Data and at least one of the following conditions:

• The country outside the EU/EEA in which the Data Recipient is located ensures an adequate level of protection of personal data by decision of the European Commission;
• The Data Controller or Data Processor implements appropriate data security measures, such as, for example, the Personal Data is transferred in accordance with a concluded contract that includes standard clauses approved by the European Commission or other standard clauses approved in accordance with the established procedure, an approved code of conduct, or a certificate is issued to the Data Recipient;
• Derogations apply, for example, when you have expressly consented to the transfer of Personal Data, the transfer of Personal Data is necessary for the performance of a contract concluded with you, or the transfer of Personal Data is necessary for the exercise or defense of legal claims, or for important reasons of public interest.

If personal information is transferred to a Validata recipient in a country that does not provide an adequate level of protection for personal information, Validata will take measures designed to adequately protect information about you, such as ensuring that such transfers are subject to the terms of the EU Model Clauses.

SECURITY OF PERSONAL DATA

Validata has implemented appropriate technical, physical and organizational measures designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing.

In order to protect your Personal Data from unauthorized access, use or disclosure, we use various organizational and technical security measures to ensure security. These measures include a firewall, high-security data encryption methods and secure equipment, access control and restriction of rights, application of the “need to know” principle (we allow personal data to be processed only by those employees who need such data to perform their tasks and are committed to ensuring data confidentiality), ongoing training of employees and careful selection of Service Providers. By signing a contract, Service Providers undertake to comply with the requirements of applicable laws, to comply with the data protection principles and the instructions set by Validata for the processing of Personal Data.

However, the security of information transmission by e-mail or mobile communication may sometimes not be ensured for reasons beyond the control of Validata, therefore you should be careful when providing us with confidential information not through electronic systems used by Validata.

COOKIES AND SIMILAR TECHNOLOGIES

Validata uses “cookies” and other technologies on its website to allow certain information from your web browser to be collected. Cookies are widely used on the internet.

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Our sites may automatically collect information from your computer using cookies which provide us with limited personal information. We will use this data primarily for the following purposes:

• Enhance and personalize aspects of our service
• Show that you have read any relevant legal information
• Analyze how our site is used

Most web browsers allow control of most cookies through the browser settings. If at any time you wish to withdraw your consent for cookie usage then please delete the cookies generated by our websites from your browser. Please note that deleting any of these cookies may result in you not being able to enter or use all of the features of our websites.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org

YOUR DATA PROTECTION RIGHTS

Where applicable, you may have the following rights:

• Request access to personal data processed by Validata;
• Demand the correction of inaccurate or incomplete personal data;
• Demand to restrict the processing of excessive, inaccurate, and unlawfully processed personal data;
• Demand the deletion of redundant and/or unlawfully processed personal data (“Right to be forgotten”);
• Object to the processing of personal data relating to you when such data is processed in accordance with legitimate interest;
• Object to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly significantly affects you;
• Withdraw your consent at any time where the processing of your data is based on your consent;
• Receive the personal data concerning you, which you have provided to the data controller, in a structured, commonly used and machine-readable format, and to request the transmission of those data to another data controller (“right to data portability”);
• File a complaint with the relevant Data Protection Authority if you believe that your Personal Data has been processed in violation of the requirements of the GDPR and other personal data protection legislation.

These rights may be limited in some situations — for example, where we can demonstrate that we have a legal requirement to process your data. Where applicable, you may have similar rights in your country under local legislation to access and correct/update your data.

HOW TO EXERCISE YOUR RIGHTS AND CONTACT US

You can exercise your rights by submitting a written request to Validata in the following ways:

• Upon arrival at our offices. When submitting a request, you will need to confirm your identity by presenting a valid personal identification document;
• By sending the application by mail to our address, attaching a copy of a valid personal identification document, certified in accordance with the procedure established by law;
• By sending a request by e-mail to [email protected], marked for the attention of Data Protection Officer. This request must be confirmed by electronic means of communication that would allow for proper identification of the person.

We will provide information on the actions we have taken upon receipt of your request for the exercise of data subject rights, or will indicate the reasons for not taking action, no later than 1 month from the receipt of your request. The period for providing the requested information may be extended for another 2 months, if necessary, taking into account the complexity of the requests and the number of services provided.

We may refuse to process a request received from you for the exercise of data subject rights or may request an appropriate fee for this if the request is manifestly unfounded or disproportionate, in particular due to its repetitive nature, as well as in other cases established by legal acts regulating Data Protection.

The Privacy Policy is prepared in English and may be translated into other languages. In the event of disputes or claims regarding the interpretation of the language of the text, the English text of the Privacy Policy shall prevail.