Validant Privacy Notice

Updated: August 15, 2023

The Validant Group (“Validant”/”we”/”us”/”our”) respects an individual’s right to privacy. This Privacy Notice (“Notice”) explains our approach to any Personal Information that we collect from and about you when you visit our website located at  https://www.validant.com  (“Website”), interact with us through our social media pages, or engage in any related interactions with us.  Please read this Notice to understand how we will collect and use your information and the rights you have in relation to your information. “Personal Information” means any information or set of information that identifies or is used by or on behalf of Validant to identify an individual.

In particular, this Notice describes:

Who we are

The Validant Group is a full-service global regulatory, compliance and quality consulting company.

The “Validant Group” refers to Kinsale Holdings, Inc. dba Validant, its parent companies and its and their respective subsidiaries. For the purposes of applicable data protection law, Personal Information will be controlled by the Validant Group entity that an individual is dealing or communicating with and each such entity is regarded as an independent data controller of the relevant Personal Information. This Notice applies to all such entities.  The Validant Group has offices in the United States, the EU, China and Japan.

This website (validant.com) is operated by Validant, a Delaware corporation.

How we collect Personal Information

The Personal Information that we process includes that of individuals who:

  • Use our Website (including accessing or downloading content)
  • Contact us via our Website including those using any “Contact Us” functionality for requests in relation to sales, support, demonstrations, or open employment opportunities
  • View or apply for open employment opportunities advertised on our Website
  • Request information and/or materials from us

What Personal Information we collect

The Personal Information that we may collect include:

  • Contact details such as name, title, addresses, telephone numbers, email addresses and business contact information
  • Position and employer
  • Educational and career history (e.g., information in CVs)
  • Information relating to current employment
  • Date of birth
  • Gender
  • Marital Status and next of kin information
  • Nationality
  • Financial account information, if you purchase services from us
  • Photographs
  • Information provided to us regarding preferences, including marketing preferences
  • Device and usage information (such as Internet Protocol (IP) address) from Website visits, as described below
  • Any other information relating to individuals that may be provided to us without request

As you navigate through and interact with our Website, we may also automatically collect certain information about the device you use to access the Website, and browsing actions and patterns, including device identifiers, traffic data, referrer headings, error logs, IP address, browser and operating system type, general location data associated with your IP address, and information about the resources that you access and use on our Website.  This device and usage information may be collected through the use of cookies and similar technologies, which are further discussed below.

Information we collect from other sources.  We may also receive information about you from other sources, such as business partners, marketers, researchers, analysts, social network services, and other parties to help us supplement our records.  We will use such information in accordance with this Privacy Notice.

How we use and disclose Personal Information, and the legal basis for use

We may use Personal Information we collect about you in connection with the following:

  • Providing the Website and related services, including the disclosure of information to affiliates and subsidiaries
  • Processing and responding to requests, inquiries or complaints received by you
  • In accordance with applicable law, identifying services you may be interested in and to provide you with related marketing materials and event invitations
  • Sending transactional communications to you about our Website and our services
  • Monitoring and analyzing the use of the Website to improve our Website and our business offerings
  • Developing or improving our Website, services, and/or products and carry out market research
  • Fulfilling relevant contract obligations
  • Compliance with legal and regulatory obligations
  • Where it is necessary for our legitimate interests (or those of a third party such as our clients)

Aggregate/De-Identified Information. We may aggregate and/or de-identify any information we collect so that such information can no longer be linked to you or your device. We may use such information for any purpose, including without limitation for research, and may also share such data with any third parties.

The types of Personal Information that we use depends on the relevant circumstances; however, some of the key types of Personal Information that we may use together with the relevant basis for such use and details of any third parties with whom such information is shared, are set out below. 

Purpose for which we use Personal InformationLegal basis for useThird party organizations with whom Personal Information may be shared
To send requested information about us and/or our services.Legitimate interest.None.
To provide content requested or downloaded from our Website and communication regarding such content.Legitimate interest.None.
To market our services including communicating about updates, news, newsletters and event invitations which are relevant to the individual’s activities and in line with stated preferences.Legitimate interest. Consent.Third party vendors with whom we may engage.
For the purposes of employment and recruitment.Legitimate interest. Consent.Technology service providers such as applicant tracking systems.*Professional advisers.
To manage our transactions and relationship with our clients and potential clients.Legitimate interest. Performance of a contract.Third party vendors with whom we may engage (where required).
To manage our transactions and relationship with our vendors and potential vendors.Legitimate interest. Performance of a contract.None.
To maintain and improve our Website or related services.Legitimate interest.Web service providers and cookie providers.
To compile anonymous statistics for purposes including business performance management and assessing client satisfaction to improve our services.Legitimate interest.None.
To enable us to provide webinars, meetings and events.Legitimate interest.Third party travel and hospitality service providers that we engage.
Monitoring and analyzing the use of the Website to improve our Website and our business offeringsLegitimate interest.Third party analytics providers.

*Such third parties may process applicant personal data to the extent necessary for providing their services and in accordance with applicable data privacy laws. Such data may be located, processed, accessed or stored in foreign jurisdictions and applicable data privacy laws might permit foreign governments, courts, and law enforcement or regulatory agencies to access such applicant data.

“Third-party organizations” does not include any companies within the Validant Group. However, we are an international business and any Personal Information provided to us may be disclosed to and used by an entity within the Validant Group (including those outside of the United States).

In cases where your Personal Information is covered by the Act on the Protection of Personal Information of Japan (“APPI”), we share and use your Personal Information among the Validant Group based on a joint-use structure, under which the items of Personal Information to be jointly used are name and e-mail address.  The purposes of use of the Personal Information to be jointly used are in connection with day-to-day business operations.  

The entity and representative responsible for managing joint use of personal data are set out at https://idec-inc.com/about-idec/.

Where necessary, or for the reasons set out in this Notice, Personal Information may also be disclosed to regulatory authorities, courts, tribunals, government agencies and law enforcement agencies as required to protect our rights and interests and the rights and interests of others. If we are required to disclose Personal Information to comply with legal or regulatory requirements, we will reasonably endeavour to notify the individual before we make such disclosures, unless we are legally restricted from doing so.

Cookies and site analytics 

Cookies.  Cookies are text files containing small amounts of information which are added to your device browser when you visit a website. Cookies are useful because they allow a website to recognize a user’s device, preferences and generally help to improve users’ online experience.  See our Cookies Notice for more information on our use of Cookies.

Analytics. We may use third-party web analytics services on our Website to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; and provide certain features to you. If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to understand the effectiveness of our communications and marketing campaigns.

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our Services for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals.

How long we keep Personal Information 

Personal Information will be retained in accordance with our global data retention policy which categorizes all of the information held by us and specifies the appropriate retention period for each category of Personal Information. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our general business purposes.

How we protect Personal Information

A key principle of data protection legislation is that Personal Information must be dealt with securely by means of “appropriate technical and organizational measures”. This involves considering matters such as risk analysis, organizational policies, and physical and technical measures, all of which contribute to ensuring the confidentiality, integrity and availability of systems and processes. We also exercise appropriate supervision over our employees who handle Personal Information. However, the transmission of information via the internet can never be completely secure. Although we will do our best to try and protect your information, we cannot guarantee the security of your information transmitted to our websites; any transmission is at your own risk. 

In cases where your Personal Information is covered by the APPI, you may obtain further details about the security measures we have in place in relation to the handling of your Personal Information by contacting us at privacy@validant.com.

International transfers

We may need to transfer Personal Information to locations outside of the country where we originally collected such Personal Information.

The level of information protection in countries to which your Personal Information is transferred may be less than that offered within the original country. Where this is the case, we will implement appropriate measures (such as the EU standard clauses under the GDPR) to ensure that Personal Information remains adequately protected and secure in accordance with applicable data protection laws.

An individual’s rights regarding their Personal Information

Your rights. Under certain circumstances, local laws may provide an individual rights under certain data protection legislation with respect to their Personal Information, which may include some or all of the following:

  • The right of access. Subject to certain exceptions, this is the right to request a copy of the Personal Information we hold about an individual and how we use it.
  • The right to rectification. This is the right to require relevant Personal Information be corrected, if it is inaccurate or incomplete.
  • The right to erasure (right to be forgotten). This is the right to request the removal or deletion of Personal Information that we use about an individual, unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims, or if there is no compelling reason for us to continue using it.
  • The right to restrict use. This is the right to request that we restrict our use of Personal Information where: (i) such Personal Information is inaccurate, (ii) our use is unlawful, or (iii) we no longer need to use such Personal Information for a particular purpose and we are unable to delete the Personal Information due to a legal or other obligation.  “Use” here includes sharing or transferring the Personal Information.
  • The right to data portability. This is the right to request that we transmit the relevant Personal Information to a third party, provided that the individual provided such personal data to us and that we are using such personal data on the basis of that individual’s consent or in order to perform our obligations under contract with the individual, and the use is carried out by automated means.
  • The right to object. This is the right to object to us using Personal Information if the use is based on our legitimate interest. We will comply with requests unless we have a compelling legitimate basis for such use which overrides the individual’s interests and rights, or our use relates to the establishment or exercise of the defense of a legal claim.
  • The right to withdraw consent. If we are using Personal Information pursuant to the lawful basis of consent, the individual has the right to withdraw such consent at any time.
  • Automated individual decision-making and profiling. This is the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Such individual may also have the right to lodge a complaint in relation to our use of Personal Information with a local supervisory authority.

If an individual objects to our use of their Personal Information, or withdraws their consent to our use after having initially provided it, we will respect that choice in accordance with our legal obligations but it is likely this will make it impractical for us with respect to any future dealings with the relevant individual. We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request that you provide us with information necessary to confirm your identity before responding to your request. To submit a request, please contact us at privacy@validant.com. As provided in applicable law, you also have the right to not be discriminated against for exercising your rights.

Depending on applicable law, you may have the right to appeal our decision to deny your request. We will provide information about how to exercise that right in our response denying the request. 

Marketing Communications.  If, in accordance with applicable legal requirements, we send you marketing communications regarding our services or the services of third parties that we believe will be interesting to you, you can ask us to stop sending such communications at any time by contacting us at privacy@validant.com. In our marketing email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and disclose certain information as permitted by this Notice or as required by applicable law. For example, you may not opt out of certain transactional emails from us, such as those confirming your requests or providing you with updates regarding our legal terms.

Notice for California Residents 

The California Consumer Protection Act (“CCPA”) also provides certain rights to California consumers. If you are a California resident, California law requires us to provide you with specific information regarding how we collect, use, and disclose your Personal Information. Throughout this Notice, we discuss in detail the specific pieces of Personal Information we collect from and about you. Please see the “How we collect Personal Information,” “What Personal Information we collect,” “How we use and disclose Personal Information, and the legal basis for use,” “Cookies and site analytics,” and “How long we keep Personal Information” sections above for more information.

The CCPA sets forth certain obligations for businesses that “sell” personal information or “share” personal information for purposes of “cross-context behavioral advertising”.  Our use of certain analytics providers discussed above, may be considered a “sale” or “sharing” of personal information under the CCPA.  To opt out of our use of Google Analytics, please use the Google Analytics Opt-Out Browser Add-on located here: https://tools.google.com/dlpage/gaoptout.

A California consumer is entitled to request details of the information we hold about them and how we use it and, under certain circumstances, has the right to request that their Personal Information be deleted. Such requests may be submitted by completing the Request Form.

We will promptly acknowledge receipt of any request and begin the process of verifying such request. Depending upon the sensitivity of the data collected and the nature of the request, we are required to verify an individual’s identity to a reasonable degree of certainty or a reasonably high degree of certainty. A reasonable degree of certainty requires matching at least two pieces of personal information provided via the toll free number or Request Form with information already maintained by us. Whereas, a reasonably high degree of certainty requires matching at least three pieces of personal information. The verification process also requires us to consider whether it is likely the submitted request is fraudulent.

A California consumer may also designate an authorized agent to make a request under the CCPA on the California consumer’s behalf. When a request is submitted by an authorized agent, we will require written evidence of the authorization and, except when the authorized agent has a power of attorney pursuant to California Probate Code sections 4000 to 4465, we will also need to verify the agent’s identity as well as the consumer’s identity.

Please note that the CCPA prohibits discriminatory treatment of a California consumer that exercises their right conferred by the CCPA.

The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes.  Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA. Additionally, if we ever offer any financial incentives in exchange for your Personal Information, we will provide you with appropriate information about such incentives. 

The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we disclose certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not disclose your personal information with third parties for their own direct marketing purposes.

Further questions

Our Data Protection Officer can assist with any questions and can be contacted at either of the following:

By Email:
privacy@validant.com

By Mail:
Validant
150 Sutter Street, #75
San Francisco, CA 94104

Changes to this Notice

Validant may revise or update this notice from time to time. We may modify this Notice from time to time to reflect our current privacy practices. When we make changes to this Notice, we will revise the date above. We encourage you to periodically review this notice to be informed about how we process your information.

By providing information to us, you acknowledge you have read this Notice, and, to the extent your consent is necessary and valid under applicable law, you consent to the collection, use and disclosure of such information by us and any third-party recipients in accordance with this Notice.  If required by certain data protection legislation, we will obtain your consent to the changes in advance.


Request Form

    Please complete the form below and one of our team members will be in contact with you shortly.

    I confirm and declare under penalty of perjury that I am the consumer whose personal information is the subject of this Request or I am the authorized agent for the consumer who is the subject of this Request.