Privacy Policy-End Users
Our privacy policy was last updated on 15/10/2023
Table of Contents
1.
Definitions and Interpretations
2. Collecting and Using Your Personal Data
3. Share and Disclosure of Your personal information
5. Retention of Your Personal Data
6. Security of Your Personal Data
8. Interaction
with third-party products
9. For The
Purpose of the GDPR Privacy Policy
Privacy Policy-End Users
Valid.it Evaluation Solutions Ltd. Also known as Validit Inc. (hereinafter: "Valid.it" or "The Company" or "We", "Us") Established in 2021, Valid.it is a user-friendly remote fraud detection solution that leverages behavioral science and signal processing to deter and detect deception using nothing but a smartphone.
We at Valid.it provide companies and organizations (hereinafter: “our customers” or “your organization”) in diverse sectors with a mobile based platform that enables remote non-invasive integrity testing. Our solution is based on a systematic methodology that leverages real-world experience and professional know-how. The solution may be used for various use cases, including talent acquisition, insurance underwriting, financial statements, claims validation, and more (“hereinafter:” Platform”).
Your organization, the organization you are associated with and through which you were invited to conduct the assessment “Your organization”, has shared with us with the information needed to contact you such as your first name and family name, your email address, and your mobile phone number. To conduct your assessment, you will receive an invitation through our Platform, either via SMS text messaging, and/or via email, containing a link with unique credentials to allow you to download our mobile application and log into the assessment using the mobile application. You shall use the account for the type of assessment requested by your organization within the contractual legal framework with Our Company. For example, if you have applied to a company for a job opportunity and that company wishes to assess your integrity as part of their recruitment process, OR if you have applied for an insurance claim and your insurance company wishes to test your claim’s authenticity as part of their review of your claim.
This privacy policy is intended for End Users (Hereinafter: "You") who use the Platform with respect to our customer's personnel and/or staff and/or participants and/or candidates and/or any individual using the platform on behalf of the customer (not as an Admin user, as defined below).
This Privacy Policy describes
how we handle your personal data, as well as Our Privacy practices, policies,
and procedures on the collection, use, and disclosure of Your information with
respect to Our Platform. Your organization provides us with your personal data
within the working framework with Us and we are not responsible for your
organization's privacy practices otherwise. Similarly, Your Organization is
the "Data Controller" of the personal data we process on the
platform, while Valid.it is "the Data Processor" acting on
behalf of your organization.
Therefore,
the responsibility to comply with any laws and regulations applicable to Data
Controller with respect to your personal data, as well as establish the
appropriate legal basis lies with your organization. Along with that, we highly
recommend reading your organization's privacy policies regarding their
practices with your personal data. Additionally, if you have any questions or
requests regarding your personal data processed by us on behalf of your
organization, we suggest you contact the account Administrator for your
organization's account.
This
privacy policy is for End Users Only, and it does not cover our processing of
personal data relating to individuals who interact with Valid.it Website or any
other company's assets outside the platform, with regard to
which we act as Data Controllers. Please see Our Terms of Use .
Please Note: We respect your privacy and are committed to using privacy practices that are
transparent and fair. Carefully read this privacy policy. By using the Service,
you agree to the collection and use of information in accordance with this
Privacy Policy!
The words of which the
initial letter is capitalized have meanings defined under the following
conditions.
For
the purposes of this Privacy Policy:
●
"Company"
-referred to Valid.it Evaluation Solutions Ltd. as either "the
Company", "We", "Us" or "Our"
in this Privacy Policy. For the purpose of the GDPR (EU
General Data Protection Regulations) in this privacy policy, the company is the
Data Processor.
●
"GDPR"- EU
2016/679 General Data Protection Regulation.
●
"PIPEDA" – the Canadian Personal Information Protection and Electronic
Documents Act.
●
"SaaS"-
Software as a Service
●
“Your
Organization”- means the
company or organization that has invited you to conduct the assessment i.e. (either an employer in the case employment related assessments, or
an insurance company in the case of insurance claims).
●
"Platform"-
the SaaS provided to the organization you are associated with by which you
received a link to download the Valid.it mobile app and make use of the service provided by our platform via the mobile app that you have downloaded.
●
"Account"-
a unique account created for You to access our Service or parts of our Service
via the platform.
●
"Admin"- the Platform
Administrator account for the organization you are associated with.
●
"Cookies"
are small files that are placed on Your computer, mobile device, or any other
device by a website, containing the details of Your browsing history on that
website among its many uses.
●
"Usage
Data" refers to data collected automatically, either generated using
the Service or from the Service infrastructure itself (for example, the
duration of a page visit).
●
"Device"
means any hardware that is used to access the Service such as a computer, a mobile device, or a digital tablet.
●
"Personal
Data" or “Personal Identifiable Information” is any information
that relates to an identified or identifiable individual, directly or
indirectly.
●
"Service"
refers to the mobile application and/or the Web/browser-based platform by which
the evaluation is administered on behalf of the organization you are associated
with.
●
"Service
Provider" means any entity, establishment, or legal person who
processes the data (either Usage Data, or Personal Data) on behalf of the
Company. It refers to third-party companies and/or individuals employed by the
Company to facilitate and/or perform and/or provide the Service on behalf of
the Company, or to assist the Company in monitoring, analyzing how the Service
is used and improving the Service as deemed necessary. For
the purpose of the GDPR, Service Providers in this Privacy Policy are considered Data Sub-Processors (“Data
Sub-Processors”).
●
"You"
or “End user” means the individual accessing or using the Service, conducting
the assessment, as applicable.
Under GDPR, You can be referred to as the Data Subject or the End-User
as the individual using the Service.
●
"Data
Controller", for the purposes of the GDPR, refers to the organization you
are associated with (“Your Organization” as defined above) as the legal person/agency
or other body, which alone or jointly with others determines the purposes and
means of the processing of Personal Data.
●
"Data Processor"- for the
purpose of the GDPR, refers to The Company or its affiliates which process
personal data on behalf of the Data Controller.
Types
of Data Collected
We collect certain types of personal data that are transferred to Us by your organization, such as First Name, Last Name, Mobile Phone Number, Email Address, and in some cases your ID number (this could be your governmental ID number, or any other number used to identify you by your organization).
While you use Our Service, We may be required to contact you in order to ensure the proper administration of the assessment, in such cases where you or we have incurred a technical issue related to your use of our Service. Should we decide to contact or use the personal information provided by your organization in order to contact you, we may ask You to provide Us with certain personally identifiable information that can be used to identify You. Such information may include, but is not limited to:
● Email address
● First name and last name
● Phone number
● ID number used to identify you by your organization
Furthermore, for the proper administration of the assessment, while you use the service, we may try to retrieve the following information:
● Physiological Data: Heart Rate (BPM), Oxygen Saturation (SpO2), Respiration, HR Variability (HRV), Standard deviation of pulse rate (SDNN), and Blood Pressure (BP). (These are collected while using the service via the phone camera sensors. Please Note: no pictures or videos of you are collected, the physiological data is collected live while using the service)
● any other Personal Data that you decide to provide/supply us with
Usage Data
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device's unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
For more information about
the cookies we use, and your choices regarding cookies, please see our Cookies
Policy below.
Use of Your Personal Data
Valid.it processes your personal data on behalf of Your organization.
Your organization leverages
our platform to conduct assessments that pertain to the purpose your
organization seeks to review and for which you have consented, such as in the
case of talent acquisition and/or employment related decisions, financial
statements, insurance claims and/or underwriting etc.
All data collected as part of the assessment is processed using the solution developed by Valid.it, with the sole aim of reviewing your assessment for the Controller in an efficient, objective, and non-discriminatory manner. The solution developed by Valid.it uses algorithms that try to assess the authenticity of your answers by leveraging extensive professional experience in the field of integrity testing. Valid.it's analysis is based on your responses to the questions presented during the assessment, as well as the non-verbal feedback received during those responses.
Processing Your Data for Employee Recruitment: as part of the recruitment process and in order to assess your suitability for the specific role, Your organization may request that you perform an integrity/reliability assessment. The assessment will be conducted in accordance with Your organization’s instructions and the results of the integrity assessment are returned to Your Organization (the Controller) who will decide, in his sole and absolute discretion, how to proceed with your recruitment process.
Processing Your Data for Insurance Underwriting: The insurance provider may want to confirm the specifics of Your insurance application, in order to provide proper insurance coverage. The assessment questions presented to you via the Valid.it mobile application will be in accordance with Your organization’s instructions based on the kind of insurance requested. The results of your assessment will be returned to Your organization (the Controller) who will decide, in his sole and absolute discretion, how to proceed with your insurance underwriting.
Processing Your Data for Financial Statements: You may be asked to provide a financial statement during an application to a banking corporation and/or a financial corporation to confirm the details you have provided. The assessment questions will be in accordance with Your organization’s instructions based on the kind of application requested. The results shall be returned to Your organization (the Controller) who will decide, in his sole and absolute discretion, how to proceed with your application.
Valid.it may process your user and usage data to facilitate, operate, maintain and
improve our service, and is as necessary for the performance of our services,
to comply with our contractual obligations (all in accordance with the
instructions provided to us by your organization in their role as Data
Controller); to provide technical and customer service and securing our
customers, end users, ourselves and the platform.
In any event, personal data
processed via the platform will only be processed by Valid.it on behalf of Your
organization - our customer, according to the contractual framework and Data
Processing Addendum which includes instructions for data processing by your
organization, and any other agreement between us and your organizations, and
this Privacy Policy for End-Users.
The company may use your
de-identified Physiological data in statistical initiatives for machine
learning and the improvement of our services via the platform provided to our
customers.
●
With Service Providers: for the purpose of tracking and
analyzing how our services are being used, We might
disclose e Your personal information to the Service Providers such as hosting
and server co-location services, communication, content delivery networks, data
and cyber security services, fraud detection and prevention services, and web
analytics and any other relevant services.
●
With Affiliates: We may disclose Your information with Our
affiliates, in which case we will require them to follow this Privacy Policy. Information
shared as needed only serves to allow us to fulfill our legal obligations
towards our customers, and to ensure that our solution performs optimally.
●
With our customers: We share Your information with your
organization, in such case, your accounts Admin may access it on behalf of your
organization, and will be able to monitor, analyze and process your personal
data. Your Organization can determine whether your account or part of it shall
be available to others or not.
●
Law enforcement: Under
certain circumstances, the Company may be required to disclose Your Personal
Data if required to do so by law or in response to valid requests by public
authorities (e.g. a court or a government agency).
●
Other legal requirements: The
Company may disclose Your Personal Data in the good faith belief that such
action is necessary to:
ü Comply with a legal obligation
ü Protect and defend the rights or property of the
Company
ü Prevent or investigate possible wrongdoing in
connection with the Service
ü Protect the personal safety of Users of the
Service or the public
ü Protect against legal liability.
The company may maintain, process, access, and store your personal data by
us or our authorized service providers (see section 3 above) in different
locations, in compliance with the applicable laws to Your Organization.
Valid.it maintains offices in Israel, and currently uses AWS services located
in Ireland for processing, analyzing, and storing your personal data, and may
access your personal data from any of these locations or any other location
necessary for the activity of the platform for the purpose of providing
technical support and customer service for Your organization.
The Company will take all steps reasonably necessary to ensure that Your
data is treated securely and in accordance with this Privacy Policy for End
Users, contractual terms with your organization, and appropriate lawful
mechanisms, and no transfer of Your Personal Data will take place on behalf of
your organization, to a country unless there are adequate controls in place
including the security of Your data and other personal information, as follows:
●
Internal transfers: Transfers within the Valid.it group will be
covered by an internal processing agreement entered by members of the Valid.it Group
(an intra-group agreement) which contractually obliges each member to ensure
that personal data receives an adequate and consistent level of protection
wherever it is transferred to.
●
External transfers: Where we transfer your Personal Data
outside of the EU/EEA (for example to third parties who provide us with
services), we will do so with a third country or an international organization
that the commission has determined is an adequate level of protection. If not, We will obtain relevant contractual framework commitments
from them to protect your Personal Data, such as Standard Contractual Clause (SCC) or Data Transfer
Agreement (DTA)/Data Processing Addendum (DPA) depending on which country
receiving the data.
Your consent to this Privacy Policy followed by Your submission of such
information represents Your agreement and consent to that transfer.
The Company will retain Your Personal Data on behalf of your organization and in accordance with its instructions. Additionally, we may retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy as well as to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws of taxing or accounting requirements), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain some of your de-identified User data (the physiological data) and Usage Data for internal analysis purposes. Such Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
The security of Your Personal Data is important to Us, and for that purpose, We have implemented technical, organizational, and security measures designed to protect your Personal Data. However, remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security. As the security of information depends in part on the security of the computer, device, or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
Under applicable law and
specifically the GDPR, You have several rights to be
practiced regarding your personal data, and We-the Data Processor shall comply
with the GDPR and do our best to assist the Data Controller-Your organization
in fulfilling your request for practicing your rights, under legal
obligations and restrictions. Any request for practicing your rights
regarding personal data processed via our platform on behalf of your
organization, please contact your organization, Admin. For the purpose of brief acknowledgment, your rights under
the GDPR are as follows:
●
The right to be informed.
●
The right to access your
Data.
●
The right to rectification
of your Data.
●
The right to erasure, "right
to be forgotten."
●
The right to restrict processing.
●
The right to data
portability.
●
The right to object to the
processing of your personal data.
●
The right not to be subject
to automated decision-making.
●
You have a right to lodge a
complaint with your local data protection supervisory authority.
Under applicable law and
specifically the PIPEDA, You have several rights to be
practiced regarding your personal data, and We shall comply with the PIPEDA and
do our best to assist Your organization in fulfilling your request for
practicing your rights, under legal obligations and restrictions. Any
request for practicing your rights regarding personal data processed via our
platform on behalf of your organization, please contact your organization,
Admin. For the purpose of
brief acknowledgment, your rights under the PIPEDA are as follows:
●
The right to access your
Data.
●
The right to Correct your
inaccurate Data, and/or delete the inaccurate personal information.
●
The right to withdraw your
consent.
Our platform may contain
third-party links and you We may thus be able to interact with third-party
websites, mobile software applications, and products or services that are not
owned or controlled by us (each a “Third Party Service”). Therefore, If You
click on a third-party link, You may be directed to
that third party's site, which may not be operated by Us, and We thus cannot assume
responsibility for the privacy practices or the content of such Third-Party
Services. We strongly advise You to review the Privacy Policy of every site You
visit.
We have no control over and
assume no responsibility for the content, privacy policies, or practices of any
third-party sites or services.
Legal
Basis for Processing Personal Data under GDPR
As mentioned above, your organization is responsible to establish the legal basis on which to collect your personal data. Yet, We process your Personal Data based on the legal basis for the Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with Your organization and/or for any pre-contractual obligations thereof.
If you have any comments or
questions regarding this Privacy Policy for End Users, please contact your
organization Admin or our support at: support@validit.ai