Privacy notice for ValidPath

INTRODUCTION

Welcome to the privacy policy of the ValidPath (“Privacy Policy”).

The ValidPath Limited respects your privacy and is committed to protecting your personal data. This Privacy Policy will inform you about how we look after your personal data, your privacy rights and how the law protects you.

IMPORTANT INFORMATION

It is important that you read this Privacy Policy, together with any other Privacy Policy or fair processing notice that we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This Privacy Policy supplements any other privacy notices or policies and is not intended to override them and relates to:

Visitors to validpath.co.uk and all related subdomains (together making up the “Websites”);
Software applications and third-party clients who use our application programming interfaces (“APIs”); and
End users who use our Websites, APIs, mobile applications and any other services, products, tools, features or content made available by the ValidPath Limited.

By using the Websites, APIs or any other services, products, tools, features or content as made available by the ValidPath Limited you hereby:

Acknowledge and confirm that you are at least eighteen (18) years old;
Consent to the use of your personal data as described in this Privacy Policy; and
Consent that if you provide any personal information on behalf of someone else that you have their consent to use and provide their personal information.

This Privacy Policy may change from time to time and if it does, the up-to-date version will be available on the ValidPath Limited Websites (historic versions can be obtained by contacting us). By continuing to use the ValidPath Limited websites, you are agreeing to any updated versions of the ValidPath Limited Privacy Policy or other privacy policies indicated on any specific ValidPath Limited website.

WHO WE ARE

The ValidPath Limited

This Privacy Policy is issued on behalf of the ValidPath Limited.

This Privacy Policy applies to all of those subsidiaries and affiliated companies, irrespective of location or jurisdiction. In particular, the data controller (as referred to below) is a subsidiary of ValidPath Limited.

Data Controller

ValidPath Limited is the data controller (as defined under European Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) for the ValidPath Limited. ValidPath Limited is registered as a data controller with the UK Information Commissioner’s Office (“ICO”) with registration number is FRN 197107 and is the entity that is responsible for processing your data on behalf of the ValidPath Limited. Accordingly, “we”, “us” or “our” in this Privacy Policy, refers to ValidPath Limited. Where specifically not in relation to the obligations of the data controller under GDPR, “we”, “us” or “our” may also refer to any of the subsidiaries or propositions of the ValidPath Limited.

Data Processor Function within the ValidPath Limited

You may engage with a company within the ValidPath Limited who may ask you to provide data and information via the Websites. In this instance, ValidPath Limited acts as a data processor and will process your personal data in accordance with this Privacy Policy the company you are engaging with within the ValidPath Limited will act as Data Controller and control your personal data in accordance with this Privacy Policy (unless other stipulated).

HOW WE COLLECT YOUR DATA

We may obtain information in several ways which could include:

Information you give to us: You may give us information about you when you use our Websites or APIs or by communicating with us by email, telephone or otherwise;
Information we record about you: Each time you visit our Websites, APIs or systems we may automatically record information through the use of cookies, web beacons and other anonymous online identifiers;
Information that we receive from other parties including other companies in the ValidPath Limited or third parties who provide services to you or us;
Information that we learn about you through our relationship with you; and
Information that we gather from publicly available sources.

THE CATEGORIES OF DATA WE MAY COLLECT

The types of personal information and data that we may collect may include (but is not limited to):

Identity Data that includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data that includes residential address, delivery address, email address and telephone numbers.
Financial Data that includes financial transactions, financial accounts and projection information.
Transaction Data that includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data that includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, screen resolution, and other technology on the devices you use to access this website.
Profile Data that includes your username and password, purchases or orders made by you, your preferences, feedback and survey responses.
Usage Data that includes information about how you use our website, products and services.
Marketing and Communications Data that includes your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

HOW WE MAY USE YOUR INFORMATION

We may use your personal information and/or data to:

Provide you with products and/or services;
Administer, operate, facilitate and manage your relationship with us which may include sharing such information within the ValidPath Limited as well as disclosing it to third parties
Contact you or your designated representative(s) or colleagues by post, telephone, electronic mail, etc., in connection with your relationship;
Provide you with information relating to our products and services; and
Facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements.

If your relationship with us ends, we will continue to treat your personal information, to the extent we retain it, as described in this Privacy Policy.

Automated decision-making and profiling

‘Automated Decision Making’ refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention. Profiling means using automated processes with or without human intervention to analyse your personal data in order to evaluate your behaviour or to predict things about you. We may use automated decision-making or profiling as part of offering the Websites, APIs, mobile applications and any other services, products, tools or features made available by the ValidPath Limited to you.

WHY WE MAY COLLECT DATA ABOUT YOU

There are many reasons why we may legitimately collect and process your personal information and data including:

Consent: We can collect and process your data with your consent.
Contractual obligations: We may process your information where it is necessary to either enter into a contract with you for the provision of our products or services or to perform our obligations under that contract or to provide you with information or guidance in relation to our products or services that are offered by us.
Legal compliance: If the law or any applicable regulator requires us to, we may need to collect and process your data and also provide this to any such regulator
Legitimate interest: We may process your information in the day-to-day running of our business, to manage our business and financial affairs and to protect our customers, employees and general interests. In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

Not providing personal data when requested

Where we need to collect personal data by law or under the terms of an agreement or contract that we have with you or may have with you and you fail to provide that data when requested, we may not be able to provide you with products or services or perform under the agreement or contract that we have or may have with you. If this is the case, we may have to cancel a product or service or agreement we have with you and you will be notified at the time.

STORAGE OF YOUR PERSONAL DATA (INCLUDING OUTSIDE OF THE “EEA”)

The data and information that we collect and process may be transferred to, and stored at, a destination outside of the UK. We will only do so on the basis that anyone to whom we transfer it to, protects it in the same way that we would and such entity or person or other third party is subject to the appropriate safeguards.

In the event that we transfer information to countries outside of the EEA, we will only do so where:

The European Commission has decided that the country or the organisation, entity or individual to whom we are transferring to or sharing your data and/or information with, will protect your information adequately;
The transfer has been authorised by the relevant data protection authority; and/or
We have entered into a contract with the organisation, entity or individual with whom we are sharing your data and/or information (on such terms as approved by the European Commission), to ensure your information is adequately protected.

DATA SECURITY

We will take all steps reasonably necessary to ensure that your information and/or data is treated securely and in accordance with this Privacy Policy. We follow strict security procedures as to how your information and/or data is stored and used, and who sees it. We use strict procedures and security features to prevent unauthorised access. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Third Party links

The ValidPath Limited Websites may include links to third-party affiliates, websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements, notices or policies. Please always check the privacy policies of any sites we link to.

DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Retention periods may be changed from time to time based on business or legal and regulatory requirements. Details of retention periods for different aspects of your personal data is available on request.

YOUR LEGAL RIGHTS

You have the right to:

Access: You have the right to get access to the information and/or data that we hold about you;
Automated Decision-Making: You have the right not to be subject to a decision which is based solely on automated processing where that decision produces legal effects concerning you or otherwise significantly affects you;
Erasure: You have a right to withdraw consent to the processing of your personal data and request that we delete your information and/or data;
Marketing: You have a right to object to direct marketing;
Portability: You have a right to data and/or information portability;
Rectification: You have a right to rectification of any inaccurate information and/or data and to update incomplete information and/or data that we hold about you;
Restriction: You have a right to request that we restrict the processing of your information and/or data; and
Lodge complaints: You have a right to lodge a complaint with the regulator. If you wish to raise a complaint on how we have handled your information, you can contact us. We would hope to be able to address any concerns you may have, but you can always contact the Information Commissioner’s Office (ICO).

If you wish to exercise any of the rights set out above, please contact us.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.