Our privacy policy was last updated on 15/12/2023

Table of Contents

1. General
2. Definitions and Interpretations
3. Collecting and Using Personal Data

4. Types of Data Collected

1. Use Of Your Personal Data

6. The Purposes Of The Processing Of Personal Data

1. Sharing Of  Personal Data To Third Parties
2. Data Location and Transfer
3. Retention of Personal Data
4. Security of Your Personal Data
5. Your rights Under the GDPR and the CCPA, CPRA
6. Your rights Under the PIPEDA
7. Interaction with third-party products
8. Cookies and Trackers 
9. Links to Other Websites
10. Changes To This Policy
11. Contact us
    
    

1. General
   • We at Valid.it Evaluation Solutions Ltd. Also known as Validit Inc. (“it” or “Company” or “We“, “Us“) provide companies and organizations (“Our Customers” or “Your organization”) in diverse sectors with a mobile based platform that enables remote non-invasive integrity testing (“Platform”). This privacy policy ( “Policy”) provides You information regarding the types of data that We collect about the users of Our website https://validit.ai/ (“Website”) and the services offered by the Company in the Platform, collectively, the (“Services”).   
   • Your organization, the organization You are associated with and through which You were invited to conduct the assessment, has shared with Us the information needed to contact You such as: Your full name, Your email address, and Your mobile phone number. To conduct Your assessment, You will receive an invitation through Our Platform, either via SMS text messaging, and/or via email, containing a link with unique credentials to allow You to download our mobile application and log into the assessment using the mobile application.  You shall use the account for the type of assessment requested by Your organization within the contractual legal framework with Our Company. For example, if You have applied to a company for a job opportunity and that company wishes to assess Your integrity as part of their recruitment process, or if You have applied for an insurance claim and Your insurance company wishes to test Your claim’s authenticity as part of their review of Your claim.
   • This privacy policy is intended forEnd Users ( “You”) who use the Platform with respect to Our customer’s personnel and/or staff and/or participants and/or candidates and/or any individual using the Platform on behalf of the customer and the Website end users (not as an Admin user, as defined below).  

• In this Policy, any reference to personal data ( “Personal Data”) is to any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or in combination with additional information that We have or that We have access to.
• This Policy describes how we handle Your personal data, as well as Our Privacy practices, policies, and procedures on the collection, use, and disclosure of Your information with respect to Our Platform. Your organization provides us with Your personal data within the working framework with Us and we are not responsible for Your organization’s privacy practices otherwise.Similarly, Your Organization is the “Data Controller” of the personal data we process on the platform, while Valid.it is “the Data Processor” acting on behalf of Your organization.
• Therefore, the responsibility to comply with any privacy and data security laws and regulations applicable to Data Controller with respect to Your personal data, as well as establish the appropriate legal basis lies with Your organization. Along with that, we highly recommend reading Your organization’s privacy policies regarding their practices with Your personal data. Additionally, if You have any questions or requests regarding Your personal data processed by us on behalf of Your organization, we suggest You contact the account Administrator for Your organization’s account.

2. Definitions and Interpretations
   • The words of which the initial letter is capitalized have meanings defined under the following conditions.
   • For the purposes of this Policy:

• For the purpose of the GDPR (EU General Data Protection Regulations) in this privacy policy, the company is the Data Processor.
• “Account” – a unique account created for You to access our Service or parts of our Service via the platform;
• “Admin” – the Platform Administrator account for the organization You are associated with;
• “CCPA” – California Consumer Privacy Act;
• “CPRA” – California Privacy Rights Act;
• “Cookies” are small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website among its many uses;
• “Data Controller“, for the purposes of the GDPR, refers to the organization You are associated with (“Your Organization” as defined above) as the legal person/agency or other body, which alone or jointly with others determines the purposes and means of the processing of Personal Data;
• “DataProcessor“- for the purpose of the GDPR, refers to The Company or its affiliates which process personal data on behalf of the Data Controller.
• “Device” means any hardware that is used to access the Service such as a computer, a mobile device, or a digital tablet;
• “GDPR” – EU 2016/679 General Data Protection Regulation.
• “PIPEDA” – the Canadian Personal Information Protection and Electronic Documents Act;
• “SaaS” – Software as a Service;
• “Service Provider” means any entity, establishment, or legal person who processes the data (either Usage Data, or Personal Data) on behalf of the Company. It refers to third-party companies and/or individuals employed by the Company to facilitate and/or perform and/or provide the Service on behalf of the Company, or to assist the Company in monitoring, analyzing how the Service is used and improving the Service as deemed necessary. For the purpose of the GDPR, Service Providers in this Privacy Policy are considered Data Sub-Processors (“Data Sub-Processors”);
• “You” or “End user” means the individual accessing or using the Service, conducting the assessment, as applicable; and
• “Usage Data” refers to data collected automatically, either generated using the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Under GDPR, You can be referred to as the Data Subject or the End-User as the individual using the Service.

3. Collecting and Using Your Personal Data

• You are not obligated to provide Us with any Personal Data about You. However, in some instances, not providing such Personal Data will prevent Us from providing You with the Services You requested Us to provide You, will prevent Your use of the Services or a part thereof.

4. Types of Data Collected
   • Personal Data/User Data – We collect certain types of personal data that are transferred to Us by Your organization, such as First Name, Last Name, Mobile Phone Number, Email Address, and in some cases Your ID number (this could be Your governmental ID number, or any other number used to identify You by Your organization). While You use Our Service,  We may be required to contact You in order to ensure the proper administration of the assessment, in such cases where You or we have incurred a technical issue related to Your use of our Service.

Should we decide to contact or use the personal information provided by Your organization in order to contact You, we may ask You to provide Us with certain personally identifiable information that can be used to identify You. Such information may include, but is not limited to:

• Email address;
• First name and last name;
• Phone number;
• ID number used to identify You by Your organization.

Furthermore, for the proper administration of the assessment, while You use the service, we may try to retrieve the following information:

• Physiological Data: Heart Rate (BPM), Oxygen Saturation (SpO2), Respiration, HR Variability (HRV), Standard deviation of pulse rate (SDNN), and Blood Pressure (BP). (These are collected while using the service via the phone camera sensors. Please Note: no pictures or videos of You are collected, the physiological data is collected live while using the service); and
• any other Personal Data that You decide to provide/supply us with.

• Communication information– When You contact Us, though any channel whatsoever, including the in the Our Website or when You subscribe to Our Newsletter on the Website or social media networks, you may provide Us with Your full name, telephone number, name of Your company and Your email address.
• Usage Data – Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device’s unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit Our Service or when You access the Service by or through a mobile device.

For more information about the cookies we use, and Your choices regarding cookies, please see our Cookies Policy below.

5. Use of Your Personal Data
   • Valid.it processes Your personal data on behalf of Your organization. Your organization leverages our platform to conduct assessments that pertain to the purpose Your organization seeks to review and for which You have consented, such as in the case of talent acquisition and/or employment related decisions, financial statements, insurance claims and/or underwriting etc.
   • All data collected as part of the assessment is processed using the solution developed by Valid.it, with the sole aim of reviewing Your assessment for the Controller in an efficient, objective, and non-discriminatory manner. The solution developed by Valid.it uses algorithms that try to assess the authenticity of Your answers by leveraging extensive professional experience in the field of integrity testing. Valid.it’s analysis is based on Your responses to the questions presented during the assessment, as well as the non-verbal feedback received during those responses.
   • Processing Your Data for Employee Recruitment: as part of the recruitment process and in order to assess Your suitability for the specific role, Your organization may request that You perform an integrity/reliability assessment. The assessment will be conducted in accordance with Your organization’s instructions and the results of the integrity assessment are returned to Your Organization (the Controller) who will decide, in his sole and absolute discretion, how to proceed with Your recruitment process.
   • Processing Your Data for Insurance Underwriting: The insurance provider may want to confirm the specifics of Your insurance application, in order to provide proper insurance coverage. The assessment questions presented to You via the Valid.it mobile application will be in accordance with Your organization’s instructions based on the kind of insurance requested. The results of Your assessment will be returned to Your organization (the Data Controller) who will decide, in his sole and absolute discretion, how to proceed with Your insurance underwriting. 
   • Processing Your Data for Financial Statements: You may be asked to provide a financial statement during an application to a banking corporation and/or a financial corporation to confirm the details You have provided. The assessment questions will be in accordance with Your organization’s instructions based on the kind of application requested. The results shall be returned to Your organization (the Controller) who will decide, in his sole and absolute discretion, how to proceed with Your application. 
   • Valid.it may process Your user and usage data to facilitate, operate, maintain and improve our service, and is as necessary for the performance of our services, to comply with our contractual obligations (all in accordance with the instructions provided to Us by Your organization in their role as Data Controller); to provide technical and customer service and securing our customers, end users, ourselves and the platform or fulfil Our legal or regulatory requirements.
   • In any event, personal data processed via the platform will only be processed by Valid.it on behalf of Your organization – our customer, according to the contractual framework and Data Processing Addendum which includes instructions for data processing by Your organization, and any other agreement between us and Your organizations, and this Privacy Policy for End-Users.  
   • We will also create statistical, aggregated and anonymized data relating to our Users and the Service for analytical purposes, including business development and Website improvements. Aggregated data is derived from Personal Information and User Data but in its aggregated form it does not relate to or identify any particular client or individual or any specific user’s data. This data is used to understand Our customer base and to develop, improve and market our Website.
6. The Purposes Of The Processing Of Personal Data
   • We processes Your Personal Data for one or more of the purposes outlined in this section and according to the appropriate legal basis. We will not process Personal Data about You unless there is a legal basis for such processing. The legal bases according to which the Company may process Personal Data about You are as follows:

• Processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party. By way of example, for the purpose of improving Our Website we will use the data collected during the conversation and the content thereof to improve our Website; or for the exercise or defence of legal claims.
• Your consent that the Company will process Personal Data about You for one or more specific purposes. By way of example, for the purpose of providing the Services.

7. Sharing Of Personal Data To Third Parties
   • We will not disclose Personal Data about You to third parties except as detailed in this Policy:

• With Our Group: We may transfer Personal Data to entities that control Us, entities that are under Our control and/or to entities under common control or ownership with Us, as shall be from time to time (collectively the “Group”). Such entities may use the Personal Data to support the needs of the Group
• With Service Providers: for the purpose of tracking and analyzing how our services are being used, We might disclose e Your personal information to the Service Providers such as hosting and server co-location services, cloud storage service providers, communication, content delivery networks, data and cyber security services, fraud detection and prevention services, and web analytics and any other relevant services.
• With Affiliates:We may disclose Your information with Our affiliates, in which case we will require them to follow this Privacy Policy. Information shared as needed only serves to allow us to fulfill our legal obligations towards our customers, and to ensure that our solution performs optimally.
• With our customers:We share Your information with Your organization, in such case, Your accounts Admin may access it on behalf of Your organization, and will be able to monitor, analyze and process Your personal data. Your Organization can determine whether Your account or part of it shall be available to others or not.
• Law enforcement: Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
• Due diligence process: In the event that we will be subject to an audit or a Due diligence process;
• Legal status: In the event that We sell, assign or transfer some or all of Our business or assets to a successor or acquirer, or if We are acquired by or merge with a third party, or if We file for bankruptcy or become insolvent, or any other situation where Personal Data may be sold, assigned or transferred to a successor or acquirer;
• Other legal requirements: The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability.
  • In the preceding twelve (12) months, We have not sold any Personal Data.

8. Data Location and Transfer
   • Personal Data about You may be transferred to a third country (i.e. jurisdictions other than the one You reside in) or to international organizations. In such circumstances, the Company shall take appropriate safeguards to ensure the protection of Personal Data about You and to provide that enforceable data subject rights and effective legal remedies for data subjects are available.
   • The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy for End Users, contractual terms with Your organization, and appropriate lawful mechanisms, and no transfer of Your Personal Data will take place on behalf of Your organization, to a country unless there are adequate controls in place including the security of Your data and other personal information, as follows:

• Internal transfers: Transfers within the Valid.it group will be covered by an internal processing agreement entered by members of the Valid.it Group (an intra-group agreement) which contractually obliges each member to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred to.
• External transfers: Where we transfer Your Personal Data outside of the EU/EEA (for example to third parties who provide us with services), we will do so with a third country or an international organization that the commission has determined is an adequate level of protection. If not, We will obtain relevant contractual framework commitments from them to protect Your Personal Data, such as Standard Contractual Clause (SCC) or Data Transfer Agreement (DTA)/Data Processing Addendum (DPA) depending on which country receiving the data.
  • Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement and consent to that transfer.

9. Retention of Personal Data

The Company will retain Your Personal Data on behalf of Your organization and in accordance with its instructions. Additionally, we may retain Your personal data only for as long as is necessary for the purposes set out in this Policy as well as to comply with our legal obligations (for example, if we are required to retain Your data to comply with applicable laws of and regulation.

10. Security of Your Personal Data

The security of Your Personal Data is important to Us, and for that purpose, We have implemented technical, organizational, and security measures designed to protect Your Personal Data. However, remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security. As the security of information depends in part on the security of the computer, device, or network You use to communicate with us and the security You use to protect Your user IDs and passwords, please make sure to take appropriate measures to protect this information.

11. Your rights Under the GDPR and the CCPA, CPRA

Under applicable law and specifically the GDPR, You have several rights to be practiced regarding Your personal data, and We-the Data Processor shall comply with the GDPR and do our best to assist the Data Controller-Your organization in fulfilling Your request for practicing Your rights, under legal obligations and restrictions. Any request for practicing Your rights regarding personal data processed via our platform on behalf of Your organization, please contact Your organization, Admin.  For the purpose of brief acknowledgment, Your rights under the GDPR are as follows: 

• The right to be informed;
• The right to access Your Data;
• The right to rectification of Your Data;
• The right to erasure, “right to be forgotten”;
• The right to restrict processing;
• The right to data portability;
• The right to object to the processing of Your personal data;
• The right not to be subject to automated decision-making;
• You have a right to lodge a complaint with Your local data protection supervisory authority; and
• The right to not be discriminated by Us because You exercised any of Your rights under the CCPA or CPRA.
  
  

12. Your rights Under the PIPEDA

Under applicable law and specifically the PIPEDA, You have several rights to be practiced regarding Your personal data, and We shall comply with the PIPEDA and do our best to assist Your organization in fulfilling Your request for practicing Your rights, under legal obligations and restrictions. Any request for practicing Your rights regarding personal data processed via our platform on behalf of Your organization, please contact Your organization, Admin.  For the purpose of brief acknowledgment, Your rights under the PIPEDA are as follows: 

• The right to access Your Data.
• The right to Correct Your inaccurate Data, and/or deletethe inaccurate personal information. 
• The right to withdraw Your consent.

13. Interaction With Third-Party Products
    
    
    • Our platform may contain third-party links and You We may thus be able to interact with third-party websites, mobile software applications, and products or services that are not owned or controlled by us (each a “Third Party Service”). Therefore, If You click on a third-party link, You may be directed to that third party’s site, which may not be operated by Us, and We thus cannot assume responsibility for the privacy practices or the content of such Third-Party Services. We strongly advise You to review the Privacy Policy of every site You visit.
    • We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

14. Cookies and Trackers
    • We may use certain third party services, such as analytics companies or companies delivering advertisements, which may also use cookies or other technologies, and those practices and providers are subject to their own policies.
    • Cookie (which is a small text file) is installed on the device via which You visit or access the Platform. The cookies allow Us to collect information about You and Your behavior, in order to improve Your user experience, to remember Your preferences and settings, and to customize and offer You products and services that may interest You. Cookies are also used to collect statistics and perform analytics.
    • Some of the cookies We use are session cookies, which are downloaded temporarily to Your device and last until You close Your web browser, while others are persistent cookies, which last on Your device after You cease browsing the Service and are used to help the Service remember You as a returning visitor when You return to the Service.
    • Types of cookies: The cookies We may use have been classified according to their functionality, as follows:

Blocking and removal of cookies

You can change Your browser settings to block and delete some or all cookies. Please see below links to instructions on how to do this in respect of some of the most popular web browsers:

• Firefox
• Edge
• Internet Explorer
• Google Chrome
• Safari

Please note, however, that if You do so, some or all of the Service’s features and functionalities might not perform as intended.

ONLINE TRACKING NOTICE: AT THIS TIME, THIS SERVICE DOES NOT SUPPORT DO-NOT-TRACK SIGNALS.

15. Links to Other Websites

• The Website may contain links to websites and/or applications of third parties. Other websites and applications may also reference or link to Our Website. We do not control such websites and applications, nor the collection and/or processing of Personal Data about You by such websites and applications, and thus We are not responsible for the privacy practices. This Policy does not apply to any actions taken via such websites and/or applications.
• Whenever You access such third parties’ websites and/or applications, We recommend that You carefully review their privacy policies prior to using such websites and/or applications and prior to disclosing any Personal Data about You.

16. Changes to the Policy

We may amend, from time to time, the terms of this Policy. Whenever We amend this Policy, we will notify You of such amendments by publishing the updated Policy on the Platform. In addition, when We make significant amendments to this Policy, we will strive to inform You about such amendments via means of communication We believe are reasonably appropriate to inform You of such amendments and by publishing a notice about such amendments on the Platform. Unless stated otherwise, all amendments will enter into force upon publication of the updated Policy on our website or the designated page in the Website.

17. Contact us

If You have any comments or questions regarding this Policy, please contact Your organization Admin or our support at: support@validit.ai