Reviewed December 2022
1.0 GENERAL STATEMENT
Validic, Inc., a Delaware corporation (the “Company”, “we”, “us” or “our”), provides the website located at www.validic.com (the “Website”) and certain mobile applications (the “Applications”), to support healthcare application or website providers (the “Healthcare Portal Providers”) by providing their end users with access to certain third party applications, programs, and/or devices that the end users may elect to connect to using the Website (collectively, the “Service”).
The United States Federal Trade Commission (FTC) is the enforcement authority with jurisdiction over this compliance.
2.0 THE INFORMATION WE COLLECT
In this section, we provide you with details about some of the information we currently collect about users of our Website, Applications, and/or Service (collectively, “User Data”), the categories of sources of that information, and the business purpose for collecting that information.
- User Key. Your Healthcare Portal Provider provides us with a user key (the “User Key”) that identifies you as a registered member of the healthcare application or website. This allows us to verify that we are authorized to collect your User Data and provide you with the Service, based on the permission you provided to your Healthcare Portal Provider in connection with your use of such Service.
- Personal Information. Depending on the Service and/or Applications you use, we may collect information by which you may be personally identified, such as name, date of birth, address, e-mail address and/or telephone number (“Personal Information”). We may also collect Personal Information that you submit to us in connection with your use of the Website, such as when you submit a contact request form. If the Applications you use require us to contact you using your Personal Information, we will contact you based on the permissions you provided to your Healthcare Portal Provider in connection with your use of such Applications.
- Company Applications. Certain Applications (e.g., HealthBridge) may collect and use your Personal Information to link you to the program that has been created for you by your Healthcare Portal Provider and to identify you to your Healthcare Portal Provider. Also, we will collect Program Data and other health and wellness User Data produced by your use of, or uploaded by you to, the Applications. We provide you with information about Applications that connect with the Service or that are used in connection with the Website and/or the Service. These Applications have features that collect and store data and/or other information about you, including Program Data and health and wellness User Data. When you choose to access or use the Applications, they will be able to provide us with access to some or all of such data and/or other information (the “Application Data”). We will share Application Data only with your Healthcare Portal Provider.
- Navigational Information. We may collect and use information and data from you when you are using the Service, Applications, and/or Website through the standard operation of our Internet servers. Information collected from you may include user Internet Protocol (IP) addresses, browser type and version, domain names, referring/exit pages, devices, operating system, date/time stamp, click stream data and anonymous statistical data regarding your use of the Service and/or Website. For example, we can tell which Internet Service Provider our users use, but not the names, addresses or other information that would allow us to identify particular users. We use this information to analyze trends, to administer and to improve the Service, Applications, and Website, to track users’ movements around the Applications, and Website and to gather demographic and other aggregate information (as described in more detail below) about our user base as a whole. The Application does not collect Navigational Information.
- Clear Gifs. We may also employ a software technology called “clear gifs” (also known as “web beacons” or “web bugs”) that helps us better manage content on the Website by providing us feedback as to what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of users. In contrast to cookies, which are stored on your web enabled device’s hard drive, clear gifs are embedded invisibly on a website page, web-based document or email message and are about the size of the period at the end of this sentence. Clear gifs may be used in our HTML-based emails to confirm receipt of, and response to our emails, including those that you forward to other recipients. The Application does not utilize Clear Gifs.
- Site Information. Due to communications standards on the internet, when you visit the Website we typically automatically receive the URL of the site from which you came and the site to which you are going when you leave our Website. We also receive the internet protocol address of your computer (or the proxy server you use to access the Internet), your computer operating system and type of web browser you are using, email patterns, your mobile device and mobile operating system, as well as the name of your ISP or your mobile carrier. We may also receive location data on our Website passed to us from third-party services or GPS-enabled devices that you have enabled. The Application may request access to location services, on Android devices, in order to initiate Bluetooth pairing; however, we do not collect your geo-location or GPS data by or through the Application.
- Site Analytics. We may analyze your use of the Website, Applications, and/or Service with third party software that allows us to monitor and record your navigation and usage activities, in order to better customize and improve our Website, Applications, Service and other products. The Application does not monitor or record your navigation and usage activities.
- Aggregated User Data. In an ongoing effort to better understand and serve the users of the Website, Applications, and the Services, we may analyze the User Data and conduct research on demographics, interests, behavior and other topics based on User Data of our end users, including you, that is provided to, collected by or otherwise available to us. We use the User Data from you and other users and reformat, supplement, compile, analyze and/or aggregate these datasets together to create what we term “Aggregated User Data.” We use such Aggregated User Data for product development and to improve our products and services and may share certain components of this User Data and/or Aggregated User Data with our affiliates, agents and business partners as described below.
3.0 HOW WE USE THE INFORMATION WE COLLECT
- Sharing with Healthcare Portal Providers. We share the Program Data we collect from the Programs only with your Healthcare Portal Provider.
- Business Transfers. We may also disclose and/or transfer your User Data to third parties in connection with a corporate transaction, such as a merger, acquisition by another company or sale or other transfer of all or a portion of our business or assets.
- Lawful requests by public authorities. We will disclose personal information in response to lawful requests by public authorities, including when there is a need to meet national security or law enforcement requirements.
- Do Not Sell. The Company does not sell your personal information.
4.0 REVIEWING, UPDATING AND DELETING YOUR INFORMATION
We provide your Healthcare Portal Provider with the capability to review, update and delete your User Data, including your personal data, if and to the extent applicable based on the Service and/or Applications you use. We require your permission before any of your User Data (including your personal data) is accessed, retrieved or made available to your Healthcare Portal Provider. You may change your level of permission at any time to enhance or limit the collection, use, and/or disclosure of your User Data (including your personal data). In addition, we provide your Healthcare Portal Provider the ability to allow you to revoke permission to access your User Data (including your personal data) and will permanently delete any records that we have of your User Data (including your personal data). You may revoke your consent to allow the Applications to connect to any Program, including, but not limited to, by accessing your Bluetooth settings and selecting “Forget this Device” option.
5.0 LINKS AND ADVERTISING
You should also be aware that if you voluntarily disclose personally identifiable information in an email or other communications with any third party listed on the Website, Applications, or in other materials, that information, along with any other information disclosed in your communication, can be collected and correlated and used by such third parties and may result in your receiving unsolicited messages from other persons. Such collection, correlation, use and messages are beyond our control.
- Steps we take to keep your information secure. The security of your User Data is important to us. We have put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and secure User Data from unauthorized access, including as set forth in more detail in our Company Security Policy available at https://validic.com/legal/data-security (the “Security Policy”).
- Risks inherent in sharing information. Notwithstanding our commitment to protect your information, you should be aware that there is always some risk involved in transmitting information over the internet. In addition to the risk that the employees, contractors and others subject to our Security Policy may fail to follow required procedures, there is also some risk your or our network and/or security systems could be circumvented or breached, including by third parties who use our Website, Applications, or Service in order to do so. As a result, while we strive to use commercially reasonable means to protect your User Data, we cannot ensure or warrant the security and privacy of your User Data, Application Data, or any other information you transmit to us, or of your or our network and/or security systems. If you have any questions regarding the security of the Website, Applications, or the Service you can contact our privacy team at the email address set forth above.
7.0 CHILDREN’S POLICY
The Website and the Service are for general audiences and neither is directed toward those under 18 years of age. We do not knowingly collect Personal Information from children under 13 without parental consent. If you become aware that a child has provided us with Personal Information, please contact our Privacy Officer at the email address in the Contact Information section. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to remove such information and terminate the child’s account.
8.0 CALIFORNIA PRIVACY RIGHTS
California Civil Code Sec. 1798.100, et seq. (also known as the California Consumer Privacy Act of 2018) (“CCPA”) provides certain rights to California residents regarding their Personal Information. A California resident has the right to request that we disclose certain information, including: (1) the categories of Personal Information it has collected about that California resident, (2) the categories of sources from which the Personal Information is collected, (3) the business or commercial purpose for collecting or selling the Personal Information, (4) the categories of third parties with whom the Company shares Personal Information, and (5) the specific pieces of Personal Information it has collected about that resident. A California resident has the right to request that we delete his/her Personal Information. Finally, a California resident has the right not to be discriminated against for exercising his/her privacy rights under the CCPA. You can request such Personal Information and change your Personal Information by emailing us at firstname.lastname@example.org. In the event of a conflict between a term set forth in this Section 8.0 and a term set forth in our standard data processing addendum that was provided to you in connection with the agreement into which you entered with us to govern your use of the Services, the latter prevails.
Pursuant to California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Compliant Assistance Unit of the Division of Consumer Services for the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.
Please remember that your use of the Website and the Service is also governed by our legal terms, which are available at https://validic.com/legal/terms.
10.0 DATA PROTECTION OFFICER
The Company designates the Senior Privacy and Security Manager as the Data Protection Officer in compliance with the General Data Protection Regulation (EU) 2016/679 and can be contacted at email@example.com.
Data Protection Officer
701 W. Main Street, Suite 620
Durham, NC 27701
11.0 RIGHT TO SUBMIT REQUESTS
You shall have the right to request that Company disclose the categories and specific pieces of personal information that Company has collected, used or disclosed about you. You shall not be treated differently based on exercising your rights as provided herein.
Requests may be submitted to firstname.lastname@example.org or
701 W. Main Street, Suite 620
Durham, NC 27701
13.0 CONTACT INFORMATION
If you have questions or complaints regarding this Policy or our practices, or wish your personal data deleted from our records, please contact the Company at:
701 W. Main Street, Suite 620
Durham, NC 27701