Validus

  Privacy Policy

March 2025

Version 1.0

Table of Contents

1        Purpose        3

2        Scope        3

3        Key Principles        3

4        Data Collection and Usage        4

4.1. Data Collection        4

4.2. Data Usage        4

4.3. Legal Basis for Processing        5

5        Data Sharing and Disclosure        5

5.1. Internal Sharing        5

5.2. External Sharing        5

5.1. International Data Transfers        5

6        Data Subject Rights        6

6.1. Right to Access        6

6.2. Right to Rectification        6

6.3. Right to Erasure        6

6.4. Right to Restrict Processing        6

6.5. Right to Data Portability        6

6.6. Right to Object        6

6.7. Right to Withdraw Consent        6

7        Data Security        6

7.1. Security Measures        6

7.2. Data Breach Response        6

8        Data Retention        7

8.1. Retention Periods        7

8.2. Secure Disposal        7

9        Compliance and Monitoring        7

9.1. Regular Audits        7

9.2. Employee Training        7

9.3. Review and Updates        7

10        Contact Information        7

1. Purpose

At Validus, we are committed to protecting the privacy of our users, customers, and stakeholders. This Privacy Policy outlines our practices for collecting, using, storing, and sharing personal data. Our goal is to ensure that personal information is handled responsibly and in compliance with the most stringent applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Scope

This policy applies to all personal data processed by Validus, including data collected from our websites, mobile applications, events, and any other services we provide. It covers all employees, contractors, and third-party vendors involved in the handling of personal data. The policy encompasses various types of data, including personal identification information, financial data, technical data, and usage data, across our operations in the United States, Canada, and the European Union (EU).

3. Key Principles

Transparency: We are open about how we collect, use, and share personal data, providing clear and accessible information to individuals.

Data Minimization: We collect only the data that is necessary for the purposes outlined in this policy, limiting the amount of data we process to what is essential.

Security: We implement the highest standards of technical and organizational measures to safeguard personal data against unauthorized access, loss, or destruction, in compliance with GDPR and other applicable regulations.

Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner. We ensure that data processing activities are communicated clearly and comply with legal requirements in all jurisdictions where we operate.

Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Accuracy: We ensure that personal data is accurate, up-to-date, and complete. Individuals have the right to correct or update their personal data as needed.

Storage Limitation: Personal data shall be retained only as long as necessary for the purposes for which it was collected, and in compliance with legal, regulatory, and contractual requirements, particularly those stipulated under GDPR and PIPEDA.

Integrity and Confidentiality: Personal data shall be processed in a manner that ensures its security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical and organizational measures.

Accountability: Validus will take responsibility for and demonstrate compliance with these principles, maintaining comprehensive records of data processing activities and ensuring all staff are trained in privacy practices.

4. Data Collection and Usage

1. Data Collection

• Types of Data Collected:

• Personal Identification Information: Name, email address, phone number, mailing address, etc.
• Financial Information: Payment details, billing address, transaction history.
• Technical Data: IP address, browser type, operating system, device type.
• Usage Data: Browsing history, interaction with the application, preferences, and settings.
• Location Data: Precise geographical location data, depending on device capabilities.

• Methods of Data Collection:

• Direct interactions (e.g., when individuals fill out forms or provide information at events)
• Automated technologies (e.g., cookies, web beacons)
• Third-party sources (e.g., partners, public databases)

2. Data Usage

• Purposes of Processing:

This section should detail the specific reasons why each type of data is collected:

• Personal Identification Information: For account creation, user authentication, and communication.
• Financial Information: For processing payments, managing subscriptions, and preventing fraud.
• Technical Data: For improving the application’s performance, troubleshooting issues, and enhancing security.
• Usage Data: For personalizing the user experience, providing recommendations, and analyzing user behavior to improve the service.
• Location Data: For enabling location-based features, such as networking with nearby members and participating in local events.

3. 4.3. Legal Basis for Processing

We will process personal data based on one or more of the following legal grounds:

• Consent: We obtain clear consent from individuals before processing personal data for specific purposes, such as marketing communications. For example, when a user subscribes to our newsletter, we process their email address based on their consent.
• Contractual Necessity: Processing is necessary to fulfill a contract or take steps linked to a contract. For instance, processing payment information to complete a purchase on our platform.
• Legal Obligation: We process data as required by law, such as adhering to tax legislation and compliance requirements.
• Legitimate Interests: We process data for our legitimate interests, such as improving our services, provided these interests do not override the individual's rights. An example includes analyzing user behavior on our website to improve user experience.

5. Data Sharing and Disclosure

5.1. Internal Sharing: Personal data may be shared internally within Validus, with employees and contractors who need access to perform their roles.

5.2. External Sharing: Validus does not sell or rent your personal information to third parties. We value your privacy and are committed to protecting your personal data from being shared without your explicit consent. Personal data may be shared with third-party service providers who process data on our behalf, such as payment processors, IT service providers, and marketing agencies. All third parties must comply with our data protection standards, which align with GDPR, PIPEDA, and CCPA requirements. Personal data may be disclosed to comply with legal obligations, court orders, or government requests. In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the business transaction, subject to adequate safeguards.

4. International Data Transfers

Validus operates globally, and personal data may be transferred to, and processed in, countries outside of the United States, Canada, or the European Union (EU). When transferring personal data internationally, particularly from the EU/EEA:

• Adequate Protection: We ensure that the receiving country offers an adequate level of protection, as recognized by the European Commission.
• Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, we use SCCs approved by the European Commission to protect personal data.
• Explicit Consent: Where necessary, we obtain explicit consent from data subjects for international transfers, particularly when transferring data to jurisdictions with different legal standards.

By using our services and providing us with your personal data, you consent to the transfer of your data to countries outside of your country of residence, including the United States and other countries where we operate. We take all necessary measures to protect your data in accordance with this Privacy Policy and applicable law.

6. Data Subject Rights

6.1. Right to Access: Individuals have the right to request access to their personal data and obtain information about how it is processed.

6.2. Right to Rectification: Individuals have the right to request correction of inaccurate or incomplete personal data.

6.3. Right to Erasure: Individuals have the right to request the deletion of their personal data, subject to certain conditions outlined by GDPR and PIPEDA.

6.4. Right to Restrict Processing: Individuals have the right to request the restriction of processing of their personal data under certain circumstances.

6.5. Right to Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transfer it to another controller.

6.6. Right to Object: Individuals have the right to object to the processing of their personal data, particularly where processing is based on legitimate interests or for direct marketing purposes.

6.7. Right to Withdraw Consent: Where processing is based on consent, individuals have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

7. Data Security

7.1. Security Measures: We implement appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. This includes encryption, access controls, and regular security assessments, aligned with GDPR, PIPEDA, and CCPA standards.

7.2. Data Breach Response: In the event of a data breach, we will promptly assess the impact and take appropriate action, including notifying affected individuals and regulatory authorities where required by law, in accordance with GDPR, PIPEDA, and CCPA requirements.

8. Data Retention

8.1. Retention Periods: Personal data will be retained only as long as necessary for the purposes for which it was collected, or as required by law, particularly in compliance with GDPR and PIPEDA.

8.2. Secure Disposal: When personal data is no longer needed, it will be securely deleted or anonymized to prevent unauthorized access, in line with best practices and legal requirements.

9. Compliance and Monitoring

9.1. Regular Audits: We will conduct regular audits of our data processing activities to ensure compliance with this Privacy Policy and applicable laws, including GDPR, PIPEDA, and CCPA.

9.2. Employee Training: All employees and contractors involved in the processing of personal data will receive regular training on data protection practices and privacy regulations, emphasizing the highest standards required by GDPR.

9.3. Review and Updates: This Privacy Policy will be reviewed and updated as necessary to reflect changes in our practices, legal requirements, and industry standards, particularly those mandated by GDPR, PIPEDA, and CCPA.

10. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Compliance Officer
Validus
support@validus.nexus