Validated Cloud Privacy Policy

1. Introduction

Thank you for visiting Validated Cloud. Please note that we have updated our privacy practices to reflect changes required by the European General Data Protection Regulation 2016/6709 (“GDPR”). This includes more information about how we collect, use and share any personal information you may give to us. Please read our Terms of Service and this Privacy Policy here, as you must agree to both documents in order to have permission to continue on and use our web site.

2. Definitions

Throughout this Privacy Policy, we may use certain words or phrases, and it is important that you understand the meaning of them. The following is a non-exhaustive list of definitions of words and phrases found in this Privacy Policy:

“Site” refers to our website, www.validatedcloud.com;

“Validated Cloud” refers to our company, known as “Validated Cloud Inc,” “we,” “us,” or “our”; our Site; or a combination of all or some of the preceding definitions, depending on the context in which the word is used;

“Services” refer to Validated Cloud is an FDA, Eu EudraLex Annex 11, MHRA compliant cloud/hosting company that provides additional GxP services and support to its customers. Currently, we do not sell our services directly (without human involvement) on validatedcloud.com.

“User” refers to clients and visitors who use our web site or Services;

3. Information Collected

Identifying Information: We collect certain identifiable information from you when you visit our web site that can be used to possibly identify you. Our submission forms ask for identifiable information (e.g. your name, e-mail address, company, and any other information that we deem relevant for the purpose of responding to requests, which you provide to us voluntarily. The information we collect from you, to the extent that it is private, is disclosed only in accordance with our Data Privacy Frameworks Policy, Terms of Service and/or this Privacy Policy.

Non-Identifying Information: Whenever you visit our Site, we may collect non-identifying information from you, such as your IP address, referring URL, browser, operating system, cookie information, and Internet Service Provider.

4. Use of Your Information

We may use your information to:

• Enhance or improve the User experience, our Site, or our Services.

• Send e-mails to communicate with you about our Site or respond to your inquiries.

• Send e-mails and updates about Validated Cloud, including a potential future e-mail newsletter.

• Perform any other function that we believe in good faith is necessary to protect the security or proper functioning of our Site.

* If legally required to do so, or if we have a good faith belief that such disclosure is reasonably necessary, we may disclose your personal information to courts of law, law enforcement authorities and other relevant third parties, such as internet service providers, to conduct an investigation, respond to a third party or law enforcement subpoena or court order, bring legal action, prevent harm to others or pursue other relief when you or a third party are or may be:

• violating our terms and conditions of use;

• causing injury or other harm to, or otherwise violating the property or other legal rights, of us, other users, or third parties; or

• violating federal, state, local, or other applicable law.

This disclosure can include transferring your information to the U.S. and other countries outside the European Economic Area. To the extent we are legally permitted to do so, it is our policy to notify you in the event that we are required to provide your personal information to third parties in connection with a subpoena.

5. Your Rights

Where GDPR applies, in certain circumstances and subject to data processing agreements, you have rights in relation to the personal information we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by providing details only known to the account holder. To exercise any of your rights, please contact Validated Cloud Legal at legal@validatedcloud.com. Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.

Access

You have the right to know whether we process personal information about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.

Portability

You have the right to receive a subset of the personal information you provide us if we process it on the legal basis of our contract with you or with your consent in a structured, commonly used and machine-readable format and a right to request that we transfer such personal information to another party. If you wish for us to transfer the personal information to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal information or its processing once received by the third party.

Correction

You have the right to require us to correct any personal information held about you that is inaccurate and have incomplete data completed. Where you request correction, please explain in detail why you believe the personal information we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the personal information we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.

Erasure

You may request that we erase the personal information we hold about you in the following circumstances:

• where you believe it is no longer necessary for us to hold the personal information;

• we are processing it on the basis of your consent and you wish to withdraw your consent;

• we are processing your data on the basis of our legitimate interest and you object to such processing;

• you no longer wish us to use your data to send you marketing; or

• you believe we are unlawfully processing your data.

Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.

Restriction of Processing to Storage Only

You have a right to require us to stop processing the personal information we hold about you other than for storage purposes in the following circumstances:

• You believe the personal information is not accurate for the period it takes for us to verify whether the data is accurate;

• We wish to erase the personal information as the processing we are doing is unlawful but you want us to simply restrict the use of that data;

• We no longer need the personal information for the purposes of the processing but you require us to retain the data for the establishment, exercise or defense of legal claims; or

• You have objected to us processing personal information we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal information while we determine whether there is an overriding interest in us retaining such personal information.

Objection

You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.

You also have the right, at any time, to object to our processing of data about you in order to send you marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.

Withdrawal of Consent

Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by contacting Legal at legal@validatedcloud.com.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

6. Cookies

We use cookies to remember your preferences and track advertisements. For these reasons, it is necessary that you enable cookies in your browser, and you hereby acknowledge that we have informed you of our use of cookies and that you consent to our use of cookies in relation to your computer system.

7. Third Party Websites

Validated Cloud may post links to third party websites on its Site. These third-party websites are not screened for privacy or security issues by Validated Cloud, and you release us from any liability for the conduct of these third-party websites.

Please be aware that this Privacy Policy, and any other policies in place, in addition to any amendments, does not create rights enforceable by third parties or require disclosure of any personal information relating to Users of the Site. Validated Cloud bares no responsibility for the information collected or used by any advertiser or third-party website. Please review the privacy policy and terms of service for each site you visit through third party links.

8. Third Party Access to Your Information

Although you are entering into an agreement with Validated Cloud to disclose limited personal information by browsing the Site, or additional personal information by requesting contact to us, we do use third party individuals and organizations to assist us, including individual contractors, web hosts, and others.

It is therefore necessary that you grant the third parties we may use in the course of our business the same rights that you afford us under this Privacy Policy. For this reason, you hereby agree that for every authorization which you grant to us in this Privacy Policy, you also grant to any third party that we may hire, contract, or otherwise retain the services of for the purpose of operating, maintaining, repairing, or otherwise improving or preserving our website or its underlying files or systems.

Without limiting the generality of the foregoing, you authorize us to collect, share, store, and otherwise use your information in conjunction with Constant Contact and our Customer Relationship Management system.

9. Commercial and Non-Commercial Communications

By providing personal information to the Site that forms the basis of communication with you, such as contact information, you waive all rights to file complaints concerning unsolicited e-mails from Validated Cloud since, by providing such information, you agree to receive communications from us or anyone else covered under this Privacy Policy. However, you may unsubscribe from certain communications by notifying Validated Cloud that you no longer wish to receive solicitations or information and we will endeavor to remove you from the database.

10. Security Measures

We may take certain measures to enhance the security of our Site, including using SSL certificates. However, we make no representations as to the security or privacy of your information. It is in our interest to keep our website secure, but we recommend that you use anti-virus software, firewalls, and other precautions to protect yourself from security threats.

11. Your European Union Privacy Rights

Validated Cloud permits residents of the citizens of the European Union to use its Service. Therefore, it is the intent of Validated Cloud to comply EU General Data Protection Regulation (GDPR). As a resident of the European Union, you may request certain information regarding our disclosure of personal information to any third parties for their direct marketing purposes. By policy, we do not share privacy data with third parties. Various provisions throughout this Privacy Policy address requirements of the EU. In summary, you must presume that we collect electronic information from all visitors. You may contact us at legal@validatedcloud.com with any questions.

12. International Transfer

Your information may be transferred to—and maintained on—computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. For EU, UK, and Swiss citizens, please refer to our Data Privacy Framework policy.

Validated Cloud complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Validated Cloud has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Validated Cloud has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Validated Cloud is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the DPF Program, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF, should direct their query to legal@validatedcloud.com. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to legal@validatedcloud.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Validated Cloud’s accountability for personal data that it receives in the United States under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, Validated Cloud remains responsible and liable under the DPF Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the DPF Principles, unless Validated Cloud proves that it is not responsible for the event giving rise to the damage.

13. Privacy Complaints

In compliance with the Data Privacy Framework Principles, Validated Cloud commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact Validated Cloud by email at legal@validatedcloud.com

Validated Cloud has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction for more information on this process.

14. Amendments

We may amend this Privacy Policy from time to time. When we amend this Privacy Policy, we will update this page accordingly and require you to accept the amendments in order to be permitted to continue using our Site or Services.

Effective: April 2024