Privacy Policy

Introduction

Validium respects your privacy and is committed to protecting your personal data. This privacy policy will; inform you about how we use and look after your personal data when you visit our website and when we provide our services to you regardless of where you visit from and tell you about your privacy rights and how the law protects you.

Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.

This website is not intended for children under 16 and we do not knowingly collect data relating to children under 16.

It is important that you read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.

HealthHero

Validium is now a part of HealthHero (https://www.HealthHero.com) meaning there have been some changes to our website and the way we operate as a company.

What does this mean for your data?

For any personal data collected from our service users, Validium remains data controller and this data is not shared with HealthHero or any other entity under HealthHero. Please see the information below for how Validium processes and stores this data. For our vClub platform and our affiliate portal Validium are the sole data controller.

This website now is owned and managed by HealthHero including any data collected through submission to this website, as well as cookies. Please see the full privacy policy here for further information: https://www.HealthHero.com/privacy-notice/. Our cookie policy is linked in the footer of this website.

If you choose to provide information to any of the options on our contacts page, these are also managed by HealthHero. Data collected when sending messages to these addresses will be processed in line with HealthHero’s privacy policy linked above. Please see “Visitors to the website” section for further details.

We routinely share personal information with other companies within the HealthHero Group we use to deliver our services to you.

Data Controller

 Validium is the Data Controller and responsible for your personal data (collectively referred to as “Validium Group Limited”, ”Validium”, “we”, “us” or “our” in this privacy policy). This Privacy Policy applies to any Personal Data provided to or gathered by Validium.

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights (including an opt-out mentioned in this privacy notice), please contact the DPO using the details set out below.

Contact details:

Data Protection Officer
[email protected]
+44 (0)1494 685238

You have the right to make a complaint at any time to the competent supervisory authority for data protection issues. In the UK, this is the Information Commissioner’s Office (ICO). Contact details can be found at www.ico.org .

At Validium we would, however, appreciate the chance to understand and address your concerns before you approach the competent supervisory authority so, please contact our Data Protection Officer in the first instance.

Changes to the privacy policy and your duty to inform us of changes

This version was last updated on 17th June 2021 and previous versions can be obtained by contacting us.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

The Data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified, such as name, address, health data, or an online identifier. It does not include data where the identity has been removed, i.e. aggregated or anonymous data).

For service users, customers and users of our products and services, we may collect, use, store and transfer different kinds of personal data about you.

Definitions:

  • A customer is the legal entity (e.g. the company that employs you) we have a contract with;
  • A service user includes the employee, partner of an employee or family member of an employee belonging to the customer we contract with;
  • An affiliate is a contractor (counsellor) who delivers our counselling and support services on our behalf;
  • Third party professional services are a third party that we share your data within order to deliver critical services to you e.g. GPs and other medical professionals or legal advisors;
  • Third party processors are third party service providers who undertake data processing activities on our behalf e.g. IT support services.

What are your rights connected to your Personal Data?

You have a number of rights under UK data protection law. (See below under ‘What are your rights connected to your Personal Data?’)

What Personal Data do we collect and how long do we keep it?

The Personal Data we collect is limited to what is required in order to provide you with the appropriate support. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Service users – We will open a case when you or your employer contacts us and all Personal Data will be stored within this case on our case management system.  Where you have had no contact with Validium for 3 years (excludes Psychological Services), any Personal Data you shared with us preceding this time will no longer be held in an identifiable form.  This means that the data is no longer your Personal Data as it will be anonymised in such a way that all the personal elements will be permanently and irrevocably deleted.  Validium also has a legitimate interest to audio record personal data you provide to us during telephone calls. You will be informed if your conversation is going to be recorded at the time of your call. We may refer to the recording to clarify the details of our conversation and for internal training purposes.  Personal data we store in audio format is deleted 40 days after the telephone call.

What is the legal basis for collecting Personal Information?

See specific service details below for our relevant services.

24 Hour Helpline & Support Service

Who do we get your Personal Data from?

We collect your Personal Data directly from you.

Where this service is being provided for you by your employer, we may occasionally collect data from someone related to you in a work context such as a manager or occupational health advisor.   Where we collect your Personal Data from someone else, this is with your consent and is limited to your contact details and your reason for using the service.

What is the legal basis for collecting Personal Information?

As this is a service where you would expect to be provided with support for any issues you are experiencing when you voluntarily engage with us, all Personal Data is processed under a legal basis called ‘Legitimate Interest’.  This means it is within Validium’s legitimate business interests and within your personal interests for Validium to process your Personal Data in order to provide you with the support you require. In some cases, special category data such as health data is recorded in order to offer you appropriate support which is processed under Article 9 (h), health or social care. In some cases, where you require immediate support for a high risk situation, Validium will process your data under ‘vital interests’. To allow Validium to provide the support you need, you may share sensitive Personal Data with us.  Under UK data protection law this Personal Data is called ‘Special Categories of Personal Data’. Validium staff will process special categories of personal data to support your health and wellbeing.

Who receives the Personal Data?

At Validium, your Personal Data is only accessible by Validium staff who require access to it to provide you with the service. In order to provide you with the service we may also pass limited Personal Data including your contact details to a Validium vetted counsellor local to you and other vetted suppliers we use to provide the information elements of the service. We can give you more information about the name of the counsellor or the names of the suppliers when you engage with the service.  In rare circumstances when you have indicated to us, or Validium has assessed, you may be at risk of harm we may need to pass some limited Personal Data to agencies that can provide you with the necessary support. Validium uses a UK based supplier to securely store audio recordings of calls that may contain your personal data.  This supplier’s activity is limited only to storing data and they strictly have no access to your personal data. For more information on data security, please see the section ‘How secure is my information?’

What are your rights connected to your Personal Data?

You have a number of rights under UK data protection law. (See below under ‘What are your rights connected to your Personal Data?’)

Online portal – vClub

Who do we get your Personal Data from?

We collect your Personal Data directly from you.

What Personal Data do we collect and how long do we keep it?

We collect your name, email address, username/password credentials and an answer to an authenticating question that only you will know.  This Personal Data will be held for the period of time that the organisation providing this service for you is Validium’s customer.

If you have used eCounselling your data will be retained for 3 years from the time of either your last eCounselling session or any other contact with us, whichever is the latest.  Where you have had no contact with Validium for 3 years, any Personal Data you shared with us preceding this time will no longer be held in an identifiable form.  This means that the data is no longer your Personal Data as it will be anonymised in such a way that all the personal elements will be permanently and irrevocably deleted.

What is the legal basis for collecting Personal Information?

The purpose of vClub is to provide you with helpful support resources to assist you in any personal or work matters and for this reason Validium has assessed that the Personal Data are processed under the legal basis of ‘Legitimate Interests’ which means it is within Validium’s legitimate business interests and within your personal interests for Validium to process your Personal Data in order to provide you with this resource.

eCounselling – If you engage in eCounselling, you may share sensitive Personal Data with Validium.  Under UK data protection law this Personal Data is called ‘Special Categories of Personal Data’ . Validium will process special categories of personal data under the condition of provision of health care.

Service Users Newsletter – If you choose to subscribe to the monthly newsletter within vClub then your personal data will be processed under the legal basis of ‘consent’.

Who receives the Personal Data?

The Personal Data required to set up a vClub account is not passed to anyone and is simply stored securely on our database. If you engage in eCounselling, then you may want to share Personal Data including Special Categories of Personal Data with a Validium eCounsellor.  This data is only accessible by Validium’s clinical staff and is not further shared.

Service Users Newsletter – If you have opted to subscribe to the monthly newsletter, your Personal Data will be stored by an organisation called ‘MyEmma’ who provide email marketing services.   MyEmma is a third-party data processor.  MyEmma’s privacy statement can be found at: https://myemma.com/legal/privacy-statement

What are your rights connected to your Personal Data?

You have a number of rights under UK data protection law. (See below under ‘What are your rights connected to your Personal Data?’)

Service Users Newsletter – If you sign up for the newsletter, you can withdraw this consent by clicking the unsubscribe link and you have the right to erase your personal data that Validium has been using to send you the newsletters.

Network Affiliate

Who do we get your Personal Data from?

We collect your Personal Data directly from you or publicly available information e.g. public professional registers.

What will we do with the Personal Data you provide to us?

All of the Personal Data you provide during the application process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability to be included on the network.

For any individuals whose application has been successful and are invited to join Validium’s affiliate network, Personal Data will be used to engage in a commercial relationship with you and to monitor that all necessary requirements are being fulfilled for your continuation of inclusion on our network.

What Personal Data do we collect and how long do we keep it?

Application process: We do not collect more Personal Data than we need to fulfil the purposes of your application and will not retain it for longer than one year for applicants who are notified as being unsuccessful or stored for as long as a commercial relationship exists between you and Validium, for successful applicants. In your application, we ask you for your personal details including name and contact details. We will also ask you about your previous experience, qualifications and other questions relevant to meeting the criteria of being eligible for inclusion on the network.  You don’t have to provide what we ask for, but it might affect your application if you don’t.

If the initial stage is successful, we will collect further personal information such as insurance details, contact details, practice address, certifications etc. in order to verify your credentials and fulfil your role as an affiliate. A copy of identification and any work permits required will also be collected for verification of identity and right to work in your country – these will be erased after the checking process and will not be kept on file.

Who receives the Personal Data?

The Personal Data is reviewed and assessed by Validium’s clinical team. For successful applicants, Personal Data will continue to be accessible by the clinical team to be appropriately used to make referrals to you and will be held on Validium’s affiliate portal.  Personal Data will also be used by the Validium accounts team to process payments.

What is the legal basis for collecting Personal Information?

Validium is processing personal data in order to ascertain your suitability to be a member of Validium’s network of affiliate counsellors and for those who are successful, to maintain a commercial relationship with you.  Therefore, processing is necessary in order to take steps prior to entering into a contract (applicants) or the processing is necessary for the performance of a contract (successful applicants). In both these cases the legal basis for processing your Personal Data is commonly known as the ‘contract’ basis.

What are your rights connected to your Personal Data?

You have a number of rights under UK data protection law. (See below under ‘What are your rights connected to your Personal Data?’)

What if you don’t want to be on Validium’s affiliate network?

Where you have made your professional contact details available on a public professional register, Validium may contact you to see if you would like to apply to be on our affiliate network.  If you state you do not wish to be on our network, we will hold a suppressed data set limited to your contact details in order that we do not attempt to contact you again in the future.  These Personal Data will only be available to clinical staff and will be held for as long as is necessary to fulfil the purpose of not attempting any further contact with you.  Your details will be stored under the ‘Legitimate Interests’ basis of UK data protection law.

If you have completed clinical work with Validium and wish to be removed from the network, your personal data will be retained for 3 years in line with our service user data retention period (5 years in the case of psych services). Once the retention period is reached your data will be limited to your contact details and kept as necessary to fulfil the purpose of not attempting further contact with you.

What if Validium wish to remove you from the network?

Under certain circumstances Validium may no longer wish to work with an affiliate. In this case your Data will be held for 3 years in line with our service user data retention period (5 years in the case of psych services). Once the retention period is reached your data will be limited to your contact details and kept as necessary to fulfil the purpose of not attempting further contact with you. Your details will be stored under the ‘Legitimate Interests’ basis of UK data protection law.

Psychological Services

Who do we get your Personal Data from?

We collect your personal data from someone related to you in a work context such as a manager or occupational health advisor (commonly known as a ‘referring manager’).  This person will have referred you into the service. Occasionally, we collect further personal data directly from you and may ask you for your consent to receive your medical records.

If you are the referring manager, we collect your personal data directly from you.

What Personal Data do we collect and how long do we keep it?

The personal data passed to us by your referring manager consists of your name, contact details, work details, date of birth, gender, GP details and health information.

If you are the referring manager, we collect your name, contact details and job role description.

Validium retains the above personal data for 5 years in line with relevant Psychological Services industry best practices.

What is the legal basis for collecting Personal Information?

Psychological Services is one of Validium’s core business services to provide you with a psychological assessment and further support, if authorised by your employer.  As there would be an expectation by your employer, referring manager and you to benefit from engaging with the service, all personal data are processed under a legal basis called ‘Legitimate Interests’.  This means it is within Validium’s legitimate business interests, within your employer’s and referring manager’s interests and within your personal interests for Validium to process your personal data in order to provide you with the service.  In some cases, to allow Validium to provide the support you need, you may share sensitive Personal Data with us, or it may have been provided to us by your referring manager. In some cases, special category data such as health data is recorded in order to offer you appropriate support which is processed under Article 9 (h), health or social care.

If you are the referring manager, legitimate interests apply for processing your personal data.

Who receives the Personal Data?

At Validium, your Personal Data is only accessible by Validium staff who require access to it to provide you with the service. In order to provide Psychological Services, we may also pass personal data consisting of your name, telephone number, work details, GP details and health data to a Validium vetted professional psychologist.  We can give you more information about the psychologist when you are engaged with the service.

What are your rights connected to your Personal Data?

You have a number of rights under UK data protection law. (See below under ‘What are your rights connected to your Personal Data?’)

Critical Incident Service

Who do we get your Personal Data from?

If you have notified Validium directly of a critical incident, we collect personal data directly from you.  If you are an onsite contact, we collect your personal data from the person who notified Validium of the critical incident. If you have attended a Validium critical incident session and you would like further support, we may collect personal data from you.

What Personal Data do we collect and how long do we keep it?

If you have notified Validium of a critical incident or you are the onsite contact on the day that Validium’s Critical Incident services are delivered, we will collect your name and contact details.

If you have indicated that you would like further support following an onsite Validium Critical Incident session, we may collect, with your consent, your name, contact details, work details and a brief description of the issue you require support for.

Personal Data will be held for no longer than is required for the purpose of delivering a Critical Incident Service. However, if you would like further support following the session and are referred into another Validium service your personal data will be held for the duration as indicated in the relevant section of this privacy policy.

What is the legal basis for collecting Personal Information?

The Critical Incident service is one of Validium’s core business services and as you will be expecting  to be provided with the service should you either approach us or be involved in a critical incident,  Validium has assessed that your Personal Data are processed under the legal basis of ‘Legitimate Interests’  This means it is within Validium’s legitimate business interests and within your personal interests for Validium to process your Personal Data in order to provide you with this service. In some cases, special category data such as health data is recorded in order to offer you appropriate support which is processed under Article 9 (h), health or social care.

Who receives the Personal Data?

At Validium, your Personal Data is accessible by Validium staff who require access to it to provide you with the service. In order to provide you with Critical Incident services we may also pass your contact details to a Validium vetted critical incident consultant.

If you have attended a Validium critical incident session and you would like further support, we pass your personal data to your employer.

What are your rights connected to your Personal Data?

You have a number of rights under UK data protection law. (See below under ‘What are your rights connected to your Personal Data?’)

Training

Who do we get your Personal Data from?

Validium collects your personal data from someone related to you in a work context such as a manager.  This will be the person who has arranged the training.

What Personal Data do we collect and how long do we keep it?

We collect your name.  This data will be held for the duration of the training. From time to time, training may take place via a third-party online learning management platform in which case you will be informed of any further personal data required to facilitate this.

What is the legal basis for collecting Personal Information?

Training is one of Validium’s core business services and we need to hold the names of training attendees in order to provide the service. As there would be an expectation by your employer and you to know your name prior to the delivery of the training, your name is processed under a legal basis called ‘Legitimate Interests’.  This means it is within Validium’s legitimate business interests, within your employer’s interests and within your personal interests for Validium to hold your name in order to provide you with the service. In some cases, special category data such as health data is recorded in order to offer you appropriate support which is processed under Article 9 (h), health or social care.

Who receives the Personal Data?

At Validium, your Personal Data is only accessible by Validium staff who require access to it to provide you with the service. In order to provide Training Services, we may pass your name to a Validium vetted professional trainer. We may use a third-party online learning management platform to deliver part, or all, of your training in which case we will inform you at that time which organisation is providing this platform.

What are your rights connected to your Personal Data?

You have a number of rights under UK data protection law. (See below under ‘What are your rights connected to your Personal Data?’)

Coaching

Who do we get your Personal Data from?

We collect your personal data from someone related to you in a work context such as a manager (commonly known as a ‘referring manager’).  This person will have referred you into the service. Occasionally, we collect further personal data directly from you.

If you are the referring manager, we collect your personal data directly from you.

What Personal Data do we collect and how long do we keep it?

The personal data passed to us by your referring manager consists of your name and contact details

If you are the referring manager, we collect your name and contact details.

Validium retains the above personal data for 3 years.

What is the legal basis for collecting Personal Information?

Coaching is one of Validium’s business services which provides you with support, if authorised by your employer.  As there would be an expectation by your employer, referring manager and you to benefit from engaging with the service, all personal data are processed under a legal basis called ‘Legitimate Interests’.  This means it is within Validium’s legitimate business interests, within your employer’s and referring manager’s interests and within your personal interests for Validium to process your personal data in order to provide you with the service. In some cases, special category data such as health data is recorded in order to offer you appropriate support which is processed under Article 9 (h), health or social care.

If you are the referring manager, legitimate interests apply for processing your personal data.

Who receives the Personal Data?

At Validium, your Personal Data is only accessible by Validium staff who require access to it to provide you with the service. In order to provide coaching services, we may also pass personal data consisting of your name and contact details to a Validium vetted coach.

What are your rights connected to your Personal Data?

You have a number of rights under UK data protection law. (See below under ‘What are your rights connected to your Personal Data?’)

Visitors to the website

Who do we get your Personal Data from?

We collect your Personal Data directly from you.

What Personal Data do we collect and how long do we keep it?

We collect your name, email address and phone number if you choose to complete the form on the contact page, along with any other information provided in your message. This website is managed by HealthHero and any information sent via the contacts page will be managed under HealthHero’s privacy policy. Please see: https://www.HealthHero.com/privacy-notice/

For personal data collected through the contact form, this data will be retained for the period of time of your enquiry and should a commercial relationship between Validium and your organisation subsequently arise, no longer than is necessary for the purposes of this commercial relationship.

What is the legal basis for collecting Personal Information?

If you would like to voluntarily leave your contact details using the contact form, your personal data is processed under a legal basis called ‘Legitimate Interests’.  This means it is within HealthHero legitimate business interests and within your personal interests for HealthHero to process your Personal Data in order to make contact with you.

Who receives the Personal Data?

Any data gathered via this website is processed by HealthHero including cookies. Please review the cookie policy linked in the footer of the website. We routinely share personal information with other companies within the HealthHero Group we use to deliver our services to you.

In certain circumstances we will share your contact information with Life & Progress where we feel they are better suited to support your business needs.

What are your rights connected to your Personal Data?

You have a number of rights under UK data protection law. (See below under ‘What are your rights connected to your Personal Data?’)

HR Recruitment

Who do we get your Personal Data from?

Primarily, we collect your Personal Data directly from you with the exception that, from time to time, we may receive your personal data from a third party, such as in the form of a reference.  If this is the case, we will let you know the categories of personal data that are passed to us and the source of this personal data.

What will we do with the Personal Data you provide to us?

All of the Personal Data you provide during the application process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area.  The information you provide will be held securely by us.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

For any individuals whose application has been successful, personal data will be used to meet legal and contractual requirements of your employment.

What Personal Data do we collect and how long do we keep it?

You may send us a CV and we may send you an application form. We collect and process your personal details including name and contact details. We will also process your previous experience, qualifications and answers to other questions through a screening process to determine your candidacy for the job role.  You don’t have to provide information that we ask for, but it might affect your application if you don’t.

Further personal data is collected from successful candidates who become employees of Validium such as bank details and next of kin details.  A copy of your passport, to help determine your right to work, is also required.  We may also ask for a copy of your driving licence if you have one.

We do not collect more Personal Data than we need to fulfil the purposes of your application and will not retain it for longer than:

  • 3 months for applicants who are not invited for interview
  • 1 year for unsuccessful interviewees

And for successful applicants:

  • Employment duration plus a further 6 years
  • 3 years for records relating to accidents at work
  • 40 years for the legally required summary of record of service.
  • 60 years for health surveillance and medical records

Who receives the Personal Data?

The Personal Data is reviewed and assessed by HR staff and is shared with the manager who is responsible for the job role being offered.  For successful candidates who become Validium employees, personal data is shared with third parties to meet payroll and other legal requirements, and staff benefits providers.  The Validium Recruitment team will share some of the candidate’s contact details with our Occupational Health Nurse who will review the medical questionnaires submitted directly to her.  DBS (Disclosure & Barring Service) and CCJ (County Court Judgment) checks are also carried out by a third party.

What is the legal basis for collecting Personal Information?

Validium is processing personal data in order to ascertain your suitability for employment.  Therefore, processing is necessary in order to take steps prior to entering into a contract (applicants) or the processing is necessary for the performance of a contract (successful applicants).  In both these cases the legal basis for processing your Personal Data is commonly known as the ‘contract’ basis.   In addition, for successful applicants who become Validium employees, some of your personal data will be processed because Validium has a legal obligation to process your personal data.  Where Validium processes ‘special categories of data’, this is done in order to carry out obligations and exercise specific rights in the field of employment.

What are your rights connected to your Personal Data?

You have a number of rights under UK data protection law. See below under ‘What are your rights connected to your Personal Data?’

Other data processing activities undertaken under the legal basis of ‘Legitimate Interests’

Where we consider use of your information as being (a) non-detrimental to you, (b) within your reasonable expectations, and (c) necessary for our own, or a third party’s legitimate purpose, we may use your personal data, which may include:

  • direct marketing or continued communication
  • business development
  • for purposes of continued communication with our customers and service users
  • for purposes of continued communication with our suppliers
  • for the purposes of communication with other interested parties
  • our own internal administrative purposes
  • sending service user satisfaction questionnaires and customer satisfaction questionnaires
  • ensuring network and information security, including preventing unauthorised access to electronic communications networks and stopping damage to computer and electronic communication systems
  • prevention of criminal activity and reporting possible criminal acts or threats to a competent authority

The data will be held for as long as necessary for the purpose for which it was collected. Personal data will only be passed to third parties where there is a legitimate interest to do so which means it has been assessed that this would not infringe on your rights and freedoms.

DATA SUBJECT REQUEST (DSR)

You have the right to request a copy of the personal data we hold about you, to have any inaccuracies corrected and to request erasure of your data. You can make such requests by completing our Data Subject Request Form found here and sending the competed form to [email protected] along with copies of identification. This form contains full instructions and details of the process Validium follows. Please note: while you are not obligated to use this form to make a Data Subject Request with Validium, we will still require all the information asked for within the form in order to clarify your request and verify your identity and complete the Data Subject Request process.

How secure is my information?

We design our systems with your security, privacy and confidentiality in mind.

  • We maintain physical, electronic and procedural safeguards in connection with the collection, storage, processing and disclosure of personal data. Our information security systems are regularly audited by an external organisation certified to carry out such audits to test the robustness of our security systems.  Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
  • Where Validium uses specialist suppliers to store personal data, the measures they have taken to keep data secure are continually assessed in line with an internationally recognised information security standard known as ISO27001.
  • When using Validium’s online services, it is important for you to protect against unauthorised access to your usernames and passwords and to your computers, devices, and applications. Be sure to log out when you finish using a shared computer.

What are your rights connected to your Personal Data?

  • Right to access – You have the right to access at any time the Personal Data that Validium is processing. See the Subject Request Form.
  • You can also request an electronic copy of your personal data free of charge.
  • Right to restrict processing – in certain circumstances, you can ask us to restrict our use of your personal data.
  • Right to rectification – you can ask us to correct inaccurate personal data we hold about you.
  • Right to erasure (right to be forgotten) – in certain circumstances, you can ask us to erase your personal data.
  • Right to data portability – you can ask us to provide you with a copy of your personal data in a commonly used electronic format so that you can transfer it to other businesses.
  • Right to object to automated decision-making – in certain circumstances, you can ask us not to make automated decisions about you based on your personal data that produce significant legal effects.
  • Right to lodge a complaint – If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the supervisory authority ICO, but we ask that you allow us to see if we can resolve the problem first

Questions or concerns

Please contact Validium’s Data Protection Officer:

[email protected]
+44 (0)1494 685238

Glossary

DATA SUBJECT

A living natural person, who has rights regarding their personal data and can be identified through personal identifiable information (PII).

DATA PROCESSING

The collection, storage, access, use, sharing, manipulation and deletion of personal data.

SUPERVISORY AUTHORITY

The national body that regulates the General Data Protection Regulations (GDPR) in an EU member state. In the UK, the Supervisory Authority is the Information Commissioner’s Office (ICO), details of which can be located at www.ico.org

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us (link)

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.