Validus

Validus

Privacy Policy

December 2025 · Version 1.1

At Validus, we are committed to protecting the privacy of our users, customers, and stakeholders. This Privacy Policy outlines our practices for collecting, using, storing, and sharing personal data. Our goal is to ensure that personal information is handled responsibly and in compliance with the most stringent applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Purpose

This Privacy Policy explains how and why Validus processes personal data and the safeguards we apply across our products, websites, mobile applications, events, and services. It is designed to ensure that personal information is handled responsibly and in full compliance with applicable data protection laws, including GDPR, CCPA, and PIPEDA.

2. Scope

This policy applies to all personal data processed by Validus, including data collected from our websites, mobile applications, events, and any other services we provide. It covers all employees, contractors, and third-party vendors involved in the handling of personal data. The policy encompasses various types of data, including personal identification information, financial data, technical data, and usage data, across our operations in the United States, Canada, and the European Union (EU).

3. Key Principles

  • Transparency: We are open about how we collect, use, and share personal data, providing clear and accessible information to individuals.
  • Data Minimization: We collect only the data that is necessary for the purposes outlined in this policy, limiting the amount of data we process to what is essential.
  • Security: We implement high standards of technical and organizational measures to safeguard personal data against unauthorized access, loss, or destruction, in compliance with GDPR and other applicable regulations.
  • Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner. We ensure that data processing activities are communicated clearly and comply with legal requirements in all jurisdictions where we operate.
  • Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Accuracy: We ensure that personal data is accurate, up to date, and complete. Individuals have the right to correct or update their personal data as needed.
  • Storage Limitation: Personal data shall be retained only as long as necessary for the purposes for which it was collected, and in compliance with legal, regulatory, and contractual requirements, particularly those stipulated under GDPR and PIPEDA.
  • Integrity and Confidentiality: Personal data shall be processed in a manner that ensures its security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical and organizational measures.
  • Accountability: Validus takes responsibility for and demonstrates compliance with these principles, maintaining comprehensive records of data processing activities and ensuring all staff are trained in privacy practices.

4. Data Collection and Usage

4.1. Data Collection

We may collect the following types of data:

  • Personal Identification Information: Name, email address, phone number, mailing address, and similar identifiers.
  • Financial Information: Payment details, billing address, transaction history.
  • Technical Data: IP address, browser type, operating system, device type.
  • Usage Data: Browsing history, interaction with the application, preferences, and settings.
  • Location Data: Precise geographical location data, depending on device capabilities and user preferences.

We collect data via:

  • Direct interactions (e.g., when individuals fill out forms, create accounts, or provide information at events).
  • Automated technologies (e.g., cookies, SDKs, web beacons, and similar tracking technologies).
  • Third-party sources (e.g., partners, public databases, and service providers).

4.2. Data Usage

We process personal data for specific, explicit purposes, including:

  • Personal Identification Information: For account creation, user authentication, communication, and provision of our services.
  • Financial Information: For processing payments, managing subscriptions, preventing fraud, and complying with financial regulations.
  • Technical Data: For improving application performance, troubleshooting issues, enhancing security, and ensuring service reliability.
  • Usage Data: For personalizing user experience, providing recommendations, and analyzing user behavior to improve our services.
  • Location Data: For enabling location-based features, such as networking with nearby members and participating in local events (where this feature is enabled).

We process personal data based on one or more of the following legal grounds:

  • Consent: We obtain clear consent from individuals before processing personal data for specific purposes, such as marketing communications. For example, when a user subscribes to our newsletter, we process their email address based on their consent.
  • Contractual Necessity: Processing is necessary to fulfill a contract or take steps linked to a contract. For instance, processing payment information to complete a purchase on our platform.
  • Legal Obligation: We process data as required by law, such as adhering to tax legislation and compliance requirements.
  • Legitimate Interests: We process data for our legitimate interests, such as improving our services, provided these interests do not override the individual's rights. An example includes analyzing user behavior on our website to improve the user experience.

5. Data Sharing and Disclosure

5.1. Internal Sharing

Personal data may be shared internally within Validus with employees and contractors who need access to perform their roles and deliver our services. Access is limited to individuals with a legitimate business need and subject to confidentiality obligations.

5.2. External Sharing

Validus does not sell or rent your personal information to third parties. We value your privacy and are committed to protecting your personal data from being shared without your explicit consent.

Personal data may be shared with third-party service providers who process data on our behalf, such as payment processors, IT service providers, analytics providers, and marketing agencies. All third parties must comply with our data protection standards, which align with GDPR, PIPEDA, and CCPA requirements.

Personal data may be disclosed to comply with legal obligations, court orders, or government requests. In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the business transaction, subject to adequate safeguards.

5.3. International Data Transfers

Validus operates globally, and personal data may be transferred to, and processed in, countries outside of the United States, Canada, or the European Union (EU). When transferring personal data internationally, particularly from the EU/EEA:

  • Adequate Protection: We ensure that the receiving country offers an adequate level of protection, as recognized by the European Commission.
  • Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, we use SCCs approved by the European Commission to protect personal data.
  • Explicit Consent: Where necessary, we obtain explicit consent from data subjects for international transfers, particularly when transferring data to jurisdictions with different legal standards.

By using our services and providing us with your personal data, you consent to the transfer of your data to countries outside of your country of residence, including the United States and other countries where we operate. We take all necessary measures to protect your data in accordance with this Privacy Policy and applicable law.

6. Data Subject Rights

6.1. Right to Access

Individuals have the right to request access to their personal data and obtain information about how it is processed.

6.2. Right to Rectification

Individuals have the right to request correction of inaccurate or incomplete personal data.

6.3. Right to Erasure

Individuals have the right to request the deletion of their personal data, subject to certain conditions outlined by GDPR and PIPEDA.

6.4. Right to Restrict Processing

Individuals have the right to request the restriction of processing of their personal data under certain circumstances.

6.5. Right to Data Portability

Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transfer it to another controller.

6.6. Right to Object

Individuals have the right to object to the processing of their personal data, particularly where processing is based on legitimate interests or for direct marketing purposes.

6.7. Right to Withdraw Consent

Where processing is based on consent, individuals have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

7. Data Security

7.1. Security Measures

We implement appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. This includes encryption, access controls, network security, logging and monitoring, and regular security assessments, aligned with GDPR, PIPEDA, and CCPA standards.

7.2. Data Breach Response

In the event of a data breach, we will promptly assess the impact and take appropriate action, including notifying affected individuals and regulatory authorities where required by law, in accordance with GDPR, PIPEDA, and CCPA requirements.

8. Data Retention

8.1. Retention Periods

Personal data will be retained only as long as necessary for the purposes for which it was collected, or as required by law, particularly in compliance with GDPR and PIPEDA. Retention periods may vary based on legal, regulatory, and contractual obligations.

8.2. Secure Disposal

When personal data is no longer needed, it will be securely deleted or anonymized to prevent unauthorized access, in line with best practices and legal requirements.

9. Compliance and Monitoring

9.1. Regular Audits

We conduct regular audits of our data processing activities to ensure compliance with this Privacy Policy and applicable laws, including GDPR, PIPEDA, and CCPA.

9.2. Employee Training

All employees and contractors involved in the processing of personal data receive regular training on data protection practices and privacy regulations, emphasizing the highest standards required by GDPR and related frameworks.

9.3. Review and Updates

This Privacy Policy is reviewed and updated as necessary to reflect changes in our practices, legal requirements, and industry standards, particularly those mandated by GDPR, PIPEDA, and CCPA.

10. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Compliance OfficerValidussupport@validus.nexus

Version 1.1 · December 2025. If this policy is updated, we will revise the date/version above and, where appropriate, provide additional notice.