Last Updated: Monday November 1, 2012
Validas Values Your Privacy
VALIDAS recognizes the importance of protecting the privacy of all information provided by visitors and users of our web site, subscribers to our newsletters, registrants for our events, recipients of our e-mail newsletters and all other customers of our products and services. We created this policy with a sincere respect for our customers’ right to privacy and to guide our relationships with our customers. This Privacy Statement discloses the privacy practices for all products and services owned by Validas.
Frequently Asked Questions
- How have you instituted audit trails to know who is accessing data within your organization?
Logging is enabled on the all servers to provide a trail of who accesses the server and what was done while the user accessed the server.
- How will you know who is accessing data outside of your organization?
All logins to all servers and our databases are logged. All database transactions are also logged within the database. Validas support personnel as well as support technicians at Amazon, Validas’ server host provider, have access to the server(s) that host the Validas Database. Amazon representatives do not have access to the actual Validas database located on the server and only have access to the server OS for maintenance and support purposes.
- What is your password methodology and how will you ensure and verify your customers if their password is lost?
Passwords must be at least 6 characters in length. All passwords are stored in an encrypted manner and any request for a password retrieval will be sent to the email address that the user signed up with.
- Will you use multi-factor authentication, user name, password, answering questions?
We only use username and password for authentication.
- What security mechanisms will cover transmission within and outside your organization to third parties? And the data at rest on your server and the servers of your partners?
Firewalls are in place at multiple levels within our solution and are utilized to secure external traffic from reaching servers that host user data. We utilize an SSL certificate from Verisign that requires a minimum of 128 bit encryption between our servers and any external servers to secure the transmission of data to/from third parties.
- How will access to sensitive data be revoked if employees change jobs?
If a user that has access to any server in our solution changes jobs, the users login to any of our servers will all be removed the same day the employee leaves Validas. All other accounts that remain and have access to any of our servers and our databases will be required to change their passwords that same day to ensure no other logins are compromised.
- What restrictions are in place to control the merging of the sensitive data with unprotected data?
We consider all our data sensitive and take every precaution to avoid displaying that data unless it is the user that requests their data. We currently do not have a process in place to control the merging of data other than what requirements the user has to view the data and what we are willing to store/display to the user. We use industry standard HTTPS protection for all web pages that contain or transmit potentially sensitive data.
- What mechanism is in place that allows customers to access their information in order to verify that the data is accurate?
We provide a user portal area that allows a user to validate and change some of their personal information. We do not provide a way to edit any data that we obtain from a users wireless phone bill.
- How will the information from your customers be received? How will it be protected in transit?
The data will be protected using an SSL certificate from Verisign, http://www.verisign.com/ for secure communication between the client’s computer and Validas’ servers.
- Will it be encrypted?
Yes, the entire upload transaction will be encrypted with a minumum of 128 bit encryption with a standard of 256 bit encryption.
- How will it be protected when it is on your website?
The user’s bill is saved to a secure folder within a server at our hosting providers data center. Only the computer account that runs the website, and certain employees that need to have access to the information have access to the folder that stores the bills. All other users are denied access to this folder.
- What collected customer information will be moving intra-departmentally or intra-personally or through to outsourced organizations?
Validas will not be moving personally identifiable information outside of Validas. Certain employees and groups within Validas have access to all data obtained by Validas and utilize this data to create business intelligence reports for use within Validas and outside of Validas. When information is shared outside of Validas all personally identifiable information is removed.
- Who in your organization will have access to the sensitive information?
Only certain employees that need to have access to the information will have access to the customer information that Validas collects. These employees include but are not limited to C-level executives and members of the Validas engineering team.
- Will there be audit trails of accesses to a customer’s wireless billing statement and other data?
Yes. Audit trails of access to a customer’s wireless bill will be a stored in a database and indicate who accessed the bill and on what date and time.
- Exactly what information will be moving from Validas to third parties? (Merchant accounts?)
Validas from time to time will create business intelligence reports that incorporate data that is collected via analyzing our users wireless bills. However, any information that is shared outside of Validas has all personally identifiable information removed before it is shared.
- What information will Validas be receiving from third parties?
Validas will be receiving carrier plan information, credit card processing results and the user’s wireless bill.
Who Will Be Collecting Information?
- Under what circumstances will you be collecting information?
We collect information when a user uploads their bill, when we retrieve a users bill from their wireless carrier on the users behalf, when signing up for our service, when paying for our service, when a user opts to provide additional feedback about our website/services we provide, and when a user opts to provide their email address for notifications. We also collect information to provide users specific marketing according to data retrieved from your bill. We also collect industry standard web usage information including, but not limited to, IP addresses, user-agents, geo-locations, and browser cookie information.
- Exactly what information do you need to execute your service?
We collect information from the user’s bill to validate the user’s bill and provide recommendations for potential savings. We also require a user’s username and password to their wireless carrier so that we can retrieve a user’s wireless bill for the user.
- Will you be collecting information that you don’t need to perform the services?
The information we collect that we do not need to perform our services include customer feedback, customer posted stories/blogs entries, and wireless bills of carriers that we don’t service yet (opt in).
- How is each class of data going to be used?
All data collected will be utilized by Validas in a manner that Validas deems necessary. Validas will never disclose personally identifiable information when using the data unless specifically approved by a user.
- Will you be deleting the billing statement after the bill is uploaded?
No. By uploading your bill or providing your wireless carriers username and password, you give Validas the right to use your bill for maintaining and enhancing any current or future Validas products.
- What organizations will you share or transfer customer information, i.e. Merchant accounts, credit card processors?
We will be sharing customer credit card information and the customers billing address with PayPal.
- How will you accept payment?
We will accept payment via Visa, MasterCard, Discover, AMEX and PayPal.
- Who will be your merchant account processor? How will they be compliant with FCT standards, etc.?
- What choices are available to your customers regarding the control of collection, use and distribution of their personal information?
We do not allow the user any control. The user must opt-in for our service and by doing so they consent to the collection of any data we need to provide our service.
- How will you guarantee that the information that your customers provide to you for the purpose of credit card transactions for your service or the Validas billing statement only be used for the purpose for which it was collected?
Validas will never share a client’s credit card information or use it in a manner that is outside of charging the user for the purpose of utilizing services provided by Validas.
- Will you guarantee that customer information will be protected if another company purchases Validas?
Validas cannot guarantee that customer information will be protected if Validas is purchased by another company due to the purchasing companies potential policies that may be in place at the time of purchase of Validas. That being said Validas will follow this entire policy while Validas owns itself.
Expanded Privacy Policies
Collection and Use of Your Information
VALIDAS collects information from our website users, subscribers and other customers. In this section of our Privacy Statement, we describe the type of information we collect and how we use it to provide better services to our customers.
Registration and Ordering
When signing up for services you will be asked to register. During registration, you will be required to give contact information (such as name, e-mail address, mailing address and phone number). For internal purposes, we use this information to communicate with you and provide requested services, and, for our website visitors, to provide a more personalized experience on our sites. We use such information to improve our services to you.
For our services that require payment (products and subscriptions), we also collect credit card information (such as account name, number, address, expiration date and the code on the back of your credit card), which is used for our or our agent’s billing purposes only, and is not ever otherwise shared except for processing with our bank.
We currently do not have a referral program.
If users wish to subscribe to our e-mail newsletters, we ask for contact information (such as name, e-mail address) We use this information in the same manner as we use contact information in the registration and ordering process described above. Recipients of our newsletters can unsubscribe using the instructions listed at the end of the e-mail newsletter or by emailing us at email@example.com
From time to time we invite web site users and other customers to provide information via surveys or contests. Participation in these surveys or contests is completely voluntary and the website user or other customer therefore has a choice whether to disclose requested contact information (such as name and mailing address).
In addition to the other uses set forth in this policy, contact information collected in connection with surveys and contests is used to notify the winners and award prizes and to monitor or improve the use of, and satisfaction with our website or products or service. Subject to your preferences (as described in the “Permission” section below), such information may be shared with third party sponsors of such surveys or contests.
At some of our sites, we offer interactive and community features such as discussion boards. Please note that all personal information sent or posted via such features becomes public information. We are not responsible for what is posted however we reserve the right to delete any offensive, hurtful, or objectionable postings when we are made aware of such discussions.
Communications with Us
We have features where our customers can submit information to us (such as our feedback forms). Where such submissions include requests for service, support or information, we may forward them to our agents, as needed, to best respond to the specific request. In addition, we may retain e-mails and other information sent to us for our internal administrative purposes to help us to serve you and other better. Please note that letters to the editor and blogging may be made public.
Communications from Us: Service Updates, Special Offers
In order to best serve you, our customer, we may send updates that contain important information about our products and services. For example, we send new members a welcoming message, and verify password and username for our password-protected portions of our web site. We may also communicate with a customer to provide requested services and for account-related issues via e-mail, phone or regular mail. In addition to such service and product-essential messages, we offer our customers the option to receive information about our company, related products, services and special deals. Users, however, can choose not to receive these communications from us, as set forth in the “Permission” section below.
Automatic Data Collection Clarification
Our web site, from time to time has features that automatically collect information from customers, to deliver content specific to customers’ interests and to honor their preferences. This information assists us in creating products and services that will serve the needs of our customers.
We also use an email delivery and marketing company to send emails (including newsletters) for which you have registered (or otherwise agreed to receive). Cookies may be used in such email messages to help us measure the effectiveness of our advertising and how customers use our web sites and other products and services.
For our internal purposes only, we gather date, time, browser type, navigation history and IP address of all visitors to our web sites. We use this information for our internal security audit log, trend analysis and system administration, and to gather broad information about our user base.
We may combine information supplied by a customer at registration with web site usage data to learn more about users and their preferences in the content of the site. We may use this information to tailor services to your interests or to contact you.
With Whom Your Information is Shared
Other than with respect to our partners, and others who help us provide services (those who have a need to know such as (credit card processors) we do not share your information without your permission except if required by law. All sharing other than required by law or a court order is subject to the customer’s preferences (as described in the “Permission” section below).
Other than as set forth above, we share personally identifiable information with other companies; in providing our product(s)/service(s), and which agree to use it only for that purpose and to keep the information secure and confidential.
If our company is merged or sold or if entities purchase our assets, products, sites or operations, they will have to use personal information. They will be subject to our privacy policies by agreement. If they choose to change the policies, they will need to provide notice to you in their own Privacy Policies. We will disclose information we maintain when required to do so by law, for example, in response to a court order or a subpoena or other legal obligation, in response to a law enforcement agency’s request, or in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our company or the rights or property of our valued customers.
You should also be aware that courts of equity, such as U.S. Bankruptcy Courts, might have the authority under certain circumstances to permit personal information to be shared or transferred to third parties without permission. We may share aggregate information, which is not personally identifiable, with others.
Correcting/Updating Personal Information
If information which you have submitted to us changes, or if you no longer desire our product(s)/service(s), we provide a way to correct or update your personal data: you may either contact Customer Support for the applicable product or service or, to change your preferences, complete the “Feedback” page as described in the “Permission” section below. If you find it easier, you may also send us an email at firstname.lastname@example.org
For those customers that are California residents, you may have additional rights, as described in the “Your California Privacy Rights” section below.
Please note that we will endeavor to implement your permission requests within a reasonable time, although for a time you may continue to receive mailings, etc., transmitted based on information released prior to the implementation of your request. In addition, please note that even after such request is implemented, you will continue to receive information directly related to the product or service for which you registered (or which you otherwise agreed to receive), so you always are kept informed.
Your California Privacy Rights
California Civil Code Section 1798.83 permits those customers that are California residents to request that Validas not share your personal information with third parties for their direct marketing use.
To make such a request, write us at:
9119 Hwy 6 South
Suite 230 Box 130
Missouri City, Texas 77459
We use reasonable precautions to protect information about our customers while it is stored on our servers or in transit to our vendors processing on our behalf. Sensitive information that is transmitted to us online (such as credit card number) is encrypted and is transmitted to us securely. In addition, access to all of our customers’ information, not just the sensitive information mentioned above, is restricted. Only employees who need the information to perform a specific job (for example, a billing clerk or a customer service representative) are granted access to personally identifiable information. Finally, the servers on which we store personally identifiable information are kept in a secure environment.
Our web sites contain links to other sites. Validas is not responsible for the privacy practices or content of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each web site to which we may link that may collect personally identifiable information.
Validas website is not directed at individuals less than thirteen years of age, and we do not intend to collect any personally-identifiable information from such individuals.
Notification and Changes