Privacy Policy

Last Updated: November 2025
Company: Validfor OÜ
Address: Harju maakond, Kesklinna linnaosa, Viru väljak 2, 3. korrus, Tallinn 10111, Estonia
Contact: info@validfor.com
Data Protection Officer: info@validfor.com

  1. Scope and Updates to This Privacy Policy
    This Privacy Policy explains how Validfor OÜ (“Validfor,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you use our software, platform, websites, or related services (collectively, the “Services”).
    Validfor acts as adata controllerfor personal information we collect directly from website visitors and business contacts, and as a data processor when processing information on behalf of our customers under a written agreement.
    This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.
    We may update this Privacy Policy periodically. The latest version will always be available at www.validfor.com/privacy. Continued use of our Services after an update constitutes acceptance of the revised Policy.
  2. Personal Information We Collect
    We collect and process the following categories of personal information, depending on your interaction with us:
  • Identifiers and Contact Information:Name, business email address, company name, job title, and professional contact details.
  • Account and Authentication Data:Login credentials, user IDs, and audit logs related to your account access.
  • Commercial Information:Subscription details, billing, and payment records.
  • Technical and Usage Data:IP address, browser type, device information, and activity within the platform.
  • Communications:Correspondence sent to us (support tickets, demos, or event registrations).

We do not collect sensitive personal data unless explicitly required for compliance and always under a lawful basis.

Sources of Data:
We obtain information directly from you, automatically through cookies and analytics tools, and from business partners or integration systems as part of service delivery.

  1. Legal Basis for Processing (GDPR)
    Validfor processes personal data based on one or more of the following legal grounds:
  • Performance of a contract:to deliver and support the Services.
  • Legal obligations:to comply with accounting, tax, and regulatory requirements.
  • Legitimate interests:to maintain platform security, improve functionality, and communicate with existing clients.
  • Consent:for specific marketing activities or optional analytics, where legally required.
  1. How We Use Personal Information
    We use personal information strictly for lawful business purposes, including:
  • Providing, maintaining, and improving our Services.
  • Managing user accounts and permissions.
  • Processing transactions and invoicing.
  • Communicating with customers and prospects.
  • Ensuring platform security and detecting fraud or misuse.
  • Meeting legal, contractual, and regulatory obligations.
  • Conducting internal analytics to improve customer experience.

We do not use personal information for profiling or automated decision-making that produces legal or significant effects on individuals.

  1. How We Share Personal Information
    We share personal information only when necessary for legitimate business purposes and under appropriate safeguards.
    Categories of recipients include:
  • Service providers and data processors(hosting, analytics, payment, and support).
  • Business partners and affiliatesinvolved in product distribution or integration.
  • Professional advisors(legal, compliance, or financial consultants).
  • Authoritieswhere disclosure is required by law or regulatory obligation.

Validfor does not sell personal information and does not engage in data brokering or targeted advertising.

  1. Your Data Protection Rights (GDPR)
    If you are an EU or UK resident, you have the following rights regarding your personal information:
  • Right of access – to request a copy of the data we hold about you.
  • Right to rectification – to correct inaccurate or incomplete information.
  • Right to erasure – to request deletion, subject to legal retention limits.
  • Right to restrict processing – to limit how your data is used in specific cases.
  • Right to data portability – to obtain data in a structured, machine-readable format.
  • Right to object – to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent.

Requests can be submitted to info@validfor.com. We will respond within one month as required under GDPR.

  1. International Data Transfers
    As an EU-based company, Validfor stores and processes personal information primarily within the European Economic Area (EEA).
    Where data must be transferred outside the EEA, we use theEuropean Commission’s Standard Contractual Clauses (SCCs)or rely on adequacy decisions ensuring equivalent data protection.
  2. Data Security
    Validfor maintains robust technical and organizational security measures appropriate to the risk level of the processed data, including:
  • Encryption of data in transit and at rest.
  • Access control based on least privilege principles.
  • Regular vulnerability and compliance assessments.
  • Employee confidentiality agreements and training.
  • Continuous monitoring and audit trail capabilities.

While Validfor applies industry-standard protections, no system is immune to risk. Customers remain responsible for security configurations and access controls within their own accounts.

  1. Data Retention
    We retain personal information only for as long as necessary to fulfill the purposes described in this Policy or as required by law.
    Retention periods vary depending on data type:
  • Account data: retained during the active contract and up to 36 months after termination.
  • Billing data: retained for the duration required by accounting laws.
  • Platform logs: retained for system audit and security purposes for a limited period.
    When data is no longer required, it is securely deleted or anonymized.
  1. Children’s Privacy
    Our Services are intended for business and professional use only and are not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe that a minor has provided information to us, please contact us immediately atinfo@validfor.comso that we can delete it.
  2. Cookies and Tracking Technologies
    We use cookies and similar technologies to improve functionality and analyze site usage. For more information on cookie types, retention, and consent preferences, please refer to ourCookie Policy. You can manage your cookie preferences at any time through your browser or our consent management platform.
  3. Third-Party Links
    Our website may contain links to third-party websites. Validfor is not responsible for the privacy or security practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
  4. Contact and Complaints
    If you have questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact:
    Data Protection Officer:info@validfor.com
    General inquiries:info@validfor.com
    Validfor OÜ, Harju maakond, Kesklinna linnaosa, Viru väljak 2, 3. korrus, Tallinn 10111, Estonia

You also have the right to lodge a complaint with your local data protection authority or with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).