PERSONAL DATA PROCESSING POLICY VALID.IT PLATFORM Last Updated: November 2022 Introduction If you use the Valid.it Platform, this means that you have received a link and a personal password through a company that you are associated with in order to perform an integrity test using the Valid.it platform. For example, if you have applied to a company for a job opportunity and that company wishes to assess your integrity as part of their recruitment process, OR if you have applied for an insurance claim and your insurance company wishes to test your claim’s authenticity as part of their review of your claim. Valid.it is a SaaS platform produced and operated by Valid.it Solutions Ltd. This personal data processing policy (the "Personal Data Policy") is intended to inform you of the practices implemented regarding the collection, use, protection and retention of personal data concerning you in the context of your personal data, the use of the Valid.it platform, as well as the rights you have. Prior to any use of the Valid.it Platform, we ask that you read and accept the terms of this Privacy Policy. This Personal Data Policy is an integral part of the General Terms and Conditions of Use of the Valid.it Platform ("T&C"). • PROCESSING MANAGER AND SUBCONTRACTOR You may only access/sign-in to the app by invitation, via a company you are associated with, and through which you have consented to conduct an integrity test. That company would thus be a customer of ours, and that company is the controller of your data, we act merely as a processor to provide our app (remote integrity test) to that company - our customer, in order to perform an integrity test using our app, as a complimentary step in their integrity assessment process. The person/organization in charge of the processing of your personal data is thus the company through which you have received the invitation to conduct this integrity test, and they are the Controller of your data. The Controller is in this capacity the owner of the data concerning you, collected for the needs and in context of the integrity test. Valid.it acts exclusively on behalf of the Controller, as processor of the latter, who has mandated it for the purpose of conducting an integrity test via its online platform. Valid.it is located in Israel, a country that has been recognized by the European Commission as a country ensuring an adequate level of protection of personal data. Valid.it assures you of the processing of your personal data in compliance with applicable legislation, in particular, the National Commission on Informatics and Liberty and the General Data Protection Regulation ("GDPR"). • PERSONAL DATA COLLECTED AND PROCESSED Prior to your connection to the Valid.it Platform and in order to prepare your integrity test, the Controller transmits to Valid.it your family name, first name and e-mail address, as well as, if applicable, your date of birth and your mother tongue, your country/city of origin. All mention of “Personal Data” within this document refer solely to the above-mentioned information (which you have shared with the Controller). Notwithstanding, Personal Data, Data or Information within this document may also refer to your integrity assessment and all its associated information. When you pass your integrity test on the Valid.it Platform, the following data is collected: • your textual answers/responses to questions related to the integrity test. • non-verbal data in the form of heart-rate; • Technical information related to the device/s you are using to conduct the integrity test, such as hardware settings (microphone and webcam used), your browser type, date and time of requests. While we may ask of you to keep your face centered at the beginning of the test, the image of your face is NOT collected nor is it stored on our servers, we use data points from areas on the face to assess your Heart rate which assist our system in detecting deceit. The scores are processed as numerical values, NOT images, which also ensures that there is no association to any Personal Identifiable Information (PII). In the context of the questions that you will be asked during the integrity test, we will at no time seek to ask you for information concerning your racial or ethnic origin, your political, philosophical or religious opinions, your trade union membership, information about your health, your personal life or your sexual orientation. While we do ask any such related questions, we still draw your attention to the fact that you do not have to provide us such sensitive information. We monitor the performance of our platform and as such some of the tests that go through our systems undergo quality assurance, if you have shared sensitive information, we will do our best not to proceed to any processing of this type of information and they will not be taken into account as part of your evaluation. • TERMS AND CONDITIONS OF THE PROCESSING OF PERSONAL DATA All data collected as part of the integrity test is automatically processed using the solution developed by Valid.it, with the sole aim of analyzing your integrity for the Controller in an efficient, objective and non-discriminatory manner. The solution developed by Valid.it uses algorithms that try to assess the authenticity of your answers by leveraging extensive professional experience in integrity testing. Valid.it's automated analysis is based on your responses and the non-verbal feedback received during those responses. The results of the integrity analysis are returned to the Controller who will decide, in his sole and absolute discretion, how to proceed with your recruitment process, or in the case of insurance, how to handle your insurance claim, or any other industry or field for which you have been invited to conduct this integrity test. The processing of your basic personal info is based on your prior consent to that Controller. 4. RECIPIENTS OF DATA 4.1. Controller The data collected about you during the use of the Valid.it Platform is transmitted to the Controller who has access to your integrity test and to the analysis that has been done by the Valid.it solution. Only employees or agents of the Controller involved in the process can access your integrity assessment. 4.2 Technical Providers Valid.it works with third-party service providers that provide application development, hosting, transcription, data processing, information analysis and maintenance services. In so far as it is necessary for these service providers to fulfill their contractual obligations with respect to Valid.it, those third parties may be required to access and process the data related to your assessment. Most of these technical service providers are located within the United States or European Union. Some of them may nevertheless be located outside these locations. In this case, these providers are either located in a country that has been recognized as adequate by the European Commission or located in the United States and adhering to the Privacy Shield. Otherwise, appropriate safeguards in accordance with the requirements of European regulations will be put in place. In any case, only the data strictly necessary for the performance of their mission are transmitted to these service providers, who are subject to the confidentiality and security obligations necessary to ensure the protection of your data. 5. RETENTION OF DATA Your data and more specifically (your assessment), is typically stored on our servers for a period of up to 2 years. 6. SAFETY MEASURES Valid.it has put in place the security, technical and operational measures necessary to protect your data against unauthorized access and against any modification, disclosure, alteration, loss or destruction. In particular: • Access to personal data is strictly reserved for employees and agents who need to access it in order to carry out the above-mentioned processing operations or for maintenance purposes. These people are subject to strict confidentiality obligations. • We encrypt your data using SSL technology • Access to our servers and databases is restricted by a strict privilege policy. 7. YOUR RIGHTS You benefit from the following rights: a) the right to access your personal data and to obtain in this respect information concerning the purposes of the data processing, the categories of data to be retained, the recipients of the data, the retention period of the personal data or the criteria used to determine that duration. b) the right to obtain without undue delay the rectification of inaccurate personal data concerning you or, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement. c) the right to withdraw at any time your consent to the processing of your personal data within the framework of the Valid.it Platform. d) the right to obtain the deletion of personal data about you as soon as possible, when (i) these data are no longer necessary for the purposes for which they were collected or processed, or (ii) you withdraw your consent under paragraph c) above, (iii) your personal data has been unlawfully processed, (iv) it is the result of a legal obligation. The deletion of your data may nevertheless be rejected as long as they are necessary for the discovery, exercise or defense of a legal right of Valid.it or the Controller. To exercise the rights mentioned in this article, you can either contact Valid.it at the coordinates specified below or contact the Controller. Without prejudice to any other administrative or judicial remedy, you have the right to make a complaint with a supervisory authority if you consider that the processing of your personal data constitutes a violation of the applicable regulations. 8. INFORMATION ABOUT VALID.IT For any other question or suggestion about the protection of your personal data processed in connection with your use of the Valid.it Platform, we invite you to contact us: VALID.IT contact@Validit.ai Data Protection Delegate yossi@Validit.ai