Valkit.ai Privacy Policy

Valkit.ai LLC. ("Valkit.ai," "we," "us," or "our") provides software and services to enable our customers' biomanufacturing and research lab processes. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services, websites, mobile applications, and other offerings (collectively, the "Services").

2.1 EU-U.S., UK Extension to the EU-U.S., and Swiss-U.S. Data Privacy Framework

Valkit.ai complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States, respectively. Valkit.ai has certified to the Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles and the Swiss-U.S. Data Privacy Framework Principles (collectively, the "DPF Principles"). If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Valkit.ai is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to personal data received or transferred pursuant to the DPF Program.

Pursuant to the DPF Program, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States in reliance on the DPF Program should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the DPF Principles, Valkit.ai commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our DPF policy should first contact Valkit.ai at:

Email: [email protected]
Mail: Valkit.ai LLC., Attn: Privacy Officer, 429 E. Vermont St., Suite 304, Indianapolis, IN 46202

Valkit.ai has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB National Programs. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://bbbprograms.org/programs/all-programs/dpf-consumers or www.bbbprograms.org/dpf-complaints for information or to file a complaint. This service is provided at no cost to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction for more information on this process.

If you are an EU, UK, or Swiss Individual, where we transfer your personal data to third party service providers who perform services for us or on our behalf, we are responsible for the processing of that data by them and shall remain liable if they process your personal data in a manner inconsistent with the DPF Principles, unless Valkit.ai proves that we are not responsible for the event giving rise to the damage.

This Privacy Policy applies to personal information (as defined under applicable privacy laws) processed by us. We act as both a "data controller" and "business" under applicable privacy laws, including the General Data Protection Regulation (GDPR), UK GDPR, the Swiss Federal Act on Data Protection (FADP), and the California Consumer Privacy Act (CCPA), for the personal information we collect and process.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if we have your contact information) or by posting a notice on our Services prior to the change becoming effective. Your continued use of our Services after any modification indicates your acceptance of the updated Privacy Policy.

4.1 Categories of Personal Information

We collect and process the following categories of personal information:

• Identifiers and Contact Information: Name, email address, postal address, phone number; account login credentials; IP address and other online identifiers; device identifiers
• Professional Information: Job title and employer information; professional certifications and qualifications
• Commercial Information: Services purchased or considered; billing and payment information
• Internet Activity: Browsing history and search history; information about your interaction with our Services; device and browser information
• Geolocation Data: Approximate location derived from IP address; precise location (with your consent)
• Sensitive Information: In accordance with the DPF Principles, we treat as sensitive any personal information received from a third party where that third party identifies and treats it as sensitive, as well as personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or information on an individual's sex life or sexual orientation.

4.2 Sources of Personal Information

We collect personal information from:

• Direct interactions with you
• Automated technologies or interactions (e.g., cookies)
• Third parties (e.g., business partners, analytics providers)

We process your personal information based on the following legal grounds:

• Performance of a contract: To fulfill our contractual obligations to you
• Legal obligation: To comply with legal requirements
• Legitimate interests: For our legitimate business interests, when not overridden by your rights and freedoms
• Consent: Where you have given us permission to process your data for specific purposes

We use your personal information for the following purposes:

• Providing and improving our Services
• Managing your account
• Processing transactions
• Communications and marketing
• Security and fraud prevention
• Legal compliance
• Analytics and research

7.1 Categories of Recipients

We share personal information with:

• Law enforcement when required
• Corporate affiliates in the course of duly contracted software services

7.2 Data Transfers

We do not sell personal information as defined under the CCPA. However, we may share personal information for targeted advertising purposes, which some laws may define as a "sale" or "sharing."

We may transfer your personal information to countries outside your residence. For transfers from the EU/UK/Switzerland to the United States, we rely on:

• EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Framework
• Standard Contractual Clauses
• Adequacy decisions
• Other appropriate safeguards

Depending on your location, you have specific rights regarding your personal information:

9.1 EU, UK and Swiss Individuals: Your Rights under the General Data Protection Regulation

• Right to access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision-making
• Right to withdraw consent

9.2 California Residents:

• Right to know
• Right to delete
• Right to correct
• Right to opt-out of sale/sharing
• Right to limit use of sensitive personal information
• Right to non-discrimination

To exercise your rights, contact us at [email protected] or use our web form [link]. We will respond to your request within the timeframes required by applicable law.

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption
• Access controls
• Regular security assessments
• Employee training

We retain personal information for as long as necessary to:

• Provide our Services
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

Our Services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us.

We use cookies and similar technologies. Our detailed Cookie Policy [link] explains:

• Types of cookies used
• Purposes of processing
• How to manage preferences

Data Protection Officer: [email protected]
Mailing Address: 429 E. Vermont St., Suite 304, Indianapolis, IN 46220
Phone: 1 (888) 912 0190

For questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].