Privacy Policy
Data handling protocols for Valid Industrial Systems Ltd. Aligned with GDPR (EU Regulation 2016/679), CCPA, and HIPAA Business Associate requirements for medical device supply chains.
Data Controller Identity
[Entity Identification Protocol]
Legal Entity: Valid Industrial Systems Ltd (Hong Kong Company Registry: 3012XXX)
Business Purpose: Medical Device Material Supply (Class I/IIa Titanium Components)
Data Protection Officer: compliance@validti.com
EU Representative: Appointed per GDPR Article 27 (Contact via above email)
Transparency Notice: ValidTi operates as a brand. Manufacturing is executed by SinoTi (Xi'an). Data processing occurs solely within ValidTi systems. SinoTi has no independent access to customer data.
Data Collection Scope
[Information Capture Matrix]
A. Business Contact Data
- ✓ Contact Info: Name, Email, Phone, Company, Job Title
- ✓ Technical Data: Device IDs, Browser Type, IP Address (Anonymized)
- ✓ Transaction Records: Order History, Lot Queries, Certificate Downloads
B. Data We Do NOT Collect
- ✗ Patient Information (PHI/PII) - Not Required for B2B Supply
- ✗ End-User Data - We Serve Dental Labs, Not Patients
- ✗ Credit Card Data - All Payments via Bank Transfer (SWIFT)
Legal Basis for Processing
[GDPR Article 6 Compliance]
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Order Fulfillment | Contractual Necessity | Art. 6(1)(b) |
| Regulatory Traceability | Legal Obligation (MDR) | Art. 6(1)(c) |
| Marketing Communications | Legitimate Interest | Art. 6(1)(f) |
Data Retention & Deletion
[Lifecycle Management Protocol]
Retention Period: 10 years from last transaction (Aligned with EU MDR Annex I, Section 18.1 - Technical Documentation Archive Requirements)
Deletion Request: Submit via compliance@validti.com. Response within 30 days per GDPR Article 17.
Limitation Notice: Records tied to active MDR post-market surveillance obligations cannot be deleted until regulatory retention periods expire (21 CFR 820.180 / EU MDR Article 10.8).
Third-Party Data Processors
[Subprocessor Registry]
-
→
Email Service: Google Workspace (GDPR-compliant Data Processing Addendum active)
-
→
Cloud Storage: AWS (Frankfurt Region - eu-central-1). Data residency confirmed within EU.
-
→
Analytics: None. We do not use Google Analytics or third-party tracking.
Your Rights (GDPR Chapter III)
[Data Subject Control Protocol]
✓ Right to Access
Request a copy of all data we hold about you (Art. 15)
✓ Right to Rectification
Correct inaccurate information (Art. 16)
✓ Right to Erasure
Request deletion (subject to legal retention) (Art. 17)
✓ Right to Data Portability
Receive data in machine-readable format (Art. 20)
Exercise Your Rights: Email compliance@validti.com with subject line "GDPR Request - [Your Company Name]". Identity verification required.
Updates & Contact
[Document Change Log]
Last Updated: 2025-01-01
Change Notification: Material changes will be announced via email to registered contacts 30 days prior to implementation.
Supervisory Authority: EU users may lodge complaints with their national Data Protection Authority. Find Your DPA
Questions About Data Handling?
Contact our Data Protection Team for clarifications
Response Time: < 48 Hours