Privacy Policy & GDPR
This policy defines the cryptographic data handling protocols of the Valid-Mark Global Trust Registry in accordance with the General Data Protection Regulation (GDPR) and the Republic of Lithuania Law on Legal Protection of Personal Data.
Valid-Mark utilizes a "Privacy-by-Design" architecture. Unlike traditional databases, the Global Trust Registry does not store sensitive personal identifiers in plain text. Instead, all certification data is subjected to a one-way SHA-256 cryptographic hashing process before registration. This ensuring that data is stored in sovereign EU nodes with zero third-party exposure, while remaining mathematically verifiable by authorized stakeholders.
Sovereign Data Storage
"All Registry nodes are physically located within the European Economic Area (EEA), ensuring that the chain of custody for certification metadata remains under the strictest jurisdictional oversight of EU data authorities."
Under GDPR, users retain the right to information regarding their hashed records. However, due to the immutable nature of the blockchain-anchored ledger, requests for data erasure (the "Right to be Forgotten") are managed through cryptographic revocation rather than physical deletion, preserving the historical integrity of the registry while nullifying the validity of the public mark.
Data is strictly processed for the purpose of global trust verification. Valid-Mark enforces a zero-exposure policy, meaning that no raw data is ever sold, transferred, or accessible to marketing entities or third-party data aggregators outside the Verified Recognition Arrangement (VRA) framework.