WE ARE COMMITTED TO PROTECTING AND RESPECTING YOUR PRIVACY AT ALL TIMES
Last updated March 2021
Modality Privacy Notice
At Modality we are committed to protecting and respecting your privacy at all times.
This notice provides an outline of when and why we collect personal information, how we use it and the conditions under which we may disclose it to third parties. It is important that you read this notice together with our Website Terms and Conditions.
If you have any questions regarding this notice or our privacy practices in general, please email us at firstname.lastname@example.org.
Who are we?
This notice is issued on behalf of the Modality group of companies, part of the Nasstar Group, so when we mention “Modality”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant Modality company in the Nasstar Group responsible for processing your data. Details of the Nasstar group of companies can be found here. Modality Systems Limited is the controller, and responsible for this website. This means we decide how your personal data is processed and for what purposes. In some circumstances, we also act as a processor in respect of our customers’ personal data, with the customer acting as a controller.
What is personal data?
Personal data relates to an individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
The processing of personal data in the UK is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) as incorporated into UK law, the Data Protection Act 2018 (“DPA”) and also by the Privacy and Electronic Communications (EC Directive) Regulations 2003. It is also governed by the Personal Data Protection Act 2010 in Malaysia, the Privacy Act 1988 in Australia and data protection legislation in the relevant States and Territories of the United States of America.
Contact details of the Data Protection Officer (‘DPO’)
If you have any queries or questions about this notice then please contact our DPO by emailing email@example.com.
What personal data do we collect and how do we collect it?
We collect and process a range of information about you. This includes:
- your name and contact details, including email address and telephone number;
- your IP address, operating system and browser type;
- your traffic data, location data, weblogs and other communication data, the resources that you access;
- details of any contact including a record of the correspondence;
We collect this information in a variety of ways. For example, data is collected through online forms, website cookies, from correspondence with you, through subscription to our newsletters and through event registrations.
To enable the provision of products and services to you, we may also collect and process other personal data to enable the performance of the contract between you and us. This will be communicated and agreed through specific contract documentation and / or specific Privacy Notices.
In some cases, we collect personal data about you from third parties, such as analytics providers, lead generation companies, partners and event organisers.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences from your use of our website.
How do we process your personal data?
We comply with our obligations under the DPA and GDPR by keeping personal data up to date (subject to your notification of any required updates to your personal data); by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: –
- To operate this website and deliver the services that customers have requested;
- To undertake profiling to enable us to improve the customer experience and tailor the information we provide;
- To carry out our obligations arising from any contracts entered into between you and us;
- To inform individuals about Modality products and services which we believe may be of legitimate interest to you;
- To inform individuals of news, events, activities or services running throughout the year;
- To contact individuals via surveys to conduct research about their opinions of current services or of potential new services that may be offered;
- To notify you about changes to our services;
- To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- To monitor and store communications including email correspondence for the purpose of ensuring compliance with laws, policies and auditing;
- To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you;
- To use data analytics to improve our website, products/services, marketing, customer relationships and experiences;
- If you are a customer, supplier, employee, contractor or users of our services, then we may use your personal data for other purposes that are described in other privacy notices available on the Modality website or through specific contract documentation.
Our legal basis for processing
We will only use your personal data when we have your consent, a legitimate interest or where we need to comply with a legal obligation. We have completed a Legitimate Interests Assessment and considered whether or not those interests are superseded by the rights and freedoms of the individuals and have concluded that they are not. Processing related to our website and for sales and marketing activity is necessary for our legitimate interests.
The processing is necessary for the purposes described above and we take steps to minimise the impact on your privacy rights by endeavouring to contact only those individuals, who have expressed an interest in our services or those who are in IT-based job roles, with information around IT-based services, solutions, events and information. We also offer you the right to object to or opt-out from our communications and processing activities at any time. To opt-out, you can use the unsubscribe button at the bottom of an e-shot or you can email firstname.lastname@example.org.
Processing is also undertaken in relation to the products and services we provide to customers and our legal basis in these cases is to enable us to perform the contract between the parties.
Automated decision making and profiling
No automated decision making is undertaken by us or the third parties with whom data is shared. Profiling is undertaken through the use of analytics in pursuance of our legitimate interests and as outlined in the section How do we process your personal data? above.
Categories of recipients
Your personal data will be treated as strictly confidential and will only be shared with the recipients detailed below for the purpose stated:
- Marketing communication facilitators – to keep you updated on our products & services;
- Online advertising providers – to keep you updated on our products & services;
- Website engagement companies (e.g. live chat) – to help us to assist you and respond to your queries;
- Analytics providers – to help us improve your online experience;
- Third parties for joint promotions with that party – to help us organise events
- Third Parties acting as processors or sub-processors required to enable us to provide the products and services we provide
- Companies within the Nasstar Group – for marketing purposes and to support overall provision of our products and services;
- Fraud prevention agencies – to prevent fraud;
- Alternative dispute resolution – for complaint escalation;
- Law enforcement agencies, government bodies, regulatory organisations, courts or other public authorities – where required by law.
Transfers outside of the UK and outside of the EEA and Safeguards for International transfers
Your data may be transferred to countries outside the European Economic Area (EEA) in instances where we are required to transfer your data to another member of the Nasstar Group for any of the purposes listed at How do we process your personal data? above, where our or our recipient’s servers used for storing personal data are based outside of the EEA.
If you use our services whilst you are outside of the EEA, your data may be transferred outside the EEA in order for us to provide you with those services.
Data will only be transferred outside of the EEA or the United Kingdom (as appropriate) only where a declaration of adequacy and a Data Protection Agreement or equivalent agreement is in place. If the country in which the data is to be transferred to has no declaration of adequacy in place then we will request the third party to enter into a legal agreement that reflects those standards through the use of Standard Contractual Clauses.
Data retention period and criteria used to determine that period
We keep your personal data for no longer than is reasonably necessary for the purposes set out in this Privacy Notice. This is determined through assessment by our DPO.
We delete personal data relating to sales and marketing upon receipt of an opt-out request, or two years after the last communication we receive from you.
Rights to request access to the data, object, restrict processing, rectification, erasure and portability
Under the GDPR, you have the ability to exercise via the DPO the following rights with respect to your personal data:
- The right to request a copy of your personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for us to retain such data;
- The right where applicable to request, that we provide you with a copy of your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right where applicable to object to the processing of personal data;
- The right to lodge a complaint with your local supervisory authority.
Right to withdraw consent at any time
We do not rely on consent for our processing activities but instead on our legitimate interests or for contractual purposes, we therefore cannot offer the right to withdraw consent. However, you do have the right to object to or opt-out from our processing activities by contacting our DPO.
If we wish to use your personal data for a new purpose that is not covered by this privacy notice and which is incompatible with the purposes described in this notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Right to lodge a complaint with ICO
To exercise all relevant rights, or for queries, please in the first instance contact us on the contact details provided above.
Should you have a concern about our information rights practices, you have the right to complain directly to our supervisory authority, the ICO.
Their address and contact details are as follows:
Information Commissioners Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Alternatively, you can email them via the following link: https://ico.org.uk/global/contact-us/email/
If you are not in the UK, you may contact the equivalent supervisory authority in your country. Contact details for data protection authorities in the European Economic Area, are available at https://edpb.europa.eu/about-edpb/board/members_en. For other countries please contact our DPO at email@example.com.
Updates to this Notice and your Personal Data
We may update this notice from time to time in response to changing legal, technical or business developments.
When we update our notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
You can see when this privacy notice was last updated by checking the “last updated” date displayed at the top of this privacy notice.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.