Modus Engagement Inc., a Delaware Corporation, together with its affiliates (“Modus”), has developed, operates, and maintains a “Enterprise Digital Sales Enablement Solution” under a Software as a Services model, for the benefit of the Modus Clients (the “Platform”). Modus Clients may potentially use the Platform to collect and process personal data relating to individuals in the European Union. As a result, Modus is committed to helping Modus Clients understand the European Union’s new General Data Protection Regulation and its effect on their relationship with Modus, as well as ensuring compliance with that law, to the extent applicable.
The European Union’s General Data Protection Regulation (GDPR) is a new privacy law that is effective beginning on May 25, 2018. The GDPR is intended to enhance the protection afforded to personal data of E.U. residents (referred to as data subjects) and increases the obligations placed on companies to use the data in transparent and secure ways.
For a useful summary of the rights and obligations under the GDPR, please review the Guide to the GDPR provided by the U.K. Information Commissioner’s Office.
The GDPR applies to companies that are either (1) “established” in the E.U. or (2) process personal data about E.U. data subjects in connection with (i) the offering of goods or services to such data subjects or (ii) monitoring the behavior of data subjects in the E.U. Accordingly, the GDPR’s reach is not limited simply to organizations that are located, organized, or employ data subjects in the E.U.
The GDPR affords E.U. data subjects certain rights relating to the processing of their personal data, including the following (as applicable):
To the extent a Modus Client uses Modus’ services to process personal data regarding E.U. data subjects, it is the responsibility of the Modus Client to ensure that it informs the data subjects regarding these rights and otherwise comply with the GDPR.
The Modus Client decides which individuals to interact with through the Modus Platform and what, if any, personal data should be processed about those individuals. As such, the Modus Client is acting as the so-called “Controller” of the personal data under GDPR and must comply with the GDPR’s requirements for Controllers.
Modus is only offering the means allowing the Modus Client to interact with their respective Users and Prospects through the Modus Platform. This means that Modus is only processing the personal data for and on behalf of the Modus Client as a “Processor” (as defined under GDPR).
Modus offers an “Enterprise Digital Sales Enablement” solution that, at its core, provides businesses with the content, information, analytics, and tools that help marketing departments to better engage with the sales teams and/or their potential buyers throughout the buying process. The Modus Platform measures the engagement of each party using the Platform, analyzes their behavior and profiles them, as well as measures the attractiveness of content shared with them, to the extent they are interacting with the Platform within the online environment of the Platform as hosted by Modus for and on behalf of the Controller. The Modus Platform is offered as a “Software as a Service” (“SaaS”) model, which is a software licensing and delivery model in which software is centrally hosted and made available to multiple users over a network, including through interacting products (including front-end clients, apps, Web-Interface, plugins, or Integrations to third-party applications). Personal Data on E.U. data subjects is processed for the purpose of allowing Sales Enablement to take place for the benefit, and under the control, of the Modus Client.
There are three roles by which you can interact with or through the Modus Platform:
Each of these roles will generate their specific analytics regarding how they interact with the content being made available through the Modus Platform. Prospect-generated analytics will be visible to Users and Administrators. User-generated analytics will be visible to Administrators.
The Modus Platform processes certain “information relating to an identified or identifiable natural person” for and on behalf of its Customers. For each role (Administrator, User, Prospect), certain contact information is processed (i.e. direct identifiable personal data such as an e-mail address or name) as well as certain account information, profiling/behavioral information, device information, connection information, content, integrations with marketing automation/CRM services, and geolocation data (i.e., indirect identifiable personal data requiring a whole dataset in order to identify a single person). For specific information on which types of personal data are being processed, see the administration settings in the Modus Platform or contact the Modus data protection officer at email@example.com.
Modus’ Clients are responsible for identifying for E.U. data subjects a lawful basis for the processing activities relating to their personal data on E.U. data subjects. Appropriately obtained and informed consent may be a lawful basis for processing personal data. To that end, the Modus Platform can be used to prompt for consent to process personal data upon the initial interaction with the Platform.
Administrators and Sales Reps – Once the account is deleted by the Modus Client, all personal data is immediately deleted and analytics data is anonymized.
Prospects – Data is retained for a period of time that is configurable by the Modus Client, after which it is anonymized.
Backups: Our security team performs automated data backups on a daily and weekly basis. These backups are retained for three months before secure destruction.
Modus uses subprocessors both in our core Platform, as well as the implementation of certain configurable features. The subprocessors used for our core Platform are necessary to the functionality of our Platform (for example, hosting providers). Some subprocessors are used for optional features of the Platform, which can be disabled. For more information on the specific subprocessors we use, please contact the Modus data protection manager at firstname.lastname@example.org.
Modus shares personal data with:
Data is only shared to the extent as necessary for a specific purpose to that party.
To the extent processing of personal data within your organization falls within the material scope and territorial scope of GDPR (articles 2 and 3 GDPR), the GDPR requires that the processing occurs under a Data Processing Agreement that requires certain minimum criteria to be met (article 28,3 GDPR).
Modus therefore has created a so-called “Data Processing Addendum” or “DPA” that includes all the required GDPR terms. The Modus DPA reflects the unique aspects of the Modus Platform and processing activities, and modifies the Modus Clients’ agreement for the Modus Platform to bring it into GDPR compliance.
In addition to these FAQs, Modus is taking the following steps to assist Modus Clients in complying with the GDPR.
Dedicated privacy page: gomodus.com/gdpr
Data protection manager: Modus has appointed a data protection manager who works closely with our security and product teams.
Privacy settings: Additional privacy settings and functionality in the admin space of the Platform are in development. These privacy settings will allow for a more granular approach to set the respective privacy settings. These settings make a clear distinction for Modus Clients to change “General Privacy Settings”, “User Privacy Settings”, and “Prospect Privacy Settings.” These privacy settings can be managed by the respective account owner or privacy officers at the Customer in the backend of the Modus Platform. Vetting by Modus of its subprocessors: Each subprocessor of Modus is vetted by Legal, Security, and the Modus data protection officer in the areas of security, contractual terms, and data processing agreements.
Anonymization: Personal data of Prospects is anonymized after a certain time of inactivity to be determined by the Customer.
All new product capabilities that are to be introduced from 2018 onwards will (i) follow the GDPR principles of “privacy by design” and “privacy by default” and (ii) give flexibility to both EU customers and non-EU customers regarding privacy, while (iii) keeping all changes as simple as possible.
In the event that you have a complaint about Modus as it relates to our processing of your personal data, please contact us directly at email@example.com and we will work to resolve this complaint with you. You also have the right to log a complaint with the data protection authority. You can find additional information on how to contact your national data protection authority here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en
Modus has appointed a data protection manager who can be contacted at firstname.lastname@example.org