Privacy & Cookies
This notice applies across all websites that we own and operate and all services we provide, including our online and mobile data capture intelligence and investigation products, and any other apps or services we may offer (for example, events or training). For this notice, we’ll call them our ‘services’.
We may need to update this notice from time to time. Where a change is significant, we will make sure we let you know – usually by sending you an email. Your SaaS agreement shall take precedent over our Privacy Terms where such matters are dealt with in the agreement.
Who are ‘we’?
When we refer to ‘we’ (or ‘our’ or ‘us’), that means Modal Limited and all its wholly owned subsidiaries. Our headquarters are in New Zealand but we operate all over the world. Address details for Modal offices are available on our Contact us page.
We provide an easy-to-use online platform for customers. At the core of our platform is our intelligence collection and investigation software. If you want to find out more about what we do, see the About Modal page.
For European Union data protection purposes, we may act as a controller in relation to your personal data.
Our principles of data protection
Our approach to data protection is built around four key principles. They are at the heart of everything we do relating to personal data.
Transparency: We take a human approach to how we process personal data by being open, honest and transparent.
Enablement: We enable connections and efficient use of personal data to empower productivity and growth.
Security: We champion industry leading approaches to securing the personal data entrusted to us.
Stewardship: We accept the responsibility that comes with processing personal data.
How we collect your data
When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following:
Information you provide to us directly: When you visit or use some parts of our websites and/or services we might ask you to provide personal data to us. For example, we ask for your contact information when you sign up for a trial, respond to a job application or an email offer, participate in community forums, join us on social media, take part in training and events, contact us with questions or request support. If you do not want to provide us with personal data, you do not have to, but it might mean you can’t use some parts of our websites or services.
Information we collect automatically: We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you are using our websites and services so that we can continue to provide the best experience possible.
Some of this information is collected using cookies. If you want to find out more about the types of cookies we use, why, and how you can control them, take a look at our cookie notice.
Information we get from third parties: Most of the information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as publicly available materials. We use this information to supplement the personal data we already hold about you, to better inform, personalise and improve our services, and to validate the personal data you provide.
Where we collect personal data, we will only process it:
to perform a contract with you, or
where we have legitimate interests to process the personal data and they are not overridden by your rights, or
in accordance with a legal obligation, or
where we have your consent.
If we do not collect your personal data, we may be unable to provide you with all our services, and some functions and features on our websites may not be available to you.
If you are someone who doesn’t have a relationship with us but believe that a Modal subscriber has entered your personal data into our websites or services, you will need to contact that Modal subscriber for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data).
How we use your data
First and foremost, we use your personal data to operate our websites and provide you with any services you have requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:
To communicate with you. This may include:
providing you with information you have requested from us (like training or education materials) or information we are required to send to you
operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services
marketing communications (about Modal or another product or service we think you might be interested in) in accordance with your marketing preferences
asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
To support you: This may include assisting with the resolution of technical support issues or other issues relating to the websites or services, whether by email, in-app support or otherwise.
To enhance our websites and services and develop new ones: For example, by tracking and monitoring your use of websites and services so we can keep improving, or by carrying out technical analysis of our websites and services so that we can optimise your user experience and provide you with more efficient tools.
To market to you: We may send you marketing communications through our own websites and services. We will not use your data to advertise through third party websites and their platforms.
To analyse, aggregate and report: We may use the personal data we collect about you and other users of our websites and services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.
How we can share your data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
other companies in the Modal group of companies
third party service providers and partners who assist and enable us to use the personal data to, for example, support delivery of or provide functionality on the website or services, or to market or promote our goods and services to you
regulators, law enforcement bodies, government agencies, courts or other third parties where it is necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
an actual or potential buyer (and its agents and advisors) in connection with an actual or proposed purchase, merger or acquisition of any part of our business. Such a disclosure would only be under a non-disclosure agreement
other people where we have your consent.
International Data Transfers
Modal is based on Microsoft’s Azure offering customers more than 60 datacentre regions worldwide. Specifically
Modal is available across 60 datacentres, including high availability
Modal data residency provides assurances that customers retain control data residency. Modal services can be deployed regionally and enable the customer to specify the region into which the service will be deployed and control where the customer data will be stored.
For other information related to Microsoft Azure datacentres you can view it here including
Data access to telemetry data, including elevated access for support data, and how customers can manage data access. The collection and use of telemetry and support data issues has raised questions from some of our customers, and the white paper provides detailed answers.
How Microsoft protects customer data from unauthorized access and how Microsoft handles government requests, including implications of the Cloud ACT. Customers have asked us for specific details about when Microsoft engineers may access data and how we respond to government requests for data. The white paper provides clarity.
Tools customers can use to protect from unauthorized and authorized data access. Customers have a wealth of tools available to restrict, protect, and encrypt data at rest, in transit, and in some cases, in use.
Data retention and deletion. The white paper details Microsoft’s policies and practices for the retention and disposal of customer data.
For more information see https://azure.microsoft.com/en-us/blog/making-your-data-residency-choices-easier-with-azure/
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as Australia, where our data hosting provider’s servers are located. These countries may have laws different to what you are used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). For further information, please contact us using the details set out in the Contact us section below.
Security is a priority for us when it comes to your personal data. We are committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens. For more information about security, check out Modal’s security pages.
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We will retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we will make sure it is deleted or anonymised.
It is your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication or send your request to firstname.lastname@example.org.
You also have rights to:
know what personal data we hold about you, and to make sure it is correct and up to date
request a copy of your personal data, or ask us to restrict processing your personal data or delete it
object to our continued processing of your personal data
You can exercise these rights at any time by sending an email to email@example.com.
If you are not happy with how we are processing your personal data, please let us know by sending an email to firstname.lastname@example.org. We will review and investigate your complaint and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
How to contact us
We are always keen to hear from you. If you are curious about what personal data we hold about you or you have a question or feedback for us on this notice, our websites or services, please get in touch.
As a technology company, we prefer to communicate with you by email – this ensures that you are put in contact with the right person, in the right location, and in accordance with any regulatory time frames.
Our email is email@example.com.
What cookies technologies do we use?
A cookie is a small text file that is placed on your computer or mobile device when you visit one of our websites. We may use a few different types of cookies. Some are persistent cookies (cookies that remain on your hard drive for an extended period of time) and some are session ID cookies (cookies that expire within a set time period).
These types of cookies are important. They help us operate our websites and services, and most importantly enhance and customize your experience across our websites and services.
There are also cookies set by third parties across our websites and services. Third party cookies enable third party features or functionality to be provided on or through our websites and services, such as analytics.
Below is a list of cookies that we use on our websites and services. The types of cookies we use are always changing. Check back regularly to make sure you stay up to date. If you think we have missed a cookie, please let us know.
Authentication Token Session Cookie for logged in Users
This stores which organization has granted the access to user.
This stores which User Belongs to which organization.
This Identifies the intended recipient of the token, the audience is ModalConnect Application ID.
This Identifies the User.
Third party cookies
How can you control cookies?
You can accept or reject cookies by amending your web browser controls. Because they are important, our websites and services might not work like they are supposed to, and in some cases, might not work at all, if you decide to reject our cookies.
You can manage your cookie settings by following your browser's instructions. Here are some links that might be of assistance:
Microsoft Internet Explorer