Modeeri Privacy Policy
Introduction
This Privacy Policy describes how Modeeri (“Provider,” “we,” or “our”) collects, uses, processes, stores and safeguards personal data when Clients and Authorized Users access or use the Modeeri platform and related services (the “Platform”). This document supplements the Modeeri Terms & Conditions and should be read in conjunction with that Agreement. By using the Platform or providing personal data, you acknowledge and agree to the practices described in this Policy.
Definitions
- Personal Data: Any information relating to an identified or identifiable natural person, including data that, alone or in combination with other information, can be used to identify or contact a specific individual (e.g., name, address, phone number, email, identification number, IP address, location data or online identifiers).
- Data Controller & Data Processor: A data controller determines the purposes for which and the means by which personal data is processed, while a data processor processes personal data on behalf of the controller. An entity may act as controller, processor or both, depending on its role and activities.
- Subprocessor: A third-party data processor engaged by a data processor to process personal data from a data controller. The Provider may engage subprocessors only with Client’s authorization and remains liable for their compliance with applicable data protection requirements.
- Data Privacy & Security Laws: All applicable national, federal, state, regional and local laws, regulations and executive orders governing the privacy, data protection and security of personal data and data breach notification, including Egypt’s Data Protection Law No. 151 of 2020, the EU General Data Protection Regulation (GDPR) and any other applicable data privacy regime.
Role of the Parties
- Client as Controller: The Client acts as the data controller, determining why and how personal data is processed.
- Provider as Processor: The Provider processes personal data on behalf of the Client in accordance with the Client’s instructions and the obligations set out in this Policy and applicable data protection laws.
- Joint Controllers: In limited circumstances where both Parties jointly determine the purposes and means of processing, they will enter into a joint-controller arrangement specifying their respective responsibilities.
Compliance with Data Privacy Laws
Both Parties agree to comply with applicable data privacy and security laws, including Egypt’s Data Protection Law (DPL) and the GDPR. The Provider will process personal data lawfully, fairly and transparently, ensure data minimisation and purpose limitation, and maintain records of processing activities. The DPL, inspired by the GDPR, imposes obligations on both controllers and processors and provides for significant penalties for non-compliance.
Data We Collect and Process
Depending on how Clients use the Platform, the Provider may collect and process the following categories of personal data:
- Account Information: Information provided during account registration, such as names, email addresses, phone numbers and roles.
- Usage Data: Information about how Authorized Users interact with the Platform, including log data, device and connection information, and analytics.
- Client Content: Any personal data contained in Client Data uploaded to or generated within the Platform.
- Support Data: Information provided to our support team to resolve technical or service requests.
Purposes of Processing
The Provider processes personal data to:
- Provide, operate and maintain the Platform and Services;
- Configure and personalise user accounts;
- Facilitate onboarding, support and training;
- Monitor system performance and improve the Platform;
- Comply with legal obligations and enforce the Terms & Conditions;
- Prevent fraud, protect the security of the Platform and Users, and detect misuse.
Legal Basis for Processing
The Provider processes personal data based on the following lawful grounds:
- Performance of the Contract: Processing necessary to provide the Platform and Services under the Terms & Conditions.
- Legitimate Interests: Processing for our legitimate interests, such as improving our services, maintaining security and preventing fraud, provided such interests are not overridden by the interests or fundamental rights and freedoms of individuals.
- Legal Obligations: Processing necessary to comply with applicable laws and regulations.
- Consent: When we rely on consent, we will obtain it explicitly and individuals may withdraw consent at any time.
Data Subject Rights
In accordance with the DPL and GDPR, individuals have certain rights regarding their personal data. These may include the right to request access, rectification, erasure, restriction of processing, data portability and objection. Clients are responsible for responding to such requests when they act as controllers. The Provider will assist Clients by implementing appropriate technical and organisational measures to enable compliance with data subject rights.
Subprocessors & Third-Party Services
The Provider may engage qualified subprocessors, such as hosting providers or payment processors, to assist with providing the Platform. The Provider will ensure that subprocessors are contractually obligated to provide at least the same level of protection as outlined here and will remain liable for their acts and omissions. Where required by law, the Provider will notify Clients before adding or replacing subprocessors, and Clients may object on reasonable grounds related to data protection.
The Platform may also interoperate with or contain links to third-party services or open-source components. Use of these services is subject to the terms and privacy policies of their respective providers. The Provider does not control and is not responsible for third-party services; Clients access them at their own risk.
Security Measures
The Provider implements appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss or destruction. These measures include encryption in transit and at rest, pseudonymisation, firewalls, multifactor authentication, role-based access controls, regular vulnerability assessments and penetration testing, and staff training. The Provider maintains business continuity, backup and disaster recovery plans with defined recovery time and recovery point objectives.
Data Retention & Deletion
The Provider retains personal data only for as long as necessary to fulfil the purposes outlined in this Policy or to comply with legal obligations. Upon Client request or upon termination of the Services, the Provider will securely delete or anonymise personal data within a reasonable period, subject to backup retention policies and legal requirements. Certain records may be retained for auditing, fraud prevention or regulatory compliance.
International Data Transfers
Clients consent to the transfer of personal data to countries where the Provider or its subprocessors operate. The Provider will ensure that appropriate safeguards—such as standard contractual clauses or adequacy decisions—are in place to protect personal data during cross-border transfers.
Data Breach Notification
In the event of a personal data breach, the Provider will notify the Client without undue delay after becoming aware of the breach. The notification will describe the nature of the breach, the categories and approximate number of data subjects and records concerned, the likely consequences and the measures taken or proposed to address the breach.
Data Ownership & Portability
Clients retain ownership of all personal data they submit to the Platform. Upon request, the Provider will provide tools or services to export Client Data in a commonly used format, subject to reasonable limitations and applicable fees. The Provider will not use Client Data for marketing or sell it to third parties.
Contact Information
For privacy inquiries, data subject requests or questions about this Policy, please contact:
Modeeri Privacy Team
Email: info@modeeri.com