Privacy Policy

1. Introduction

With the following information we would like to inform you about the processing of your personal data by MODIFI. MODIFI is committed to protecting your personal privacy and the personal privacy of persons affiliated to you. All personal data processed by us will be processed in accordance with applicable laws and be governed by data policies and procedures. The purpose of this privacy statement is to inform you about the personal data that we collect, how we use it, with whom we share it, what your rights are and how you can contact us.

Please note that the passages referring to the GDPR only apply to EU residents and their data. If you are a non-EU citizen living outside of the EU, the GDPR and the corresponding sections will not be applicable to you. You can of course still use the provided contact options to ask questions about the protection of your data.

1.1. Controller within the meaning of data protection law

This notice relates to data processing by MODIFI B.V. together with other companies within the MODIFI group (which means our subsidiaries, our ultimate holding company and its subsidiaries from time to time) (MODIFI, We, Us, Our). Authorised representatives of MODIFI are Nelson Holzner, Sven Brauer and Jan Wehrs.

For Marketing & Sales activities relating to Seller Finance, MODIFI B.V. is the controller of the personal data and responsible for the processing of personal data.

For Marketing & Sales activities relating to Buyer Finance, MODIFI GmbH is the controller and the responsible entity.

MODIFI GmbH is the data controller for data processing activities that relate to your use of the MODIFI website:

MODIFI GmbH

Belziger Str. 33

10823 Berlin

Germany

MODIFI can be reached via email at hello@modifi.com and via telephone on +49 30 54907307.

1.2. Data Protection Officer

Proliance GmbH / www.datenschutzexperte.de

Data Protection Officer

Leopoldstr. 21

80802 Munich

datenschutzbeauftragter@datenschutzexperte.de

1.3. Definitions

Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

2. Processing on our website

2.1. Web Hosting

This website is hosted by Amazon Web Services (AWS), a cloud service by Amazon Web Services Inc. (410 Terry Avenue North, Seattle, Washington 98109-5210, USA).This website is hosted in Ireland. Personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website.

We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. cannot be ruled out, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

2.2. Server-Logfiles

Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server

  • Date and time of access
  • Name of the requested file
  • Page from which the file was requested
  • Web browser used and operating system used
  • (Full) IP address of the requesting computer
  • Transmitted amount of data

We collect the listed data in order to guarantee a frictionless connection establishment and to enable a comfortable use of our website by the users. The log file also serves for evaluating system security and stability as well as administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data. After 90 days at the latest, the data is deleted or the IP address at domain level is shortened, so that it is no longer possible to establish a reference to the individual user. This data is not evaluated in anonymous form except for statistical purposes. This data is not combined with data from other data sources.

2.3. Cookies

Our website uses so-called "cookies". Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.

Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.

Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent.

You can set your browser to

  • be informed about the setting of cookies,
  • only allow cookies in individual cases,
  • exclude the acceptance of cookies for certain cases or generally,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at www.aboutads.info/choices/ or www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be "tracked" for behavioral advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. "NoScript" allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: addons.mozilla.org/en-US/firefox/addon/noscript/).

Please note that if you disable cookies, the functionality of our website may be limited.

2.3.1. Change cookie settings

You can revoke or change your cookie settings at any time. To do so, access the cookie settings again via our integrated thumbprint. You can find this at the bottom right of our website.

2.4. Specific services and providers used on our website

2.4.1. Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies" and web beacons.

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.

We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/

https://policies.google.com/privacy

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout .

2.4.2. Hotjar

Our website uses the web analysis service Hotjar of Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe).

This tool allows us to track movements on the websites where Hotjar is used (so-called heat maps). For example, we can see how far users scroll and which buttons users click on how often. The tool also allows us to get feedback directly from the users of the website. Most importantly, Hotjar's services can improve the functionality of the Hotjar-based website by making it more user-friendly, more valuable and easier for end users to use.

When using this tool, we take special care to protect your personal data. For example, we can only track which buttons are clicked, the mouse history, how far it scrolls, the screen size of the device, device type and browser information, geographic location (country only) and the preferred language to display our website. Areas of the websites where personal information about you or third parties is displayed are automatically hidden by Hotjar and therefore cannot be traced at any time. In order to exclude the possibility of direct personal references, IP addresses are only stored and processed anonymously. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that are transmitted by your browser as part of web page requests. These would be, for example, cookies or your IP address. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 letter a GDPR on the basis of your consent for the purpose of statistical analysis of user behaviour for optimisation and marketing purposes.

Hotjar stores the customer data in the European Union. In a few cases, customer data may be accessed from the USA or other countries whose data protection laws differ from the data protection laws at your place of residence, or other data (e.g. e-mail) may be transferred to such countries. Hotjar has taken reasonable precautions to ensure that your personal data remains protected and requires that Hotjar's third party service providers and partners also take reasonable precautions.

Hotjar offers each user the option of using a "Do Not Track" header to prevent the use of the Hotjar tool, so that no data about the visit to the respective website is recorded. This is a setting that is supported by all common browsers in current versions. To do this, your browser sends a request to Hotjar to deactivate the tracking of the respective user. If you use our websites with different browsers/computers, you must set up the "Do Not Track" header separately for each of these browsers/computers.

When you visit a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to our opt-out page https://www.hotjar.com/legal/compliance/opt-out and clicking deactivate Hotjar.

For more information about Hotjar Ltd. and about the Hotjar tool, please visit

https://www.hotjar.com

You can find the privacy policy of Hotjar Ltd:

https://www.hotjar.com/privacy

2.4.3. Pardot Marketing Automation

We use the Pardot Marketing Automation System ("Pardot MAS") of http://Salesforce.com , inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States ("Pardot") on our websites. Pardot is a special software for recording and evaluating the use of a website by website visitors. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent

When you visit our website, Pardot MAS records your click path and uses it to create an individual usage profile using a pseudonym. For this purpose, cookies are used that allow your browser to be recognized. By agreeing to the use of cookies when using our website for the first time by confirming the so-called cookie acceptance banner or by continuing to use our website, you also agree to the use of cookies by Pardot.

You can revoke your consent at any time with effect for the future. To do so, please contact us using the contact details provided at the end of this privacy policy. In addition, you can deactivate the creation of pseudonymized usage profiles at any time by configuring your Internet browser so that cookies from the domain "http://pardot.com " are not accepted. However, this may lead to certain restrictions in the functions and user-friendliness of our offer.

For more information, users should refer to Pardot's privacy policy: /https://www.Salesforce.com/de/company/privacy/ .

2.4.4 Hubspot Marketing Automation

Our website uses the marketing automation service- HubSpot, an American developer and marketer of software products, headquartered at Cambridge, Massachusetts, United States.

HubSpot is a CRM platform with all the software, integrations, and resources needed to connect marketing, sales, content management, and customer service. This Marketing software assists in growing traffic, converting visitors into highly qualified leads, lead capturing forms, free ad management tools and runs complete inbound marketing campaigns at scale. It provides tools for social media marketing, content management, web analytics, landing pages, customer support, and search engine optimization.

Hubspot uses cookies, which enables us to conduct an analysis of your use of the website by us. Hubspot analyzes the collected information (e.g. IP address, geographical location, browser type, duration of the visit and pages viewed) on our behalf so that we can generate reports about the usage of our website. Information collected through Hubspot, as well as the content of our website, is stored on servers operated by Hubspot's service providers in the European Union.

Certain usage data is linked to your person (e.g. after entry into a form) and stored in our CRM. This enables us to send you information and offers tailored to your interests.

Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.

You can revoke your consent at any time with effect for the future. To do so, please contact us using the contact details provided at the end of this privacy policy. In addition, you can deactivate the creation of pseudonymized usage profiles at any time by configuring your Internet browser so that cookies from the domain "http://hubspot.com " are not accepted. However, this may lead to certain restrictions in the functions and user-friendliness of our offer.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Data is deleted no later than 13 months after it has been collected.We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the USA may take place, further safeguards are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.

For more information, users should refer to HubSpot's privacy policy:

https://legal.hubspot.com/terms-of-service

For Data Processing Agreement, refer to the link below:

https://legal.hubspot.com/dpa

2.4.5. Zapier

This site uses the integration service Zapier to link tools together. Zapier is a service of Zapier Inc. 243 Buena Vista Ave #508, Sunnyvale, CA 94086, USA.

Zapier is used in the interest of integrating the tools used by us as effectively as possible. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.

We have concluded a contract on commissioned data processing with Zapier, in which we oblige Zapier to protect our customers' data and not to pass it on to third parties.

Since a transfer of personal data to the USA takes place, further safeguards are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.

You can find more information about Zapier at https://zapier.com and in Zapier's privacy policy: https://zapier.com/privacy .

2.5. Contact possibilities and registration

2.5.1. Contact by e-mail or contact form

If you send us requests via our contact form or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.

2.5.2. Marketing materials

If you would like to receive marketing materials with regular information about our offers and products, you can give your permission to do so in our contact form.

For the dispatch of marketing materials, we use the so-called double opt-in. This means that we will only send you marketing materials such as newsletters via email, if you have expressly confirmed that you agree to receive them. In the first step, you will receive an email with a link to confirm that you, as the owner of the corresponding email address, wish to receive newsletters in the future. With the confirmation you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.

When you register for receiving marketing materials, in addition to the email address required for sending the newsletter, we store the IP address by which you registered for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later point in time.

You can unsubscribe from receiving marketing materials at any time by clicking on the link included in each marketing e-mail or by sending an email to the address of Modifi described above. Once you have cancelled your subscription, your email address will be deleted from our newsletter list immediately, unless you have expressly consented to the continued use of the data collected.

Our email newsletters are sent via a technical service provider to whom we pass on the data you provide when you register for the newsletter. We have concluded a data processing agreement with our email service provider in which we bind him to protect the data of our customers and not to pass them on to third parties.

Service provider: Campaign Monitor

Address: Campaign Monitor Pty Ltd, 404/3-5 Stapleton Avenue, Sutherland, NSW, Australia, 2232.

Privacy Policy: www.campaignmonitor.com/policies/#privacy-policy

Safeguard: EU Standard Contractual Clauses

Our provider uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For the evaluation the sent emails contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on, if applicable. Conversion tracking can also be used to analyse whether a predefined action (e.g. purchase of a product on our website) was carried out after clicking on the link in the newsletter. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). The data is collected pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. These data are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. The legal basis for this data processing is your consent pursuant to Art. 6 (1) lit. a GDPR, which you give in the course of the newsletter registration.

If you wish to revoke your consent to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

2.5.3. Registration

You have the possibility to register for certain services provided on our website and to create a user profile. We collect and use the following personal data during registration and setup:

  • First name, last name
  • Phone number
  • Email address
  • Company name
  • Date and time of registration

Mandatory data provided for the purpose of registration is marked with an asterisk in the input mask as a mandatory field. With your user account you will have the possibility to use further parts of our website and to log in for the offers you have purchased. If consent is given, the legal basis for data processing is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR, insofar as the processing is necessary for the provision of the requested services. Your data will be deleted as soon as the user account on our website is deleted and insofar as there are no legal storage obligations. You can usually change and/or delete your user account, including the data you have provided, directly in your user account after logging in or by sending a message to the responsible party named at the beginning of this privacy policy.

2.5.4. Salesforce

We use the customer resource management system (CRM system) "Salesforce by salesforce.com, The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA.

The purpose of processing the data provided is to be able to manage contacts with (potential) customers and keep your data up to date. The legal basis for the processing is Art. 6 para. 1 lit. f) GDPR, our legitimate interest in the efficient management of customer accounts and information.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

2.5.5. Calendly

You have the possibility to book appointments with our employees through our website. For this purpose, we use the Calendly, a service by Calendly, LLC, 1315 Peachtree St NE, Atlanta, GA 30309.

If you want to book an appointment with us, you can use the form provided for this purpose in our contact options. The data you provide (name, e-mail address) will then be transmitted via Calendly to the respective contact person and the data will be entered in our calendar (Outlook). In addition, the data can be viewed by us in the login area of Calendly and is stored there until it is no longer required to achieve the purpose for which it was collected. Typically, the data is stored for no longer than 120 days.

You will receive a confirmation of the appointment by e-mail, where you have the option to enter the meeting data in your calendar.

The purpose of processing the data provided is to be able to make an appointment, process the contact request and get in touch with you. The legal basis for the processing is Art. 6 (1) f) f) GDPR, our legitimate interest to offer you the opportunity to independently arrange appointments with us whenever it suits you. This simplifies the coordination and enables an efficient appointment arrangement.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

2.5.6. Google Maps

Our homepage uses the online map service provider Google Maps via an interface. Provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to display interactive maps directly on the website and makes it easy for you to use the map function. To use the functionalities of Google Maps it is necessary to save your IP address.

Google uses Cookies, to collect information about user behaviour. The legal basis for the processing of your personal data is your given consent according to Art. 6 para. 1 s. 1 lit. a GDPR.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, Google uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

Further information on the handling of user data can be found in Google's privacy policy:
www.google.de/intl/de/policies/privacy/
Opt-out: www.google.com/settings/ads/

3. Data Transfer and Recipients

Your personal data is not transferred to third parties, unless

  • we have explicitly pointed this out in the description of the respective data processing.
  • you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
  • there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. Your personal data will not be transferred to third parties by our service providers.

4. Credit check of potential customers

Before we conduct Seller Finance agreements, we check our potential customers with credit bureaus and other credit or financial institutions for information about their payment history and creditworthiness. For this purpose, the institutions receive some basic information from us that you provided us with (name, address, date of birth).

The legal basis for this processing is Art 6. para. 1 lit. f GDPR, our legitimate interest in only providing loans / advance payments to qualified sellers mand avoid financial risk. We do not pass on the information we receive from credit / financial institutions to third parties.

You have the possibility to object to the processing of your information for this purpose. Please note that an objection will have an impact on your financing opportunities with us. For more information see the point 'right to object' in this privacy policy.

5. Job Application

If you apply for a job at our company via contact form or by email, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number and email address of the user) as well as other data provided by you regarding your background (e.g. CV, qualifications, degrees and work experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability). Your personal data ordinarily is collected directly from you during the application process and is encrypted during electronic transmission. The primary legal basis for this is Art. 6 para. 1 lit. b GDPR in conjunction with 26 para. 1 BDSG. In addition, consent in accordance with Art. 6 para. 1 lit. a, 7 GDPR in conjunction with 26 para. 2 BDSG can be used as a data protection permission regulation. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.

Within our company, only those persons and positions (e.g. human resources) have access to your personal data which absolutely need to carry out the application procedure or to fulfil our legal obligations. Your applications will be forwarded to the responsible person for examination. Under no circumstances will your personal data be passed on to third parties without authorisation.

Your data for an application for a specific job advertisement will be stored and processed by us during the ongoing application process. Once the application process has been completed (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after the application process has been completed. The data from open applications will be stored securely for 6 months. If there is an interest in keeping data from open applications longer than 6 months, we will obtain your consent according to Art. 6 para. 1 lit. a) GDPR. Once given, you can revoke your consent at any point by contacting us with the details outlined above. If you are accepted, your application documents will be transferred to the personnel file.

6. Data protection information for customers and business partners

6.1. Information on data processing

The following personal data are regularly processed by us when customers register on the MODIFI hub, when we onboard new customers (including Know Your Customer-processes), when we make (credit) risk assessments and/or when we approve and/or execute individual transactions:

  • Name, address, contact data (telephone, e-mail address), birth date/place, gender, nationality, identification data (e.g. ID data), authentication data, tax ID, FATCA status and credit scores.
  • Order data (e.g. transfer orders), data from the fulfilment of our contractual obligations (e.g. account statements, invoices).
  • Creditworthiness documents (income, expenses, financial statements, bank account information) and scoring/rating data.
  • Transaction data (currency, totals, countries, time, counterparty, type of transaction, credit).

We have received this information from you, for example when you onboarded with us as a customer or when opening and maintaining your account in the MODIFI Hub. In addition, to the extent necessary for the provision of our services or the preparation of an offer, we process personal data that we have received from third parties (e.g. from credit bureaus or from payment institutions offering access to your bank accounts (with your consent)).

Furthermore, we process personal data which we have obtained and may process from publicly accessible sources or paid or freely accessible databases. These include for example debtor registers, land registers, commercial association registers, customs data, press, media or internet. To the extent personal data is involved, which is not necessarily the case given our corporate customer base, we process such personal data because this is necessary in the context of a contractual or pre-contractual business relationship for the provision of our seller financing service or for the initiation of a Seller Financing Agreement, on the basis of Article 6(1)(b) of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ( GDPR ).

Insofar as this is necessary, MODIFI processes your data beyond the actual fulfilment of the contract to safeguard legitimate interests in accordance with Article 6(1)(f) GDPR. These include consulting and exchanging data with credit agencies to determine creditworthiness and default risks, asserting legal claims and defending against legal disputes, ensuring MODIFI's IT security, preventing criminal offences (such as fraud), measures to manage business and further develop services and products, and risk management.

As a financial service provider, we are subject to various legal obligations such as the Act for the Prevention of Money Laundering and Terrorist Financing ( Wet ter voorkoming van witwassen en financieren van terrorisme, Dutch AML Act ) We must also process your personal data in accordance with Art. 6 (1)(c) GDPR in order to fulfil these obligations and requirements. The purposes of processing include, among other things, creditworthiness checks, identity checks, fraud and money laundering prevention and reporting obligations.

6.1.1. When you provide us with data

In the context of our business relationship you must provide those personal data which are necessary for the establishment, execution and termination of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without these data we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it.

Where you provide us with personal data relating to your employees, customers or third parties, this will be considered third party data. You are the existing data controller in respect of such data and you should ensure that you have the requisite consent or legitimate purpose to transfer that data to us.

Further, you must be able to demonstrate that you are fully compliant with data protection legislation. You have an obligation to be transparent about how you process personal data and as such, should include details of who you share this data with e.g. MODIFI. We process third party data on the basis that we have a legitimate interest in preventing fraud and money laundering to protect our business and to comply with laws that apply to us.

6.2. Recipients of your personal data

Within MODIFI, those persons who need your data to fulfil our contractual and legal obligations have access to it. We will only transfer your data to third parties if we are authorised to do so under data protection law (e.g. in accordance with the above-mentioned legal provisions). Your data may also be passed on by us to external service providers, who support us in data processing within the framework of our business relationship in accordance with strict instructions.

Under these conditions, recipients of personal data may be:

  • MODIFI group companies (e.g. from MODIFI GmbH to MODIFI B.V. or vice versa);
  • public authorities and institutions (e.g. the Dutch Central Bank ( De Nederlandsche Bank ) in respect of MODIFI B.V.), in case of a legal or official obligation;
  • credit bureau, credit recovery or other credit related institutions with whom we cooperate;
  • financial service institutions with whom we cooperate;
  • IT service providers to which we transfer personal data for the execution of the business relationship with you; and
  • other service providers to which we transfer personal data as part of our business processes to execute our business relationship with you, for example parties that execute identification and verification processes for us in the country where you are based.

6.3. Data transmission to third countries

We only transfer your data to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders (e.g. payment and securities orders), if there is a legal obligation (e.g. tax reporting obligations or the requirement to do Know Your Customer-checks locally in a third country), you have given us your consent or in the context of data processing. To ensure that the level of protection guaranteed by the GDPR is not undermined, we have, among other things, provided appropriate safeguards for this transfer in the form of standard data protection clauses adopted by the EU Commission (Article 46 (2) (c) GDPR), which can be obtained by contacting the person responsible for data protection at this address or at data-protection@modifi.com.

6.4. Storage period for customer data

We store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. If the data are no longer required for the fulfilment of these purposes, they are regularly deleted. This does not apply if the deletion conflicts with retention periods under applicable laws (such as tax laws of anti-money laundering laws).

The periods for storage and documentation specified there differ. For example, under the Dutch AML Act your data is stored for five years after the business relationship terminated and certain information must be stored for at least seven years under Dutch tax laws. In addition, we also store data to preserve evidence under the statute of limitations. These limitation periods may be up to 20 years in the Netherlands, whereby the regular limitation period is five years in the Netherlands. For Germany, these periods are 30 and 3 years respectively.

6.5. Your rights in connection with data processing

Please find extensive information about your rights in point 6.3. of this privacy policy.

6.6. Automated decision-making and profiling in the context of customer data

In individual cases and in principle on the corporate customers only, we use automated decision making according to Article 22 GDPR to bring about a decision on the establishment and implementation of the business relationship. Should this result in a negative legal consequence, we will inform you of the automated decision-making process and allow you to express your point of view separately and to obtain a decision by an employee. We process your data partially automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases: Due to legal and regulatory requirements, we are obliged to combat money laundering, terrorist financing and asset-polluting crimes. Data is also evaluated (for example, in payment transactions).

These measures also serve to protect you. For corporate customers, we use data such as industry, annual results and financial circumstances. Both scoring and rating are based on mathematically and statistically recognised and proven methods. The calculated score values and credit ratings support us in our decision-making and are included in our ongoing risk management. We will also use data relating to national persons affiliated with the corporate customer. We use scoring and rating to assess their credit- and trustworthiness. This may include his/her financial position, experience from previous business relationships, contractual repayment of earlier loans and information from credit bureaus.

7. Other provisions

7.1. Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

7.2. Storage period

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

7.3. Your Rights

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:

The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.

The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.

The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.

The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal

7.3.1. Right to object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.

If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to data-protection@modifi.com.

7.4. Necessity of providing personal data

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

7.5. Automated decision making

In individual cases and in principle on the corporate customers only, we use automated decision making according to Article 22 GDPR to bring about a decision on the establishment and implementation of the business relationship. Should this result in a negative legal consequence, we will inform you of the automated decision-making process and allow you to express your point of view separately and to obtain a decision by an employee. We process your data partially automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases: Due to legal and regulatory requirements, we are obliged to combat money laundering, terrorist financing and asset-polluting crimes. Data is also evaluated (for example, in payment transactions). These measures also serve to protect you. For corporate customers, we use data such as industry, annual results and financial circumstances. Both scoring and rating are based on mathematically and statistically recognised and proven methods. The calculated score values and credit ratings support us in our decision-making and are included in our ongoing risk management. We will also use data relating to national persons affiliated with the corporate customer. We use scoring and rating to assess their credit- and trustworthiness. This may include his/her financial position, experience from previous business relationships, contractual repayment of earlier loans and information from credit bureaus.

7.6. This policy is subject to change

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

Status of this privacy policy: 26/11/2021

This website uses cookies. Learn more about the use of cookies and ways to prevent their storage in our Terms of Use and Cookie Policy. Please click Accept if you agree to the use of advertising, marketing or social media cookies and Decline if you disagree to such use. Read our Privacy Policy here.