Effective since: 25 February 2025
MODUS X (“we”, “us”, “our”, “Company”) is committed to protecting your privacy. On this page, you can learn what information about you we collect when you interact with us and how we process the personal data you provide.
This Policy is intended to help you understand:
why we collect your personal data;
how we collect, use and store your personal data;
which rights relating to your personal data you have;
how you can exercise the rights relating to your personal data;
how we use cookies and other tracking technologies;
how we share and disclose your personal data.
This Privacy Policy (“Policy”) applies to the relationship between you and us. It describes how we handle the data you provide when you use our app(s) and/or other online services under the service agreement between you and us (“Product”), and how we otherwise collect information about you.
When processing your personal data, we can play different roles under the GDPR and other applicable laws and regulations. Depending on the factual circumstances of the processing, we may act as a data controller or data processor under the GDPR.
When using our Product, you can be a data subject, a data controller and/or a data processor.
You are a data subject if you downloaded this app from the App Store or Google Play Market, or if access to this app has been provided to you by your (potential) employer or a business partner (“Data Subject”).
You are a data controller or a data processor if you use this app as part of the service agreement and/or data protection agreement you have signed with us. The roles are distributed between us as set out in the respective data processing agreements (“Client”).
The definitions in this Policy are used in line with the definitions provided in the GDPR and the Data Processing Agreement signed with the data controller, including the following definitions:
“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679).
“Client Data” means personal data that the Client, acting as a controller, provides to us, acting as a processor, in relation to the online software product services we provide, or any other personal data that the Client processes as a data controller and we process as a data processor. If you are a Data Subject, please refer to your respective (potential) employer or business partner for more information about the data processing conducted by them via this Product.
“Data controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and how any personal data is processed.
“Data processor” means the natural or legal person who processes personal data on behalf of the data controller.
“Personal data” means any information relating to you and helping identify you (directly or indirectly), such as your name, last name, email, location, etc.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Product” means the SaaS platform operated by MODUS X LLC, including its web-based application, mobile application, and related services.
We collect and process information about you in accordance with this Policy. We may collect your personal data through the Product or through other related means.
We collect the Client Data and the following information about you in connection with our Product. In particular, we collect the following:
(a) Authorization through DEEP AUTH. These services authenticate your identity using authetication token and, where available, allow you to share certain personal information with the Company, such as your full name, email address, and profile image.
(b) Registration Information. We create an admin account for our Clients after signing a service agreement and/or a data processing agreement. When they create an account on the Product using this admin account and Client Data, we collect the following information:
i. information about Client’s (end) users, including contact information (such as phone number), communication information, automatically collected information, payment information, or any other information subject to the Client’s data protection policies and our data processing agreement;
ii. information about candidates for the Client’s vacancies, employees, and contractors, including contact information (such as phone number), communication information, personal information, location information, information from documents, payment information, other information from HR systems, information used during document flow and reporting, information related to the use of IT systems and equipment, information related to the performance of work duties, or any other information subject to the Client’s data protection policies and our data processing agreement;
When you register, the Product also creates a unique identifier (user ID) to identify you (and other accounts the Client creates within the Product). This information is necessary to create and manage your account.
(c) Profile Information. When you use the Product, you may provide additional information to personalise the account profile, including profile pictures and other user details.
(d) Communication Information. When you use the Product’s feedback or messaging features, we collect and store your feedback, survey answers, chat messages, and related user details to provide the service. We may also send you transactional emails (such as security codes and service notifications), which may include your name, phone number, and/or email address.
(e) Cookies Information. We may use cookies and other tracking technologies when you interact with the web version of the Product to ensure proper functionality, for analytics and marketing, to remember your preferences, and for other purposes. Such use may involve the transmission of information from us to you and from you to a third-party website or us. To learn more regarding our use of cookies, please read our Cookies Policy.
(f) Content Information. When you create, upload, or share content on the Product (including images and audio files), we collect and store it to provide our services.
(g) Device and Usage Information. When you access the Product, we automatically collect certain information about your device and your interactions with our services. This may include: device information (device type, operating system, mobile device identifiers), browser information (browser type and version), IP address, usage data (features used, actions taken, session duration), log data and crash reports to maintain and improve the Product.
(h) Gamification and Progress Information. We may process data on task completion, progress indicators, achievements, points, levels, and similar gamification metrics generated within onboarding, training, or internal development programs administrated by the Client for HR and personnel management purposes.
(i) Push Notification Information. We may send you push notifications to provide updates and relevant information about the Product. To send these notifications, we collect device tokens and notification preferences.
We use the personal data we collect and process only for the purposes set out in this Policy and in the applicable data protection agreement with the Client. We may share personal data with third parties solely for the purposes listed herein.
As a data controller, we collect and process your personal data in accordance with the GDPR and other applicable laws and regulations. Under the GDPR, there is an exclusive list of lawful bases, allowing us to process your personal data. During personal data processing, we rely only on four of them, namely:
Article 6.1(a): consent
We collect the information you choose to give us, and we process it under your consent. You may withdraw your consent to the processing of your personal data at any time by contacting us in any way convenient for you.
Article 6.1(b): performance of a contract
When you provide us with personal data through the available options in our Product, this may constitute a request to form or perform a contract between you and us. However, we may ask you for clear consent in case of doubt.
Article 6.1(c): legal obligation
We process your personal data to fulfil our legal obligations, such as complying with tax or regulatory requirements. If you request to exercise your rights under the GDPR, we may ask you for some personal data for verification purposes to identify you and comply with the applicable law.
Article 6.1(f): legitimate interest
We process your personal data for the purposes of our legitimate interests, such as preventing fraud and ensuring the security of our Product. We only collect and use the strictly necessary data to achieve these purposes, provided that your interests and fundamental rights and freedoms are not overridden.
When acting as a data controller, we may use your personal data for the purposes listed in the table below, where we also detail the types of personal data processed, legal bases we rely on to do so, third parties with whom we may share your personal data and information on the source of such data:
When you use the web version of our Product, we may collect certain information via cookies. These cookies, for example, can help us understand your interactions with our Product, enhance your browsing experience, improve our Product and services, and conduct marketing activities. To learn more about the types of cookies we use and how you can customise your cookie preferences, please review our Cookies Policy.
We retain personal data for as long as needed to fulfil the purposes outlined in this Policy (for personal data we collect as a data controller) and in the service agreement (including the data protection agreement) signed with the Client. The data retention schedule is provided in the respective data protection agreement.
As a data processor, we retain Client Data and personal data you provide as a Data Subject for as long as the respective data controller (our Client) instructs us to do so. Please refer to the data controller’s privacy or data protection policy to learn more about how your data is processed and your data subject rights.
We store Cookies Information for the period specified in our Cookies Policy. We may not delete or anonymise your data if we are compelled to keep it under the GDPR and other applicable laws.
We have implemented appropriate organisational, technical, administrative, and physical security measures designed to protect your personal data from unauthorised access, disclosure, use, and modification. We regularly review our security procedures and policies to evaluate the adoption of new technologies and methods.
We may share your personal data with other entities in accordance with the provisions specified hereafter.
Sharing data with data (sub-)processors
There are many features necessary to provide you with our services that we cannot complete ourselves; thus, we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services.
Therefore, we may share and disclose your personal data to other data processors, namely, to:
App Store (Apple Inc., USA): for processing in-app purchases and subscriptions. You may read its Privacy Policy here.
Google Play (Google LLC, USA): for processing in-app purchases and subscriptions. You may read its Privacy Policy here.
Firebase (Google LLC, USA): used to deliver push notifications, analytics, and messaging services, including chat functionality. You may read its Privacy Policy here.
Google Analytics (Google LLC, USA): used for analytics and understanding user behaviour. You may read its Privacy Policy here.
As part of our business operations, we may engage various specialists who may receive your personal data, including technical, sales, legal and marketing professionals, to provide you with better client service. Collectively, these specialists are referred to in this Policy as Contractors.
We may transfer your personal data to countries outside the European Union (EU) and the European Economic Area (EEA) that are not deemed to provide an adequate level of data protection under Article 45 of GDPR (adequacy decision).
In such cases, we will ensure that appropriate safeguards are implemented in accordance with the GDPR to protect your personal data, in particular, the standard contractual clauses adopted by the European Commission. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with these third parties to ensure that your personal data is adequately protected.
We put supplementary technical and organisational measures in place when transferring data outside the EU and the EEA. e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.
This Policy applies only to the Product. We strongly recommend you review the privacy documents of any websites you may reach by following the hyperlinks presented on our Product. We have no control over the content and data practices of our Client, which acts as a data controller, and other websites, and we are not responsible for their actions.
We manage the Company's official pages on various social media sites. We can collect information about you when you interact with us via our social media accounts by following our official pages, posting comments, or reacting to our content. When you contact us via our social media accounts for assistance or leave us feedback regarding the provision of services, we can collect this information for further communication purposes.
Please note that, depending on the social media platform, additional processing operations may be conducted by the operators of these platforms. We recommend always checking social media platforms' privacy policies and rules regarding the collection of your personal data.
Our Product is intended for Data Subjects authorised by our Client(s) and is not directed to children under 18. By submitting your personal data to us, you acknowledge that you have reached the age of 18, and under the laws of your country of residence, you have all rights to provide us with your personal data for processing.
Under the GDPR, we do not knowingly collect any personal data from children under the age of 16 (or a lower age if provided by EU member state law, provided that such lower age is not below 13 years).
If we learn we have collected or received personal data from a child, we will delete that information. If you have any reason to believe that a child has provided their personal data to us, please contact us.
You may exercise the following rights by submitting a data subject request via any way convenient for you:
if your request concerns the matters, we are responsible for as a data controller (such as Product overall technical performance or access to the app), please contact us at deephr.modusx@gmail.com;
if your request concerns your relationship with the respective data controller (for example, you want to access all the data compiled by your employer or business partner), please contact the data controller directly.
Please note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
We encourage you to reach out to your respective data controller or to us initially with any concerns you may have regarding the processing of your personal data.
You have the right to lodge a complaint about our use of your personal data with a data protection authority. For more information, please contact your national data protection authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find a full list of EU supervisory authorities through this link.
We may periodically update this Policy to reflect new updates, technologies, legal requirements, or other reasons. Any changes will be communicated by posting an updated Privacy Policy on our Product.
We encourage you to review this Policy periodically. If possible, we always give advance notice of upcoming changes by indicating when the new version of the Privacy Policy will take effect. If you continue to use our Product or otherwise provide us with your personal data after the new version of the Privacy Policy goes into effect, we assume that you agree to the changes.
If you have a question related to this Policy, our data processing activities, or your data subject rights under the GDPR and other applicable data protection laws, you can use the following details to contact us:
Our company: MODUS X LLC
Our address: Office 20D, 8 Gareth Jones Str., Kyiv 04119, Ukraine.
Our email: deephr.modusx@gmail.com