GDPR

GDPR & Data Protection

This page explains how Mods handles personal data in the context of our services and our website. It is written to be practical: what we collect, why we process it, how we protect it, and how to contact us.

Last updated: 01 FEB 26

1) Who we are

Mods provides operational services to online platforms, including risk operations, fraud prevention support, dispute/chargeback operations, trust & safety operations, content moderation, and customer support workflows.

Company: Mods
Contact (GDPR): [email protected]
Phone / WhatsApp: +216 22 251 220

Note: Depending on the engagement, Mods may act as a data processor (processing data on behalf of a client) or as a data controller (processing data for our own business purposes, such as website inquiries and vendor management).

2) When we are a processor vs. a controller

When Mods acts as a processor

In most service engagements, Mods processes personal data on behalf of a client (the controller), following the client’s documented instructions and applicable contractual terms. This typically includes handling tickets, operational reviews, risk workflows, and related reporting.

If you are an end-user of one of our clients and want to exercise your GDPR rights, please contact the client directly first. We will support the client as needed to respond to valid requests.

When Mods acts as a controller

Mods is a controller for personal data processed for our own business operations, such as:

  • Website contact requests and inbound communications
  • Business relationship management (prospects, partners, vendors)
  • Security monitoring and protection of our systems
  • Recruitment (if you apply to work with us)

3) What data we may process

The exact data depends on the context (service delivery vs. website inquiry) and the configuration chosen by the client. Examples of data categories may include:

Service delivery (processor context)

  • Account identifiers and user references provided by the client
  • Support tickets, messages, operational notes, and attachments (where applicable)
  • Operational metadata (timestamps, workflow status, audit events)
  • Risk and dispute references (case IDs, transaction references, program metadata) where relevant to the scope

Website and business communications (controller context)

  • Contact details (name, email, phone number) when you submit them to us
  • Message content and any information you choose to share
  • Basic technical data (for example: IP address, device/browser information) for security and performance

We do not intentionally request sensitive categories of personal data. If such data is included in communications, it is handled with appropriate care and only used where strictly necessary.

4) Why we process data and our legal bases

Under GDPR, processing must be tied to a valid legal basis. Depending on the context, Mods may rely on:

  • Contractual necessity (to deliver services requested by a client or to respond to a request)
  • Legitimate interests (to operate, secure, and improve our services and communications)
  • Compliance with legal obligations (where applicable)
  • Consent (where required, for example certain cookie categories or optional communications)

5) Subprocessors and third-party providers

We may use third-party providers to support service delivery, security, analytics, monitoring, dispute operations, and reporting. Where we use subprocessors for client data, we do so under contractual safeguards and access controls.

You can review our current list of subprocessors on the dedicated page: Subprocessors List.

For subprocessors where a region can be selected (notably Zendesk and Microsoft Power BI), data may be hosted in the country or continent chosen by the client, subject to the vendor’s available options.

6) International transfers

If personal data is transferred outside the European Economic Area (EEA), appropriate safeguards may be used where required, such as contractual protections and security measures suitable to the processing and the parties involved.

7) Retention

We retain personal data only as long as needed for the purpose it was collected for, including for operational, contractual, legal, and security requirements. In processor scenarios, retention is typically defined by the client’s instructions and the service agreement.

8) Security

We apply reasonable technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. Measures may include access controls, logging, least-privilege principles, secure configurations, and operational procedures aligned with the service context.

9) Your GDPR rights

Where Mods is the controller (or where applicable through a client as controller), GDPR provides rights that may include:

  • Access to your personal data
  • Correction of inaccurate or incomplete data
  • Deletion (where applicable)
  • Restriction of processing (where applicable)
  • Data portability (where applicable)
  • Objection to processing (where applicable)
  • Withdrawal of consent (where processing is based on consent)

To request assistance, contact us at [email protected] or +216 22 251 220. If Mods is acting as a processor for a client, we may redirect the request to the relevant client (controller) so it can be handled appropriately.

You may also have the right to lodge a complaint with your local supervisory authority.

10) Cookies and analytics

Our website may use cookies or similar technologies for basic functionality, security, and analytics. Where required, we provide appropriate choices or controls. Details may be provided in a separate Cookie Policy.

11) Change notifications

We may update our data protection information as services evolve. Notifications of material changes can be handled via:

  • Email
  • Phone calls
  • Online meeting requests

12) Contact

GDPR contact: [email protected]
Phone / WhatsApp: +216 22 251 220