Data Processing Privacy Policy
We provide a fully digital solution for the automation and simplification of complex business processes for our clients. In the process of providing these services, we need to collect information that is required for our clients to provide their services to their users, including personal data related to specific individuals. We are committed to protecting the privacy and security of that data.
This Data Processing Privacy Policy is meant to clarify what information we collect, how that information is used and where and how it is transferred and stored. When we provide services for our clients, we are acting on their behalf as their service provider and data processor. Our clients, not Moflix, are the controllers of the information that we collect and process.
We only process information on behalf of our clients on the basis that the user has consented to the processing and when the client has a legitimate or lawful reason for requesting such information.
How and why do we collect information?
We collect personal information that users voluntarily provide to us when registering at the Platform, expressing an interest in obtaining information about our clients' products and services, and when participating in Platform activities.
The personal information that we collect depends on the context of user interactions, the choices users make and the products and features users use. The personal information we collect can include the following:
-
Name and contact details. We collect user’s first and last name, email address, and postal address. The postal address is collected for legal compliance reasons and also for possible SIM card delivery.
-
Login username is stored so it can be mapped to a user’s data. The password is not stored. User authentication is based on access tokens.
-
Payment method. We collect payment method alias for purchases and renewals.
-
KYC related information is collected to user identify users for regulatory purposes. This includes document type, user’s name in id document and date or birth.
-
Subscription related information. We collect SIM card ICCID and MSISN for subscription activation. The MSISDN may be assigned by our clients or a port-in number from another operator.
All personal information that the user provides must be true, complete and accurate; and user must notify us of any changes to such personal information. In most cases, the user can change the information themselves using our platform services.
How is the information used?
The data that we collect on behalf of our clients is required for regulatory purposes or to ensure that our clients can keep their contractual obligations towards their customers.
For example, we process data for the following purposes:
-
to verify the requirements for signing a contract;
-
to meet contractual obligations;
-
to meet regulatory and legal obligations;
-
to process orders and measure system usage;
-
to prevent illegitimate use of services;
-
to trigger payments for use of services;
-
to enable our clients to maintain, develop, and sustain the customer relationship with their users.
Where is the information stored and processed?
Where we transmit, process and store data depends on the requirements given to us by our clients. For clients in the European Union and Switzerland, we use data centers located in the European Union or Switzerland that are EU GDPR compliant and follow the strictest security policies and procedures.
Data may be processed by Moflix affiliates as shown below:
-
Moflix AG
-
Moflix Oy
-
Kext Services GmbH
We may use third-party processing to provide our services to our clients as shown below:
-
Cloud Services: Amazon Web Services EMEA SARL
-
Document and Identification Verification: Onfido Ltd.
-
App Data Synchronization and Debugging: Google Ireland Ltd.
-
Service Desk Management: Atlassian Pty Ltd.
We store personal data for only as long as is necessary and only to achieve the purpose for which it was collected. Retention, anonymization and deletion policies are defined by our clients.
We do not sell or rent personal data to third parties.
How do we comply with data privacy and protection regulations?
The information that we process is controlled by our clients. As such, our data privacy and protection compliance activities must be aligned with those of our clients. Our intent is to enable their compliance.
-
Data processing agreements are in place with each of our clients outlining our roles and responsibilities regarding personal data privacy and protection.
-
Direct requests from data subjects (e.g., information, erasure, restriction, rectification) will be referred to the data controller.
-
In the event of a data breach, the incident will be immediately reported to the data controller and followed up to ensure that the appropriate legal authorities have been properly notified.
-
Requests from from data subjects coming via data controller (e.g., information, erasure, restriction, rectification) will be acted upon in accordance with agreed processes and in a timely manner.
Review of this Policy
We will review and update Privacy Policy from time to time to align with legal requirements, client needs and changes in our own policies and procedures.