ModelDesk logo

Privacy Policy

This privacy policy applies to personal data obtained within our organisation ModelDesk B.V. (hereinafter: ModelDesk and we/us/our). ModelDesk offers services in the field of information modeling and (meta)data management (the Services). For more information, see: https://modeldesk.io (the Website).

1. Privacy and applicable legislation

We consider privacy very important. In this privacy policy, we explain which personal data we process through our Website and Services. We also explain the purposes for which we use personal data, how we protect them, and how long we retain them.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant laws and regulations regarding the protection of personal data (hereinafter collectively: the Applicable Legislation).

We make every reasonable effort to ensure that all personal data provided to us is treated confidentially and processed in accordance with the Applicable Legislation.

2. Legal bases for the processing of personal data

There are various legal bases under the Applicable Legislation on which we may or must process personal data:

  • Performance of the contract;
  • Legitimate interest;
  • Legal obligation.

3. Roles

When we process personal data on the basis of written instructions from our client for the purpose of delivering our Services, we do so in the role of Processor in accordance with the Applicable Legislation.

When we process personal data through our Website or in support of delivering our Services, we do so in the role of Controller in accordance with the Applicable Legislation. The processing activities for which we are the controller are listed under section 4.

4. Categories of personal data and purposes

Name and contact details of platform users

We collect your first and last name, company name, email address, and username. We use this data to:

  • Address you appropriately in our correspondence;
  • Perform the contract, including the delivery of the Services;
  • Send service messages to ensure the Services function properly.

Name and contact details of our clients

We collect your first and last name, email address, and business (billing) address. We use this data to:

  • Address you appropriately in our correspondence;
  • Perform the contract, including the delivery of the Services;
  • Maintain relationships with customers and suppliers;
  • Notify you of changes to policies, documents, and our Services;
  • Comply with statutory (fiscal) retention obligations and other legal and regulatory obligations;
  • Handle invoicing and collections;
  • Send service messages to ensure the Services function properly.

Support data from our clients

When you request support, we collect data relevant to the support incident, such as contact or authentication details, communications with our customer service, data about the Website/software at the time of the error and during diagnosis, as well as network traffic data.

We also collect the content of messages you send to us, such as feedback, product reviews, or questions for customer support. Telephone calls and/or chat sessions may be recorded and monitored. We use this data to:

  • Better understand your needs and evaluate and improve our Services, Website, software, and security;
  • Register and handle complaints, enquiries, and requests.

5. Rights of data subjects

Under the GDPR, you have the right to:

  • Request us to correct or update your data;
  • Request us to delete your data from our records;
  • Request a copy of the personal data we have processed, which we can also forward to another data controller;
  • Withdraw consent for processing — this does not affect the lawfulness of any processing carried out prior to withdrawal;
  • Object to the processing of your data;
  • File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we process your data unlawfully.

To exercise these rights, contact us at info@modeldesk.io. We will respond within 4 business days.

We may ask you to verify your identity, for example by sending a copy of your identity card. Please make your photo and national identification number illegible to protect your privacy.

6. (Sub-)processors

We use (Sub-)Processors within the meaning of the GDPR for services such as payment processing, accounting, hosting, email management, data storage, and CRM. We only share the personal data that is necessary for them to perform their services. We have concluded processing agreements with all (Sub-)Processors — in line with this privacy policy — setting out what they may do with your data, how they must protect it, and when it must be deleted.

We will not sell or provide personal data to third parties without your explicit consent, unless required by law or necessary due to an acquisition and/or merger.

We only engage (Sub-)Processors that comply with the standards set out in Chapter V of the GDPR.

7. Third-party websites

Links to third-party websites are provided for your convenience. We have no control over these websites and are not responsible for their practices or content. If you use third-party websites linked from our Website, you do so at your own risk.

8. Cookies

Our Website and Services use only functional cookies that are strictly necessary for the operation of the platform, such as authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Protection of personal data

Your personal data is stored and processed within the European Union.

We take physical, technical, and organisational measures to protect your personal data, including TLS encryption of data traffic, a strict password policy, multi-factor authentication, and logging of all administrator activities.

We cannot guarantee the effectiveness of these measures. Our (Sub-)Processors with access to your data are contractually obliged to treat it confidentially and implement adequate security measures.

10. Suspicion of misuse

We reserve the right to act proactively and correctively in the event of suspected misuse of our Services. We may store data as evidence of misuse, request additional data from third parties, and take measures including exclusion from our Services and/or reporting to the authorities.

11. Retention periods

We retain your personal data for as long as necessary to achieve the purposes for which we collect them, unless a different retention period applies by law.

  • Administrative data for financial settlement: 7 years (Dutch Tax Administration requirement);
  • Job applicant data: up to 4 weeks after the application process, or 1 year with consent.

12. Amendment of the privacy policy

We may amend this privacy policy. Significant changes will be announced on our Website and, where possible, by email. We are not liable for any damage arising from amendments to this privacy policy.

13. Comments, questions, and complaints

For questions, complaints, or comments, contact us at info@modeldesk.io.

ModelDesk B.V.

Laan van Spieringshoek 8

3118LN Schiedam

Email: info@modeldesk.io

KvK: 93048505

BTW: NL866259387B01