Privacy Policy
INTRODUCTION
This Global Data Protection Policy (the “Policy”) sets out the minimum standards that Modulaire Group and its subsidiaries (“Modulaire”, “we”) have adopted to ensure that we handle the personal data of our employees, workers, customers, suppliers, and other third parties in a fair, transparent, and secure manner. This Policy aligns with (and, in some cases, exceeds) the key requirements of applicable data protection laws and regulations. Modulaire Group is made up of multiple legal entities, which are listed in Annex 1 of this Policy.
This Policy also complements other specific data protection policies adopted by individual Modulaire entities that govern the collection and use of personal data in support of their day-to-day business activities (e.g., cookie policies, employee privacy notices, customer or supplier privacy notices, etc.). We recognize that some Modulaire subsidiaries operate in countries with varying legal and cultural approaches to privacy and data protection. As such, this Policy may be supplemented by additional policies or procedures in certain jurisdictions, where required, to ensure compliance with local laws and cultural norms. In the event of a conflict between this Policy and any applicable local privacy policy, country-specific documents, or local laws, the applicable local policy or law shall prevail.
This Policy applies to the processing of personal data carried out by or on behalf of Modulaire, as outlined below. It covers all forms of personal data—electronic records, paper documents, disks—whether processed manually or through automated means, in Modulaire’s possession or under its control, and in any country where it operates. This includes data related to Modulaire’s employees, consultants, customers, consumers, suppliers, business partners, and other third parties.
This Policy also applies to third parties who provide services to or on behalf of Modulaire and are required to uphold conduct standards consistent with the principles set forth herein.
HOW DO WE ENSURE THE LAWFULNESS, FAIRNESS, AND TRANSPARENCY OF PERSONAL DATA PROCESSING?
We process personal data based on legitimate legal grounds and with appropriate transparency toward data subjects.
We only process personal data when:
-
It is necessary to perform a contract involving the data subject (e.g., employees, contractors, customers, suppliers, etc.);
-
It is required to comply with a legal obligation;
-
We have a legitimate business need or interest to use the data as part of our operations (e.g., processing data to better understand our customers), and such interest is not overridden by the data subject’s rights or freedoms;
-
We have obtained the data subject’s explicit consent, when specifically required. For example, consent is often required (with certain exceptions) to send marketing communications via electronic means. In such cases—or when none of the other legal grounds apply and where permitted by law—Modulaire will obtain consent before collecting, using, retaining, or disclosing personal data.
We believe it is essential to assess privacy risks before collecting, using, retaining, or disclosing personal data—for instance, when launching a new system or as part of a new project.
Modulaire will process personal data strictly in line with its applicable privacy notices and policies, and only with the consent provided by the data subject (when required). We will provide individuals with all legally required information, including the reasons for and ways in which we will collect, use, share, protect, and store their personal data.
Modulaire will not engage in automated decision-making or profiling activities unless there is a lawful basis to do so—such as a legal requirement, contractual necessity, or the individual’s consent—and only where appropriate safeguards are in place to protect the rights of data subjects, as required under applicable law.
On our websites, we use cookie technology to assess and improve website functionality. We may also use cookies for advertising or analytics purposes, subject to your consent and in accordance with your preferences as managed through our cookie control tool. For more details, please refer to our Online Cookie Policy at: https://www.modulairegroup.com/cookie-policy.
We ensure that individuals receive clear and relevant information about the processing of their personal data. This includes the purpose of processing, the types of personal data collected (if not collected directly from the individual), the categories of recipients, a list of the individual’s rights, the consequences of refusing to provide data, conditions for data transfers outside the EU (if applicable), and the mechanisms used to safeguard personal data during such transfers.
This obligation is fulfilled by providing privacy notices to individuals at the point when their personal data is initially collected. These privacy notices will be written in clear, accessible, and straightforward language that ensures individuals fully understand how their personal data will be used. They will be concise, transparent, and easy to understand, minimizing the potential for confusion or misinterpretation.
CUM PRELUCRĂM DATELE CU CARACTER PERSONAL ÎN SCOPURI SPECIFICE ȘI LEGITIME ȘI CUM VERIFICĂM CĂ DATELE CU CARACTER PERSONAL SUNT MINIMIZATE ȘI CORECTE?
Datele cu caracter personal vor fi colectate și prelucrate exclusiv în scopuri legitime, în conformitate cu principiul minimizării datelor și garantând corectitudinea datelor cu caracter personal prelucrate. Datele cu caracter personal vor fi colectate exclusiv pentru scopuri specifice, explicite și legitime (care pot fi multiple) și nu vor fi prelucrate ulterior într-un mod incompatibil cu aceste scopuri.
Evaluăm și definim cu atenție scopurile prelucrării datelor cu caracter personal înainte de a lansa un proiect (de ex. managementul datelor de resurse umane, managementul datelor de recrutare, întocmirea statului de plată, alocarea instrumentelor IT și orice alte soluții digitale sau platforme de colaborare, managementul asistenței IT, managementul relațiilor cu clienții, managementul vânzărilor și al marketingului, managementul aprovizionării etc.).
Vom garanta că toate datele cu caracter personal pe care le colectăm sunt relevante, adecvate și limitate scopului prelucrării datelor cu caracter personal și utilizării eventuale a acestora (perspective aprofundate, marketing, promoții etc.). Aceasta înseamnă că pot fi colectate și prelucrate exclusiv informațiile necesare și relevante pentru scopul urmărit.
În cazul colectării datelor sensibile sau al datelor cu caracter personal privind infracțiunile și condamnările penale, proporționalitatea este fundamentală și este interpretată mai strict. Nu colectăm date sensibile sau date cu caracter personal privind infracțiunile și condamnările penale decât dacă acest lucru este impus în baza legii aplicabile sau dacă este permis în baza legii aplicabile, cu exprimarea prealabilă a consimțământului explicit al persoanei vizate.
Vom garanta că datele cu caracter personal sunt întreținute sub formă corectă și actualizată în mod corespunzător, în fiecare etapă a prelucrării datelor cu caracter personal (colectare, transfer, stocare și recuperare). Toate datele cu caracter personal despre care se constată că sunt incorecte și perimate vor fi corectate sau șterse fără întârziere.
Încurajăm persoanele vizate să ne ajute să întreținem datele cu caracter personal ale acestora prin exercitarea drepturilor ce le revin, în special a drepturilor de acces și rectificare (pentru mai multe informații privind drepturile persoanelor vizate, a se vedea mai jos).
DATA SECURITY MEASURES
Because employees, clients, suppliers, consumers, and business partners trust Modulaire with their personal data, Modulaire takes appropriate measures to ensure the security and confidentiality of the personal data it processes.
We protect the personal data we collect, use, store, and disclose in support of our business activities by adhering to relevant usage policies, standards, and technical and organizational procedures.
We implement industry-standard technical and organizational measures to prevent accidental or unlawful destruction or loss, alteration, disclosure, unauthorized or unlawful access, or any other form of unlawful or unauthorized processing.
Where processing is carried out on behalf of Modulaire, we select service providers that offer sufficient guarantees (including through the implementation of technical and organizational measures) to process personal data in compliance with applicable data protection laws and to safeguard the rights of data subjects. We only transfer personal data to third-party service providers that agree to comply with the required policies and procedures and have implemented appropriate safeguards as requested.
Modulaire strives to take reasonable measures based on the principles of privacy by design and by default, where applicable, to ensure appropriate protection is in place when processing personal data. This means Modulaire will incorporate technical and organizational measures early in the design of processing operations to ensure privacy and data protection are embedded from the outset (privacy by design). By default, Modulaire ensures that personal data is processed with confidentiality protections in place (e.g., only necessary data is processed, retention periods are minimized, and access is restricted), so that personal data is not, by default, accessible to an indefinite number of individuals (privacy by default).
When personal data processing is likely to result in a high risk to the rights and freedoms of data subjects, we will carry out a privacy impact assessment before the processing is implemented. We will develop, implement, and maintain adequate safeguards that reflect the size and scope of our business, the resources available to us, the volume of personal data we process, and the risks identified.
Further details regarding IT security measures are available in the Modulaire Group IT Security Policy.
HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
Personal data is retained only for as long as necessary for the purpose of processing, in accordance with applicable law and Modulaire Group’s Personal Data Retention Procedure (further details on the Retention Policy and specific retention periods are available upon request using the contact information below).
Any individual handling personal data on behalf of Modulaire will retain it only as long as necessary for the purposes for which it was collected and processed (including any compatible purposes), which may include:
-
carrying out or supporting a business activity;
-
complying with a legal or regulatory requirement and any applicable statute of limitations; or
-
defending against legal or contractual claims (in which case, personal data may be retained until the relevant statute of limitations expires, or in accordance with applicable litigation hold policies).
Personal data will be stored and disposed of in accordance with applicable laws and the Modulaire Group Personal Data Retention Procedure.
YOUR LEGAL RIGHTS
We welcome any questions or requests from data subjects regarding their personal data and, where required by law, we provide individuals with the ability to access, correct, restrict, or delete their personal data. We also enable them to object to the processing of their data and to exercise their right to data portability.
-
Right of Access: We will provide access to all personal data held about a data subject, in line with applicable law, including information on the nature of the processing, categories of data processed, categories of recipients, data retention periods, and the rights of rectification, erasure, or restriction, as applicable.
-
Right to Data Portability: We may also provide a copy of personal data held in our records in a structured, commonly used, and machine-readable format to support the right to data portability, where applicable under law.
-
Right to Rectification: Data subjects may request that any incomplete, outdated, or incorrect data be corrected, modified, or deleted in accordance with applicable law.
-
Right to Erasure: Data subjects may request the deletion of their personal data if (i) it is no longer needed for the purposes for which it was collected, (ii) they withdraw consent for processing based solely on that consent, (iii) they object to the processing, (iv) the data has been unlawfully processed, or (v) the data must be deleted to comply with a legal obligation applicable to Modulaire Group. Modulaire will make reasonable efforts to notify other Modulaire entities of the deletion.
-
Right to Restriction: Data subjects may request the restriction of their personal data if (i) the accuracy of the data is contested, for the period necessary to verify accuracy, (ii) the individual prefers restriction to deletion even though the processing is unlawful, (iii) the data is needed for legal defense, or (iv) the individual has objected to processing and Modulaire is verifying whether it has overriding legitimate grounds.
-
Right to Withdraw Consent: Where processing is based on the individual’s consent, they may withdraw their consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
-
Right to Object: Data subjects may object to the processing of their personal data at any time (i) if the data is used for marketing or profiling purposes for targeted advertising, (ii) if they object to data sharing with third parties or other Modulaire entities, or (iii) if the processing is based on Modulaire Group’s legitimate interest, unless Modulaire demonstrates compelling legitimate grounds that override the individual’s interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
To exercise any of these rights, please use the contact information provided below.
In addition, data subjects have the right to lodge a complaint with the relevant supervisory authority.
DISCLOSURE OF YOUR PERSONAL DATA AND INTERNATIONAL TRANSFERS
Modulaire Group discloses personal data outside the organization only when there is a legitimate legal basis to do so. Any disclosure is limited and based on the “need-to-know” principle, occurring only when justified—for example, with the data subject’s consent, when required for the performance of a contract involving the data subject, or for a legitimate interest that does not override the fundamental rights and freedoms of the individual (e.g. in the context of a merger or acquisition).
In each case, individuals will be informed in advance—where possible—of any potential data disclosure. We also require recipients of personal data to confirm they will use the data only for authorized purposes and safeguard it appropriately.
If disclosure is required to meet legal obligations (such as to government agencies, police, or security services), personal data will be disclosed only to the extent required by law, and—where legally allowed—individuals will be informed (e.g. through consent or prior notice at the time of request).
Modulaire does not transfer personal data originating in the EU or EEA to countries outside the EEA that do not provide adequate data protection, unless appropriate safeguards are in place. Where such transfers are necessary, we ensure they are protected through mechanisms compliant with applicable data protection laws—such as European Commission adequacy decisions, Standard Contractual Clauses, or other technical, contractual, or organizational safeguards, including assessment of third-country laws where relevant.
For more information about the safeguards in place for international transfers, please contact us at: privacyquestions@modulairegroup.com.
REPORTING A DATA SECURITY BREACH
We have procedures in place to address and respond to any personal data security breaches. Where legally required, we will notify affected individuals and the relevant regulatory authorities, in compliance with applicable law.
No breach is considered too small to address. We investigate all potential or actual breaches of this Policy or relevant data protection laws that are reported to us or come to our attention, and we take all reasonable steps to mitigate their impact.
COMPLAINTS
You have the right to lodge a complaint with your local data protection authority if you believe Modulaire has not adequately protected your rights or provided a satisfactory response.
However, we would appreciate the opportunity to address your concerns before you contact a supervisory authority. Please reach out to us first at: privacyquestions@modulairegroup.com. If a Data Protection Officer (DPO) is appointed in your jurisdiction, you may also contact them directly. DPO contact details can be found in Annex 2.
Modulaire is committed to resolving genuine privacy concerns raised by employees, customers, or other partners. If an employee believes this Policy has been violated, they should report the matter by email to the relevant data privacy contact in their country.
Data subjects are informed that they may raise privacy concerns by contacting the local privacy officer, and that they can also lodge a complaint with a supervisory authority. These rights and procedures are explicitly communicated in our privacy statements.
If a data subject raises a concern regarding the processing of their personal data (or on behalf of someone else), and the matter is not resolved satisfactorily through internal procedures, Modulaire will cooperate with the relevant data protection authorities and follow their guidance to address the issue. If an authority determines that Modulaire or one of its employees has failed to comply with this Policy or data protection laws, we will take appropriate corrective action, as recommended, to remedy the breach and ensure future compliance.
UPDATES TO THIS POLICY
As our business and regulatory environment evolves, this Policy may be updated from time to time. We encourage you to review it regularly. Updates will be communicated and made available on our website:
https://www.modulairegroup.com
GLOSSARY
|
Modulaire |
Refers to Modulaire Holding S.à r.l. and/or any or all of the various Modulaire subsidiaries that are part of the Modulaire group, including those listed in Annex 1.
|
|
Third Party |
A third party or business partner that receives or is otherwise entrusted with personal data from Modulaire on Modulaire’s behalf, such as vendors, contractors, subcontractors, and other service providers.
|
|
Data Subject |
A living, identified or identifiable individual whose personal data is processed by Modulaire.
|
|
Consent |
Any freely given, specific, informed, and unambiguous indication of the data subject’s agreement to the processing of their personal data, given through a statement or a clear affirmative action.
|
|
Personal Data |
Any information that can identify a natural person, directly or indirectly—particularly by reference to a personal identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity—either alone or when combined with other data. Information is considered personal data if it enables someone to associate the data with a specific individual, even if the person or entity holding the data cannot make that association themselves. Personal data includes sensitive data and pseudonymized personal data, but excludes anonymous data or data from which the identity of the individual has been permanently removed.
|
|
Sensitive Data |
Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, health-related data (mental or physical), data concerning a person’s sex life or sexual orientation, and personal data relating to criminal convictions and offenses.
|
|
Processed/ Processing |
Any operation or set of operations performed on personal data, whether by manual or automated means, including but not limited to: collection, recording, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, erasure, deletion, or destruction (and “processing” shall be interpreted accordingly).
|
ANNEX 1 - Applicable entities of the Modulaire Group
|
Entity |
Country |
|
Asia-Pacific |
|
|
Algeco Technology (Shenzhen) Co. Ltd. |
China |
|
Algeco Chengdong International Modular Housing Co., Ltd. |
China |
|
Ausco Holdings Pty Limited |
Australia |
|
Ausco Acquisitions Pty Limited |
Australia |
|
Ausco Asia Pty Limited |
Australia |
|
Ausco Modular Pty Limited |
Australia |
|
Ausco Modular Construction Pty Ltd |
Australia |
|
Ausco Finance Limited |
Australia |
|
New England Trading Pty Ltd |
Australia |
|
Portacom New Zealand Limited |
New Zealand |
|
Uniteam Mobile Shelter System Co., Ltd |
China |
|
Uniteam China Ltd |
Hong Kong |
|
Europe |
|
|
Algeco Holdings B.V. |
Netherlands |
|
Algeco UK Holdings Limited |
United Kingdom |
|
Elliott Group Limited |
United Kingdom |
|
Advanté Limited |
United Kingdom |
|
Carter Accommodation Group Limited |
United Kingdom |
|
Carter Accommodation Holdings Limited |
United Kingdom |
|
Carter Accommodation Limited |
United Kingdom |
|
Carter Cabin Hire Limited |
United Kingdom |
|
MBM Mietsystem für Bau und Industrie GmbH |
Germany |
|
Algeco GmbH |
Germany |
|
Algeco s.r.o. |
Czechia |
|
Algeco S.R.L. |
Romania |
|
Algeco Polska Sp. Zo.o. |
Poland |
|
Algeco Schweiz AG |
Switzerland |
|
Ristretto Investissements SAS |
France |
|
Algeco SAS |
France |
|
Altempo SAS |
France |
|
Algeco Belgium NV |
Belgium |
|
Algeco S.p.A. |
Italy |
|
Algeco Construcciones Modulares, S.L. |
Spain |
|
Algeco - Construcões Pré-Fabricadas, S.A. |
Portugal |
|
Algeco LLC |
Rusia |
|
Algeco B.V. |
Netherlands |
|
Algeco Holdings (Austria) GmbH |
Austria |
|
Algeco Austria GmbH |
Austria |
|
Algeco d.o.o. |
Slovenia |
|
Algeco Kft. |
Hungary |
|
Buko Bouwsystemen Vuren B.V. |
Netherlands |
|
Buko Bouw & Winkels B.V. |
Netherlands |
|
Algeco Nordics AS |
Norway |
|
Algeco Oy |
Finland |
|
Malthus Uniteam Holding AS |
Norway |
|
Malthus Uniteam AS |
Norway |
|
Uniteam Poland Spółka Z.O.O |
Poland |
|
Malthus Uniteam (UK) Ltd |
United Kingdom |
|
Uniteam Aktiebolig |
Sweden |
|
Wexus Group AS |
Norway |
|
Wexus Gruppen AS |
Norway |
|
Module Tech Oû |
Estonia |
|
Wexus AB |
Sweden |
|
Algeco AB |
Sweden |
|
TS Nordics Holding AB |
Sweden |
|
TS Nordics Group AB |
Sweden |
|
Temporary Space Nordics AB |
Sweden |
|
Temporary Space Nordics Pavilions A/S |
Danemarca |
|
Temporary Space Nordics ApS |
Denmark |
|
Temporary Space Nordics AS |
Norway |
|
Temporary Space Nordics Oy |
Finland |
|
Modulaire Holding S.à r.l. |
Luxembourg |
|
Algeco GP S.à r.l. |
Luxembourg |
|
Algeco Jersey Manco Limited |
Jersey |
|
Modulaire Limited Partnership SLP |
Luxembourg |
|
Algeco S.à r.l. |
Luxembourg |
|
Modulaire Management Nominee Limited |
United Kingdom |
|
Algeco Management S.C.A. |
Luxembourg |
|
Algeco Group S.à r.l. |
Luxembourg |
|
Modulaire Global S.à r.l. |
Luxembourg |
|
Modulaire Investments 1 S.à r.l. |
Luxembourg |
|
Modulaire Investments 2 S.à r.l. |
Luxembourg |
|
Modulaire Investments 3 S.à r.l. |
Luxembourg |
|
Modulaire Investments B.V. |
Netherlands |
|
Modulaire Global Finance Plc |
United Kingdom |
|
Modulaire Global Finance 2 Plc |
United Kingdom |
|
Algeco Finance NV |
Belgium |
|
Canada |
|
|
Malthus Uniteam Canada Limited |
Canada |
ANNEX 2 - Data protection officers
|
Jurisdiction |
Name |
Contact details |
|
Italy |
Rocco Chiruzzi |
M: +39 331 63 28 204 T: +39(0)80 53 11 138 |
|
Germany |
YourIT
|
T: +49 747 193 0100 M: +49 170 968 7481 |
|
Portugal |
Luis Jesus |
+351 263 006 368 +351 932 636 267 |
|
Belgium |
Nancy Vande Reyd |
M: +32 11 45 72 62 |