GDPR Compliance at SMS.to
Here at SMS.to is fully compliant and also offers a full GDPR EU Directive compliance as an extention to our customers.
Our GDPR statement is available below.
SMS.to GDPR Compliance Statement
As a SMS.to customer, the GDPR gives you new protection rights and assures better access to your personal data.
-Right to rectification: Rectify your personal information at any time from your account settings. You can also contact us directly to edit or rectify your information.
-Right to be forgotten: Cancel your SMS.to account or subscription and close your account at any time. You can send us a request to erase all your data, which we will complete within 30 days.
-Right to portability: Upon request, we will export your data so that it can be transferred to a third party or competitor.
-Right to object: Unsubscribe at any time to any specific use of your information (newsletter, automatic emails, etc.).
We have conducted an audit of all information we hold on our customers and for our customers.
SMS.to holds names, email address, IP addresses/session and data subjects including name, surname and mobile number on behalf of our customers.
The data is held only as long as our customers account remains open. If a customer’s wishes to close their account, all data is then deleted.
Communicating with Staff and Service Users
SMS.to servers are based in the EU and in the US. We operate multiple SMS servers in both the US and in Europe. Our users have an option to select wether their data will be processed globally or within Europe only routed and processed through our EU partner telecom companies.
SMS.to has direct connections to operators in the EU and when processing our customers’ data it is sent directly to our operators and is not transferred outside the EU.
Personal Privacy Rights
All customers have access to view their data using their secure login and password. They can add, delete or modify any inaccuracies in this data. Customers have full control over their data
SMS.to provides facilities for companies to package and export their data in the interests of data portability.
Data Access Requests
SMS.to provides for data access requests from our customers. This information will be returned to the customer within one month of request.
SMS.to will also provides full control over email notifications over all our customers. Consent for email notifications, email events and email marketing consents can be retracted at any time
Legal Basis for Processing
SMS.to is processing SMS termination on behalf of our customers to send A2P SMS campaigns or notifications
SMS.to takes consent from all our customers on signup before sending marketing emails. This consent is separate than the terms and conditions and has to be actively given. Customers can at any time retract their consent for the different types of emails from their account.
SMS.to makes all customers aware of their Data Protection responsibilities and that they have received consent from their data subjects to contact them. After May 25th 2018 there will be checks in place for customers to ensure they have obtained consent before they can import into their accounts.
Data Protection by Design
SMS.to operates servers both Production and Disaster Recovery that are located within the EU. If choosen no data on either environment will leave the EU at any point. The data centre services provider who hosts and manages the secure environment for our servers is ISO 27001 certified.
The SMS.to System employs security protocols to block illegal application requests such as SQL injection. All access to system backend is locked down by specific IP whitelist.
The SMS.to System is monitored 24/7 by our own engineers. The engineers receive pager alerts to any suspicious activity or unusual network traffic. On a positive identification of a data breach our policy is to alert all Data Controllers immediately.
Reporting Data Breaches
Any data breaches will be reported to both our customers and the DPC within 72 hours.
Data Protection Officer
SMS.to have designated Lars Roettgers as Data Protection Officer. Any questions relating to SMS.to GDPR compliance should be sent to email@example.com