Data Privacy Governance

Where can I find information about data protection and privacy on the BulkSMS website?

Take a look at our Terms of Service page to find out more about the BulkSMS Terms and Conditions, our Privacy Policy, and our Data Processing Addendum.

Where is my data stored/where are you servers located?

We hold our client data in Amazon Web Services (AWS) datacentres located in Ireland.

Do you encrypt client data?

Yes, we make use of AWS EBS encryption at rest for client data. AWS manages the keys and uses them to write and read data from the data volumes they host for us, which means that no person has the keys. Click here for more information.

What personal data does BulkSMS hold?

We hold personal data relating to your use of our business messaging service. This is personal identifiable information related to your BulkSMS account, what we call "Client Data”, and the personal data of your customers, employees or other parties to whom you send messages to, what we call "Message Data". We process Message Data on your behalf.

Client data:

  • Contact information (email, telephone number, mobile phone number, address, company)
  • First and last name
  • Title
  • Account information (user id, username, password)
  • Transaction information
  • Connection data (IP address)

Message Data:

  • Message recipient personal data processed on behalf of the client, identified by mobile phone number, and including recipient contact information in the message body.
What are BulkSMS’s basic data processing activities?

In fulfilling our contractual obligations to our clients, the personal data transferred will be subject to the following processing activities:

  1. Delivery of messages
  2. Technical service support
  3. Connectivity service support
  4. Financial, statistical and reporting purposes.
How long do you keep (i.e. retain) our data?
  1. Client Data is retained for the period that you use our services and data is deleted 7 years after the termination of services.
  2. Message Data is retained for 5 years, and then automatically deleted from our system.
Do you have a personal data deletion process?

Yes, we do. Please email your personal data deletion request to our Privacy Officer at privacy@bulksms.com.

Do you have a Data Subject Access Request (DSAR) process?

Yes, we do. Please email your personal data access request to our Privacy Officer at privacy@bulksms.com.

In case of a data breach that affects us, how long will it take for you to notify us?

Our standard response time is 48 hours.

For EU GDPR purposes, can you limit the transfers of data outside of the EU/EEA?

With the technical infrastructure we have in place, client data is hosted within the European Union (EU). Some data may be transferred to our head office in Cape Town, South Africa when providing you with technical and services support. We may, depending on the upstream aggregator service we use, be able to limit your SMS messaging traffic to be sent only within the EU/EAA – to verify this, please contact us on support@bulksms.com.

For EU GDPR, how do you address cross-border data transfers outsider of the EU/EEA?

To address concerns about the governance of cross-border data transfers outside of the EU/EEA, we have a Data Protection Addendum (DPA) available, with Standard Contractual Clauses (SCCs), that are available for your review here.

For UK GDPR purposes, can you limit the transfers of data outside of the UK?

With the technical infrastructure we have in place, client data is hosted within the European Union (EU) and thus there is a transfer of data outside of the UK. This transfer is undertaken with safeguards in place in terms of the UK GDPR. Some data may be transferred to our head office in Cape Town, South Africa when providing you with technical and services supports. We may, depending on the upstream aggregator service we use, be able to limit your SMS messaging traffic to be sent only within the UK – to verify this, please contact us on support@bulksms.com.

For UK GDPR, how do you address cross-border data transfers outsider of the UK?

To address concerns about the governance of cross-border data transfers outside of the UK, we have a Data Protection Addendum (DPA) available, with Standard Contractual Clauses (SCCs), that are available for your review here.

Do you have a list of sub-processors available?

Yes, we do. Please click here for our current list of sub-processors.

Data privacy and data protection contact at BulkSMS:

Please email the Privacy Officer at privacy@bulksms.com.