BulkSMS Data Protection FAQs

At BulkSMS we take data protection seriously and work hard to ensure that we are compliant and up to date with the latest data protections laws and regulations. We have put organisational and technical measures in place to align our data privacy and data security controls with laws and regulations such as the EU GDPR, UK GDPR and POPIA.

To help you, we’ve listed the most commonly asked questions around our data protection policies and processes.

Back to Legal

Data Privacy Governance

Where can I find information about data protection and privacy on the BulkSMS website?

Take a look at our Terms of Service page to find out more about the BulkSMS Terms and Conditions, our Privacy Policy, and our Data Processing Addendum.

Where is my data stored/where are you servers located?

We hold our client data in Amazon Web Services (AWS) datacentres located in Ireland.

Do you encrypt client data?

Yes, we make use of AWS EBS encryption at rest for client data. AWS manages the keys and uses them to write and read data from the data volumes they host for us, which means that no person has the keys. Click here for more information.

What personal data does BulkSMS hold?

We hold personal data relating to your use of our business messaging service. This is personal identifiable information related to your BulkSMS account, what we call "Client Data”, and the personal data of your customers, employees or other parties to whom you send messages to, what we call "Message Data". We process Message Data on your behalf.

Client data:

Contact information (email, telephone number, mobile phone number, address, company)
First and last name
Title
Account information (user id, username, password)
Transaction information
Connection data (IP address)

Message Data:

Message recipient personal data processed on behalf of the client, identified by mobile phone number, and including recipient contact information in the message body.

What are BulkSMS’s basic data processing activities?

In fulfilling our contractual obligations to our clients, the personal data transferred will be subject to the following processing activities:

Delivery of messages
Technical service support
Connectivity service support
Financial, statistical and reporting purposes.

How long do you keep (i.e. retain) our data?

Client Data is retained for the period that you use our services and data is deleted 7 years after the termination of services.
Message Data is retained for 2 years, and then automatically deleted from our system.

How do I delete my personal data associated with my BulkSMS account?

Email your personal data deletion request to our Privacy Officer at privacy@bulksms.com. A request to delete your account’s personal data will result in the closing of your account.

Do you have a Data Subject Access Request (DSAR) process?

Yes, we do. Please email your personal data access request to our Privacy Officer at privacy@bulksms.com.

In case of a data breach that affects us, how long will it take for you to notify us?

Our standard response time is 48 hours.

For EU GDPR purposes, can you limit the transfers of data outside of the EU/EEA?

With the technical infrastructure we have in place, client data is hosted within the European Union (EU). Some data may be transferred to our head office in Cape Town, South Africa when providing you with technical and services support. We may, depending on the upstream aggregator service we use, be able to limit your SMS messaging traffic to be sent only within the EU/EAA – to verify this, please contact us on support@bulksms.com.

For EU GDPR, how do you address cross-border data transfers outsider of the EU/EEA?

To address concerns about the governance of cross-border data transfers outside of the EU/EEA, we have a Data Processing Addendum (DPA) available, with Standard Contractual Clauses (SCCs), that are available for your review here.

For UK GDPR purposes, can you limit the transfers of data outside of the UK?

With the technical infrastructure we have in place, client data is hosted within the European Union (EU) and thus there is a transfer of data outside of the UK. This transfer is undertaken with safeguards in place in terms of the UK GDPR. Some data may be transferred to our head office in Cape Town, South Africa when providing you with technical and services supports. We may, depending on the upstream aggregator service we use, be able to limit your SMS messaging traffic to be sent only within the UK – to verify this, please contact us on support@bulksms.com.

For UK GDPR, how do you address cross-border data transfers outsider of the UK?

To address concerns about the governance of cross-border data transfers outside of the UK, we have a Data Processing Addendum (DPA) available, with Standard Contractual Clauses (SCCs), that are available for your review here.

Do you have a list of sub-processors available?

Yes, we do. Please click here for our current list of sub-processors.

Data privacy and data protection contact at BulkSMS:

Please email the Privacy Officer at privacy@bulksms.com.