Data sovereignty & Compliance
SMS Everyone Pty Ltd does NOT sell, barter, exchange or rent lists/databases to/with anyone.
SMS Everyone recognizes that your privacy is very important to you. Providing your personal information is an act of trust that we take very seriously. SMS Everyone will not sell, trade, give or rent any information obtained from you to a third party. We acknowledge that we will collect and store information about you as part of offering services or other means. In this regard, we will act ethically and as evidence of this commitment, we will take reasonable steps to comply with the following principles in relation to the information you give to us about you and your business.
SMS Everyone collects data that you volunteer on signing up to use the SMS Everyone website, or through other forms (eg over the phone), or by email. This information will only be collected by lawful and fair means. Any data that we collect from you when you sign up to use the SMS Everyone system is only collected and used so that we can better service your needs. (eg sending you delivery reports, optout reports etc).
Use and disclosure
SMS Everyone requires you to provide certain information about your company in order to provide services to you. We will not rent, sell or exchange information about you to third parties except where you consent, or except where you would expect the information to be disclosed, or except where we are legally obliged to disclose such information.
SMS Everyone will take reasonable steps to ensure that information we have about your company is accurate, complete and up to date when we collect and use it.
SMS Everyone will take rigorous steps to ensure that the personal information we hold about your company is kept secure at all times.
Access and correction
If you provide us with satisfactory personal identification, such as your login details, SMS Everyone will let you have access to the information we keep about your company and give you the opportunity to have that information corrected if it is found to be incorrect, provided that your account is paid in full and there are no funds owing at the time. Further, if SMS Everyone is not able to release details of personal information to you, then we will provide you with reasons for any denial of access or correction.
Right to access data
SMS Everyone may from time to time need to access your SMS Everyone website account which contains your data. This is usually to carry out support, maintenance or any other work required to assist with the services provided by SMS Everyone. Any data obtained by SMS Everyone staff will only be used to assist you with your messages, and will not be used for any other purpose.
Coverage and Complaints
This Privacy Statement covers the provision of the SMS Everyone website, API and any additional services by SMS Everyone.
SMS Everyone will be compliant with the requirements of the GDPR at the time of its commencement in May 2018.
1. SMS Everyone AS A PROCESSOR
SMS Everyone provides a service for the sending and/or receiving of messages, principally by way of SMS. For the purposes of GDPR, when providing this service to customers, SMS Everyone acts as a processor.
2. SUBJECT MATTER OF PROCESSING
The subject matter of SMS Everyone’s processing activities for GDPR purposes comprises the provision of a service for customers to send messages to, and/or receive messages from, end users.
3. NATURE AND PURPOSE OF PROCESSING
Messages are processed by SMS Everyone strictly in accordance with customer instructions and otherwise in accordance with the requirements of relevant laws, for the purposes determined by the customer.
4. TYPE OF PERSONAL DATA PROCESSED
For the purposes of GDPR, SMS Everyone’s customer will be the “controller” in relation to personal data that is processed and will thus have control over the types of personal data processed. SMS Everyone processes only that data (which may include personal data) that is transmitted in the course of sending/receiving messages in accordance with the controller’s instructions. Personal data processed include source and destination telephone number and, depending on message content, may include other personal data.
5. CATEGORIES OF DATA SUBJECTS
As the “controller” for GDPR purposes, SMS Everyone’s customer necessarily has sole control over the specific categories of data subjects that may be the subject of processing by SMS Everyone.
6. LEVEL OF RISK ASSOCIATED WITH PROCESSING
Typically, the personal data that SMS Everyone processes and the circumstances in which such data is processed, would be unlikely to result in significant harm to a data subject in the case of a data breach, however any assessment of risk associated with a potential data breach necessarily depends upon the types of personal data transmitted in the course of sending/receiving messages in accordance with the controller’s instructions and the context in which that data is processed.
7. WHERE IS THE PERSONAL DATA STORED
SMS Everyone does not store end user's (SMS recipient's) personal data. ie no names, email addresses or address details. We only store mobile numbers and SMS message history.
8. WHO HAS ACCESS TO THE PERSONAL DATA?
Access to personal data stored by SMS Everyone is restricted. Specified customer and technical support personnel have limited access for the sole purpose of performing the messaging services that SMS Everyone is contracted to perform and to address any customer queries arising out of the performance of those services.
SMS Everyone may provide personal data to aggregators to facilitate the provision of the messaging services. Aggregators (who constitute sub-processors for GDPR purposes) will be engaged by SMS Everyone pursuant to a GDPR compliant contract. SMS Everyone does not provide personal data to any other third parties.
9. HOW LONG DO WE STORE PERSONAL DATA?
SMS Everyone retains personal data processed by it in the course of providing messaging services to its customers for the period of time necessary to enable it to complete the processing it is contracted to provide or as otherwise required to comply with its legal obligations, including its requirements to retain certain metadata for 2 years under the Telecommunications (Interception and Access) Act 1979 (Cth).
10. EXERCISING OF RIGHTS AFFORDED BY GDPR
SMS Everyone recognises the rights that are granted to EU residents under the GDPR and will take appropriate action to ensure that those rights are actioned upon request. Any EU resident seeking to exercise a right in respect of their personal data should contact our support centre on 1300 808 789. SMS Everyone is committed to ensuring the security of personal data is maintained, and accordingly, any person making a request in respect of their personal data will be required to provide satisfactory evidence as to their right to do so (which may include, for example, their identity and EU residency).