Create Your Free Account in 30 Seconds
Send SMS from 1.9p
25 Free UK SMS*
Trusted by THOUSANDS
Industry Leading Security
Data Processing Contract
This Supplementary Agreement ("Agreement") dated _______ 2018 is between:
(1) xxxxxxxxxxxxxxxx ("the Data Controller) and
(2) Bulk SMS Ltd t/a VoodooSMS ("the Data Processor")
(A) This Agreement is supplemental to any other separate agreement entered into between the parties at a particular price and introduces further contractual provisions to ensure the protection and security of data passed from the Data Controller to the Data Processor for processing.
(B) Paragraphs 11 and 12 of part II of Schedule 1 of the Data Protection Act 1998 place certain obligations upon a Data Controller to ensure that any data processor it engages provides sufficient guarantees to ensure that the processing of the data carried out on its behalf is secure.
(C) This Agreement exists to ensure that there are sufficient security guarantees in place and that the processing complies with obligations equivalent to those of the 7th Data Protection Principle.
"Data" Mobile phone numbers and other personal information pertaining to the individual that may be uploaded by the data controller.
"Processing" shall mean any operation or set of operations which is/are performed upon personal data, (whether or not by automatic means) including collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. Such processing may be wholly or partly by automatic means or processing otherwise than by automatic means of personal data which form part of a filing system or one intended to form part of a filing system. A filing system shall mean any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographic basis."
1 Subject to clause 5(b) this Agreement shall apply to all Data sent from the date of this Agreement by the Data Controller to the Data Processor until either party gives one month's written notice of termination.
Purpose of Processing
2 The Data Processor shall process the Data it receives from the Data Controller solely for the sending and receiving of SMS and for no other purpose except with the express written consent of the Data Controller.
Security and Confidentiality of Data
3 (a) The Data Processor shall use its best endeavours to safeguard the Data from unauthorised or unlawful processing or accidental loss, destruction or damage and acknowledges that it has implemented the technical and organisational measures specified in Schedule A to prevent unauthorised or unlawful processing or accidental loss or destruction of the Data.
3 (b) The Data Processor shall ensure that each of its employees, agents or subcontractors are made aware of its obligations with regard to the security and protection of the Data and shall require that they enter into binding obligations with the Data Processor in order to maintain the levels of security and protection provided for in this Agreement.
3 (c) The Data Processor shall not divulge the Data whether directly or indirectly to any person, firm or company without the express consent of the Data Controller except to those of its employees, agents and subcontractors who are engaged in the processing of the Data and are subject to the binding obligations referred to in 3(b).
3 (d) The Data Processor shall ensure by written contract that any agent or subcontractor employed by the Data Processor to process Data to which this Agreement relates also provides the Data Processor with a plan of the technical and organisational means it has adopted to prevent unauthorised or unlawful processing or accidental loss or destruction of the Data and confirms to the Data Processor the implementation of those means.
4 The Data Processor's liability to the Data Controller for any loss or damage of whatsoever nature suffered or incurred by the data controller or for any liability of the Data Controller to any other person for any loss or damage of whatsoever nature suffered or incurred by that person shall to the extent permitted by law not exceed [£250].
5(a) Subject to clause 5(b) either Party may terminate this Agreement upon giving one month's prior written notice to the other. Upon receipt of written notice from the Data Controller or upon giving written notice of termination to the Data Controller, the Data Processor shall return any Data received from the Data Controller to the Data Controller forthwith.
5(b) Notwithstanding termination the provisions of clause 3 shall survive the termination of this Agreement and shall continue in full force and effect until all Data are returned to the Data Controller.
6 This Agreement shall not be transferred or assigned by either party except with the prior written consent of the other.
7 This Agreement shall be governed by and construed in accordance with English law and the parties shall submit to the exclusive jurisdiction of the English Courts.
Physical Access, Fire & Natural Disasters, Burglary Protection
Our data centres are ISO 27001 certified, PCI-compliant and secured to UK government IL4 standards, which ensures our platform is protected to exceptional levels of both physical and virtual security at all times.
Can casual passers-by read data off screens or print-outs?
Within the offices where employees have access to customer data, casual passers-by are not permitted.
Data at Rest
Backups of our customer data are stored on a separate backup devices located within our data centres in the UK.
Tapes are not used, data stored on the backups is securely deleted on the rotation of the backup files. When the disks are replaced they are securely disposed of.
Printed Materials Containing Customer Data
It is highly unlikely that customer data will be printed, but staff are trained that if it is absolutely necessary to be printed, the print-out will be shredded as soon as its purpose is served.
Checks are made when a customer calls in or a customer is called by a member of the team. We use a variety of checks to confirm their identity based upon information stored within their account.
Bulk SMS Ltd is a technology company, so the security is taken very seriously. The company considers this issue to be the core responsibility of every employee, though the guardians of the policy are the Technical team.
If a data breach is identified, we will conduct a full investigation in the event of a data breach, any issues identified will be swiftly rectified. Our processes are regularly reviewed to ensure that potential breaches are identified before they become an issue.
Need help? Contact our Team: 0800 971 7111 or team@voodooSMS.com