Text CALL to 88440

+44 (0)1484 599 311

Login Free Account

Data Protection

Free Account

Data & Record Retention Policy


We are obliged as an organisation, both by law to protect the integrity and confidentiality of personal data held by us with regard to our clients and employees. Individual employees also have that obligation. However you decide to compile your database, it is vital to make sure that both parties stay legally compliant.

Under no circumstances will your data ever be made available, sold to third parties or otherwise marketed.

Integrity lies at the heart of Bulk SMS Limited. The trust that we inspire in our customers and stakeholders is the key to our success as an organization and as individuals. As leaders in our industry, we hold ourselves to the highest standard of professional behavior. The Bulk SMS Limited Code of Integrity defines the main principles of professional integrity for the Bulk SMS Limited Group and is an expression of the values that are shared throughout our organization, our businesses and our affiliates.

This Data Protection Policy has been written to assure Bulk SMS Limited employees know their duties under the Data Protection Act 1998 and Record Retention procedures. This policy also states the standards expected by Bulk SMS Limited employees in relation to processing of personal data and safeguarding individuals 'rights and freedoms'. Bulk SMS Limited is registered and by all means committed to following the Data Protection Act 1998.

It is very important to us that we take a serious view of our responsibilities and make sure each appropriate individual complies with the Data Protection principles. If you knowingly reveal any personal data contrary to this policy, you may be held liable to criminal sanctions. Also, any breach of this policy may result to a disciplinary action.

The Data Protection Act 1998 has two main purposes which are: 
  • 1. To regulate the data controllers who hold and process the personal data of individuals.
  • 2. To provide rights such as accessing personal information, to those individuals who give their personal information.
The other parts of the Data Protection Act 1998 are the eight data protection principles, which include:
  • Guidelines on the data lifecycle (creation, holding, processing, querying, amending, editing, disclosure and destruction).
  • Reasons why data is gathered and held.
  • Certain rights for data subjects.

Personal Data

"Data" means information recorded in a form in which it can be processed by equipment operating automatically in response given for that purpose and also includes computer-generated material.

"Personal Data" means data that consists of information that is related to a living individual who can be identified from that given information including any expression of opinion about the individual. This means any data recorded on our computers relating to a living individual.

Personal data must: 

  • be held and processed fairly and lawfully;

  • be obtained only for the purposes of which it is registered

  • by used only for the purposes registered and only be revealed to those described in the register entry

  • be relevant, adequate and not excessive in relation to those purposes

  • be correct and when necessary, kept up to date

  • only be kept for the amount of time that is necessary

An individual is entitled:

  • to be informed when the personal data that is entered is held 

  • to access any given data

  • when needed, to have such data corrected or deleted

To comply with the two core principles of Data Protection Act 1998, records containing personal data must be:

  • Stored appropriately in regards to the sensitivity and confidentiality of the data recorded

  • Easily traced and retrievable

  • Obtained for only as long as necessary

  • Disposed of appropriately and properly to ensure that copyrights are not breached and to prevent the data falling into the hands of an unauthorised individual

Appropriate security procedures must be taken place against unauthorised access to or alteration, destruction or disclosure of personal data or accidental loss or destruction of personal data.

Client Data

This section specifically states the responsibilities of data held which is owned by our clients and includes the recording, processing and security of personal and sensitive information relating to them and the people who work for them.

Whilst it is completely our responsibility to ensure that the personal data held regarding our client is up to date, accurate and taken for lawful purposes. It is your duty to ensure that the information taken from your client is correct and accurately entered on to our database.

It is also our responsibility to make sure that the database and portal is backed up on a regular basis and to ensure there is no loss or personal data. If you come across any errors or have concerns regarding personal data you must report these straight away to your account manager or support team.

Appropriate security procedures must be taken against: 

  • unauthorised personnel having access to or alteration, or destruction of personal data.

  • accidental loss or destruction of personal data.

Data that is related to a client will never be disclosed to third parties unless the client has given consent in writing. Under no circumstances are third parties ever given access to client data.

Bulk SMS Limited Employees Duties

Bulk SMS Limited employees are expected to: 

  • Aware of and abide by the Data Protection Principles

  • Read and understand the Bulk SMS Limited Data & Record Retention Policy.

  • Understand how to work to the set standard that is expected at any stage of the data life-cycle

  • Understand how to work to the set standard that is expected in relation to safeguarding data subjects rights for example, the right to inspect any personal data, under the Data Protection act 1998.

  • Understand what is meant by 'sensitive personal data' and how to handle such data.


Data and records will only be kept for the necessary time. This is a principle found in the Data Protection Act 1998, which requires that personal data "shall not be kept for longer than is necessary for that purpose".

No data file or record should be obtained for more than five years after it is closed unless a reason for longer retention can be put into place. It is to be emphasised that the period of five years is the absolute maximum period. It is sometimes appropriate in regards to the nature of the record to opt for a shorter period.


After the retention period has expired, some records may be kept permanently for historical purposes. Reasons they may be kept is that they may preserve evidence of the origin, development, or other reasons for longer retention which include the following: 

  • Statute requires retention for a longer period of time

  • The record contains information that is relevant to legal action that has been or is taking place

  • Whenever there is a possibility of litigation, the records and information that is involved should not be amended or disposed of until the threat has been removed

  • The record should be archived for research or historical use, for example if the record has information that relates to an important policy development

  • The records are kept for the purpose of retrospective comparison. 

  • The records relate are related to individuals or providers of certain services who may be judged as unsatisfactory.

  • The said individuals may include Bulk SMS Limited employees who have been the subject of serious disciplinary action. 

Guidelines for Data Protection

The guidelines for the data protection, in summary are: 

  • Personal data shall be held and processed lawfully and fairly.

  • Personal data shall only be obtained for one or more specified and lawful purposes, and shall not be further processed in a manner that is incompatible with that purpose or those purposes.

  • Personal data shall be relevant, adequate and not excessive to the purpose or purposes in which they are processed

Personal Data will only be held for the amount of time that it is needed. When the data is at a point where it is necessary for said data to be destroyed, appropriate measures will take place to ensure the data cannot be used again by third parties. Any file or record that contains personal data will be considered as confidential.

Destruction and Disposal

To make sure that Bulk SMS Limited follow the Data Protection Act 1998 and all information in any format, destroyed from any Bulk SMS Limited location must not expose confidentiality of our employees, clients and customers. 

  • All office white or coloured paper should be placed in Bulk SMS Limited confidential waste bins that have been provided which is in any way a sensitive document.

  • Any other paper can be disposed of in a proper way by being put in the boxes or bins provided in Bulk SMS Limited offices for environmentally-friendly disposal of white non-confidential and non-sensitive paper waste.

The measures taken out for the destruction of Confidential or Sensitive Waste on electronic media such as tape, cassette/cartridge, hard drives, CD-Rom, DVD, ZIP drive is as follows:

  • Media that is being destroyed because either they are showing signs of damage or are obsolete will be physically destroyed by being cut into pieces or other appropriate ways.

  • Destruction of back-up copies will also be destroyed in this way. 

Please click the link below to download the PDF File.

Data Protection Documentation