Sendmode’s GDPR Compliance Statement

The following is an addendum to Sendmode’s Privacy Policy and Terms and Conditions to cover the EU General Data Protection Regulation which comes into effect on May 25th 2018.

Accountability

We have conducted an audit of all information we hold for our customers SMS Marketing requirements.

Sendmode holds names, email address, phone numbers and dates of birth of data subjects on behalf of our customers.

Only the mobile number of the data subject is required when importing into a Sendmode account. The rest are optional.

This data is obtained by our customers importing it into their Sendmode accounts. Sendmode makes all customers aware of their Data Protection responsibilities and that consent must have been given for SMS Marketing purposes. After May 25th 2018 there will be checks in place for customers to ensure they have obtained consent before they can import into their accounts.

The data is held only as long as our customers account remains open. If a customer’s wishes to close their account, all data is then deleted.

Communicating with Staff and Service Users

All Sendmode servers are based in the EU.

Sendmode has direct connections to mobile operators in the EU and when processing our customers’ data it is sent directly to our operators and is not transferred outside the EU.

Personal Privacy Rights

All customers have access to view their data using their secure login and password. They can add, delete or modify any inaccuracies in this data. Customers have full control over their data

Sendmode provides facilities for companies to package and export their data in the interests of data portability.

Data Access Requests

Sendmode provides for data access requests from our customers. This information will be returned to the customer within one month of request.

Sendmode also provides a free opt-out service for all data subjects. It is a clearly identifiable opt-out mechanism and is available to all our customers free of charge.

Legal Basis for Processing

Sendmode processing SMS on behalf of our clients for marketing, appointment reminders and information purposes.

Consent

Sendmode makes all customers aware of their Data Protection responsibilities and that they have received consent from their data subjects to contact them. After May 25th 2018 there will be checks in place for customers to ensure they have obtained consent before they can import into their accounts.

Data Protection by Design

Sendmode severs both Production and Disaster Recovery are located within the EU. No data on either environment leaves the EU at any point. The data centre services provider who hosts and manages the secure environment for our servers is ISO 27001 certified. (Certified on 02/2016).

The Sendmode System employs security protocols to block illegal application requests such as SQL injection. All access to system backend is locked down by specific IP whitelist.

The Sendmode System is monitored 24/7 by our own engineers. The engineers receive pager alerts to any suspicious activity or unusual network traffic. On a positive identification of a data breach our policy is to alert all Data Controllers immediately.

Reporting Data Breaches

Any data breaches will be reported to both our customers and the DPC within 72 hours.

Data Protection Officer

Sendmode have designated John McNamara as Data Protection Officer. Any questions relating to Sendmode’s GDPR compliance or GDPR Compliant SMS Marketing should be sent to johnmcnamara@sendmode.com