EU GDPR Resources

Your country's regulatory requirements for SMS messaging.

Contact support@smslocal.com for more information on Conditions & Terms

These terms and conditions regulate the legal relationship between SMS Local Users and SMS Local. They also incorporate the SMS Local Privacy Policies. These terms and conditions should be carefully read. SMS Local Users and SMS Local, and include the provisions of the SMS Local Personal Privacy Policy. These terms and conditions should be carefully read. This Agreement was last updated on 27 Aug 2021. To reflect the improvements made in our operations, we have changed our Terms and Conditions.

Read for the latest updates to our Terms and Conditions.

1.Introduction

These terms and conditions regulate the legal relationship between SMS Local Users and SMS Local. They also incorporate the SMS Local Privacy Policies.TAKE NOTE THAT THESE TERMS AND CONDITIONS CONTAIN PROVISIONS THAT DISCLAIM, LIMIT, AND EXCLUDE THE LIABILITY OF SMS Local TO YOU AND THAT INDEMNIFY SMS Local AGAINST CLAIMS AND DAMAGES THAT IT MAY SUFFER AS A RESULT OF YOUR CONDUCT. These terms and conditions should be carefully read.

 2. Interpretation

1. These terms and conditions shall apply to the following words and phrases .Unless otherwise stated in the context: “SMS Local” the SMS Local legal entity that provides the Services to you in the territory of your territory. The SMS Local legal entity with which you contract for the provisioning of the Services in the territory of your territory is identified . “End-user” and “recipient” refer to any person who receives, or is intended by receiving, any message sent via the Services by a User. Any party authorized to operate, maintain and install a cellular telephony system is called a “Network Operator”. SMS Local shall be deemed to provide all services and products to users, including the software referred to in paragraph 15.2; “SMS” refers to a short message service sent via text or data messages to the cellular handset. This can be done by the handset user or through a pre-configured batch process. Any natural or legal person who uses any of the Services, or visits the Website, is considered a “User.” SMS Local shall refer to all websites, including SMS Local.com, published by SMS Local entities and shall include any page or portion thereof.
2. These standard terms include the plural as well as the singular. Any reference to persons in these terms includes juristic and natural persons. Also, any reference made to genders consists of the other gender.
3. These clause headings are included for convenience only. They will not be considered in the interpretation of these terms and conditions.
4. For this part, words and expressions defined in another part of these terms & conditions will have the same meaning as those words and phrases.
5. Any provision of this Agreement that conflicts with any law shall be removed from the Agreement to the extent necessary.

3. Agreement

  1. Any person using the website or the services for any reason agrees to be bound by these terms and conditions.
  2. If a User does not agree to or is unable to adhere to these terms and conditions, he/she should immediately stop using the website and end the registration process.
  3. If you are not legally able to enter into a binding contract with SMS Local, you may not use the website or the services.
  4. Users agree that all terms and conditions published herewith shall be binding upon them. If there is a conflict between these general terms and conditions and any other product or service-specific terms or conditions, then the product-specific and service-specific terms will prevail to the extent possible.
  5. SMS Local reserves all rights to refuse to accept or execute any order, request, or business transaction or render any services without providing any reason. SMS Local reserves the right at its sole and absolute discretion to cancel any order in whole or part.

4. Modifications and amendments

  1. SMS Local reserves the absolute right to modify or amend any criteria or information in these terms and conditions, or any information on the website, without prior notice. SMS Local may also update the prices and rates on its Website from time to time.
  2. Users agree to visit the Website regularly and to be aware of any changes or amendments to the information. Before making any new credit purchases or service orders about the Services covered by these terms, they must ensure that these terms are checked. It is essential that users regularly check which networks are covered under the Services. There may be changes in the coverage of networks from time to another.

 

5. The Services

  1. All messages will be delivered as quickly as possible. SMS Local will make every effort to ensure uninterrupted and continuous use of the Services. However, the delivery of SMS messages depends on the effectiveness of Network Operators’ mobile networks, network coverage, and the mobile handset of the recipient. SMS Local cannot and does not guarantee the availability or delivery of any Service or compatibility between any message, content format, and any mobile handsets or mobile operating system.
  2. Network Operators can modify, enhance or develop any component of their services without prior notice. SMS Local shall have the right to modify, enhance or establish affected Services for Users without notice.
  3. SMS Local will use all reasonable efforts to notify the User in advance of any modification, suspension, or termination of its Services. SMS Local will also endeavor to minimize any rest of such Services for as long as it is practical.
  4. SMS Local shall consider messages delivered when it has sent the messages to the destination requested, which may include mobile telephone networks, SMTP, or other servers. You can confirm such delivery by updating your message log records.
  5. SMS Local reserves the right to withhold or terminate the provision of services to any User at any given time. This includes terminating accounts that have not been used for two (2) years. SMS Local may terminate this Agreement or any Service for any reason other than User breach or discontinuance by Network Operator. SMS Local will refund any money paid by the user for any unutilized terminated Service.
  6. SMS Local cannot refund any monies paid in advance to SMS Local for Services if the payments are more than six months old. SMS Local will consider a refund in exceptional circumstances.
  7. The User may terminate ordinary mobile terminated messaging service at any time. To remove a lease on any long or short numbers, the User must first lease the number for three months. After that, the user must give one month notice.
  8. SMS Local will provide service information to recipients of messages sent by Users using standard rate shortcodes in the United States of America. The following procedures and processes will be followed for traditional rate shortcode programs within the United States of America, by industry regulations and network rules:

 

  1. If a recipient has received a message via SMS Local from a User, or if the recipient does not wish to receive such notifications anymore, they can do any of these:
  • To cancel, text STOP to 67082
  • To block further messages, call SMS Local at toll-free numbers.
  • SMS Local to the mobile number of the recipient and request that they be stopped from receiving any other messages.

     2. The following information is for customer service:

  • Toll-free number: 1-877-260-3952
  • Email address: support@SMS Local.com

3. SMS Local is the standard rate provider of shortcode program services. The service provided is for one-time passwords and activation codes. This program sends messages to recipients. The frequency of these messages will vary depending on the recipient’s request.

4. SMS Local messages are sent at standard rates. Data and message rates may apply to some notes. There are no premium rates services.

 5. To receive more information via SMS, the recipient must send the word “HELP” to 67082.

6. Acceptable Use

  1. SMS Local is used to provide information and content. Users understand and acknowledge this. SMS Local is not responsible for any content sent, and the User shall bear all responsibility. Users must adhere to all applicable legislation and regulations in their area and the areas of jurisdiction of any persons to whom messages are sent. Users are responsible for ensuring compliance with all laws, rules and codes of conduct that may apply to them.
  2. Furthermore, Users must ensure that all messages, advertisements, information, and content generated by them for transmission or delivery via the Services comply with all laws. SMS Local is bound in all countries where messages are sent or received by the User.

 

  • European Union: Directive 2002/58/EC and Directive 2000/31/EC. Directive 95/46/EC. Directive 93/13/EC. All national laws of member states are promulgated under these terms. Also, the EU General Data Protection Regulation (GDPR) 2016/679. The Data Protection Addendum contains the terms and conditions for processing personal data about EU citizens.
  • South Africa: The Electronic Communications and Transactions Act No. 25 of 2002 and the Consumer Protection Act 68 of 2008. The Protection of Personal Information Act 4 of 2013 and the WASPA Code of Conduct can be found at www.waspa.org.za.
  1. SMS Local is a WASPA member bound to the WASPA Code of Conduct. Customers can contact WASPA to file a complaint according to the WASPA complaints procedure. SMS Local might be required to provide information about a service or customer to WASPA to resolve a complaint. WASPA website www.waspa.org.za.
  2. The Services are not intended to be used by anyone who (i) wants to engage in illegal behavior, (ii) knowingly create, store, or disseminate illegal content,(iii), deliberately infringe copyright, or (iv) intentionally violate any intellectual property rights or (v). Spam or encourage the sending of spam.
  3. SMS Local reserves the right to terminate or suspend the services of any user who fails to comply with these terms or any other contractual obligations.
  4. SMS Local reserves the right to remove any content hosted as part of its service that it considers illegal or has received a takedown notice.
  • United Kingdom: The Data Protection Act 1998 is available at www.ico.gov.uk. Privacy and Electronic Communications Regulations are available at www.ico.gov.uk.
  • United States: The Controlling the Assault of Nonsolicited Pornography Marketing Act (CANSPAM Act), the Telephone Consumer Protection Act and the Rules of the Federal Trade Commission relating to the sending of unsolicited commercial messages. Also, the CTIA Messaging Principles & Best Practices are available at www.ctia.org.
  1. Users must not do or omit anything that could result in SMS Local, or the User, being in breach of any law, regulation, code of conduct, or network usage policy. SMS Local shall have the right to immediately suspend or terminate SMS Local’s provision of Services to the User and the User will not be entitled to any claim against SMS Local, including claims for reimbursement, refund, or damages. It may impose a fine on SMS Local and cause damages to SMS Local from any User’s act or omission that breaches any law or code. SMS Local will notify Users immediately of any fines or damages. SMS Local will charge interest at 15,5% per year for any amount not paid within 24 hours.
  2. SMS Local may not allow users to use the Services in any way that could bring SMS Local into disrepute or that SMS Local deems inappropriate, immoral, or undesirable.
  3. Users are not permitted to permit, do or omit anything that might affect or hinder the legitimate interests, activities, or goodwill of SMS Local or any other Network Operator.
  4. The Services may not be used by users to send messages to anyone without reasonable cause or for the purpose of causing annoyance, inconvenience, distress, or other harm to anyone.
  5. SMS Local can, in its sole discretion, remove any contact number from the message recipient database of a user and suspend/terminate Services to that User if any law, regulation, code of conduct is broken or received in connection with a complaint.
  6. All messages may be stored. Users agree to this. SMS Local, as well as any person acting for SMS Local, can audit and review any message sent at any time. This is done to verify compliance with these terms and conditions and any applicable laws, regulations, or codes of conduct.

7. Register and Secure

  1. SMS Local will require the User to complete the registration process. The User must also provide accurate, up-to-date, and complete information. The Services may be terminated if the User fails to provide correct and complete information during registration. The User may be required to select a username or password. Users are responsible for protecting their Usernames, and passwords, and agree not to share their usernames or passwords with anyone else. The User is responsible for all activities under their account. Users are also responsible for paying all charges incurred under their account, whether they were incurred by them or another person.
  2. SMS Local users agree to immediately notify SMS Local if they are unauthorized with their account or another security breach.
  3. Any person, entity, or business is prohibited from gaining or trying to gain unauthorized access to any page of this Website or to deliver, attempt to deliver, any unauthorized, harmful, or malicious code to this website. Anyone who tries to deliver or attempt to deliver any unauthorized or damaging or malicious code to this Website, or attempts or attempts to gain unauthorized access to any page of this Website, will be criminally liable. SMS Local may also be subject to civil damages.
  4. If a User wants to replace an employee/person using a SMS Local account that belongs to them and to block the individual from accessing the account’s details, the account holder must inform SMS Local by writing. SMS Local can refuse to follow instructions from an account holder if the account owner fails to provide enough proof of its identity and the authority of the person claiming to represent it. SMS Local will not be liable to the account holders or individuals requesting such action. SMS Local cannot rely on any information submitted by anyone claiming to represent the account holder.
  5. If a person wants to file a complaint about a User’s use of the Services in a manner that violates the rights or property rights of another person, they must provide SMS Local a written notice stating:

 

  • The full name and address of the complainant
  • The electronic or written signature of the complainant
  • Identification of the allegedly infringing right or the code or law of conduct that is alleged to have been violated
  • Identification of material or activity claimed to be subject to illegal activity
  • The service provider must take the necessary remedial actions to resolve the complaint.
  • If possible, the contact information for the complainant can be reached by telephone or electronically
  • A declaration that the complainant acts in good faith.
  • An acknowledgment by the complainant that the information contained in the complaint is true and correct. SMS Local will also accept an indemnity from the complainant for any misrepresentation or the wrongful suspension or termination of any SMS Local Services in response to the complaints.
  1. Anyone who files a notification of illegal activity with a service provider knowing that it materially misrepresents facts can be held liable for damages for any wrongful suspension of or deactivation. SMS Local is not responsible for any damages or other liabilities that may result from the illegal suspension of or deactivation of services as a response to such notifications. Users agree and acknowledge this.
  2. SMS Local cannot authorize the transfer of an account to SMS Local from one person or another. SMS Local will consent to the transfer. The new account holder shall update all details accordingly. A new account must be created if the Username contains the trademark or name of the previous person.
  3. SMS Local will contact the user’s existing email address or telephone number if the user forgets their password or has changed their contact details (e-mail, mobile number, password recovery) in the event the User requests a password, mobile number, or e-mail address change. If the request is not answered or confirmed, the User will be asked to re-register. Further, the User acknowledges that SMS Local may approve the request and issue a new password to that person. SMS Local is not responsible for any damage or breaches of privacy, security, or confidentiality, such as unauthorized access to the user’s email account or telephone.

8. Privacy

  1. SMS Local will not monitor, copy, or disclose User messages or personal data about the User, SMS Local account or phonebook, or MSISDN without the User’s permission. SMS Local may also refuse to comply with any legal requirements or co-operate with or comply with investigations, summonses, and subpoenas. SMS Local may also enforce these terms and conditions,and  protect SMS Local’s reputation, business, and reputation. SMS Local can access the User’s account and messages to resolve technical or service issues. SMS Local may also communicate with the User for information, including updates, notices, and other information.
  2. The sender’s identity is available to recipients of messages. This information will be provided on request.
  3. SMS Local users agree to allow SMS Local to use website visitors’ and non-identifiable account usage information for statistical and analytic purposes. SMS Local uses Google Analytics to provide its audience reporting and remarketing services. SMS Local will not share or process any data that could allow any third party to identify individuals when using these services. Accepting these terms of service, users agree that SMS Local can use and share their de-personalized data for theanalytics mentioned aboves purposes.
  4. Users agree not to violate privacy laws, regulations, codes of conduct, or any applicable codes of behavior relating to the protection and use of personal information of End Users, including names, addresses, and email addresses. They also agree not to disclose personal information about End Users to third parties without their express consent or as permitted or required by law.
  5. SMS Local may transfer personal data from any EU member state to SMS Local in non-EU member states for processing. SMS Local will also process personal data from any state or union state whose laws prohibit the transfer or use of personal data outside of that state or union. SMS Local shall ensure that appropriate technical and organizational security measures have been in place to comply with these laws. SMS Local will protect the data against any accidental or unlawful destruction or loss, alteration, disclosure, access, or any other illegal form of data processing. To view the SMS Local Privacy Policy, please click.
  6. SMS Local does not collect credit card information. SMS Local uses third-party payment gateways to handle credit card details.

 

9. Prices and Payment

  1. Each message that is sent by users will require credits to be purchased. The message destination, the route used, and Network Operator charges will determine the number of credits required for each message. The Website will indicate the number of credits per message, which can be changed at any time. The cost of credit includes SMS Local database hosting, User Support, and expenses for message handling unless otherwise stated in writing.
  2. SMS Local charges are located online at www.SMS Local.com/pricing/ and may be provided as a schedule to any other format of these terms and conditions. Network Operators may charge different amounts for their services and for using their networks. These charges may vary for each Network Operator and may be changed by Network Operators without notice to SMS Local and its Users. SMS Local reserves the right to change its SMS message charges at any time without informing users. SMS Local reserves the right to increase the number of credits per message if a Network Operator introduces reciprocal fees.
  3. Modality of payment: You can pay by Visa, MasterCard or Diners or American Express Cards, or electronically into your SMS Local account. Details will be provided upon request. Or, you may deposit a cheque. All charges incurred by the User’s bank in making a payment are for his account.
  4. SMS Local credits loading: SMS Local charges the user’s account with credits to reflect the transaction amount. For approved credit card payments, the loading of recognition takes place immediately. Credits are automatically loaded to the user’s account when the SMS Local transaction clears in their bank account. Successful loading of purchased credit is confirmed by the reflectance of the trade and credits on the User’s account.
  5. Payment security: SMS Local uses secure third-party gateways such as Moneybookers and PayPal. Users also acknowledge and agree that SMS Local is not liable for any loss resulting from the use of any third-party gateways.
  6. Cooling-off Periods: SMS Local will comply with all cooling-off periods required by law. A User can cancel an order at any time by paying an administrative fee of up to 7% of the total transaction amount.
  7. SMS Local may suspend or disable any user account or provide services to any user if they fail to pay all charges by the due date or if SMS Local suspects that a fraudulent payment was made.

10. User Obligations and Warranties

  1. The users warrant that:
  • Any recipients of commercial messages must have had a prior commercial relationship with the user and can reasonably expect to be sent marketing communications by the originator.
  • They shall adhere to all applicable laws, regulations, and Network Operator requirements.
  • To ensure that complaints are directed to them, they will include their contact details and identifying information in the messages.
  • They will not send abusive, harassing, or threatening messages to End Users or other persons.
  • They will not commit any fraud in connection with any Services or payments.

2. All subscription services that an End User debits or bills regularly, without explicitly confirming each transaction, individual program, and application, must be provided on an “opt-in” base. Each User must provide an easy-to-use and conspicuous way for End Users to opt-out of any subscription, program, or application.

11.  Breach

  1. If a User violates any of these terms, including those relating to the payment to SMS Local, SMS Local shall have the right to: cancel the agreement with the user; suspend or terminate the provision of services to the user; suspend, disable, or remove the account/s of the user; sue the User for specific performance; claim damages and retain any money paid by the Users in respect of services it has not used by it as damages and set off any claims SMS Local may bring against the User from any amounts due to the SMS LocalMS.
  2. SMS Local reserves all rights to suspend or terminate a User’s account for violating these terms. SMS Local may also stop or terminate accounts registered by or on behalf of such User. SMS Local may also stop or terminate accounts registered by anyone SMS Local believes to be affiliated with the User.

 

12. Limitation of liability, Warranties, & Indemnities

  1. SMS Local INDEMNIFIES THE USER AND HOLDS BULK SIMPLE HARMLESS FROM ANY AND ALL DAMAGES. LIABILITIES, FINES, AND RISKS THAT MAY RESULT FROM THE TRANSGRESSION OF THESE TERMS.
  2. SMS Local IS NOT LIABLE FOR ANY DAMAGES, LOSSES, OR LIABILITY OF ANY NATURE RESULTING FROM THE USE, INABILITY, OR ACCESS TO THE WEBSITE, THE SERVICES, OR ANY CONTENT PROVIDED THROUGH AND FROM THE WEBSITE.
  3. SMS Local does not warrant or make any representations that the technology and content available on the website are error-free or uninterrupted.
  4. These terms and conditions, along with any other contractual documents that may be mentioned, contain all terms of the agreement between SMS Local and the User.
  5. The Services and Website are provided “as-is” and may not be tailored to the User’s specific requirements. SMS Local disclaims any representations or warranties regarding the Services, whether express, implied, statutory, or otherwise. This includes warranties of merchantability, fitness for a specific purpose, and warranty merchantability. SMS Local assumes that the User will satisfy all requirements regarding the Services and Website. This includes compatibility with the user’s hardware, software, and message receiver handsets.
  6. SMS Local will indemnify and hold users harmless from any third-party claim, including those of message recipients or End Users. However, the above cannot be attributed to SMS Local’s gross negligence or fraudulent acts.
  7. SMS Local will indemnify the Users from any damages, awards, or penalties incurred by any party due to any action, commission, or omission of the User, which constitutes a violation of any legislation, regulation, code of conduct, network provider codes, practice, or acceptable usage policies.
  8. SMS Local shall prevail in any legal action between the User and SMS Local. The successful party will be entitled to reimbursement of reasonable legal expenses incurred by it to enforce its rights on an attorney-client scale.
  9. SMS Local is further indemnified and held harmless by the Users from any claims, actions, or damages arising from fraudulent or unauthorized use or loss of their Username and Password.
  10. SMS Local is not liable for damages whatsoever. This includes, but is not limited to, any indirect, special consequential, punitive, or incidental damages or damages for loss of use, profits, or data.
  11. The User may not deviate from the above provisions or limit their application. However, if a valid claim is made against SMS Local for Services provided under these terms & conditions, the User’s share will be limited to the payment amount of the Services the subject of the claim within the month preceding any such claim.

13. General

Failure by either party to exercise any of the rights provided herein will not constitute a waiver of any other rights. Any provision of these terms or conditions that is unenforceable or invalid shall be removed from the rest. These invalidities or unenforceability shall not affect the validity and enforceability of any remaining terms and conditions. They shall still be applicable and enforceable.

14. Disclosure of Information

  1. SMS Local’ full legal name is Celerity Systems (Pty) Ltd. Company registration number 2000/005883/07. is the name of the SMS Local legal entity you have contracted for the provision of Services in your area.
  2. These terms and conditions apply to all SMS Local websites, SMS Local.com included. They may be viewed on any page or portion of the website.
  3. Company directors: Dr. Pieter E. Streicher, Richard J. B. Simpson.
  4. For legal service, the physical address is 1st Floor Marriott Hotel, Crystal Towers, Cnr Century Boulevard, Rialto Rd Grand Moorings Precinct Century City, Cape Town 7441, South Africa. is address of SMS Local outside South Africa.
  5. Main business: SMS Local, a company in the Mobile Application Service Provider sector, provides business messaging services and solutions, including SMS messaging.
  6. Taxes/currencies/payment methods: The User shall be liable to make payment of any value-added tax, general sales tax, or other taxes applicable to the services in the User’s jurisdiction and at the relevant rates. The User’s transaction currency shall be the SMS Local legal entity in which the user transacts. All prices advertised or displayed are shown exclusive of taxes unless otherwise stated.
  7. Record of transactions: SMS Local may provide catalogs of transactions upon request. You can also access them online on the Credit History page.

 

15. Proprietary rights

  1. SMS Local owns or licenses all content, trademarks, data, and images on this website. This includes software, databases, and text. All rights to any intellectual property on this website are subject to the rights granted to the user.
  2. SMS Local grants a User an individual, non-sublicensable and non-exclusive license (“the License”) to access its proprietary software and app service in object code format only. It may only be used in conjunction with the applicable Services and accordance with any User documentation. The User may not, directly or indirectly, reverse engineer, decompile, disassemble or otherwise attempt to establish the source code or underlying ideas or algorithms of the software; modify, translate, or create derivative works based on the software/application; copy (except for archival purposes), rent, lease, distribute, assign, or otherwise transfer rights to the software/application; use the software/application for timesharing or service bureau purposes or otherwise for the benefit of a third party; or remove any proprietary notices or labels about SMS Local products and services. SMS Local and its licensed licensors are the owners of all proprietary applications, software, intellectual properties, and any copies or other rights therein. This License will expire upon termination of the Services. The User must destroy all software and applications it has in its possession. Software and applications are provided “as-is” and subject to the Service warranty disclaimers, limitations of liability, and other terms and conditions. The User is responsible for testing the Services if they choose before entering into this agreement.
  3. Without the written consent of SMS Local, users may not use or exploit content from the Website for commercial and non-private purposes.

17. Looking for Technology?

  1. Except for good-faith search engines operators and the use of the search facility on the Website, no one may use or attempt service any technology or application (including web crawlers, robots or web spiders) to search, collect, copy or extract content from the Website without the prior written permission of SMS Local.
  2. If such technology results in slowing down the Website’s servers or copyright infringements of data or information, it is prohibited from using non-malicious search technologies, such as web-crawlers or web-spiders, to search for and gain information on this Website. These terms and conditions apply to data and information. Names, fax numbers, and telephone numbers may not be included in any electronic or direct marketing database. SMS Local does not grant permission to use information from the Website to send SMS Local unwelcome communications, even though such information might be published as SMS Local contact information.
  3. Except for good-faith search engines operators and the use of the search facility on the Website, no one may use or attempt service any technology or application (including web crawlers, robots or web spiders) to search, collect, copy or extract content from the Website without the prior written permission of SMS Local.
  4. If such technology results in slowing down the Website’s servers or copyright infringements of data or information, it is prohibited from using non-malicious search technologies, such as web-crawlers or web-spiders, to search for and gain information on this Website. These terms and conditions apply to data and information. Names, fax numbers, and telephone numbers may not be included in any electronic or direct marketing database. SMS Local does not grant permission to use information from the Website to send SMS Local unwelcome communications, even though such information might be published as SMS Local contact information.

18. Application of Law

These terms and conditions will be governed, construed, and interpreted according to the laws of South Africa. The South African courts shall have sole jurisdiction over disputes between SMS Local and the User.

19.Entire Agreement

These terms and conditions are the entirety of the agreement between SMS Local, the User, and SMS Local.

20. Contact Information / Domicilium Citandi Et Executandi

You can contact us at this address if you have any questions or queries.
Address:
1st Floor Marriott Hotel, Crystal Towers, Cnr Century Boulevard, Rialto Rd Grand Moorings Precinct Century City, Cape Town 7441, South Africa

Postal Address
P.O. Box 1263, Milnerton, 7435, South Africa.

Telephone: +27 (0) 21 528 3420
Telefax: +27 (0) 21 552 2848
Email: info@SMS Local.com

Data Protection Addendum

Referring to GDPR Article 28. Incorporating Standard Clauses Contractual Clauses For Controller to Processor Transfers Personal Data from the EEA To a Third Country. Sub-Processing by Article 24(4).

Last updated on 20 August 2018.

This Agreement was last updated on 20 Aug 2018. For versions before this one, click here.

Download the Data Protection Addendum PDF to get your signature and records, if necessary.

This Data Protection Addendum (or “Addendum”) covers the processing of Personal Data under the EU General Data Protection Regulation 2016./679. It is part of the SMS Local Standard Terms Terms and Conditions (the “Standard Terms And Conditions”) to be entered between SMS Local (the “Client”), acting on its behalf and as an agent of each Client Affiliate. The agreement shall take effect at the above date or by 25 May 2018.

This Addendum will use the terms as defined below. The Standard Terms and Conditions shall apply to capitalized terms not defined elsewhere. The Standard Terms and Conditions will remain in full force and effect, except as may be modified below.

SMS Local, the Client, and their mutual obligations herein agree to add the following terms and conditions as an Addendum. Except where otherwise required by context, all references to this Addendum to Standard Terms & Conditions refer to the Standard Terms & Conditions as amended or including this Addendum.

1.Interpretation

This Addendum shall give the same meanings to the terms “Commission,” Data Subject,” Member State,” Personal Data Breach,” Processing, and “Supervisory Authorities” as in the GDPR. The following terms shall be given the meanings:

  1. “Applicable Laws” refers to (a) European Union and Member State laws relating to Personal Data that Client Group Members are subject to EU Data Protection Laws and (b) any other applicable law relating to Personal Data that Client Group Members are subject to other Data Protection Laws.
  2. “Client Affiliate” refers to an entity that is or has been owned or controlled or is under common control with the Client. Control is defined as direct or indirect possession of the power to direct the management and policies, either through shareholding ownership or contract.
  3. “Client group member” refers to Client or any Client Affiliate.
  4. “Personal Data” is any Personal Data Processed by a Contracted Processor for a Client Group Member by or in connection to the Standard Terms and Conditions;
  5. SMS Local or a Subprocessor, is referred to as a “Contracted Processor.”
  6. “Controller” refers to a controller, as defined by Article 4 GDPR.
  7. “Data Protection Laws” refers to EU Data Protection Laws and, where applicable, any data protection or privacy laws from any other country.
  8. The European Economic Area is also known as “EEA.”
  9. “EU Data Protection Laws” refers to EU Directive 95/46/EC as transposed into national legislation in each Member State. It can be amended, replaced, or superseded as needed, including by the GDPR or laws implementing or supplementing it.
  10. “GDPR” means EU General Data Protection Regulation 2016/679;
  11. “Personal Data” is Personal Data, as defined by Article 4 of GDPR. It refers to Personal Data that is processed on behalf of Client Group Members pursuant to or in connection to the Standard Terms and Conditions.

 

 

  1. “Restricted Transfer” means:
  1. A transfer of Personal Data from any Client Member to a Contracted Processor;
  2. An onward transfer of Personal Data from a Contract Processor to another Contracted Processor or between two establishments, a Constructed Processor
  1. In each case, if such transfer is prohibited by Data Protection Laws (or the terms of data transfers agreements that are in place to address data transfer restrictions under Data Protection Laws), in which case the Standard Contractual Clauses are required to be established in section 6.4.3 or 12, depending on the subject;
  2. “Services” refers to short messaging services and other services provided to SMS Local Client Group Members or for them under the Standard Terms & Conditions.
  3. “Standard contractual clauses” refers to the clauses in Annexure 2 that have been amended in square brackets or italics as specified in that Annexure. Also, see section 13.4 for further details.
  4. Subprocessors are any person, including any third-party and any SMS Local Affiliate but not an employee of SMS Local and its sub-contractors, who is appointed by SMS Local to Process Personal Data for any Client Group Member under the Standard Terms and Condition; and
  5. SMS Local Affiliate is an entity that is or has been owned or controlled by SMS Local. Control is defined as direct or indirect possession of the power to direct the management or policies of an entity. This can be done through the ownership of voting securities or any other means.

The term “include” is to be understood as to include without limitation. Related words will be interpreted accordingly.

Authority

SMS Local warrants that any SMS Local affiliate processing Personal Data for any Client Group Member will have SMS Local’s entry in this Addendum as an agent of that SMS Local affiliate been properly authorized (or shall be later ratified)

2. Personal Data Processing

  1. SMS Local, each SMS Local Affiliate shall be:
  1. Respect all applicable Data Protection Laws for the Processing of Personal Data.
  2. If Processing Personal Data is required by Applicable Laws, SMS Local and the relevant SMS Local Affiliate need it to be done, SMS Local will inform the Client Group Member.

2. Each Client Group Member:

  1. SMS Local instructs each SMS Local Affiliate and SMS Local (and SMS Local authorizes each SMS Local Affiliate and SMS Local to instruct each Subprocessor)
  2. Process Personal Data
  3. Transfer of Personal Data to any country, territory, or region, in particular, is prohibited.
  4. As reasonably necessary to provide the Services, taking into account, among other things the nature of global messaging service and telecommunications networks, and by the Standard Terms & Conditions.
  5. It warrants and represents it is authorized and will continue to be duly and effectively authorized to provide the instructions set out in section 3.2.1 for each Client Affiliate.
  1. In each case, if such transfer is prohibited by Data Protection Laws (or the terms of data transfers agreements that are in place to address data transfer restrictions under Data Protection Laws), in which case the Standard Contractual Clauses are required to be established in section 6.4.3 or 12, depending on the subject; “Services” refers to short messaging services and other services provided to SMS Local Client Group Members or for them under the Standard Terms & Conditions.
  2. “Standard contractual clauses” refers to the clauses in Annexure 2 that have been amended in square brackets or italics as specified in that Annexure. Also, see section 13.4 for further details.
  3. Subprocessors are any person, including any third-party and any SMS Local Affiliate but not an employee of SMS Local and its sub-contractors, who is appointed by SMS Local to Process Personal Data for any Client Group Member under the Standard Terms and Condition; and
  4. SMS Local Affiliate is an entity that is or has been owned or controlled by SMS Local. Control is defined as direct or indirect possession of the power to direct the management or policies of an entity. This can be done through the ownership of voting securities or any other means.
  5. Annex 1 of this Addendum contains specific information about the processing of Personal Data by Contracted Processors as required under Article 28(3) GDPR. SMS Local may be notified by the client to make any reasonable changes to Annexure 1. Annexure 1 and any amendments made under section 3.3 do not confer any rights or impose any obligations on any party.

3. SMS Local affiliate personnel

SMS Local Affiliates shall take reasonable steps to ensure the reliability and security of any Contracted Processor’s employee, agent, or contractor. Access to Personal Data will be restricted to those who are strictly required to understand and access it for the purposes and compliance with applicable laws in the context of their duties to the Contracted Processor. Such individuals must sign confidentiality agreements or comply with professional or statutory confidentiality obligations.

4. Security

  1. Consider all relevant technological developments, including messaging services and telecommunications protocols. The costs of implementation, the nature, scope, and purposes of processing, as well as the risk to the rights and freedoms of natural persons, SMS Local, each SMS Local Affiliate, shall implement appropriate technical, organizational, and administrative measures about Personal Data to ensure that the level of security is relevant to that risk.
  2. SMS Local shall consider the security risks presented by Processing in determining the appropriate level of security.

5. Subprocessing

  1. SMS Local can be engaged to process Personal Data from Client Group Members acting as processors engaged by Controllers or other processors of Personal Data in the context of Article 28(4) GDPR.
  1. The Client Group Member warrants that it has the legal authority and right to engage SMS Local in this manner or to give SMS Local access to the Personal Data;
  2. All of SMS Local’s obligations, guarantees, and undertakings in this Addendum will apply equally to any processing of such data.
  1. SMS Local’s rights under section 6.7 are not limited. SMS Local or each SMS Local affiliate may continue to use the Subprocessors SMS Local has already engaged as of the Addendum. SMS Local, each SMS Local affiliate must meet the obligations in section6.5.
  2. SMS Local must notify the Client in writing of the appointment of any Subprocessor. This notification shall include details about the processing that will be performed by the Subprocessor as well as the date when such work is expected to begin. SMS Local and any SMS Local Affiliate will not appoint or disclose Personal Data to any client who has not notified SMS Local of their objections to the proposed appointment.
  3. For each Subprocessor, SMS Local and the relevant SMS Local Affiliate shall be:
  1. Before the Subprocessor processes Personal Data, or, where applicable, in accordance with section 6.2, do adequate due diligence. This will ensure that the Subprocessor can provide the level of protection required by the Standard Terms & Conditions.
  2. Make sure that any arrangement between SMS Local or the SMS Local Affiliate or the Subprocessor is governed by written terms. These terms must offer Personal Data protection at the minimum level as the Addendum provides and comply with the GDPR’s requirements.
  3. If the arrangement is restricted, ensure the Standard Contractual Clauses of the SMS Local or the relevant SMS Local Affiliate or (c) between the intermediate Subprocessors. On the other hand, the Subprocessor, or before the Subprocessor processes Personal Data procures that it enters into an Agreement incorporating the Standard Contractual Clauses (and Client shall procure each Client Affiliate party any such Standard Contractual Clauses to their population and execution);
  4. The client may request to review copies of the Contracted Processors agreements with Subprocessors. These may need to be redacted to remove commercial information that is not relevant to this Addendum.
  1. SMS Local shall ensure that each SMS Local Affiliate performs the obligations outlined in sections 3.1 to 5, 7.1 to 8.2, 9, and 11.1 as they relate to the Process of Personal Data performed by that Subprocessor as if it were a party to this Addendum.
  2. Each Member of the Client Group acknowledges and agrees, about the transmissions of short messaging services in particular, that such services can involve the near-instantaneous transmissions of Personal Data across multiple networks from the point at which a message is transmitted from the message originator/message originating system to its ultimate recipient. SMS Local’ obligations under clauses 6.3 through 6.6 will not apply to all network operators or electronic communications service providers involved in the simple transmission of short messages.

 

6. Data Subject Rights

  1. SMS Local shall depending on the nature of the Processing and the SMS Local Affiliate, assist each Client Group Member in implementing the appropriate technical and organizational measures to fulfill the Client’s obligations to respond to Client’s requests for Data Subject rights under Data Protection Laws.
  2. SMS Local will:
  1. If any Contracted Processor is notified promptly by Client of a request by a Data Subject under any Data Protection Law, in respect to Personal Data;
  2. Ensure that the Contracted Processor doesn’t respond to this request except as per the written instructions of Client or Client Affiliate or as required under Applicable Laws. SMS Local will inform the Client about that legal requirement before the Contracted Processor responding to the request.

7. Breach of Personal Data

  1. SMS Local shall immediately notify the Client if SMS Local or any Subprocessor becomes aware of a Personal Data Breach that affects Personal Data. The client will be provided with sufficient information to enable each Client Group Member to meet their obligations under the Data Protection Laws to inform or report the Personal Data Breach.
  2. SMS Local will cooperate with Client and Client Group Members and take reasonable commercial steps to help the Client in the investigation, mitigation, and remediation of each Personal Data Breach.

8.Prior Consultation and Assessment of Data Protection Impact

SMS Local shall assist each SMS Local Affiliate with any data protection impact assessments and prior consultations of Supervising Authorities and other competent data privacy authorities that Client reasonably considers necessary for any Client Group Members under article 35 or 36 GDPR or equivalent provisions in any other Data Protection Law. Each case will only concern the Processing of Personal Data by the Contracted Processors.

9.Personal Data can be deleted or returned

  1. SMS Local shall, subject to sections 10.2 and 10.3 SMS Local, promptly delete all Personal Data and obtain their deletion upon request from the Client. This is done within 180 days after the date of cessation for any Services involving Personal Data Processing (the “Cessation Date”)
  2. The Client may, subject to section 10.3, request SMS Local and any SMS Local Affiliate within 7 days from the Cessation Date to (a) Return a complete copy of all Personal Data to the Client in such a way and such format that SMS Local determines to be reasonable; and (b). Delete and obtain the deletion of any other Personal Data processed by any Contracted Processor. Any written request from SMS Local or any SMS Local Affiliate must be responded to within 30 days.
  3. Each Contracted Processor can retain Personal Data only by applicable laws and industry codes to which SMS Local is subject. This is always provided that SMS Local and every SMS Local Affiliate shall ensure confidentiality and that Personal Data is only processed for the purposes and not for any other purpose.
  4. SMS Local will, upon request, give written certification to the client that it and all SMS Local affiliates have fully met this section 10. This must be done within 30 days.

10. Audit rights

  1. SMS Local shall provide all information required to comply with this Addendum to every Client Group Member. SMS Local and each SMS Local Affiliate shall also make available on request any Client Group Members or any auditor mandated by Client Group Members about the Processing of Personal Data by the Contracted Processors.
  2. The Client Group Members have no information or audit rights under section 11.1 of the Standard Terms and Conditions do not give them any other information or audit rights that meet the applicable requirements of Data Protection Law (including Article 28(3)(h), where applicable).
  3. An auditor may be mandated by a Client Group Member only if the auditor is listed in Annexure 3 of this Addendum. This list can be amended at any time by written agreement between the parties. SMS Local will not unreasonably withhold or delay the deal to add a new auditor.
  4. SMS Local shall notify the Client or relevant Client Affiliate of any audit to be performed under section 11.1; each mandated auditor shall make reasonable efforts to avoid any damage, injury, or disruption to the Contracted Processor’s premises, equipment, personnel, and business, while its personnel is there during such an inspection or audit. The Contracted Processor does not need to give its premises access for such an inspection or audit.
  1. To any person unless they produce reasonable evidence to establish identity and authority.
  2. Outside of regular business hours at these premises, unless the inspection or audit needs to be done on an emergency basis and SMS Local has been notified by the Client or the relevant Affiliate that the Client is undertaking an audit before attendance outside of those hours begins;
  3. For more than one inspection or audit, for each Contracted Processor in any calendar year, except any additional assessments or audits:
  1. Audit by the Client or the relevant Client Affiliate deemed necessary due to genuine concerns about SMS Local’s and the SMS Local Affiliate’s compliance;
  2. A Client Group Member must or is requested to comply with Data Protection Law, a Supervisory Authority, or any other regulatory authority responsible for the enforcement and compliance of Data Protection Laws in any territory or country.

4. If the Client or relevant Client Affiliate has raised concerns, the request or requirement in a notice to SMS Local/the applicable SMS Local Affiliate during the audit.

11. Transfers Restricted

  1. Each Client Group Member (as a “data exporter”) and each Contracted Processor (as a “data importer”) agree to the Standard Contractual Clauses as outlined in Annexure 2 about any Restricted Transfers from this Client Group Member to that contracted processor.
  2. Section 12.1 shall apply to the Standard Contractual Clauses on the latest of:
  1. The data exporter becomes a party to them
  2. The data importer becomes a party to them
  3. Start of the Restricted Transfer.
  1. If a Restricted Transfer is not allowed to occur, Section 12.1 will not apply.
  2. SMS Local warrants that the SMS Local Affiliate that is not a SMS Local Affiliate has been authorized to enter into the Standard Contractual Clauses section 12.1 and to agree to variations to those Standard Contractual Clauses section 13.4.1 as an agent for that Subprocessor.

12. Jurisdiction and governing law

  1. Without prejudice to clauses 7 and 9 (Mediation and Jurisdiction) of the Standard Contractual Clauses
  1. This Addendum’s parties at this moment agree to the Standard Terms and Condition’s choice of jurisdiction for any disputes or claims arising out of this Addendum.
  2. This Addendum, and any other non-contractual obligations or obligations that may arise from it, are governed according to the Standard Terms and Conditions.

2.Priority order

3.This Addendum does not reduce SMS Local’s obligation under the Standard Terms & Conditions to protect Personal Data. It also allows SMS Local and any SMS Local Affiliate to process Personal Data (or will enable the Processing of it) in a way that is prohibited by the Standard terms and conditions. The Standard Contractual Clauses will prevail in the event of any conflict between this Addendum or the Standard Contractual Clauses.

4.Except as provided in section 13.2, about the subject matter, if there are inconsistencies between this Addendum’s provisions and any other agreements between parties, including the Standard Terms & Conditions, and (except where signed on behalf of the party), contracts entered into or purportedly to be entered into after this Addendum’s date, the Addendum’s provisions shall prevail.5.Data Protection Laws Changes Clients may:

  1. SMS Local must be notified in writing within 30 calendar days of the date of any changes to the Standard Contractual Clauses. This includes any Standard Contractual Clauses that were entered into under section 12.1. These Standard Contractual Clauses apply to Restricted Transfers subject to a specific Data Protection Law.
  2. The client may propose any other modifications to this Addendum that which Client deems necessary to meet the Data Protection Law requirements.

5. If the Client notifies us under section 13.4.1:

  1. SMS Local shall immediately cooperate with each SMS Local Affiliate (and ensure that any Subprocessors affected promptly cooperate) to ensure that similar variations to any agreement under section 6.4.3 are made.
  2. SMS Local will not allow the client to withhold or delay consent to any substantial modifications to this Addendum. This is to protect the Contracted Processors from additional risks arising out of the variations under sections 13.4.1/or 13.5.1

6.The client must give notice under section 13.4.2. The parties will discuss the proposed variations promptly and negotiate in good-faith with a view toward agreeing and implementing the or alternative variations that address the Client’s requirements as soon as reasonably practicable. SMS Local reserves the right to refuse to accept any variation SMS Local doesn’t consider necessary to meet the needs of any Data Protection Law.

7.SMS Local and Client shall not require SMS Local Affiliates or Client Affiliates to approve or consent to any amendment to the Addendum under this section 13.5.Severance

8.If any part of this Addendum is invalid or unenforceable, the rest of this Addendum will remain in effect and valid. The invalid or unenforceable clause shall be amended in any way necessary to make it right and enforceable, keeping the parties’ intentions as close as possible. If this is impossible, the remainder of the Addendum will be interpreted as though the invalid or unenforceable portion had never been therein.

ANNEXURE 1. DETAILS OF THE PROCESSING OF THE COMPANY'S PERSONAL INFORMATION

This Annexure 1 contains specific details about the processing of personal data as required by Article 28(3) GDPR.

The subject matter and the duration of personal processing data

These Addendums and the Standard Terms and Conditions outline the subject matter and the time of the processing of personal data.

Personal Data Processing: The purpose and nature of the data processing

The provision and support of Application-to-Person (A2P) SMS messaging services.

What types of Personal Data will be processed

* Contact information (email, telephone number, mobile phone number, address, company) * First and last names * Title * Account information (user id, username, password) * Connection data (IP address) * Message data (message recipients’ personal data processed on the client’s behalf, identified by mobile number and including contact information for the recipient in the message body).

The Data Subjects to which the Personal Data is related

* Client * Message Recipients

Client and Client Affiliates’ obligations and rights

This Addendum and the Standard Terms and Conditions outline the obligations and rights of Clients and Client Affiliates.

ANNEXURE 2 STANDARD CONTRACTUAL CLAIMS

The Data Exporter (the client), as the data exporting organization, has entered into a Data Protect Addendum (“DPA”) agreement with the Data Importer, SMS Local, as the data processor, as each “party,” together “the parties.” These Contractual Clauses have been agreed upon by the parties to provide adequate protection for privacy and fundamental rights of individuals about the transfer of personal data from the data exporter to the data importer.

Background

The data importer and data exporter have entered into a data processing agreement (“DPA”). The DPA stipulates that the services offered by the data exporter may include the transfer of personal information to the data importer. The country where the data importer is located does not provide adequate data protection. The controller agrees to provide such Services to ensure compliance with Directive 95/46/EC, applicable data protection law, and subject to the execution and compliance by the data importer with these Clauses.

Clause 1 – Definitions

These are the purpose of the Clauses.

  1. ‘personal data, ‘special categories of data, ‘process/processing,’ ‘controller,’ ‘processor,’ ‘data subject,’ and ‘supervisory authority shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals about the processing of personal data and the free movement of such data;
  2. “The data exporter” refers to the person who transfers personal data, regardless of whether the controller is involved or not.
  3. “The data importer” refers to the processor who has agreed to receive personal data from the data exporter for him to process his data.
  4. “The subprocessor” refers to any processor engaged by the importer of data or any other subprocessor. They agree to receive personal data only intended for processing purposes from the exporter, according to his instructions, the Clauses, or the terms and conditions of the written contract.
  5. “The applicable data protection law” means legislation that protects the fundamental rights of individuals, and in particular their privacy, concerning processing personal data applicable to a controller in the Member state where the exporter is located.
  6. “Technical and organizational security precautions” refer to measures that are designed to protect personal data from an accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. This includes processing that involves the transmission of data over a network and all other illegal forms of processing.
Clause 2 – Details of the transfer

Appendix 1 is an integral part of these Clauses and contains details about the transfer, including special categories of personal information where applicable.

Clause 3 – Third-party beneficiary clause
  1. The data subject may enforce this Clause against the data exporter.
  2. If the data subject has lost or is no longer legally recognized by the data exporter, the data subject may enforce this clause against them.
  3. Data subjects can bring suit against subprocessors this Clause, Clause 5, Clause 6(a) to (e), and (g), as well as Clause 7, Clause 8, Clause 7(2), and Clauses 9-12 if both the importer and exporter have disappeared or become insolvent. If any successor entity assumes all legal obligations of the exporter either by contract or operation of law, the data subject may enforce those obligations against such entity. The subprocessor’s third-party liability shall not extend to its processing operations as per the Clauses.
  4. If the data subject expressly desires it and is legally allowed, the parties are not opposed to an association or another body representing a data subject.
Clause 4: Obligations of the data exporter

The data exporter agrees to warrant:

  1. The processing of personal data, including its transfer, complies with applicable data protection laws. It has not been reported to the authorities of the Member state where the exporter is located.
  2. It has instructed and will continue to lead, the data importer to handle the personal data transferred on behalf of the exporter and in compliance with the applicable data protection laws and the Clauses.
  3. The data importer must provide adequate guarantees regarding the technical and organizational security measures described in Appendix 2 of this contract.
  4. After assessing the requirements of the applicable law on data protection, it is clear that the security measures are appropriate for protecting personal data against accidental or illegal destruction, loss, alteration, or unauthorized disclosure, especially where the processing involves transmission over a network. These measures also ensure that the level of security is appropriate to the risk presented by the processing and the nature of the data being protected, taking into account the state-of-the-art and the cost of implementation.
  5. It will ensure compliance with security measures.
  6. If the transfer involves specific categories of data, the data subject was or will be informed before, or as soon after the transfer. The transfer could include data that is not adequately protected being transmitted to a country that does not provide adequate protection.
  7. If the data exporter wishes to suspend or continue the transfer, they must forward any notification from the subprocessor or data importer conformément to Clause 5b and Clause 8(3) to the data protection supervisor authority.
  8. To make available to data subjects, upon request, a copy of the Clauses (except Appendix 2) and a summary of the security measures. A copy of any contract for sub-processing services that must be made in compliance with the Clauses.
  9. Subprocessing means that the processing activity in the event of subprocessing is performed in accordance with Clause 11 by a subprocessor, which provides at least the same level of protection for personal data and rights as the importer of data under the Clauses.
  10. It will ensure compliance with Clause 4(a), (i).
Clause 5: Obligations of the data importer

The data importer agrees to warrant:

  1. To process personal data only for the exporter and by the clauses. If it is unable to provide such compliance, it agrees promptly to notify the exporter. In this case, the exporter has the right to suspend data transfer and terminate the contract.
  2. It has no reason to believe the legislation that applies to it hinders it from fulfilling its instructions from the data exporter and its obligations under the contract. If this legislation changes in a significant adverse way to the warranties and obligations provided in the Clauses, it will notify the data exporter promptly. The data exporter then has the right to suspend data transfer and terminate contract.
  3. It has taken the necessary technical and organizational security precautions before processing any personal data being transferred.
  4. It will notify the data exporter promptly about:
  1. Any legally binding request to the law enforcement authority for the disclosure of personal data, unless prohibited by law unless the law enforcement agency has a prohibition under criminal laws to protect the confidentiality of an investigation.
  2. Any accidental or unauthorized access to the computer,
  3. Any request that is directly received from data subjects, without responding to it, unless otherwise authorized.
  1. To promptly and professionally respond to all inquiries of the data exporter regarding its processing of personal data subject to transfer and to follow the advice of supervisory authorities concerning the processing of data transferred.
  2. At the request of the data importer, submit its data processing facilities to an audit of processing activities covered under the Clauses. This shall be done by the data exporter or an independent inspection body in possession of the required professional qualifications and bound by a duty for confidentiality.
  3. To make available to the data subject, upon request, a copy of any existing contract for sub processing of the Clauses.
  4. It has already informed the data exporter about sub processing and received its written consent.
  5. The processing services provided by the subprocessor comply with Clause 11.
  6. Send a copy of any subprocessor agreement that it has concluded under the Clauses promptly to the data exporter.
Clause 6 – Liability
  1. All parties agree that data subjects who have suffered harm. As a result of any breach of Clause 3 or Clause 11 by any party, subprocessor, or other party are entitled to compensation from the data exporter.
  2. A data subject cannot bring a claim for damages against the exporter if the importer or subprocessor has breached any obligations under Clause 3 or 11. If the exporter has disappeared or become insolvent in law, the importer agrees that the subject can file a claim against him as though it were the exporter. Unless any successor entity has assumed all legal obligations under contract or law, then the data subject can pursue its rights against such entity.
    Data importers may not use a subprocessor’s breach of their obligations to escape their liability.
  3. A data subject cannot bring a claim against a data exporter/data importer as they are not capable of doing so because the subprocessor has breached any of their obligations under Clause 3 or 11. If the exporter and importer have disappeared or become insolvent in law, the subprocessor agrees that the subject may file a claim against it for its processing operations under the Clauses. This applies unless any successor entity assumes all legal obligations of the exporter/importer either by contract or through the operation of law. The subprocessor’s liability is limited to the processing it has performed under the Clauses.
Clause 7 – Mediation and jurisdiction
  1. The data importer agrees to accept the decision made by the data subject if it invokes against itself third-party beneficiary rights or claims compensation for damages according to the Clauses
  1. Refer the dispute to mediation by an independent party or, where applicable, by the supervisory authorities.
  2. Refer the dispute to the courts of the Member State where the data exporter has been established.

2. Both parties agree that the data subject’s choice will not affect its substantive or procedural right to seek remedies according to other provisions of international or national law.

Clause 8 – Cooperation with supervisory agencies
  1. If the supervisory authority requests it or the law requires such a deposit, the data exporter will agree to deposit a copy.
  2. Both parties agree that the supervisory authorities have the right to audit the data importer and any subprocessor with the same scope as an audit of a data exporter by the applicable data protection laws.
  3. The data exporter must promptly notify the data importer of any legislation that may apply to it, or any subprocessor that would prevent the conduct of an audit. The data exporter may take the steps set out in Clause 5(b) in such cases.
Clause 9 – Governing Law

These Clauses will be governed according to the laws of the Member States in which the data exporter has been established.

Clause 10 – Variation of the contract

The Clauses will not be modified or altered by the parties. The parties may add clauses to business-related matters if necessary, provided they don’t contradict the Clause.

Clause 11 – Subprocessing
  1. Without the consent of the exporter, the data importer may not subcontract any processing operations it performs on behalf of the exporter under the Clauses. The approval of the data exporter is required for the data importer to subcontract its obligations under Clauses. This agreement must be in writing and impose the same obligations on subprocessors as the importer. If the subprocessor fails under the Clauses to meet its data protection obligations, the data importer will still be fully responsible to the data exporter for fulfilling the subprocessor’s obligations.
  2. A third-party beneficiary clause shall be included in the prior written contract between the data importer/subprocessor in cases where the data subject cannot bring the claim for compensation as outlined in Clause 1 because they have not been legally recognized or are no longer available. The subprocessor’s third-party liability shall be limited to the processing it performs under the Clauses.
  3. The law of the Member state in which the exporter of data is located will govern the provisions concerning data protection aspects for subprocessing the contract.
  4. The data exporter must keep a list listing subprocessing agreements concluded under the clauses. This list shall be notified by the importer pursuant to Clause 5 (j). It shall be updated at most once per year. The data exporter’s supervisory authority for data protection shall have access to the list.
Clause 12: Obligation following the cessation of personal data processing
  1. Both the parties agree that upon the termination of data processing services, the data importer (or the subprocessor) shall return all personal data transferred to them and any copies to them or destroy all personal data. If legislation prevents the importer from returning all or some personal information shared, it will certify that it has done so. The data importer guarantees that the personal data it has transferred will remain confidential and that it will cease to process any personal information that is transferred.
  2. The data importer and subprocessor agree that upon request from the data exporter or supervisory authority, it will submit their data processing facilities for audit under paragraph 1.
Appendix 1 to Standard Contractual Clauses

The parties have agreed to this Appendix as part of the Clauses.

Each Member State may add or modify any information required by this Appendix according to its national procedures.

Data exporter

Data exporter: The “Client,” as described in Data Protection Addendum. They are also referred to as “User” of services, as specified in the SMS Local Terms & Conditions.

Data importer

Celerity Systems Ltd, trading under the name SMS Local.com is the data importer.

Subjects of data

These are the categories of personal data that were transferred:

  • Client
  • Message Recipients

Data types

These are the categories of personal data that were transferred:

  • Contact information (email, telephone number, mobile phone number, address, company)
  • First and last names
  • Title
  • Account information (user id, username, password)
  • Connection data (IP address)
  • Message data (message recipients’ personal data processed for the client, identified via mobile phone number, and including contact information in the message body).

If necessary, special data categories.

These are the particular types of personal data that were transferred:

  • It is not applicable.

Processing operations

These basic processing activities will apply to personal data that are transferred:

  • Delivery of messages
  • Support for technical issues
  • Support for Connectivity
Appendix 2 of the Standard Contractual Clauses

The parties have agreed to this Appendix as part of the Clauses.

Description of the technical security and organizational measures taken by the data importer to comply with Clauses 4 (d) and 5 (c):

  1. We conduct a risk assessment of our processing to determine the level of security that we should implement.
  2. We consider both the current state of the art and the cost of implementation when deciding which measures to implement.
  3. We have a policy on information security, and we take the necessary steps to ensure that it is followed. We have other policies that we enforce and make sure they are followed.
  4. We ensure that our information security policies are regularly reviewed and improved.
  5. We have established basic technical controls, such as those required by established frameworks.
  6. We know that technical measures may be required depending on the circumstances of each case and the type of personal data being processed.
  7. When appropriate, we use encryption and pseudonymization.
  8. We know the importance of confidentiality, integrity, availability, and accessibility for personal data that we handle.
  9. We ensure that personal data is available for restoration during an incident, including by setting up a backup process.
  10. Regular testing and reviews are conducted on all measures to make sure they work. We also take note of the areas that need improvement.
  11. We follow industry codes of conduct when appropriate.
  12. We make sure that every data processor we use implements the appropriate organizational and technical measures.

ANNEXURE 3 - LIST OF MANDATED Auditors

SMS Local may be provided by the Client with a list or name of mandated auditors at the time of agreement to these terms or a later date.

SMS Local Privacy Statement

SMS Local understands the importance privacy protection. Our Privacy Policy outlines what personal information SMS Local may collect, and how we will use and protect that information.  
1. Introduction

SMS Local understands the importance of privacy protection. SMS Local recognizes the importance of protecting privacy. Our Privacy Policy outlines what personal information we may gather and how we use and protect that information. Except where otherwise indicated, our Privacy Policy applies to all registered and non-registered Users who use our messaging or other services as described in our standard Terms & Conditions. This includes visitors to any of our websites.

In this policy, “personal information” refers to any information that identifies or describes an identifiable individual. This includes their name, gender, reproductive and marital status, national or ethnic or social origins, sexual orientation, physical and mental health, disability, and conscience. It also includes information regarding the individual’s financial situation or related financial transactions in which they were involved.

2. Commitment to Privacy
2.1 Data Privacy Principles We are committed to protecting the confidentiality, integrity, and security of personal data. We will use all technical and organizational security precautions to ensure that confidential information we receive is protected from loss, destruction, damage, unauthorized access, processing, erasure and transfer, use modification, disclosure, or misuse. If any of the applicable data protection legislation or regulations regarding the data subject is not fully adhered to, we will not divulge personal data to anyone. We will make sure that your data is:
  1. a) Processed lawfully, fairly, and transparently about individuals
  2. b) Data collected for specific, explicit, and legitimate purposes. Further processing is not permitted for archiving purposes in the public interest, historical research purposes, or statistical purposes that are not incompatible with the original goals.
  3. c) relevant, adequate, and only what is required about the purposes for whom the personal data are processed.
  4. d) Accuracy and, where applicable, up-to-date; all reasonable steps must be taken to ensure that inaccurate personal data, taking into account the purposes for which they were processed, are deleted or rectified promptly
  5. e) stored in a format that allows identification of data subjects for no longer than necessary for the purposes of data processing; personal data may also be kept for more extended periods of time insofar personal data will only be used for archiving purposes in the public interest, scientific research purposes or statistical purposes subject the implementation of appropriate technical and organizational measures as required by applicable Law to protect individuals’ rights and freedoms;
  6. f) the processing is done in a way that ensures adequate security of personal data, including protection from unauthorized or illegal processing, as well as against accidental loss, destruction, or damage using appropriate technical and organizational measures.

2.2 Application of Principles

Our commitment to the above principles is reflected in the Services we offer. We recognize that the User’s phonebook, message content and MSISDNs that indicate to whom messages were sent or received, belong to them only. Also will not disclose any of this information to anyone without their written consent or unless required by law.

We recognize that recipients of messages have the right to know who sent them. This information will be provided to them upon request.

SMS Local will transfer personal data from any EU member state to SMS Local in non-EU member states for processing. It will also share personal data from any state or union state whose laws prohibit the transfer or use of personal data outside of that state or union state. SMS Local will ensure that appropriate technical and organizational security measures have been in place to comply with these laws. This will protect the data against accidental or unlawful destruction, loss, or alteration.

2.3 Personal data we might collect and process

To protect user accounts from unauthorized access, our Users may need to provide limited personal information, such as a username, email address, and password, when they access the Services. Additionally, third-party personal information may be contained in messages, files, or other data included in the Services.

Some information may be automatically recorded about your use of our Services, such as account activity (e.g., Usage, log-ins, and actions, data displayed or clicked on (e.g., GUI elements, links, and other log information (e.g., browser type, IP address, date/time of access)

This information may provide usage reports to authorized persons and internally to offer the best service possible to our clients.

We may also log the location and IP address of a User to help identify their time zone or geographic region. This is used to route traffic to servers in the same geographical area as the user’s notification sending tasks.
Our Services, including our website, other online services, and applications, email messages and advertisements, may use cookies and other technologies like pixel tags or web beacons to collect information. A cookie is a small file stored on your computer’s hard disk by the web browser. Cookies and other technologies enable us to count the number of users who visited specific pages on our website and their preferences. They also allow us to measure the effectiveness and reach of electronic advertisements for different regions and computing devices.
This information is used to analyze and monitor trends, manage our websites, and track user behavior. Our Services’ functionality may be affected if a User blocks cookies being stored on their computer.
We may perform statistical, textual, and semantic analyses of non-personally identifiable data we have stored or processed in connection to our Services. This is done to improve performance, understand how our Services are used, identify market trends and usage patterns, gain insight, and create new products and services. We can also use personal data to anonymize, aggregate, and mask it so that it doesn’t reveal confidential, private, or sensitive information or any features which could lead to intimate, personal, or sensitive data. Without the consent of the person to whom we owe confidentiality duties and the data subject, we will not disclose confidential, personal, or sensitive data. At our discretion, anonymized data may be processed and transferred within SMS Local.

3. APIs and Third-Party processing

Any SMS Local service that acts as an Application Programming Interface (“API”) to specify how different software systems should interconnect with one another, or any SMS Local service that interacts with third-party APIs for the same purpose, may transmit and retrieve data between those APIs and the various software systems.
We may use third-party service providers to provide the Services. This includes retrieving and delivering information, records, or notifications to you or any User or hosting or providing any component. These third parties might be located outside your country. You consent to the transfer of your data, and that of any data subjects to us, across border in order to provide the Services. We only work with trusted third-party service providers that have privacy and security policies and procedures that provide at least the same level of protection as ourselves. You warrant that all the necessary permissions have been granted to us for this consent.
Third-party service providers and consultants may access data collected from Users of our Services. This is to help us deliver our Services. This data is only accessible to or used by these third-party service providers and consultants to offer the Services to us. They must also provide reasonable assurances about the security of the data. We may also share information that is not personally or uniquely identifiable with third-party analytics providers.

4. Communications with you

We may communicate with users, resellers, or other people via email and other messaging apps. You can opt-out of receiving promotional communications that are not directly related to the provision or use of the Services.

5. Information about minors

Minors are not eligible to have personally identifiable information collected by us. We will immediately delete any information that is found to have been collected unintentionally from a minor unless it is for a legitimate purpose related to the Services.

6. Revisions and Termination

The Privacy Policy can be updated at any time at our discretion. Any changes will be effective immediately upon posting to the site.
SMS Local may merge with or be acquired by another business. You acknowledge that your data could fall under the control and jurisdiction of another person.
SMS Local may retain certain portions of your data if you end your SMS Local relationship. This is to ensure that we meet our legal compliance obligations.

7. Questions and comments
Email support@smslocal.com if you have any questions, comments, or concerns regarding this Privacy Policy.

GDPR COMPLIANCE WHITE PERIOD PAPER

1. Introduction The General Data Protection Regulations (EU) of the European Union (“the GDPR”) place a wide range of obligations on both data controllers and data processors who process personal data of “data subjects” . This refers to identifiable natural persons as defined in Article 4 of GDPR. We act as both “data controllers” in our business (e.g., We act as both “data controllers” (e.g., we manage client data) or “data processors”.  Where we send messages to clients on their behalf, this includes “data processors” (e.g., This whitepaper on GDPR outlines the GDPR’s obligations and the steps taken to ensure compliance. 2. Lawfulness of Data Processing According to the GDPR, personal data may only be processed lawfully, fairly, and transparently to data subjects. We also ensure compliance with our legal obligations to only process data lawfully and fairly by regularly categorizing and inventorying personal data we hold or process. Additionally, we review our data privacy practices, including current technologies used to process personal data and deliver our services to clients. 1. Article 5 of the GDPR. All subsequent notes are shortened to the article reference. 2 Article 6. 2 Article 6. 2 3. 2. 4. Fair and transparent communications.  The GDPR demands that we communicate honestly and transparently with clients and data subjects about collecting and processing of personal data. 5 This is done by ensuring that personal data is clear, concise, and easily accessible. If the GDPR requires us to provide information to a person upon request about personal data processing6 and how such data might be disclosed, that information, along with a copy, is provided without delay and free of charge. We also notify the requester that they may file a complaint with a supervisory body if the response has not been satisfactory. When we collect personal data from a data subject directly as a controller.  The GDPR demands that we provide the following information to the requester: our identity, contact information for our company and our data protection officer; our purposes, and legal bases for processing personal data. Who the recipients or categories of recipients are of the personal data; and how they were obtained.8 3 Article 18. 4 Articles 24 & 25. 5 Article 12. 5 Article 12. 6 Article 15. 8 Article 7. 8 Article 7. 5. Rectification and erasure of data. We are required by the GDPR to correct any incorrect personal information upon request from the data subjects9; to erase personal data without undue delay if the data subject objects to the processing; to verify that the data subject’s objection is overruled by our legitimate grounds. To communicate any rectification or erasure or restriction of personal data to any recipients to whom we have disclosed it unless it is difficult or requires a disproportionate effort.12. Objections to Processing. The GDPR also requires us to stop processing personal data about a data subject if the subject objects unless there are compelling legitimate grounds that override the data subjects’ rights and interests. The data subject can object at any moment to processing of personal data for direct marketing purposes. This obligation is met by us, among other things, offering an automatic opt-out mechanism in all our marketing communications, including our newsletters and other communications. 13 Accessibility and interoperability of personal data The GDPR requires that personal data be made available to a subject upon request in a structured and commonly used format that can be transferred to another controller without hindrance.14 Our information systems that process personal data, including CSV files and SQL dumps, can export this data to standard machine-readable formats. We also allow clients to export their address book stored within our information system. 9 Article 16. 9 Article 16. 11 Article 18. 11 Article 18. 13 Article 21. 14 Article 20. 4 8. Fourth-Party Processing. When we act as data controllers and engage a third person to process data on our behalf. We are required by the GDPR only to use processors that provide sufficient guarantees to implement the appropriate technical and organizational steps to meet GDPR requirements. Where we act in the capacity of data processors, it is not allowed to employ another processor without the controller’s written permission. All data processing agreements must document the subject matter, duration, nature, purpose, and purpose of processing. 15. International Data Processing. If a part of our business is located outside the European Union and is processing personal data of EU subjects, we must record the subject matter to be processed, the nature, purpose, duration of the processing, as well as all contractual stipulations listed in Article 28(3)(a) to (g) of the GDPR. Our business will designate a representative from one of our European regional offices to serve as our EU Data Protection Rep subject to the United Kingdom’s expected departure from the European Union. We are not allowed to transfer personal data to third countries for processing under the GDPR unless they are also members of the European Union and bound to the GDPR or unless the EU has designated the third country as a country in trust or safe harbor. Data transfers to organizations not part of the EU or safe harbors where we have made contractual and other arrangements that the recipient organization will ensure that personal data protection is adequate and appropriate according to the GDPR standards. 17 Response to Data Breach 15 Article 28. 16 Article 27. 17 Articles 44-50. 18 Article 33. This obligation is met by us identifying all situations in which personal data could be transferred to recipients outside the European Union and entering into appropriate agreements (with receiving parties) that ensure that each such transfer has a data transfer process that meets the GDPR requirements. 5 11. 5 11. You can access our Promotion of Access to Information Policy manual via SMS Loca. 12. National Data Protection Authorities National Data Protection Authorities, or “DPA” for short, are independent public bodies that oversee and investigate the implementation of the GDPR in the EU Member States. Each EU Member State has one. The DPA in the EU Member state where your organization is located in your primary contact point for data protection issues. If your organization processes data in the different EU Member States or is part of a group of companies based in the different EU Member States, the DPA in another EU Member State may be your primary contact point. You can find a complete list of EU DPAs here. 13. Contact Information Data Protection Officer: SMS Local Data Protection Officer: Dr. Pieter Streicher. Managing Director, Grand Moorings Precinct Century City. Cape Town 7441 South Africa Tel.: +27 (0)21 552 6321 Fax.: +27 (0)21 552 2848 Email Privacy@SMS Local European data protection representative Dan Perrin. Product and Business Development UK: SMS Local Basepoint Business and Innovation Centre Metcalf Way Crawley. West Sussex RH11 7XX, West Sussex, West Sussex, West Sussex, West Sussex, West Sussex, West Sussex, West Sussex, West Sussex, West Sussex, West Sussex RH11 7XXXXXXXXXXXXXXXXX.

SMS Local is GDPR Ready

SMS Local is GDPR Ready Friday, 25 May 2018, marks the date that the General Data Protection Regulations of the European Union (GDPR) come into force. SMS Local is both a data processor and a controller for client data. We can confidently state that we are GDPR-ready. We want to assure all clients in the European Union (which includes clients in the United Kingdom up to Brexit) and clients outside the EU. They send SMS messages to recipients in the EU that we have put in place the necessary operational processes and technical systems to protect personal data. To meet the GDPR’s requirements, we have also updated our Terms & Conditions to include the Data Protection Addendum. The DPA contains the Standard Contractual Clauses (see Annexe 2 of the DPA) that allow for cross-border transfers of personal data between a country within the European Economic Area and a third country. SMS Local provides customer support and systems backups from our South African headquarters. Our SMS messaging services are further supported by a server in Ireland and a UK office. We have created a GDPR Page to assist clients in using our website. It contains all the GDPR resources. This page provides access to our agreements (the Data Protection Addendum, the Standard Contractual Clauses, and a GDPR Informationgraphic), as well as our GDPR updates. SMS Local’s GDPR readiness can be accessed by Dr. Pieter Streicher, our Data Protection Officer at SMS Local support@smslocal.com.

SMS Local.com's GDPR Compliance Update

SMS Local is busy preparing for the 25 May 2018 General Data Protection Regulations compliance deadline. The GDPR legislation applies to clients in EU member countries but is applicable to all clients sending SMS messages to EU recipients. This makes GDPR a global privacy system for processing personal data. More countries will align their data protection laws to the EU’s GDPR lead. We are finishing up our GDPR compliance readiness. SMS Local is both a controller of data for our clients and a processor when providing A2P SMS messaging platforms to allow our clients to send messages to their intended recipients. SMS Local has been included in our readiness process. We have completed our data impact assessment. We are now preparing our report on the data impact assessment. This resource can be shared with our clients. We also created a Data Protection Addendum and are updating SMS Local Terms & Conditions to reflect the DPA. This will take effect from 25 May 2018. We have also drafted a Data Protection Agreement based on EU’s model clauses for any supply-side contracts for data processing. As we prepare for GDPR, we have migrated EU-related data to EU-hosted servers. We continue to provide backup and business continuity redundancies via our South African operations. As such, our terms of service and Privacy Policy outline the protection of personal information when it is transferred between EU member countries and South Africa for the provision of our services. SMS Local’s compliance with GDPR can be accessed by Dr. Pieter Streicher, our Data Protection Officer at SMS Local.com privacy@SMS Local.com, or contact our offices.

SMS Local Ready for GDPR

  1. The General Data Protection Regulations of the European Union (GDPR) will come into effect on 25 May 2018. SMS Local wants to assure its clients that it is working towards compliance with GDPR before its enforcement date. The GDPR will replace Directive 95/46/EC, the EU Data Protection Directive that has been in force since December 1995. The EU Data Protection Directive provides guidelines to individual EU member countries on implementing their data protection laws. However, the GDPR covers all EU member states data protection regulations. The UK’s Data Protection Bill aims to apply the GDPR standards in the UK context, as the United Kingdom is due to leave the EU in March 2019. All clients in EU member countries are subject to GDPR. These regulations apply to all clients from EU countries who send SMS messages to recipients outside the EU. GDPR requires that organizations prioritize data protection and have technical and operational systems and processes in place to process personal data about natural persons. SMS Local GDPR requires us to secure, manage and process client data and have the appropriate organizational and technical measures in place for processing data via our SMS platform. SMS Local also needs to consider how we secure and process client data internationally when providing technical and business support related to our mobile messaging service. SMS Local wants to assure its client that it is on track to comply with GDPR. We have completed a GDPR readiness evaluation and are now building upon existing data protection policies. Operational and technical measures to comply with the GDPR requirements. We will make any functional or technical changes required by GDPR before May 2018. SMS Local’s compliance with GDPR can be accessed by Dr. Pieter Streicher, our Data Protection Officer at SMS Local.com privacy@SMS Local.com, or contact our offices.
    The General Data Protection Regulations of the European Union (GDPR) will come into effect on 25 May 2018. SMS Local wants to assure its clients that it is working towards compliance with GDPR before its enforcement date. The GDPR will replace Directive 95/46/EC, the EU Data Protection Directive that has been in force since December 1995. The EU Data Protection Directive provides guidelines to individual EU member countries on implementing their data protection laws. However, the GDPR covers all EU member states data protection regulations. The UK’s Data Protection Bill aims to apply the GDPR standards in the UK context, as the United Kingdom is due to leave the EU in March 2019. All clients in EU member countries are subject to GDPR. These regulations apply to all clients from EU countries who send SMS messages to recipients outside the EU. GDPR requires that organizations prioritize data protection and have technical and operational systems and processes in place to process personal data about natural persons. SMS Local GDPR requires us to secure, manage and process client data, and have the appropriate organizational and technical measures in place to allow data processing via our SMS platform. SMS Local also needs to consider how we secure process client data internationally when providing technical and business support related to our mobile messaging service. SMS Local wants to assure its client that it is on track to comply with GDPR. We have completed a GDPR readiness evaluation and are now building upon existing data protection policies, operational and technical measures to comply with the GDPR requirements. We will make any operational or technological changes required by GDPR before May 2018. SMS Local’s compliance with GDPR can be accessed by Dr. Pieter Streicher, our Data Protection Officer at SMS Local.com privacy@SMS Local.com, or contact our offices.

2. Priority order

3. This Addendum does not reduce SMS Local’s obligation under the Standard Terms & Conditions to protect Personal Data. It also allows SMS Local and any SMS Local Affiliate to process Personal Data (or will enable the Processing of it) in a way that is prohibited by the Standard terms and conditions. The Standard Contractual Clauses will prevail in the event of any conflict between this Addendum or the Standard Contractual Clauses.

4. Except as provided in section 13.2, about the subject matter, if there are inconsistencies between this Addendum’s provisions and any other agreements between parties, including the Standard Terms & Conditions, and (except where signed on behalf of the party), contracts entered into or purportedly to be entered into after this Addendum’s date, the Addendum’s provisions shall prevail.
Data Protection Laws Changes