GDPR

GDPR and data protection policy

Understand how Online SMS handles personal data in line with the General Data Protection Regulation and what you must do to keep recipients protected.

Who we are

Online SMS is operated by EADV S.R.L., Str. Rezervelor, Nr. 60, Com. Chiajna, Jud. Ilfov, Romania, VAT ID 52053911, Trade Registry number J2025046693001. We provide a software platform that helps organisations coordinate SMS communications using their own telecom agreements and devices.

Roles under GDPR

  1. For data related to your Online SMS account, billing details and platform usage analytics we act as data controller and determine why those data points are collected.
  2. For message content, recipient lists and delivery metadata you upload we act as data processor, acting solely on your documented instructions and within the limits of the contract.
  3. You remain responsible for identifying a lawful basis for messaging, informing recipients and complying with any sector-specific regulations in the markets where you operate.

Personal data we process

  1. Account data such as name, business identifiers, billing address, email and phone number collected during onboarding and support interactions.
  2. Technical telemetry including login history, IP addresses, device/browser identifiers and error logs used to maintain platform security and performance.
  3. Message datasets that you upload or generate, comprising recipient numbers, message content, sender IDs and delivery results, stored to execute your campaigns.

How we use personal data

  1. To create and administer user accounts, deliver contracted services and issue invoices.
  2. To monitor system reliability, prevent abuse, detect fraud and investigate security incidents.
  3. To provide customer assistance, product notifications and legally required communications.
  4. To generate anonymised or aggregated metrics that help improve platform features, without re-identifying individuals.

Lawful bases

  1. Contract performance for providing the core Online SMS functionality and customer support.
  2. Legal obligations for invoicing, taxation and responding to competent authorities.
  3. Legitimate interest in securing the service, preventing misuse and enhancing the user experience.
  4. Consent only where explicitly required, such as optional marketing updates you choose to receive.

Data retention

  1. Account and billing records are retained for the statutory periods applicable in Romania.
  2. Message content and recipient lists are kept for the duration of your active subscription and deleted or anonymised within 60 days after termination, unless earlier deletion is requested and technically feasible.
  3. Backup copies are overwritten on a rolling schedule and are accessible only to authorised personnel for disaster-recovery purposes.

Sharing and international transfers

  1. We engage vetted sub-processors (such as hosting, analytics and payment providers) based on data processing agreements that enforce GDPR-equivalent safeguards.
  2. Whenever data leaves the European Economic Area, we rely on adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms.
  3. Telecom operators only receive the routing information needed to deliver SMS messages, under the agreements you maintain with them.

Security measures

  1. Access to production systems is restricted to trained staff following role-based permissions and strong authentication.
  2. Data in transit is encrypted using TLS and sensitive data at rest is protected by industry-standard encryption mechanisms.
  3. We maintain logging, monitoring and incident response procedures to detect and respond to suspicious activity.

Your responsibilities

  1. Collect and store only the personal data needed for your campaign objectives and keep it accurate and up to date.
  2. Obtain verifiable consent or another appropriate legal basis from recipients before messaging them and honour their opt-out requests promptly.
  3. Configure your own devices and telecom accounts securely. Online SMS cannot be held liable for carrier-imposed limits, suspensions or penalties.
  4. Notify us without undue delay if you become aware of a breach affecting data processed through our platform.

Data subject rights

  1. Individuals can request access, rectification, deletion, restriction, portability or objection in relation to their personal data.
  2. When we receive a request concerning data we process as controller, we handle it directly and keep you informed if it affects your account.
  3. When requests relate to data where you are the controller, we will forward the request and reasonably assist you in fulfilling it.

Contact and DPO

For privacy inquiries, email [email protected] or write to EADV S.R.L., Str. Rezervelor, Nr. 60, Com. Chiajna, Jud. Ilfov, Romania. If you are not satisfied with our response, you may contact the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP).

Policy updates

We review this GDPR policy periodically to reflect regulatory guidance, technological changes or new services. Updated versions are published on this page with a revision date, and continued use of Online SMS signifies acceptance of the changes.