Our GDPR commitment
At smsmode©The protection of our applications and our customers' personal data is at the heart of our concerns.
We are committed to scrupulously complying with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data known as the General Data Protection Regulation (GDPR), la loi Informatique et Libertés n°78-06 du 6 janvier 1978 (as amended and in force), but also the recommendations and guidelines of the European Data Protection Supervisor (EDPS) and the Commission Nationale de l'Informatique et des libertés (CNIL) and to ensure the security and confidentiality of all the information you entrust to us.
To help us deploy a global compliance approach, PINT AVOCATS, a law firm specializing in intellectual and industrial property law and new technologies, is our DPO, registered as such with the CNIL, and supports us to ensure that our services not only comply with the letter of the current regulations, but also with their spirit.
In concrete terms, this means that we apply the principle of Privacy by Design right from the conception of our products and functionalities: every new feature is designed to respect users' privacy. Our team is trained in data protection best practices, and we have integrated strict internal processes to constantly monitor the compliance of our operations.
This commitment also translates into enhanced security measures and continuous improvement of our systems. Thanks to these efforts, smsmode© has obtained international certifications such as ISO 27001 (information security) and ISO 27701 (privacy management). These certifications attest to our high standards of data security and RGPD compliance, ensuring you that your data is in safe hands.


Fundamental principles of the RGPD
The RGPD is based on a few key principles that we respect on a daily basis when acting as data controller to guarantee the integrity of your data:
Transparency and legality
Your personal data is collected and used fairly, lawfully and transparently. We clearly inform you of the use made of your personal data, and ensure that we have a valid legal basis (such as your consent or the performance of a contract) for each processing operation.
Limited purpose
We collect your data for a precise, legitimate and explicit purpose. Your information will never be reused for purposes other than those stated or incompatible with the original reason for collection.
Data minimization
We only ask you for the information that is really necessary for the service we provide. In other words, we do not collect excessive amounts of data: we limit it to the strict minimum required to achieve the desired objective.
Accuracy
We take great care to ensure that your data is correct and up-to-date. If any information is found to be inaccurate, we will rectify it without delay in order to maintain the quality and reliability of our
databases.
Limited shelf life
We do not keep your data indefinitely. We keep it only as long as is necessary for the purposes for which it was collected, and then we delete it or make it anonymous. Precise retention periods are defined in advance for each type of data and in accordance with legal requirements.
Integrity and confidentiality
We implement appropriate security measures (technical and organizational) to protect your data against loss, alteration, disclosure or unauthorized access. The confidentiality of your information is our top priority. Our security measures meet or exceed the expectations of our ISO 27001 and 27701 certifications.
Accountability
smsmode© assumes full responsibility for the processing of your data. This means that we are able to demonstrate our compliance at all times. We maintain comprehensive documentation (internal policies, impact analyses, data processing registers, etc.) and raise the awareness of our teams to ensure constant compliance with regulations.
User rights
As a user or customer, you are the owner and actor of your own data. The RGPD gives you important rights that we are committed to respecting and facilitating:
- Right of access
You can ask us whether we hold any personal data about you and obtain a copy of this data, information about the purposes of processing, the categories of data concerned, etc. We will be happy to answer any questions you may have.
- Right of rectification
If your personal information is inaccurate or incomplete, you have the right to request that it be corrected or completed. We will update your data as soon as possible to ensure that it is accurate.
- Right to erasure ("right to be forgotten")
You may request the deletion of your personal data, for example if it is no longer required for the purposes for which it was collected. Subject to any legal retention obligations we may have, we will delete your information from our systems
at your request.
- Right to restrict processing
In certain cases, you can ask us to freeze the use of your data (for example, if you dispute the accuracy of the data or the lawfulness of the processing). This means that we will keep your data temporarily unused while we analyze the situation.
- Right to object
You have the right to object at any time, for reasons relating to your particular situation, to your data being processed in a specific way. In practical terms, this means you can refuse to receive commercial communications from us (opt-out). If your opt-out request concerns processing that is not essential to the provision of the service (such as canvassing), we will act on it immediately.
- Right to portability
You may ask to have your personal data recovered in a structured, commonly used and machine-readable format, or to have it transmitted directly to another provider where technically possible. This right enables you, for example, to retrieve your shipment history and import it into another service provider.
- Right to claim
If you feel that your rights are not being respected or that your data is not being processed in accordance with the regulations, you have the right to lodge a complaint with the competent supervisory authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés). However, we encourage you to contact us first with any questions or dissatisfaction: we will do our utmost to respond to your requests and resolve any problems that may arise.
- Exercising your rights
All these rights may be exercised at any time. To do so, simply contact us by sending an email to our DPO at smsmode, stating the subject of your request and providing proof of your identity. We will get back to you as soon as possible (maximum one month, in accordance with the RGPD) with an initial response or the implementation of the requested action depending on the case.
Our obligations as a subcontractor
When we process the data you entrust to us in connection with the provision of our services and the use of our platform, we act as a processor because we process the data on your behalf, and you are the controller.
In this context, we implement the obligations applicable to the processor to ensure that we present sufficient guarantees to enable you to comply with the RGPD.
Offering tools that respect personal data
We also ensure, by implementing the principles of privacy by design and privacy by default, that we offer you a platform that enables you to comply with the principles of the RGPD yourself.
Our platform allows you to process a minimum amount of data, some of which is optional, and to retain data for a limited period only (with regular purging of data passing through the platform).
We have also set up mechanisms to enable you to respect the rights of data subjects (blacklist, STOP SMS, etc.).
On request, we can assist you to the best of our ability in responding to requests for the exercise of personal rights, and will provide you with all the information you need to demonstrate compliance with these obligations and to enable audits to be carried out.
Draw up a clear contract
We have detailed in the appendix to our general terms and conditions of use and sale the obligations applicable in our relationship for the processing of this data, with all the clauses required by the RGPD.
This contract defines the object, duration, nature and purpose of the processing, as well as the categories of personal data and the categories of persons concerned, and specifies the conditions under which we ourselves may use subcontractors to provide you with our services.
List of our subcontractors
To provide you with a reliable, high-quality service, smsmode© relies on trusted technical partners. All our subcontractors are carefully selected for their commitment to safety, quality and reliability. GDPR compliance and data localization in Europe. Here are the main players involved (in the background) in the operation of our platform:
- Digital Realty / INTERXION
Data center provider in Europe. We host part of our infrastructure in the Digital Realty- Interxion MRS1 data center in Marseille, certified ISO 27001, guaranteeing a high level of physical and logical security.
- Scaleway
Data center and cloud computing operator in France. Our second hosting site is the Scaleway DC4 data center in Paris, also ISO 27001 certified. This geographical redundancy enables us to ensure the availability and resilience of your data while remaining on French soil.
- Evolix
French outsourcing and open source hosting company, based in Marseille. Evolix provides system administration and supervision for some of our servers. Thanks to their expertise, our technical environments are kept up to date, secure and efficient at all times.
- Alterway
French company specialized in cloud and infrastructure services. Alterway supports us in managing and optimizing our web platform, in particular by ensuring the application security and compliance of our development and production environments.
Each of these subcontractors is linked to smsmode© by a contract complying with Article 28 of the RGPD, including strict clauses of privacyof Data protection and safety. By working with them, we ensure that your data enjoys the same high standards throughout its life cycle, even when processed by these external partners.
Other telecom subcontractors
To consult the complete list of our subcontractors, send us an e-mail at smsmode
Safety measures
As indicated below, we have implemented enhanced security measures and obtained international certifications such as ISO 27001 (information security) and ISO 27701 (privacy management) on the perimeter of our platform. Our security measures are documented in our security policy and our Digital Security Management System Manual (MSMSN), available on request (under confidentiality agreement).
Data breach notification
Despite all our precautions, no one is completely safe from an incident. At smsmode©we have put in place a rigorous procedure for managing personal data breaches (data breaches). If an event likely to compromise your data occurs (e.g. unauthorized access, loss or leakage of data), we undertake to inform you without delay and to work with you to enable you to notify the incident to the CNIL if applicable.
- Take immediate corrective action to limit the impact of the incident and prevent it from happening again. This may include securing affected systems, restoring data from our backups, and conducting a post-incident audit to improve our protections if necessary.
Our aim is to be transparent and proactive: in the event of a problem, you'll be informed in full transparency, and you can count on our responsiveness to resolve the situation. This duty of notification is part of our approach of trust and responsibility towards our users.
If the incident involves your data that we process in our capacity as data controller, we also undertake to:
- Notify the competent authorities (in France, the CNIL) of the breach as soon as possible and, if possible, within 72 hours Next its detection, in accordance with the legal obligation. This notification will include the nature of the breach, the categories of data concerned, the volume, and the measures already taken or to be taken to remedy it.
- Inform you of the incident without delay when it is likely to generate a high risk for your rights and freedoms. Specifically, if we consider that the breach may significantly affect you (e.g. disclosure of sensitive data), we will contact you to explain the situation and advise you on the precautionary measures to be taken.
Treatment register
RGPD compliance requires good documentation. As such, smsmode© maintains a register of personal data processing. This register is an internal document that lists all our activities involving personal data, with the following information for each: the purpose, the categories of data processed, the legal basis (consent, contract, legitimate interest, etc.), the persons concerned, the recipients of the data, the retention period, and the security measures in place.
We also keep a record of our processing activities as a subcontractor, carried out on behalf of the controller.
By maintaining this register, we meet the obligation set out in Article 30 of the RGPD and the principle ofaccountability . This enables us to keep an overview of the data lifecycle and check that each processing operation is properly justified and protected. The processing register is supervised by our DPO and updated whenever necessary (for example, when a new feature or partner is added).
This document may, on legitimate request, be communicated to the data protection authority in the event of an inspection. It testifies to our transparency and our determination to prove our compliance with legal requirements at all times. In short, the data processing register is a kind of cartography of our use of your data, and an additional guarantee of our seriousness in managing your privacy.
Our Data Protection Officer (DPO)
To ensure ongoing compliance with regulations, smsmode© has appointed a Data Protection Officer (Data Protection Officer or DPO). We have chosen to entrust this mission to Maitre Cendrine CLAVIEZ, External and independent DPOPINT Avocats specializes in digital law and data protection.
The role of the DPO is manifold: he advises smsmode© in implementing the RGPD, helps train and raise awareness among our employees, and monitors the compliance of our practices. He is involved in all projects involving personal data, right from their conception (Privacy by Design approach), to ensure that privacy protection principles are properly applied. The DPO also carries out regular audits and ensures that the data-processing register is properly kept, as well as compliance with retention periods and security procedures.
Your personal contact : Our DPO is also there to answer your questions or requests relating to your personal data. Whether you wish to exercise one of your rights (see "User rights" section above), report a problem or simply obtain information on how smsmode© processes your data, you can turn to it with complete confidence.
- Contact DPO :
You can contact our Data Protection Officer by email to the following address dsmsmodeode.com. You can also write to him by regular mail to: smsmode© - DPO, Calade Technologies, 4 rue Duverger, 13002 Marseille, France.
Finally, you can also use our contact form to specify that your request concerns data protection.
Our DPO is committed to responding to you as quickly as possible, and to personally assisting anyone wishing to find out more or exercise their rights. This availability is part of our commitment to transparency and respect for our users.
Try out our SMS platform and benefit from 20 free test credits, with no obligation.