08451 221 302
This is the privacy and data processing of TextAnywhere (“TextAnywhere”). It applies only to personal data as defined in Section 1 of the 1998 Data Protection Act (“personal information” or “information”) the GDPR definitions from May the 25th 2018 and and not other types of business or general information. The policy tells you who we are, how we collect personal information about you through this website, what we intend to use that information for, with whom we intend to share it, and how we keep it secure.
Further information about privacy and data protection issues, including the online Register of Data Controllers, can be found on the Information Commissioner’s website at https://ico.org.uk/.
We are TextAnywhere a fully owned subsidiary of SRCL, a company registered in England and Wales with company registration number 03226910.
We are located at and our registered address is:
If you have any queries about the information we hold on you, please contact us by email at firstname.lastname@example.org or by telephone on +44 (0) 8451 221 302.
We are entered in the Register of Data Controllers with registration number Z1250309.
3.1.1. A cookie is a small text file which is transferred from a website and stored on your computer, tablet, or smartphone. It enables a website to “remember” who you are.
3.1.2. Most browsers are automatically set to accept cookies but if you are using Microsoft’s Internet Explorer, Safari, Mozilla Firefox, and most other popular browsers, you should be able to configure your browser to restrict cookies or block all cookies if you wish.
3.1.5. The table below provides further details about the cookies which are currently in use on our static and application websites, and a description of the purpose of each of these cookies.
This cookie collects information in an anonymous form, data including the number of visitors to the TextAnywhere websites, where visitors have come from and the pages they have visited during their session/time spent on the website.
These cookies are used to collect non-personal information about how visitors use the TextAnywhere website. We use the information to compile reports on usability for internal company use only, and so we can improve the website for our clients.
3.1.6 You can disable the cookies that we attach if your browser supports this. To check and update your cookie settings, you will need to know what browser you are using (Internet Explorer, Google Chrome, Firefox, Safari or any other) and what version of it you have. You can usually find this out by opening the browser, then clicking on 'Help' and then 'About'. This will give you information about the browser version you are using.
3.1.7 To find out how to manage cookies please refer to www.aboutcookies.org or your browser's help options for more information.
3.1.8 Please remember that if you amend your cookie settings your browsing experience may be negatively affected. You may be unable to use some of our online services.
3.2.1. We collect information about you that you provide when you register to use our services.
3.3.1. We collect information about you if you complete any of the various forms on our site to contact us, make enquiries, order products and services, apply to open an account with us, and give us feedback.
3.3.2. We need you to give us certain information, which will be indicated on the form you are required to complete, in order to purchase items from us. It would help us if you give us any other information that you think will be relevant, but you are under no obligation to do so.
3.3.3. Through traffic data and site statistics. We do keep a record of traffic data which is logged automatically by our server, such as your IP address, the URL you visited before ours, the URL you visit after leaving our site, and which pages you visit.
3.3.4. We also collect some site statistics such as page hits and page views.
3.3.5. We are not readily able to identify any individual from traffic data or site statistics.
3.4.1. The website provides our primary telephone number and email addresses for you to contact us. We will collect information from you that you provide through any of these methods.
3.4.2. We may also collect other information you supply to us after your initial contact with us.
4.1. We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
4.2. Please remember that normal Internet email is unsecure. We do, however, use secure connections when you open an account with us and when you access your account.
4.3. We will store your information at least for the duration of any client relationship we have with you, or as otherwise required by law (normally up to a maximum of 7 years for legal and tax reasons).
4.4. Our approach, responsibilities, and commitment to information security are set out in our Information Security policy.
5.1. If you buy software or services from us, we will use your information to fulfil your order and to provide you with the software or service you have requested.
If you agree when you register with us or buy from us, we will also use your information for marketing purposes. If you do not want the information we hold on you to be used in this manner, you must contact us by email at email@example.com or telephone on +44 (0) 8451 221 302 and establish your preferences.
If you do not object, we will use the information we hold on you to contact you for feedback on your use of our software and/or services and/or website.
5.4. We may use aggregated data about users of our site, sales patterns and other statistical data to improve our site, but it will not be possible to identify individuals from that aggregated data.
6.1. We will not share your information with any other organisation except in the following circumstances.
6.1.1. We will share your information with another organisation to which we transfer, or are in discussions to transfer, our rights and obligations under our agreement with you.
6.1.2. We may share your information with another organisation that buys our company or our assets, or with another organisation from which we acquire a company or business, and in the course of any preceding negotiations with that organisation, which may or may not lead to a sale.
6.1.3. We may share your information with our funders or potential funders, such as our bank and with our professional advisers who have a reasonable need to see it.
6.1.4. We will disclose your information to enforcement authorities if asked to do so, or to a third party in the context of actual or threatened legal proceedings or if otherwise required to do so by law.
7.1. You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
7.2. You also have a right to be removed from any mailing list we hold at any time, but you must first contact us email at firstname.lastname@example.org or telephone on +44 (0) 8451 221 302.
7.3. You have a right to see a copy of the information we hold about you on payment of a statutory fee, which is currently £10. Before we agree to this, you must provide us with sufficient evidence of your identity and sufficient details of the information you wish to see to enable us to locate it.
Data Processing Addendum to TextAnywhere’s standard Terms and conditions ("Agreement") between SRCL Limited trading as TextAnywhere (“Processor”) and the client, (“Controller”) (each a “Party”, together the “Parties”).
In order to enable the Parties to carry out their relationship in a manner that is compliant with law, the Parties have entered into this DPA as follows:
Outbound (MT) SMS
Inbound (MO) SMS
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement the following technical and organizational measures to ensure a level of security appropriate to the risks for the rights and freedoms of natural persons. In assessing the appropriate level of security the Controller and the Processor took account in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
To detail the technical and organisational measures undertaken by TextAnywhere (as a Stericycle Group company) to ensure a level of security is provided in its service delivery that is appropriate to the risks represented by the processing and the nature of the personal data being processed, as required by Article 32(1) of the General Data Protection Regulation (GDPR).
Security is a set of preventive measures taken to guard against risk and this document describes those measures.
Failure to comply with the requirements of this procedure may result in investigation and subsequent formal action in line with the Company’s Capability and Disciplinary procedures.
This Document should be read in conjunction with Stericycle policies on data protection which can be found on Stericycle’s website.
Stericycle protects the company’s assets from all threats, whether internal or external, deliberate or accidental.
Stericycle will meet all applicable legal, regulatory and contractual requirements and duties of care.
Stericycle is committed to the key principles of GDPR, namely that personal data are:
In particular, it is the policy of Stericycle and TextAnywhere to ensure that:
TextAnywhere was founded in 2003 with the aim of providing first class, secure text messaging systems; in 2013 TextAnywhere was acquired by Stericycle and currently forms part of the Stericycle Communications Solutions Group.
TextAnywhere provides software and services that deliver 2-Way Electronic Communications to Customers.
TextAnywhere offers the following suite of products enabling the transmission and receipt of SMS messaging:-
TextAnywhere has been awarded the following BSI ISO accreditations:-
Managing Director / VP International
The Managing Director / VP International endorses and actively supports this Document and e security policy. The Managing Director / VP International ensures that appropriate systems security measures are implemented and adhered to and those individual responsibilities are taken seriously at every level of the organisation.
The IT Director has direct responsibility for maintaining the Data Security Policy. This includes:
Quality and Compliance Director
As part of Stericycle TextAnywhere investment in Data Security and Data protection, we have recently introduced the Quality and Compliance Director role, which amongst others, has the responsibility to ensure:
TextAnywhere maintains a legal register and, amongst others, recognises and complies with the following legislation:-
All TextAnywhere staff receive security training on induction and are contracted to adhere to Stericycle information security policies.
Security refresher training is performed at least annually.
TextAnywhere maintains a risk register which is regularly reviewed by the management team. Any identified risks are mitigated and opportunities for improvement are effected.
TextAnywhere does not directly sub-contract data processing.
In order to send text messages, TextAnywhere engages with aggregator partners for final delivery and receipt of the text messages. An aggregator acts as an intermediary between companies that want to interact with end users (through their mobile phones) and mobile operators. They provide a ‘gateway’ through which the text message is forwarded to the correct network. TextAnywhere uses multiple aggregators which may vary over time. Further details of the aggregators used by TextAnywhere can be obtained on request by contacting us at email@example.com.
Where a third party carries out data processing of personal data for Stericycle TextAnywhere, we will ensure that:
Any third parties that TextAnywhere engages with in the performance of our services are subject to due diligence and annual audits including:-
TextAnywhere does not transfer data outside of the EEA. Note however that a customer may choose to send a text message outside the EEA in which case it will be subject to third party aggregation and transmission via the normal telephony network.
Back Ups and Retention Periods
TextAnywhere takes daily back-ups all client data held on a rolling five day basis. Backups are stored securely at Rackspace UK.
Sent and received SMS data (mobile numbers and message content is deleted after 365 days. Online address book data (first/last name and mobile numbers) is held indefinitely until/unless the client deletes this or requests TextAnywhere to do so.
Business Continuity Plan
TextAnywhere maintains a Business Continuity Plan in accordance our ISO 27001 accreditation requirements. The BCP is reviewed at least annually.
Viruses and other Malicious Software
TextAnywhere runs and keeps up to date anti-virus software.
TextAnywhere runs a monthly patching program in line with industry standards.
TextAnywhere runs internal monitoring systems to ensure system availability.
TextAnywhere works on multiple mirrored systems and partners to ensure system continuity.
TextAnywhere ensures that all system changes are subject to test and review before being made available in the live customer environment.
System access is controlled by VPN.
Staff access to data is on a need-to-know basis, all staff have unique Userids and passwords, access is controlled by an audited rights system.
TextAnywhere data and systems are hosted at Rackspace UK. Physical Security is strictly controlled in line with Rackspace policies.
Data is processed only in accordance with TextAnywhere’s contractual obligations for the purpose of transmitting and receiving text messages. TextAnywhere does not share this data with any third parties for any reason beyond processing messages unless required to by law.
TextAnywhere does not allow the storage of data on any removable devices.
Personal data processed by TextAnywhere for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Message data is available for client download through the online account for up to 60 days before secure segregation.
Message data outbound and inbound, including the mobile number and message body, is retained in total for 365 days before permanent electronic deletion.
Address book data, if used, including First Name, Last Name and mobile number is retained indefinitely until deleted by the client through the online tools or requests TextAnywhere to do so.
TextAnywhere has a fully documented data security incident which includes:-
TextAnywhere undertakes not to use, nor disclose to any unauthorised person, any confidential information relating to or received from our Clients for any reason unless expressly authorised by the Client, or required by law.
We understand that the use and disclosure of all information about living, identifiable individuals is governed by the Data Protection Act and we will not use or disclose any personal data acquired for any purpose that beyond the purposes of processing text messages in accordance with the Client’s requirements.
We understand that we are required to keep all confidential and personal data securely, and undertake to follow all relevant procedures in doing so.
Legal requirements are reviewed as part of our quality management systems and ISO 9001, ISO 27001 accreditation.
No hidden charges for replies, support or features. Just pay for the services you use.