1. General provisions
This Personal Data Processing Policy is prepared in accordance with the requirements of the EU/EEA General Data Protection Regulation (GDPR) and sets out the procedure for processing personal data and the measures taken by TextSend OÜ (hereinafter, the Controller) to ensure the security of personal data.
1.1. The Controller’s primary objective and condition for conducting its activities is to respect the rights and freedoms of individuals when processing their personal data, including the right to privacy and family life.
1.2. This Policy applies to all information that the Controller may obtain about visitors to the website at http://textsend.net and users of the Controller’s services.
2. Key terms used in the Policy
2.1. Automated processing of personal data — processing of personal data by automated means.
2.2. Restriction of processing — marking of stored personal data with the aim of limiting its processing in the future.
2.3. Website — the set of graphic and informational materials, as well as software and databases, made available on the internet at http://textsend.net.
2.4. Information systems for personal data — the set of personal data contained in databases and the information technologies and technical means that ensure their processing.
2.5. Anonymisation — processing of personal data in such a manner that the data subject is not identifiable.
2.6. Processing of personal data — any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.7. Controller — the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.
2.8. Personal data — any information relating to an identified or identifiable natural person who visits or uses the website http://textsend.net.
2.9. Personal data made public by the data subject — personal data to which access is granted by the data subject to an unlimited number of persons by consent in accordance with applicable law.
2.10. User — any visitor to the website http://textsend.net.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific circle of persons.
2.12. Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite circle of persons or at making personal data available to an unlimited number of persons.
2.13. International transfer of personal data — the transfer of personal data to a recipient in a country outside the EEA/UK.
2.14. Erasure of personal data — removal of personal data so that it can no longer be recovered or restored.
3. Main rights and obligations of the Controller
3.1. The Controller has the right to:
— request from the data subject accurate information and/or documents containing personal data necessary to provide the services;
— continue processing personal data without consent where required to comply with a legal obligation or to establish, exercise or defend legal claims;
— determine and implement organisational and technical measures sufficient to fulfil the obligations set by applicable data protection law.
3.2. The Controller shall:
— provide the data subject, upon request, with information regarding the processing of their personal data and respond within statutory time limits;
— organise processing of personal data in accordance with GDPR and other applicable laws;
— respond to inquiries and requests of data subjects and their authorised representatives as required by law;
— publish and ensure unrestricted access to this Policy;
— implement legal, organisational and technical measures to protect personal data against unauthorised or accidental access, destruction, alteration, blocking, copying, provision, dissemination, and other unlawful actions;
— conclude data processing agreements with processors, maintain records of processing activities, conduct data protection impact assessments where required, and notify supervisory authorities and affected data subjects about personal data breaches where required by law.
4. Main rights and obligations of data subjects
4.1. Data subjects have the right to:
— receive information regarding the processing of their personal data;
— request rectification of inaccurate personal data and, in cases provided by law, request erasure or restriction of processing;
— object to processing carried out on the basis of legitimate interests, including profiling, and object at any time to processing for direct marketing;
— withdraw consent at any time where processing is based on consent;
— receive their personal data in a structured, commonly used and machine-readable format and transmit it to another controller (data portability);
— lodge a complaint with a supervisory authority.
4.2. Data subjects shall:
— provide the Controller with accurate information about themselves where such information is necessary to receive the services;
— inform the Controller about updates or changes to their personal data when relevant.
4.3. Persons who provide inaccurate information about themselves, or information about another person without appropriate authorisation, bear responsibility in accordance with applicable law.
5. Principles of personal data processing
5.1. Processing of personal data is carried out lawfully, fairly and transparently.
5.2. Processing is limited to specific, explicit and legitimate purposes; further processing incompatible with those purposes is not permitted.
5.3. Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed; excessive processing is not permitted.
5.4. Personal data is accurate and kept up to date where necessary; the Controller takes measures to rectify or erase inaccurate data.
5.5. Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes of processing, unless a longer period is required by law or contract.
5.6. Personal data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
5.7. The Controller is responsible for, and is able to demonstrate compliance with, these principles (accountability).
6. Purposes of processing personal data
Purpose
to provide Users with access to services, information and/or materials on the website; to create and manage accounts; to deliver, maintain and improve the services; to provide support; to send service communications and, where permitted, marketing communications
Personal data
name and surname; company name and role; email address; phone number; country; account identifiers and settings; technical and usage data (including IP address, device, browser and log data); contents and metadata necessary to route and deliver communications through the services
Legal bases
performance of a contract or steps prior to entering into a contract; legitimate interests (to operate, secure and improve the services); legal obligation (for billing, tax and accounting); consent where required for marketing or non-essential cookies
Types of processing
collection, recording, organisation, storage, adaptation, retrieval, consultation, use, transmission (including to processors), anonymisation, restriction and erasure;
sending informational and service emails; sending marketing emails where permitted with an opt-out option
7. Conditions for processing personal data
7.1. Processing is carried out with the data subject’s consent where required by law.
7.2. Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
7.3. Processing is necessary for compliance with a legal obligation to which the Controller is subject.
7.4. Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
7.5. Processing may be necessary to establish, exercise or defend legal claims or for reasons of important public interest as provided by law.
7.6. Where the Controller processes personal data on behalf of its business customers about their end-users, the Controller acts as a processor in accordance with a data processing agreement and processes such personal data only on documented instructions of the customer.
8. Procedure for collection, storage, transfer and other processing of personal data
The security of personal data processed by the Controller is ensured by legal, organisational and technical measures adequate to the risks and in compliance with applicable law.
8.1. The Controller ensures the confidentiality and integrity of personal data and takes all reasonable measures to prevent unauthorised access.
8.2. Personal data of the User will not be transferred to third parties except where required by law, where necessary to provide the services (for example to hosting, support, analytics and payment providers acting as processors), or where the data subject has given consent.
8.3. If inaccuracies in personal data are identified, the User may update them by notifying the Controller at info@textsend.net with the note “Personal data update”.
8.4. The retention period for personal data is determined by the purposes for which the data was collected, unless a longer period is required by contract or law. The User may withdraw consent to processing at any time by emailing info@textsend.net with the note “Withdrawal of consent to personal data processing”.
8.5. Information collected by third-party services (including payment systems, communications tools and other providers) is stored and processed by those parties under their own terms and privacy policies. The Controller is not responsible for the actions of third parties within their independent services but selects processors subject to appropriate data protection safeguards.
8.6. Statutory restrictions on disclosure or processing do not apply where processing is required by EU or Member State law for reasons of important public interest and subject to appropriate safeguards.
8.7. The Controller ensures the confidentiality of personal data during processing.
8.8. The Controller stores personal data in a form permitting identification of the data subject no longer than necessary for the purposes of processing, unless a longer period is required by law or contract.
8.9. Processing may cease upon achievement of the purposes of processing, expiration of consent, withdrawal of consent by the data subject, receipt of an objection (where applicable), or identification of unlawful processing, followed by erasure or anonymisation.
8.10. Cookies and similar technologies — the Controller uses cookies and similar technologies (including local storage and pixels) to operate the website, remember preferences, secure sessions, and — subject to consent where required — measure performance and run marketing.
8.11. Categories — strictly necessary cookies are always active for core functions and security; preference (functional) cookies remember settings such as language or region; performance/analytics cookies help understand usage and improve the website; advertising/retargeting cookies measure campaigns and show relevant ads.
8.12. Legal bases — strictly necessary cookies rely on legitimate interests (to operate a secure, functional site). All other categories rely on consent, which the User can give, refuse, or withdraw at any time.
8.13. Managing preferences — the User can manage cookie choices via the banner or a “Cookie settings” link available on the website and can also control cookies in the browser. Disabling certain categories may affect site functionality.
8.14. Retention and third parties — non-essential cookies are retained no longer than necessary for their purposes and typically no longer than 12–13 months unless deleted earlier; session cookies expire when the browser is closed. Some cookies may be set by third-party providers acting as processors or independent controllers under their own policies; the Controller ensures appropriate safeguards with its processors.
9. List of actions performed by the Controller with personal data received
9.1. The Controller performs collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission (including dissemination, provision or access), anonymisation, restriction, erasure and destruction of personal data.
9.2. The Controller may carry out automated processing with the receipt and/or transmission of information via telecommunications networks or without such networks.
10. International transfer of personal data
10.1. Personal data may be transferred to recipients located outside the EEA/UK. In such cases, transfers are made on the basis of an adequacy decision or using appropriate safeguards such as the EU Standard Contractual Clauses and, where applicable, UK transfer mechanisms, together with additional measures where necessary.
10.2. Information about the safeguards used for international transfers can be requested at info@textsend.net.
11. Confidentiality of personal data
The Controller and any persons who have obtained access to personal data shall not disclose or disseminate personal data to third parties without the consent of the data subject, unless otherwise provided by applicable law or permitted under this Policy.
12. Final provisions
12.1. The User may obtain any clarifications regarding the processing of their personal data by contacting the Controller via email at info@textsend.net.
12.2. Any changes to the Controller’s personal data processing practices will be reflected in this document. This Policy is valid until replaced by a new version.
12.3. The current version of the Policy is publicly available on the internet at http://textsend.net/privacy.
This Personal Data Processing Policy is prepared in accordance with the requirements of the EU/EEA General Data Protection Regulation (GDPR) and sets out the procedure for processing personal data and the measures taken by TextSend OÜ (hereinafter, the Controller) to ensure the security of personal data.
1.1. The Controller’s primary objective and condition for conducting its activities is to respect the rights and freedoms of individuals when processing their personal data, including the right to privacy and family life.
1.2. This Policy applies to all information that the Controller may obtain about visitors to the website at http://textsend.net and users of the Controller’s services.
2. Key terms used in the Policy
2.1. Automated processing of personal data — processing of personal data by automated means.
2.2. Restriction of processing — marking of stored personal data with the aim of limiting its processing in the future.
2.3. Website — the set of graphic and informational materials, as well as software and databases, made available on the internet at http://textsend.net.
2.4. Information systems for personal data — the set of personal data contained in databases and the information technologies and technical means that ensure their processing.
2.5. Anonymisation — processing of personal data in such a manner that the data subject is not identifiable.
2.6. Processing of personal data — any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.7. Controller — the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.
2.8. Personal data — any information relating to an identified or identifiable natural person who visits or uses the website http://textsend.net.
2.9. Personal data made public by the data subject — personal data to which access is granted by the data subject to an unlimited number of persons by consent in accordance with applicable law.
2.10. User — any visitor to the website http://textsend.net.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific circle of persons.
2.12. Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite circle of persons or at making personal data available to an unlimited number of persons.
2.13. International transfer of personal data — the transfer of personal data to a recipient in a country outside the EEA/UK.
2.14. Erasure of personal data — removal of personal data so that it can no longer be recovered or restored.
3. Main rights and obligations of the Controller
3.1. The Controller has the right to:
— request from the data subject accurate information and/or documents containing personal data necessary to provide the services;
— continue processing personal data without consent where required to comply with a legal obligation or to establish, exercise or defend legal claims;
— determine and implement organisational and technical measures sufficient to fulfil the obligations set by applicable data protection law.
3.2. The Controller shall:
— provide the data subject, upon request, with information regarding the processing of their personal data and respond within statutory time limits;
— organise processing of personal data in accordance with GDPR and other applicable laws;
— respond to inquiries and requests of data subjects and their authorised representatives as required by law;
— publish and ensure unrestricted access to this Policy;
— implement legal, organisational and technical measures to protect personal data against unauthorised or accidental access, destruction, alteration, blocking, copying, provision, dissemination, and other unlawful actions;
— conclude data processing agreements with processors, maintain records of processing activities, conduct data protection impact assessments where required, and notify supervisory authorities and affected data subjects about personal data breaches where required by law.
4. Main rights and obligations of data subjects
4.1. Data subjects have the right to:
— receive information regarding the processing of their personal data;
— request rectification of inaccurate personal data and, in cases provided by law, request erasure or restriction of processing;
— object to processing carried out on the basis of legitimate interests, including profiling, and object at any time to processing for direct marketing;
— withdraw consent at any time where processing is based on consent;
— receive their personal data in a structured, commonly used and machine-readable format and transmit it to another controller (data portability);
— lodge a complaint with a supervisory authority.
4.2. Data subjects shall:
— provide the Controller with accurate information about themselves where such information is necessary to receive the services;
— inform the Controller about updates or changes to their personal data when relevant.
4.3. Persons who provide inaccurate information about themselves, or information about another person without appropriate authorisation, bear responsibility in accordance with applicable law.
5. Principles of personal data processing
5.1. Processing of personal data is carried out lawfully, fairly and transparently.
5.2. Processing is limited to specific, explicit and legitimate purposes; further processing incompatible with those purposes is not permitted.
5.3. Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed; excessive processing is not permitted.
5.4. Personal data is accurate and kept up to date where necessary; the Controller takes measures to rectify or erase inaccurate data.
5.5. Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes of processing, unless a longer period is required by law or contract.
5.6. Personal data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
5.7. The Controller is responsible for, and is able to demonstrate compliance with, these principles (accountability).
6. Purposes of processing personal data
Purpose
to provide Users with access to services, information and/or materials on the website; to create and manage accounts; to deliver, maintain and improve the services; to provide support; to send service communications and, where permitted, marketing communications
Personal data
name and surname; company name and role; email address; phone number; country; account identifiers and settings; technical and usage data (including IP address, device, browser and log data); contents and metadata necessary to route and deliver communications through the services
Legal bases
performance of a contract or steps prior to entering into a contract; legitimate interests (to operate, secure and improve the services); legal obligation (for billing, tax and accounting); consent where required for marketing or non-essential cookies
Types of processing
collection, recording, organisation, storage, adaptation, retrieval, consultation, use, transmission (including to processors), anonymisation, restriction and erasure;
sending informational and service emails; sending marketing emails where permitted with an opt-out option
7. Conditions for processing personal data
7.1. Processing is carried out with the data subject’s consent where required by law.
7.2. Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
7.3. Processing is necessary for compliance with a legal obligation to which the Controller is subject.
7.4. Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
7.5. Processing may be necessary to establish, exercise or defend legal claims or for reasons of important public interest as provided by law.
7.6. Where the Controller processes personal data on behalf of its business customers about their end-users, the Controller acts as a processor in accordance with a data processing agreement and processes such personal data only on documented instructions of the customer.
8. Procedure for collection, storage, transfer and other processing of personal data
The security of personal data processed by the Controller is ensured by legal, organisational and technical measures adequate to the risks and in compliance with applicable law.
8.1. The Controller ensures the confidentiality and integrity of personal data and takes all reasonable measures to prevent unauthorised access.
8.2. Personal data of the User will not be transferred to third parties except where required by law, where necessary to provide the services (for example to hosting, support, analytics and payment providers acting as processors), or where the data subject has given consent.
8.3. If inaccuracies in personal data are identified, the User may update them by notifying the Controller at info@textsend.net with the note “Personal data update”.
8.4. The retention period for personal data is determined by the purposes for which the data was collected, unless a longer period is required by contract or law. The User may withdraw consent to processing at any time by emailing info@textsend.net with the note “Withdrawal of consent to personal data processing”.
8.5. Information collected by third-party services (including payment systems, communications tools and other providers) is stored and processed by those parties under their own terms and privacy policies. The Controller is not responsible for the actions of third parties within their independent services but selects processors subject to appropriate data protection safeguards.
8.6. Statutory restrictions on disclosure or processing do not apply where processing is required by EU or Member State law for reasons of important public interest and subject to appropriate safeguards.
8.7. The Controller ensures the confidentiality of personal data during processing.
8.8. The Controller stores personal data in a form permitting identification of the data subject no longer than necessary for the purposes of processing, unless a longer period is required by law or contract.
8.9. Processing may cease upon achievement of the purposes of processing, expiration of consent, withdrawal of consent by the data subject, receipt of an objection (where applicable), or identification of unlawful processing, followed by erasure or anonymisation.
8.10. Cookies and similar technologies — the Controller uses cookies and similar technologies (including local storage and pixels) to operate the website, remember preferences, secure sessions, and — subject to consent where required — measure performance and run marketing.
8.11. Categories — strictly necessary cookies are always active for core functions and security; preference (functional) cookies remember settings such as language or region; performance/analytics cookies help understand usage and improve the website; advertising/retargeting cookies measure campaigns and show relevant ads.
8.12. Legal bases — strictly necessary cookies rely on legitimate interests (to operate a secure, functional site). All other categories rely on consent, which the User can give, refuse, or withdraw at any time.
8.13. Managing preferences — the User can manage cookie choices via the banner or a “Cookie settings” link available on the website and can also control cookies in the browser. Disabling certain categories may affect site functionality.
8.14. Retention and third parties — non-essential cookies are retained no longer than necessary for their purposes and typically no longer than 12–13 months unless deleted earlier; session cookies expire when the browser is closed. Some cookies may be set by third-party providers acting as processors or independent controllers under their own policies; the Controller ensures appropriate safeguards with its processors.
9. List of actions performed by the Controller with personal data received
9.1. The Controller performs collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission (including dissemination, provision or access), anonymisation, restriction, erasure and destruction of personal data.
9.2. The Controller may carry out automated processing with the receipt and/or transmission of information via telecommunications networks or without such networks.
10. International transfer of personal data
10.1. Personal data may be transferred to recipients located outside the EEA/UK. In such cases, transfers are made on the basis of an adequacy decision or using appropriate safeguards such as the EU Standard Contractual Clauses and, where applicable, UK transfer mechanisms, together with additional measures where necessary.
10.2. Information about the safeguards used for international transfers can be requested at info@textsend.net.
11. Confidentiality of personal data
The Controller and any persons who have obtained access to personal data shall not disclose or disseminate personal data to third parties without the consent of the data subject, unless otherwise provided by applicable law or permitted under this Policy.
12. Final provisions
12.1. The User may obtain any clarifications regarding the processing of their personal data by contacting the Controller via email at info@textsend.net.
12.2. Any changes to the Controller’s personal data processing practices will be reflected in this document. This Policy is valid until replaced by a new version.
12.3. The current version of the Policy is publicly available on the internet at http://textsend.net/privacy.
Privacy & cookies policy