Terms of Service, DPA Agreement & Privacy Policy

Terms of Service

Last Revised: 14th May 2018

By signing up to our services and affirming that you agree to our Terms of Service through the sign-up process, you are entering into the Agreement with the legal entity set out below which shall be referred to as "we", "our", "us" or "Boom SMS".

Legal Entity you will be entering into an agreement with - Boom SMS Ltd

Registered in England & Wales 3842797 - c/o Anchor Accounting, First Floor, 57 Station Approach, West Byfleet, Surrey, KT14 6NE, England

The governing law is: English Law

Dispute resolution: The civil court in London, England

Boom SMS offers services and products including, but not limited to:

  • Messaging (including SMS, MMS, RCS)
  • Number Rental (including Mobile Long Codes, Geographic Long Codes, Toll-Free Codes and Short Codes),
  • Voice (including, Text to Speech, App to App, App to Phone, Phone to Phone, SIP integration and Conference Calling)
  • Verification
  • Video
  • Number Lookup Services
  • IOT Connectivity (including Reprogrammable SIM cards)

Customer agrees to purchase the Services pursuant to these Terms of Services and any Boom SMS, DPA agreements and privacy policies.

If the parties desire to include additional Services under this Agreement, such services will be set forth in subsequent Service Orders, Change Orders or Exhibits signed by authorized representatives by both parties.

In the event of a conflict among any of the components of this Agreement, precedence will be given in the following order: (a) Terms of Service, (b) Service Order(s)/Change Order(s)/Exhibit but solely with respect to the Service(s) covered by such Service Order/Change Order/Exhibit.



Authorization and Effectiveness

The account creator represents to Boom SMS that he or she is a duly-authorized representative and signatory of the corporate entity named in the account and that the information provided is complete and accurate. The corporate entity named in the account accepts the Terms of Service and the Exhibits. The Agreement shall be effective on the date at which time the account is created and verified.

The Agreement contains the legal terms and conditions that govern our provision of Services and your use of and access to the Services. You are entering into the Agreement with the legal entity set out in the account which shall be referred to as "we", "our", "us" or "Boom SMS". By creating an account and electronically accepting the Terms of Service or using the Services, you agree to and are legally bound by the Agreement. If you do not accept all of the terms contained in the Agreement, you may not use the Services. Any individual person, who accepts the Agreement on behalf of an Entity, represents to Boom SMS that it has the authority to bind such Entity to the Agreement. In the Agreement: (i) the Entity represented by the individual accepting the Agreement; or (ii) the actual individual, where the individual enters into the Agreement as a sole proprietor or trader, shall be referred to as "you" "your" or "Customer".

If you have a Prior Agreement, it shall be deemed terminated (to the extent it covers the Services provided pursuant to these Terms of Service and/or a Service Order) upon the applicable Service Order Effective Date and without prejudice to any of our or your accrued rights and liabilities under such Prior Agreement. Your use of and access to the Services are subject to additional terms that include without limitation the Supplemental Terms. Supplemental Terms may be presented or made available to you through means determined by us.

Boom SMS and Customer agree that the non-binding date for the start of the Services will be the date on which the account is created and verified, hereinafter referred to as the "Service Start Date". The date for the Service Start Date may be adjusted at our sole discretion, in which case we will notify you of the revised Service Start Date.

We reserve the right (but are not obliged) to provide certain Services to you under the Agreement without a Service Order. Capitalized terms in the Agreement shall have the meanings given to them in Section 18 of these Terms of Service unless otherwise defined in an applicable Section of the Agreement.



1.License.

  • (a) License. Subject to the Agreement, you will have a limited, non-exclusive, non-transferable, non-sublicenseable right to (i) use the applicable Services, (ii) integrate the Services in your Application in order to access to the Service, if applicable, and (iii) offer and make available to Service Users the Services solely, or, as integrated into your Application, all in accordance with the Agreement. Such rights shall be immediately revoked without notice upon the earlier of termination of: (i) the Agreement; (ii) the applicable Service Order; or (iii) the applicable Service.
  • (b) License Restrictions. You will not (and will not allow Service Users) to: (i) reverse engineer, decompile, copy or disassemble the Services; (ii) market, sell (subject to Section 1 (c)), sublicense, rent, lease, or otherwise distribute the Services, in whole or in part; (iii) modify, upgrade, improve, enhance or create derivative works of any portion of the Services for any purpose (including without limitation error correction or any other type of maintenance); or (iv) remove, obscure, or alter any identification, proprietary, copyright or other notices in the Services.
  • (c) You may resell the Services provided that: (i) use of the Services by Service Users and any of their acts and omissions are deemed to be your use of the Services and your acts and omissions, (ii) each Service User is legally bound by an agreement, which is at least as protective of Boom SMS, Boom SMS's rights and the Services as this Agreement, (iii) no Service User shall be a third party beneficiary to the Agreement, (iv) as between us and you, Data shall be deemed to belong to you and no other party, and (v) you shall not (and shall ensure that any Service User shall not) use Boom SMS or Boom SMS Affiliate trademarks, tradenames or branding or make any representations with respect to the Services that are inconsistent with any express Boom SMS representations in the Agreement.
  • (d) Numbers and Codes. You acknowledge and agree that neither you nor any third party shall have any intellectual property rights and/or other proprietary interests in any Numbers and Codes made available to you under the Agreement. You will not take any action that would cause you or any third party to acquire any intellectual property rights and/or other proprietary interest in any Numbers and Codes. We may withdraw or suspend such Numbers and Codes at any time to comply with Relevant Laws and/or an order, instruction, or request of a Service Provider, Regulator, court or other competent authority.


2.Conduct.

You agree that you will not, and will not encourage or permit any party (including but not limited to Service Users) to, access or use the Services: (a) other than as expressly prescribed by the Agreement; (b) in violation of: (i) Compliance Rules or Relevant Laws or (ii) applicable third party licenses; (c) to send spam or unsolicited messages or other communications; (d) in any manner that is infringing, obscene, threatening, libellous, unlawful, or in violation of any third party rights; (e) to breach, interfere or attempt to interfere with any requirements, procedures, policies, or regulations of any mobile industry association, Regulator or any Service Provider; (f) to facilitate the transmission or use of any: (i) malicious code (including malware, viruses, worms, and Trojan horses); (ii) traps, time bombs, or other code with a latent ability to disable or cripple software or services; or (iii) code that would allow any third party to interfere with or access any Data; (g) to circumvent, disable, violate, or otherwise interfere with the security or integrity of the Services, their operation, any networks or servers used in connection with the Services, or any activity being conducted in or in relation to the same (or attempt at any of the foregoing); (h) to gather, store, upload or otherwise transmit any Data for which you do not have a right to do so; (i) support or carry any emergency calls to any medical rescue, emergency, or law enforcement agency, service or provider of any kind; or (j) to impersonate any person or entity. Additionally, you agree to promptly comply with all requests for documentation and information we make relating to your use of the services.



3.Your Responsibilities.

  • (a) Your Account. You are solely responsible for your Account, all activities conducted in connection with your Account, and the accuracy of all information provided by or to you relating thereto, including without limitation, contact, technical, campaign and payment information, the Credentials, and for protecting and safeguarding the foregoing. You will promptly update any Account Information if it changes and notify us of any unauthorized use of your Account and/or Credentials, and any related security breach. You will only connect to the Services through your Account and using only the Credentials.
  • (b) Content and Monitoring. You are solely responsible for all Content, and the storage and transmission of the Content must comply with the Agreement. We may (but have no obligation to) monitor your use of the Services at any time, with or without notice.
  • (c) Data Protection and Privacy. You acknowledge and agree to our Privacy Policy. You grant us a royalty-free, worldwide, irrevocable and perpetual license to retain, store, use, and disclose the Data solely: (i) in connection with our provision of the Services, (ii) for our internal purposes, (iii) to protect the operation of the Services, (iv) to create aggregated, anonymized data, including for usage statistics, and (v) to satisfy applicable legal, accounting or regulatory requirements. Each party shall comply with its obligations under applicable Data Protection Laws in respect of any Personal Data processed under the Agreement. You warrant, represent and undertake to us that you have all necessary rights, licenses and consents to provide us with Data for these purposes. You and we acknowledge that in relation to your processing activities on our platform, you are the Data Controller and we are the Data Processor. Where you are the Data Controller and we are the Data Processor, we will process such Personal Data in accordance with the terms of the Agreement and our duties as a Data Processor under applicable Data Protection Laws. In parallel and in accordance with Recital 47 of the European Data Protection Directive 95/46/EC (as amended from time to time or replaced by other EU regulation), you acknowledge that we shall act as an independent Data Controller with respect to the processing of Personal Data which is necessary for the operation of the Services which shall include any information processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof.
  • (d) Service Users. You shall remain fully liable to us for any use of the Services by Service Users (whose acts and omissions shall be considered to be your acts and omissions). We will provide support, when and if provided, only to you and not to Service Users.
  • (e) Records & Consents. You will maintain accurate and complete records of your performance under the Agreement during the term and as required under the Compliance Rules and Relevant Laws. Upon reasonable written notice, you shall provide copies of any such records to Boom SMS. Boom SMS or its representatives shall be entitled to disclose any such records (and to carry out audits of your premises and systems, upon reasonable written notice) where required by any Service Provider, Regulator or other competent authority.

    Without limiting the generality of any other provision of the Agreement, prior to using the Services to send Content to any third party, you shall obtain verifiable informed consent in accordance with Relevant Laws, and shall maintain a record of each such consent. You shall provide a reasonable and readily accessible method for third parties to revoke this consent and, at our request, shall provide us with verifiable evidence to establish informed consent from such third party (to our satisfaction).

  • (f) You are responsible to provide suitable hardware or communications equipment including all necessary infrastructure to ensure your access to the Service. You are also responsible, at your own expense, for the provision and regular monitoring of telecommunication and access infrastructure between you and the Services. Boom SMS is responsible for the Services up to and including your physical point of connection.


4.Payments and Pricing.

  • (a) Post-pay Customers. Where you have signed a Service Order for a post-pay Service, you shall be a post-pay Customer. You will pay us the Fees and Taxes and all other invoiced amounts within the period specified in the applicable Service Order or within seven (7) days from the date of invoice, whichever is longer. Unless stated otherwise in a Service Order, the Fees shall be calculated in accordance with rates and pricing which we make available to you (by means determined by us) from time to time. Unless stated otherwise in a Service Order, all Non-Recurring Fees may be invoiced monthly in arrears, and all Recurring Fees and One- Time Fees may be billed in advance. All Fees, Taxes and other sums shall be billed in the applicable currency stated in the Service Order. All sums will be paid by the method determined by us in our sole discretion. Time is of the essence in relation to your payment obligations.
  • (b) Pre-pay Customers. Where you have signed a Service Order for pre-pay Services or if you have not signed a Service Order for a Service, you will be a pre-pay Customer. You will pay us the Fees and Taxes and all other amounts payable to us through prepayments made by you on your Account. The Fees shall be calculated in accordance with the rates and pricing which we make available to you (by means determined by us) from time to time. You will not earn interest on any Credit Balance held by us. You shall not be entitled to a refund of an unused Credit Balance under any circumstances. We may deduct or offset from your Credit Balance, any sums you owe to us, which may include but are not limited to Fees and Taxes. All Recurring Fees and One-Time Fees may be deducted in advance of the applicable Service being provided and all Non- Recurring Fees may be deducted after the applicable Service is provided. Payments received from you will be deposited in the currency selected during Account creation. All Fees, Taxes and other sums due will be deducted from this Credit Balance in the same currency. Every Service on an Account will deduct Fees, Taxes and other sums due from the same Credit Balance. You will lose the right to any Credit Balance and such Credit Balance shall be permanently assigned to us without further notice (and without prejudice to our other rights and remedies), where; (i) we suspend the Services more than once due to your breach of the Agreement; or (ii) such Credit Balance has not been used within 365 days of it being credited.
  • (c) Set-Off. You will not have a right of any type of deduction or setoff unless required by Relevant Laws. If any such set-off is required by Relevant Laws, you shall, when making the payment to which the withholding or deduction relates, pay to us such additional amount as will ensure that we receive the same total amount that we would have received if no such withholding or deduction had been required.
  • (d) No Waiver. No omission or delay by us in invoicing any sums and/or deducting them from a Credit Balance shall prohibit us from raising an invoice and/or deducting them from a Credit Balance at a later date nor shall it relieve you of your liability to pay.
  • (e) Credit Limit.
  • (f) Fee Changes. Unless expressly stated otherwise in the Service Order, we reserve the right to change the pricing used to calculate the Fees at any time (with or without notice).
  • (g) Fees and Taxes are non-refundable. Fees exclude, and you will pay, all Taxes, but neither party will pay income taxes of the other party. For any invoice you fail to pay by its due date, we may charge you a late penalty on the amount overdue each day it is overdue until it is paid whether before or after judgment, equal to the lesser of: (i) the maximum legally permissible interest rate, or (ii) an interest rate of five percent (5%). The Fees payable shall be calculated by reference to data recorded or logged by us and not by reference to any data recorded or logged by you. Any invoices issued by us shall, save in the case of manifest error, be final, conclusive and binding on you. You may dispute an invoice in good faith, but must do so within the period specified for payment of invoices in the applicable Service Order or within seven (7) days from the date of invoice, whichever is longer, otherwise, you will be deemed to have irrevocably waived all rights and claims concerning such invoice. Boom SMS may set off amounts owed by you under the Agreement or any other agreement you have with Boom SMS or any of its Affiliates. Each party shall bear the costs imposed by their own bank when making and receiving payments under the Agreement. Boom SMS will charge a fee for any credit card payments above 10 000 GBP.


5.Term and Termination, Suspension, Survival.

  • (a) Term and Termination. The Agreement takes effect as of the earlier of: (i) your use of any Services, or (ii)your electronic acceptance of the Terms of Service, and will continue until terminated in accordance with the terms of the Agreement. Each Service Order will come into effect on the Service Order Effective Date. Unless terminated in accordance with the Agreement, each Service shall automatically renew for a Renewal Term upon expiry of its Initial Term or then-current Renewal Term. Subject to Section 5(c), either party may terminate any Service Order and/or Service with no less than ninety (90) days’ notice to the other (or such alternative period specified in applicable Service Order). We may also terminate a Service Order or Service for convenience on less than ninety (90) days’ notice where for operational reasons we can no longer make the applicable Service(s) available to you (including but not limited to where the Service has been withdrawn by a Service Provider). Termination of a Service Order shall trigger termination of all Services under it on the same date. Either party may terminate the Agreement for convenience, upon notice, if no Service Orders are in effect. We may terminate the Agreement (in whole or in part) for cause, immediately upon notice to you, should (i) you file for bankruptcy or otherwise become insolvent, (ii) a liquidator, administrator or receiver be appointed in respect of the whole or part of your assets or undertaking, (iii) you enter into (or propose to enter into) an arrangement with your creditors, (iv) anything analogous to Section 5(a) (ii) or (iii) occur in any jurisdiction, (v)a suspension of the Services under Section 5(b) continue for more than five (5) consecutive days, (vi) you do not substantially use the Services for a consecutive period of six (6) months or longer, or (vii) you breach the Agreement and fail to cure such breach within five (5) days of your receipt of notice of the same.
  • (b) We may suspend all or any part of the Services: (i) in our sole discretion, if not doing so would have a detrimental effect on the Services or our provision thereof, (ii) if the Accrued Liability exceeds the Credit limit, (iii)to comply with Relevant Laws and/or an order, instruction, or request of a Service Provider, Regulator, court or other competent authority, (iv) where you fail to pay any Fees, Taxes or ETC in accordance with the Agreement; or (v) if we otherwise find it necessary to do so in order to maintain or to protect our interests (including without limitation, for any breach or potential breach of the Agreement). In addition to our right to terminate or suspend the Services, you acknowledge that we reserve the right to temporarily disable access to the Services (or any portion thereof) for maintenance purposes. Suspension under this section does not waive the obligation of any payment obligations under this Agreement.
  • (c) Early Termination Charge (ETC). Where a Service terminates on a date other than the date of expiration of an Initial Term or a Renewal Term, we reserve the right to charge an ETC, which you shall be liable to pay within seven (7) days of an invoice from us. This Section shall not apply where we have terminated for convenience or you have terminated for cause.
  • (d) Survival. The following provisions will survive the termination of the Agreement and the termination or expiration of each Service Order or Service (together with any other provisions of the Agreement which expressly or impliedly survive termination): Sections 3(e), 4, 5, 6, 8, 9, 10, 11, 12, and 13. The termination of the Agreement and the termination or expiration of any Service Order or Service shall be without prejudice to our accrued rights and your accrued liabilities.


6. Ownership

You retain all rights and ownership of Data. We do not claim any ownership rights in Data. Except for rights expressly granted herein, no implied licenses are granted by us, and we hereby reserve all rights not so granted. You acknowledge that we retain all sole and exclusive ownership of all right, title and interest in and to the Services and our Confidential Information (defined below), including all intellectual property rights thereto, and at no time will you dispute or contest our exclusive ownership rights in any of the foregoing. If you provide any Feedback, we will own such Feedback and may use and modify the Feedback without any restriction or payment to you.



7. Changes.

Except as expressly stated in a Service Order, we reserve the right, in our sole discretion and with or without notice from time to time, to modify or update any Services (including but not limited to the features, scope, reach and functionality). Additionally, we may amend the Agreement (or any part thereof), and such amendment will take effect on the date we designate (or upon expiration of the minimum period of notice we are required to provide under Relevant Law). Further and without limit, we specifically reserve the right to make changes to the Terms of Service by publishing a revised version at http://www.boom-sms.co.uk/pages/terms (or any successor URL we determine) as may be updated by us from time to time. If an amendment to the Agreement or Services is to your material detriment, you may terminate either: (i) the affected Service Order; or (ii) the affected Service, upon written notice within thirty (30) days following the effectiveness of such amendment (or by the date which you are entitled to terminate under Relevant Law).



8. Relevant Laws and Compliance Rules.

You shall (and shall ensure that your customers, Affiliates, employees, contractors and agents shall) ensure that all use of the Services and all Data complies with Relevant Laws and the Compliance Rules. You shall provide (and shall ensure that your customers, Affiliates, employees, contractors and agents shall provide) all co- operation as is required by us to enable us to comply with requests and investigations by Regulators, law enforcement agencies and Service Providers relating to the Services and Data.



9.Warranties.

  • (a) Warranties. Each party represents and warrants it has the necessary authority to enter into and perform the Agreement, and that such performance does not violate or breach any other agreement to which it is a party. We warrant that the Services will be provided with the reasonable degree of skill, care, diligence, prudence and foresight to be expected of a competent provider of the Services. Additionally, you represent and warrant that you will fully comply with the Agreement and that the Content and your use of the Services do not and will not cause any breach of the Agreement.
  • (b) Disclaimer. Except as expressly stated in the Agreement, we provide the services on an "as is" and "as available" basis. We make no representations or warranties with respect to the Services and Data, and we do not warrant that the Services will be secure, uninterrupted, timely, or error-free or that Content will be delivered. To the fullest extent permitted by law, we disclaim and the Agreement excludes any implied or statutory warranty, including any warranty of title, non-infringement, merchantability or fitness for a particular purpose. You acknowledge that there are risks inherent in network connectivity that could result in the loss of your privacy, Data, Confidential Information and property. You further acknowledge that Boom SMS does not control networks of third parties (including without limitation Service Providers and their networks) and Boom SMS is not responsible for the impact on the Services by the action or inaction of such networks or third parties.


10.Indemnification.

  • (a) Indemnification by Us. We will indemnify, hold harmless and defend you from and against any and all Losses arising out of or relating to any Claim from a third party (other than one of your Affiliates) arising from or relating to any proven infringement of the intellectual property rights of such third party by your use of the Services in accordance with the Agreement. This indemnity is subject to you (i) providing us with prompt written notice of any Claim; (ii) providing us with sole control and defence of the Claim, including any settlement; (ii) not making any admission of liability or otherwise acting in any manner which prejudices our ability to fully defend the Claim; (iii) providing us with any reasonable co-operation we require. We may (at any time) in our sole discretion: (i) modify the Service so that it no longer infringes or misappropriates, (ii) obtain a license for your continued use of that Service in accordance with the Agreement, or (iii) terminate your subscription to that Service upon written notice and refund you any prepaid Fees or Taxes relating to such part of the Services which have not been provided by the effective date of termination. This Section 10(a) shall not apply to the extent the relevant Claim arises as a result of any: (i) Data; (ii) use or exploitation of the Services by you or any Service User in any manner which breaches the Agreement; (iii) combination or integration of the Services with anything not provided by us.
  • (b) Indemnification by You. You will indemnify, keep indemnified, hold harmless and defend us from and against any and all Losses arising out of or relating to any and all: (i) Claims arising from or relating to Data; and (ii) Claims arising from or relating to use of the Services (whether by you or any Service User); (iii) Claims from Service Providers as a result of any Claims brought by you against such Service Providers in relation to the Services or this Agreement; (iv) Claims by Service Users against Boom SMS; and (v) breaches of Sections i, ii, and/or iii of these Terms of Service.


11.Limitation of Liability.

  • (a) Subject to Section 11(c), neither party will be liable to the other under (or in connection with) the Agreement (whether for breach of contract, negligence, misrepresentation, statutory duty or otherwise) and regardless of the nature of the claim, action or demand, for (i) any incidental, indirect, special, punitive or consequential losses of any kind, (ii) loss of profits, data (including but not limited to corruption of data), business opportunities, contracts, revenue, goodwill, anticipated savings, or financial loss of any kind (whether any of the types of loss referred to in this Section 11(a) (ii) are direct, incidental, indirect, special, punitive or consequential losses).
  • (b) Subject to Section 11(c), neither party will be liable to the other under (or in connection with) the Agreement (whether for breach of contract, negligence, misrepresentation, statutory duty or otherwise) and regardless of the nature of the claim, action or demand, for any amounts exceeding one thousand Pounds (£1,000)
  • (c) Nothing in the Agreement either limits or excludes the liability of (i) either party in relation to an indemnity given by it under section 10; or (ii) you for your payment obligations. Further, the parties agree that nothing in this Agreement is intended to or has the effect of limiting or excluding liability in any way or to an extent that is prohibited by applicable law.


12. Confidentiality.

Each party will, during the Term and thereafter, maintain in confidence the Confidential Information of the other party and will not use such Confidential Information except as expressly permitted herein. Each party will use the same degree of care in protecting such Confidential Information as such party uses to protect its own confidential information from unauthorized use or disclosure, but in no event less than reasonable care. Each party will use such Confidential Information solely for the purpose of carrying out its respective rights and obligations under the Agreement. In addition, each party: (a) will not reproduce such Confidential Information, in any form, except as required to accomplish its rights and obligations under the Agreement; and (b) will only disclose such Confidential Information to its affiliates, employees and consultants who have a need to know such Confidential Information in order to perform their rights and obligations relating to the Agreement and have been informed of the obligation to preserve the confidentiality of such information prior to receiving such information. Notwithstanding the foregoing, Confidential Information will not include information that: (a) is in or enters the public domain without breach of the Agreement through no fault of the receiving party; (b) the receiving party can reasonably demonstrate was in its possession prior to first receiving it from the disclosing party; (c) the receiving party can demonstrate was developed by the receiving party independently and without use of or reference to the Confidential Information; or (d) the receiving party receives from a third party without restriction on disclosure and without breach of a nondisclosure obligation. Either party may disclose confidential information of the other party (and we may disclose any Data) to the extent required by law, Regulators or Service Provider request.



13. Test Accounts.

We may make an Account available to you for the purposes of testing of certain Services (with or without a test Account and Service Order, at our discretion). The terms of the Agreement shall govern your use and access to such test Account and test Services. You shall ensure that the test Account and test Services are used only for the purpose of testing, and not for any productive, commercial or other purpose (such restriction prevailing over any other provision to the contrary in the Agreement). You shall comply with any relevant instructions or protocols we notify you of in relation to the test Account and test Services. The Fees for such test Account and test Services shall be as determined by us from time to time. You agree that we can withdraw such test Account and test Services at any time (with or without notice to you).



14. Governing Law and Venue.

Applicable governing law and venue are set out in the Introduction. We may, however, bring enforcement proceedings against you in any jurisdiction.



15. Notice.

Boom SMS may provide all written notices hereunder to any email address under your Account, effective upon transmission. If an email address under your Account is not valid, or we for any reason are not capable of delivering to you any notices required/permitted by the Agreement, our dispatch of the email containing such notice will constitute effective notice. We may also give notice to you at the postal address listed in your Account, which shall be deemed effective on the date of dispatch. You may give notice to us at the applicable address set out in the Introduction. Such postal notice will be deemed effective when received by us by letter delivered by nationally recognised overnight delivery service or recorded prepaid mail at the above address.



16. General.

Neither party will be liable for failures or delays in the performance of its obligations hereunder due to causes beyond its reasonable control, including, without limitation, in respect of the provision of the Services, failures or delays caused by Service Providers, any act of God, terrorist attacks, inclement weather, accidental damage, vandalism, failure or shortage or power supplies, flood, drought, lightning or fire, strike, lock-out, trade dispute or labour disturbance, compliance with Relevant Laws, any act or omission of Government or other competent authorities. The parties are independent contractors, and there is no partnership, joint venture, employment, franchise or agency relationship created by the Agreement. Neither party will have the power to bind the other or incur obligations on the other party’s behalf without the other party’s prior written consent. You shall not, without our prior written consent, assign, transfer, charge, sub-contract or deal in any other manner with all or any of your rights or obligations under the Agreement. We may at any time assign, transfer, charge, sub- contract or deal in any other manner with all or any of its rights or obligations under the Agreement without your consent however, you shall, if we require, execute such deeds and/or documents as may be necessary or required by us to give effect to any such dealing in such rights and/or obligations. A waiver of any provision of the Agreement must be made in writing to be effective, and our waiver of a breach of any provision or right contained in the Agreement will not constitute a continuing waiver or waive any subsequent breach or right. You shall, in relation to this Agreement, comply with all Relevant Laws which are applicable to you, including but not limited to export control laws and regulations, economic, trade and financial sanctions laws, regulations, embargoes, restricted state lists or restrictive measures administered. If any provision of the Agreement is unenforceable, that provision will be modified to render it enforceable to the extent possible to affect the parties’ intention, and the remaining provisions will not be affected. The Supplemental Terms will prevail in the event of a conflict with the Terms of Service, but only to the extent such conflicting term relates to the Services governed by those Supplemental Terms. In all other cases, the Terms of Service will prevail in the event of a conflict with another part of the Agreement, unless such other part of the Agreement intends and expressly states that the specific term supersedes. Further, the fact that a part of the Agreement does not contain a provision relating to a particular matter, which another part of the Agreement does have a provision for, shall not be deemed to give rise to a conflict. Any Boom SMS Affiliate is entitled to enforce any provision of this Agreement which confers a benefit on it (however the consent of such Boom SMS Affiliate shall not be required to amend or terminate the Agreement in accordance with its term). There are no other third party beneficiaries to the Agreement and any Relevant Law, which may grant third party rights, is expressly excluded. The Agreement is the parties’ entire agreement relating to its subject, and supersedes any and all prior oral and written proposals, agreements, understandings and contemporaneous discussions between the parties as to the subject matter. Neither party has entered into the Agreement (or any part thereof) in reliance upon and nor shall they have any remedy in respect of, any representation or statement (whether made by the other party or any other person) which is not expressly set out in the Agreement. The only remedies available for breach of any representation or statement which was made prior to entry into the Agreement (or any part thereof) and which is expressly set out in the Agreement shall be for breach of contract (although nothing in this Section shall be interpreted or construed as limiting or excluding the liability of either party for any type of fraud). The terms contained in any purchase order, order form or similar document, will have no force or effect, and will not be binding upon us. The parties may sign the Agreement (or any part thereof) electronically and in counterparts, each of which is deemed an original and, together, comprise a single document. Each party to this Agreement agrees to use electronic signatures; and be subject to the provisions of the applicable national laws governing electronic signatures.



17. Definitions.

"Account" your account with us for the Services.

"Account Information" information you supply in relation to your Account.

"Accrued Liability" when calculated at any given time, the total Fees, Taxes and ETC’s invoiced under the Agreement which remain unpaid, plus the unbilled but accrued Fees, Taxes and ETC’s.

"Affiliate" an entity that directly or indirectly controls, is directly or indirectly controlled by, or is under common direct or indirect control with, a party. For purposes of this Agreement, "control" of any entity shall mean ownership of a majority of the voting equity interests or profit interests in such entity.

"Agreement" the (i) Terms of Service; DPA and Privacy Policy.

"Application" an application owned by you and offered by you under a brand controlled by you.

"Confidential Information" all information disclosed (whether in oral, written, or other tangible or intangible form) by a party to the other party concerning or related to the Agreement (whether before, during or after the Term), which the receiving party knows or should know, given the facts and circumstances surrounding the disclosure of the information, is confidential information of the disclosing party. Our Confidential Information includes, but is not limited to, the Agreement, our pricing, our intellectual property rights and the Services.

"Change Order" the document provided by us (and entered into by both you and us) which details changes to Service Orders, Services, Fees and other Service-related terms (and which is governed by the Terms of Service).

"Claim" claim, action, demand, allegation or proceeding brought or made.

"Boom SMS Ltd" Boom SMS Ltd a company incorporated in England and Wales, with company registration number 3842797 and Tax ID No./VAT No. GB771833218.

"Compliance Rules" rules and restrictions (as may be updated by us from time to time) pertaining to the use of the Services, including without limitation the Messaging Compliance Rules at https://boom-sms.co.uk (or any successor URL we stipulate) or as otherwise provided to you by us.

"Content" messages, information, data, text, software, music, audio, photographs, graphics, video, messages or other materials stored or transmitted via the Services in any medium.

"Credentials" names, passwords and other information provided to you or created in accordance with our policies.

"Credit Balance" a credit balance on a prepay Customer’s account.

"Credit Limit" the aggregate credit limit of all sums payable by you to us which is applied by us to your Account.

"Data" Account Information, Content, Personal Data and any other information made available to us in connection with the use of the Services.

"Data Controller" has the meaning given to it in the applicable Data Protection Laws.

"Data Processor" has the meaning given to it in the applicable Data Protection Laws.

"Data Protection Laws" the Relevant Laws relating to the collection, use, storage or disclosure of information about an identifiable individual.

"Documentation" the technical documentation made available to you by us regarding any portion of the Services, which includes without limitation the relevant Service Specification(s).

"Entity" a corporation, company, body corporate, unincorporated association, state, governmental or statutory body or authority, and/or a partnership.

"ETC" the early termination charge, which unless specified otherwise in a Service Order, shall be 100% of any monthly Recurring Fees (where charges are billed monthly) for a Service (including but not limited to the minimum monthly fee) payable for the remainder of the Initial Term or Renewal Term, as applicable. For any Fees billed annually in advance, the ETC shall be 100% of the annual Fee.

"Fees" the charges payable for the Services including but not limited to Recurring Fees, Non-Recurring Fees and One-Time Fees.

"Feedback" the ideas, suggestions or recommendations on the Services provided by you.

"Fine" any and all fines, penalties, refunds, charges, debits, deductions, legal fees and costs incurred by or other sums payable to a Service Provider or Regulator.

"Initial Term" in respect of a Service, is the minimum period (commencing on the Service Order Effective Date), which you are committed to purchase that Service. Unless detailed otherwise in a Service Order, the Initial Term of each Service shall be twelve (12) months.

"Losses" all losses, damages, liabilities, costs, expenses, Fines and penalties (including without limitation reasonable legal fees and costs).

"Non-Recurring Fees" includes but is not limited to usage based fees and Service Provider pass through fees.

"Numbers and Codes" numbers and/or codes which we make available for you to use as part of the Services, including (but not limited to), short codes, long numbers, and/or alphanumeric sender ID’s.

"One-Time Fees" one-off fees, including but not limited to set-up fees.

"Personal Data" information about an individual that is defined as "personal data" or "personal information" in the applicable Data Protection Laws.

"Prior Agreement" any other agreement you have entered into with Boom SMS Ltd prior to the effectiveness of the Agreement, which governs your use of the Services or any part of them.

"Privacy Policy" our policy regarding privacy as may be updated by us from time to time. Latest version can be found at https://boom-sms.co.uk

"Recurring Fees" non-usage based fees, including but not limited to minimum fees and lease fees.

"Regulator" any regulator or other authority, voluntary or otherwise, which a party is regulated by.

"Relevant Laws" any statute, regulation, bylaw, ordinance or subordinate legislation which is in force for the time being to which a party is subject; the common law as applicable to the parties (or any one of them); any binding court order, judgment or decree applicable to the parties (or any one of them); and any applicable industry code, policy, guidance, standard or accreditation terms enforceable by law, which is in force for the time being, and/or stipulated by any Regulator to which a party is subject, in each case, for the time being.

"Renewal Term" in respect of a Service, is the same length of time as the Initial Term for that Service unless otherwise set out in the Service Order, with the first Renewal Term commencing upon expiry of the Initial Term and subsequent Renewal Terms commencing on expiry of each Renewal Term.

"Service Level Agreement" (also "SLA") the document or documents setting forth our standard support terms and service levels for the Services, as provided to you by us.

"Service Order" the document provided by us (and entered into by both you and us) which details the applicable Services, Fees and other Service related terms (and which is governed by the Terms of Service).

"Service Order Effective Date" the date detailed in a Service Order, being the date which it takes legal effect.

"Service Provider" any entity (including without limitation, a mobile network operator, mobile virtual network operator, signalling provider, messaging aggregator or hosting provider, that directly or indirectly provides a service to us or an Affiliate of ours) that is used in relation to the provision of any of the Services.

"Services" your use of and access to the platform, software (including any and all software development kits, API and all other software and tools provided to you by us in order to enable you to use the Services and integrate them with Applications), Documentation and any services made available to you or as set forth on a Service Order.

"Service Specification" the document or documents detailing a description of the Services, as provided (or otherwise made available) to you by us.

"Service Start Date" means as defined in the third paragraph of the Introduction of these Terms of Service.

"Service User" means any user of the Services, whether or not you have a contractual relationship with such user including (without limitation) any of your customers (or any other third parties to whom the Services are subsequently resold or made available) or any of your Affiliates, suppliers, employees, contractors, agents.

"Supplemental Terms" the Documentation, Compliance Rules, SLA and any other terms governing your use of the Services.

"Taxes" applicable taxes, duties, and similar charges, including sales, usage, excise and value added taxes

"Term" the term of the Agreement, which commences on the date referred to in Section 5(a).

"Terms of Service" these terms of service.




DPA Agreement & Privacy Policy

This Data Protection Agreement "DPA" becomes effective upon the later of i) the acceptance of our Terms of Service or ii) May 25, 2018.

The customer shall make available to, and authorises Boom SMS to process information including personal data for the provision of the Services under the Agreement. The parties have agreed to enter into this DPA to confirm the data protection provisions relating to their relationship and so as to meet the requirements of applicable Privacy Laws.



1. Definitions



1.1 For the purposes of this DPA:

"Boom SMS Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with Boom SMS. "Control," for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity;

"Privacy Laws" mean any applicable law relating to data protection and security, including without limitation EU Data Protection Directive (EU Directive 95/46/EC of the European parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data), Directive on privacy in electronic communications (Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector) and General Data Protection Regulation (Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 94/46/RC) ("GDPR") and any amendments, replacements or renewals thereof (collectively the "EU Legislation"), all binding national laws implementing the EU Legislation and other binding data protection or data security directives, laws, regulations and rulings valid at the given time including any guidance and codes of practices issued by the applicable supervisory authority;

"Security Directives" means all agreed applicable security requirements and security instructions and their updates applicable at each time.

the terms "data controller", "data processor", "data subject", "personal data", "processing" and "appropriate technical and organisational measures" shall have the meanings given to them under applicable Privacy Laws.



2. Role of the Parties

2.1 The Parties understand that for the provision of the Services a distinction is made between two types of processing of personal data: (i) the provision of platform services (i.e. the database of call data records and the logs created and managed by Boom SMS on behalf and under the supervision of customer) for which Boom SMS will act as a data processor and agrees to comply with the respective obligations set out in Articles 3 – 11, and (ii) the transmission of messages (i.e. A2P SMS) by Boom SMS and other Service Providers for which Boom SMS will act as a data controller and agrees to comply with the respective obligations set out in Article 13.



3.Subject matter, nature and purpose of Boom SMS’s processing of personal data

3.1 The subject matter, nature and purpose of the processing of personal data under this DPA is Boom SMS performance of the Services pursuant to the Agreement and as further instructed in writing by the customer in its use of the Services, unless required to do so otherwise by Privacy Laws, in which case to the extent permitted by Privacy Laws, Boom SMS shall inform the customer of this legal requirement prior to carrying out the processing. Boom SMS shall only collect or process personal data for the duration of the Agreement to the extent, and in such a manner, as is necessary for provision of the Services and in accordance with the Agreement and Privacy Laws applicable to Boom SMS in its role as data processor.

Boom SMS shall process personal data originating from and sent to a country located in the EU/EEA or Switzerland solely in countries situated in the EU/EEA or Switzerland and not cause any cross border transfer of personal data from a country situated in the EU/EEA or Switzerland to any country situated outside the EU/EEA or Switzerland unless personal data is transferred to a country approved by the European Commission as providing an adequate level of protection for personal data, the transfer is made pursuant to European Commission approved

3.2 standard contractual clauses for the transfer of Personal Data for which the customer provides a power of attorney for Boom SMS to enter into any such European Commission approved standard contractual clauses with a Sub-processor approved as set out in clause 9 in the name and on behalf of the customer.



4. Duration

4.1 The processing of personal data will be carried out by Boom SMS for the duration of the Agreement unless otherwise agreed upon in writing.



5. Type of personal data processed

5.1 The customer may submit customer personal data to the Services, the extent of which is determined and controlled by the customer in its sole discretion, and which may include, but is not limited to the following categories of personal data:

  • Contact information (company, email, phone, physical address)
  • First and last name
  • ID data
  • Title
  • Position
  • Employer
  • Connection data
  • Localisation data


6. Type of data subjects

6.1 The customer may submit personal data to the services, the extent of which is determined and controlled by the customer in its sole discretion, and which may include, but is not limited to personal data relating to the following categories of data subject:

  • Customers, business partners and vendors of the customer (who are natural persons)
  • Employees of contact persons of the customer's customers, business partners and vendors
  • Employees, agents, advisors, freelancers of the customer (who are natural persons)
  • Customer's Service user including any user of the services, which customer permits using the Services


7. Technical and organisational measures

7.1 Boom SMS has implemented and maintains appropriate technical and organizational measures in accordance with Article 28, 3 (c) and Article 32 in particular in relation with Article 5, 1 and 2 GDPR. Such measures include but not limited to physical and IT measures, and organizational measures to protect personal data processed against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. Such measures provide a level of security that is appropriate to the risks of the processing having regard to:

  • the state of the art technology;
  • the costs of implementation;
  • the nature, scope, context and purposes of processing, including the type of personal data; and
  • risk for the rights and freedoms of natural persons that personal data relate to.
  • 7.2 The Technical and Organisational Measures are subject to technical progress and further development. In this respect Boom SMS may implement alternative adequate measures; however, the security level of the defined measures must never be reduced. Major changes must be documented.



    8. Quality assurances and other duties of Boom SMS

    8.1 Boom SMS shall comply with the mandatory requirements referred to in Articles 28 to 33 GDPR, and ensures in particular compliance with the following requirements:

    • a) Appoint a data protection officer, who performs his/her duties in compliance with Articles 38 and 39 GDPR. The data protection officers contact details are available at Boom SMS web page.
    • b) Confidentiality in accordance with Article 28, 3 (b), Articles 29 and 32 (4) GDPR. Boom SMS entrusts only such employees with the data processing outlined in this contract who have been bound to confidentiality and have previously been familiarized with the data protection provisions relevant to their work. Boom SMS and any person acting under its authority who has access to personal data, shall not process that data unless on instructions from the customer, which includes the powers granted in this Amendment, unless required to do so by Privacy Laws.
    • c) At the customer’s cost and expense and taking into account the nature of the processing and the information available to Boom SMS, provide such information and assistance as the customer may reasonably require and within the timescales reasonably specified by the customer to assist the customer to comply with its obligations under applicable Privacy Laws which may include assisting the customer to:
      • (i) notify the customer of any request Boom SMS receives for a data subject relating to personal data processed;
      • (ii) comply with its security obligations;
      • (iii) discharge its obligations to respond to requests relating to the exercise of Data Subject rights including right of access, right to rectification, right to erasure ("right to be forgotten") right to restriction of processing (to the extent that personal data is not accessible to the customer through the Services);
      • (iv) carry out Data Protection Impact Assessment and audit Data Protection Impact Assessment compliance and consult with the supervisory authority
      • (v) following Data Protection Impact Assessment.
    • d) Unless prohibited by applicable law or a legally binding request of law enforcement, Boom SMS shall promptly notify the customer of any request by, any government official, data protection supervisory authority or law enforcement authority in respect of any personal data;
    • e) Boom SMS shall periodically monitor the internal processes and the Security Directives to ensure that processing within Boom SMS area of responsibility is in accordance with the requirements of Privacy Laws and the protection of the rights of the data subject.


    9. Sub-Processors

    9.1 The customer agrees that Boom SMS may engage Boom SMS Affiliate or third parties to process personal data in order to assist Boom SMS to deliver the Services on behalf of the customer ("Sub-processors"). Boom SMS has or will enter into written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA to the extent applicable to the nature of the Services provided by such Sub-processor. If the Sub-processor processes the Services outside the EU/EEA, Boom SMS shall ensure that the transfer is made pursuant to European Commission approved standard contractual clauses for the transfer of Personal Data which the customer authorizes Boom SMS to enter into on its behalf, or that other appropriate legal data transfer mechanisms are used.

    9.2 for the avoidance of doubt, where any Sub-processor fails to fulfil its obligations under any sub-processing agreement or under applicable law Boom SMS will remain fully liable to the customer for the fulfilment of its obligations under this DPA.



    10. Audits and inspections

    10.1 In the event that the customer, a regulator or data protection authority requires additional information or an audit related to the Services, then, Boom SMS agrees to submit its data processing facilities, data files and documentation needed for processing personal data to audit by the customer (or any third party such as inspection agents or auditors, selected by customer) to ascertain compliance with this DPA, subject to being given reasonable notice and compliance with Boom SMS’s Security Directives and the auditor entering into a non-disclosure agreement directly with Boom SMS. Boom SMS agrees to provide reasonable cooperation to customer in the course of such operations including providing all relevant information and access to all equipment, software, data, files, information systems, etc. used for the performance of Services, including processing of personal data. Such audits shall be carried out at the customer’s cost and expense.



    11. Notification of a data breach

    11.1 In the event of Boom SMS aware of any breach of security that results in the accidental, unauthorised or unlawful destruction or unauthorised disclosure of or access to personal data Boom SMS shall, among other things:

    • a) Notify the customer in writing immediately but not later than 48 hours after becoming aware of the breach of security.
    • b) Assist the customer with regard to the customers obligation to provide information to the data subject and to provide the customer with relevant information in this regard.
    • c) Support the customer in consultations with data protection authority.

    11.2 To the extent legally possible, Boom SMS may claim compensation for support services under this clause 11 which are not attributable to failures on the part of Boom SMS.

    11.3 customer shall retain all rights, copyright or other intellectual property rights, title and interest to any and all personal data, including all rights relating to.

    11.4 Boom SMS understands and agrees that such personal data constitutes customer proprietary and Confidential Information.



    12. Deletion and return of personal data

    12.1 Upon expiration of the Agreement or in the event of early termination for any reason whatsoever, Boom SMS and its subcontractors shall promptly provide to customer all personal data held by them for the duration of the Agreement for the performance of the Services. Upon customer’s request, Boom SMS will destroy copies of personal data held in its systems and confirm this to customer in writing unless required to keep certain personal data in order to comply with applicable laws.



    13. Boom SMS’s Obligations as Data Controller

    13.1 In situations where Boom SMS will act as a Data Controller, it undertakes to comply with its obligations under applicable Privacy Laws in respect of any Personal Data processed under the Agreement. It shall process such Personal Data in connection with the transmission of messages and to fulfil its associated obligations under the Agreement or as may be required by law, court order or any government or regulatory authority and in accordance with its privacy policy.



    14.Customer's Obligations

    14.1 The customer shall comply at all times with applicable Privacy Laws in relation to the processing of personal data in connection with the Agreement and the Services.



    15. Limitation of Liability

    15.1 Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this DPA whether in contract, tort or under any other theory of liability, is subject to the Limitation of Liability section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement and this DPA.



    16. Security Directives

    Description of the technical and organizational measures implemented by Boom SMS:

    Boom SMS shall implement the measures described in this appendix, provided that the measures directly or indirectly contribute or can contribute to the protection of personal data under the agreement concluded between the Parties for the processing of data. If Boom SMS believes that a measure is not necessary for the respective Service or part thereof, Boom SMS will justify this and come to an agreement with the customer.

    The technical and organisational measures are subject to technical progress and development. In this respect Boom SMS is permitted to implement alternative adequate measures. The level of security must align with industry security best practice and not less than, the measures set forth herein. All major changes are to be agreed with the customer and documented.



    16.1 Risk management

    Security risk management

    1. Boom SMS shall identify and evaluate security risks related to confidentiality, integrity and availability and based on such evaluation implement appropriate technical and organizational measures to ensure a level of security which is appropriate to the risk.
    2. Boom SMS shall have documented processes and routines for handling risks within its operations.
    3. Boom SMS shall periodically assess the risks related to information systems and processing, storing and transmitting information.

    Security risk management for personal data

    1. Boom SMS shall identify and evaluate security risks related to confidentiality, integrity and availability and based on such evaluation implement appropriate technical and organizational measures to ensure a level of security which is appropriate to the risk of the specific personal data types and purposes being processed by Boom SMS, including inter alia as appropriate:
      • The pseudonymization and encryption of personal data
      • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
      • The ability to restore the availability and access to the customer’s Data in a timely manner in the event of a physical or technical incident
      • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing
    2. Boom SMS shall have documented processes and routines for handling risks when processing personal data on behalf of the customer.
    3. Boom SMS shall periodically assess the risks related to information systems and processing, storing and transmitting personal data.


    16.2 Information security policies

    16.2.1 Boom SMS shall have a defined and documented information security management system (ISMS) including an information security policy and procedures in place, which shall be approved by Boom SMS’s management. They shall be published within Boom SMS´s organization and communicated to relevant Boom SMS Personnel.

    16.2.2 Boom SMS shall periodically review Boom SMS’s security policies and procedures and update them if required to ensure their compliance with the Security Directives.



    16.3 Organization of information security

    • Boom SMS shall have defined and documented security roles and responsibilities within its organization.
    • Boom SMS shall appoint at least one data protection officer who has appropriate security competence and who has an overall responsibility for implementing the security measures under the Security Directives and who will be the contact person for the customer’s security staff.


    16.4 Human resource security

    • Boom SMS shall ensure that Boom SMS personnel handles information in accordance with the level of confidentiality required under the Agreement.
    • Boom SMS shall ensure that relevant Boom SMS personnel is aware of the approved use (including use restrictions as the case may be) of information, facilities and systems under the Agreement.
    • Boom SMS shall ensure that any Boom SMS personnel performing assignments under the Agreement is trustworthy, meets established security criteria and has been, and during the term of the assignment will continue to be, subject to appropriate screening and background verification.
    • Boom SMS shall ensure that Boom SMS personnel with security responsibilities is adequately trained to carry out security related duties.
    • Boom SMS shall provide or ensure periodical security awareness training to relevant Boom SMS personnel. Such Boom SMS training shall include, without limitation:

      1. How to handle customer information security (i.e. the protection of the confidentiality, integrity and availability of information);
      2. Why information security is needed to protect customers information and systems;
      3. The common types of security threats (such as identity theft, malware, hacking, information leakage and insider threat);
      4. The importance of complying with information security policies and applying associated standards/procedures;
      5. Personal responsibility for information security (such as protecting customer’s privacy-related information and reporting actual and suspected data breaches).


    16.5 Access control

    • Boom SMS shall have a defined and documented access control policy for facilities, sites, network, system, application and information/data access (including physical, logical and remote access controls), an authorization process for user access and privileges, procedures for revoking access rights and an acceptable use of access privileges for Boom SMS personnel in place.
    • Boom SMS shall have a formal and documented user registration and de-registration process implemented to enable assignment of access rights.
    • Boom SMS shall assign all access privileges based on the principle of need-to-know and principle of least privilege.
    • Boom SMS shall use strong authentication (multi-factor) for remote access users and users connecting from an untrusted network.
    • Boom SMS shall ensure that Boom SMS Personnel has a personal and unique identifier (user ID), and use an appropriate authentication technique, which confirms and ensures the identity of users.


    16.6 Cryptography

    • Boom SMS shall ensure proper and effective use of cryptography on information classified as confidential and secret (such as personal data) in accordance with the customer’s confidentiality classification scheme as directed by the customer.
    • Boom SMS shall protect cryptographic keys.


    16.7 Physical and environmental security

    • Boom SMS shall protect information processing facilities against external and environmental threats and hazards, including power/cabling failures and other disruptions caused by failures in supporting utilities. This includes physical perimeter and access protection.
    • Boom SMS shall protect goods received or sent on behalf of the customer from theft, manipulation and destruction.


    16.8 Admission to the customer’s premises and the customer’s leased premises

    • Boom SMS’s admission to the customer’s premises and property (such as datacentre buildings, office buildings, technical sites) is subject to the following:

      1. Boom SMS shall follow local regulations (such as regulations for "restricted areas") for the customer’s premises when performing the assignments under the Agreement.
      2. Boom SMS Personnel shall carry ID card or a visitor’s badge visible at all time when working within the customer’s premises.
      3. After completing the assignment, or when Boom SMS personnel is transferred to other tasks, Boom SMS shall without delay inform the customer of the change and return any keys, key cards, certificates, visitor’s badges and similar items.
      4. Keys or key cards shall be personally signed for by Boom SMS personnel and shall be handled according to the written rules given upon receipt.
      5. Loss of the customer’s key or key card shall be reported without delay to the customer.
      6. Photographing in or at the customer’s premises without permission is prohibited.
      7. The customer’s goods shall not be removed from the customer’s premises without permission.
      8. Boom SMS Personnel shall not allow unauthorized persons access to the premises.


    16.9 Operations security

    • Boom SMS shall have an established change management system in place for making changes to business processes, information processing facilities and systems. The change management system shall include tests and reviews before changes are implemented, such as procedures to handle urgent changes, roll back procedures to recover from failed changes, logs that show, what has been changed, when and by whom.
    • Boom SMS shall implement malware protection to ensure that any software used for Boom SMS’s provision of the Services to the customer is protected from malware.
    • Boom SMS shall make backup copies of critical information and test back-up copies to ensure that the information can be restored as agreed with the customer.
    • Boom SMS shall log and monitor activities, such as create, reading, copying, amendment and deletion of processed data, as well as exceptions, faults and information security events and regularly review these. Furthermore, Boom SMS shall protect and store (for at least 6 months or such period/s set by Privacy Laws) log information, and on request, deliver monitoring data to the customer. Anomalies / incidents / indicators of compromise shall be reported according to the data breach management requirements as set out in clause 13, below.
    • Boom SMS shall manage vulnerabilities of all relevant technologies such as operating systems, databases, applications proactively and in a timely manner.
    • Boom SMS shall establish security baselines (hardening) for all relevant technologies such as operating systems, databases, applications.
    • Boom SMS shall ensure development is segregated from test and production environment.


    16.10 Communications security

    • Boom SMS shall implement network security controls such as service level, firewalling and segregation to protect information systems.


    16.11 System acquisition, development and maintenance (when software development or system development is provided to the customer by Boom SMS)

    • Boom SMS shall implement rules for development lifecycle of software and systems including change and review procedures.
    • Boom SMS shall test security functionality during development in a controlled environment.


    16.12 Boom SMS relationship with sub-suppliers

    • Boom SMS shall reflect the content of these Security Directives in its agreements with Sub-processors that perform tasks assigned under the Agreement.
    • Boom SMS shall regularly monitor, review and audit Sub-processor’s compliance with the Security Directives.
    • Boom SMS shall, at the request of the customer, provide the customer with evidence regarding Sub- processor’s compliance with the Security Directives.


    16.13 Data breach management

    • Boom SMS shall have established procedures for data breach management.
    • Boom SMS shall inform the customer about any data breach (including but not limited to incidents in relation to the processing of personal data) as soon as possible but no later than within 48 hours after the data breach has been identified.
    • All reporting of security-related incidents shall be treated as confidential information and be encrypted, using industry standard encryption methods.
    • The data breach report shall contain at least the following information:

      1. The nature of the data breach,
      2. The nature of the personal data affected,
      3. The categories and number of data subjects concerned,
      4. The number of personal data records concerned,
      5. Measures taken to address the data breach,
      6. The possible consequences and adverse effect of the data breach, and
      7. Any other information the customer is required to report to the relevant regulator or data subject.
    • To the extent legally possible, Boom SMS may claim compensation for support services under this clause 13 which are not attributable to failures on the part of Boom SMS.


    16.14 Business continuity management

    • Boom SMS shall identify business continuity risks and take necessary actions to control and mitigate such risks.
    • Boom SMS shall have documented processes and routines for handling business continuity.
    • Boom SMS shall ensure that information security is embedded into the business continuity plans
    • Boom SMS shall periodically assess the efficiency of its business continuity management, and compliance with availability requirements (if any).



    Privacy Policy

    By using our websites, products, services, or otherwise by interacting with us, you consent to the following privacy policy. DO NOT engage in any of these activities if you do not agree with the terms of this Privacy Policy.



    INFORMATION COLLECTED BY Boom SMS

    In general, Boom SMS will collect information from you based upon our business relationship, your use of the Site, Our services and our products, as follows:



    CONTENT REGISTRATION

    In order to access and view some content on the Site, you are required to register with Boom SMS before the content is made available to you. During the registration process, you are required to provide us with certain contact information, including your name, address, phone number and email address. We use this information to contact you about the services we offer in relation to which you have expressed interest.



    CLIENT SUPPORT PORTAL

    When you contact Boom SMS customer support using any Boom SMS client support portal, we may ask you for certain information regarding your enquiry, such as your name, email address or telephone number.



    COOKIES

    What Are Cookies and How Do I Disable Them?

    Cookies are files that web browsers place on a computer’s hard drive. You can disable cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Note that you may be prevented from using the site or services effectively or at all if cookies are disabled.

    How do the Site and services use cookies?

    Our customer support portals use session cookies containing encrypted information to allow the system to uniquely identify you while you are logged in. This information allows us to process your online data and requests. Session cookies help us make sure you are who you say you are after you have logged in. We use persistent cookies, which only we can read and use, to identify the fact that you are a Boom SMS customer or prior site visitor.

    We also may from time to time engage third parties to track and analyse non-personally identifiable usage and volume statistical information from visitors to our websites to help us administer the websites and improve its quality. Such third parties may use cookies to help track visitor behaviour. Such cookies will not be used to associate individual website visitors to any Personal Data (defined below). All data collected by such third parties on our behalf is used only to provide us with information on site usage and is not shared with any other third parties.



    CORRESPONDENCE

    If you send us correspondence, such as emails or letters, we may collect such information into a file specific to you.



    MOBILE USER INFORMATION

    As part of our services, we sometimes receive information from wireless carriers and operators in order to provision the specific content and data services requested by individual users. All such information is acquired from either the wireless carrier’s or operator’s website or from the user’s mobile device via the wireless carrier’s or operator’s network. This data is usually limited to the user’s cell phone number. The user must explicitly "opt in" through the wireless carrier or operator in order for any of this information to be collected and its use is governed by this Privacy Policy and any policies or procedures of the user’s wireless carrier or operator. In some cases, we may receive authentication information directly from mobile users, including in the form of a personal information number (PIN) previously sent to a mobile user.



    HUMAN RESOURCES

    We collect information about you when you submit a job application, resume, survey responses or similar information.



    NEWSLETTERS

    If you wish to subscribe to our newsletters, we will use your name and email address to send the newsletter to you. Out of respect for your privacy, you have the option to unsubscribe from receiving some or all of the newsletters. Please see the "Opt-out" section below.



    HOW WE USE INFORMATION

    We may use data We obtain as described above for purposes relating to our website and services, including (a) providing the website and services to you, (b) facilitating third parties to participate in the provision and improvement of the website and services (including without limitation mobile network operators, hosting partners, and other service providers), (c) raising queries with you, and responding to issues you may raise, whether relating to our services or otherwise, (d) communications relating to surveys and other customer satisfaction-related activities, (e) progressing job applications, to perform credit checks and, (f) verification of personal or business data and payment details and other checks before offering our services to customers.



    SERVICE-RELATED ANNOUNCEMENT

    We will send you service-related announcements when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email. Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.



    CUSTOMER SERVICE

    We will also communicate with you in response to your customer service enquiries, to provide the services you request, and to manage your account.



    DISCLOSURES AND SHARING OF INFORMATION

    As a matter of policy, we do not sell or rent any of your information to third parties for any advertising or marketing purposes. However, the following describes some of the ways that we may disclose your information in the normal course of providing our services.



    LEGAL REQUESTS & COMPLIANCE WITH LAWS

    We reserve the right to disclose information as required by law or regulation and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process. Notwithstanding any provisions herein, we may disclose Personal Data to governmental authorities when required or reasonably requested to do so by such governmental authorities. This Privacy Policy does not apply to the extent that it is in conflict with any law that may be applicable to the Personal Data of a Data Subject.



    DATA PROCESSOR

    As Data Processor, Boom SMS will only process Personal Data pursuant to the instructions of the applicable customer (for example where we act as a Data Processor in relation to the processing activities of customers on Our platform). Boom SMS may use the services of third party Data Processors to process Personal Data in accordance with purposes identified for such Personal Data by the applicable customer (including but not limited to the provision of services). Boom SMS will not be responsible for determining the authenticity of any purported Data Subject’s request to access his or her Personal Data. In the absence of express instructions to do so from the applicable customer, Boom SMS will not provide a purported Data Subject with access to his or her Personal Data unless it is demonstrated to Boom SMS’s satisfaction that the applicable Data Controller has refused such access.



    DATA CONTROLLER

    As a Data Controller, Boom SMS receives Personal Data about our business contacts. Boom SMS owns and controls such Personal Data as stated in this Privacy Policy. In parallel and in accordance with Recital 47 of the European Data Protection Directive 95/46/EC (as amended from time to time or replaced by other EU regulation), We shall act as an independent Data Controller with respect to the processing of Personal Data which is necessary for the operation of Our service which shall include any information processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof.



    HIPAA

    From time to time, Boom SMS provides messaging services to health care providers, and serves as a "Business Associate" (as that term is defined pursuant to HIPAA Regulations) to such providers in relation to the handling of protected health information ("PHI") that is made a part of our services.



    DE-IDENTIFICATION

    Boom SMS may de-identify or depersonalize data into anonymized and aggregate data that it derives from customers ("Anonymous Data"). Anonymous Data means data that includes no Personal Data or unique identifiers that could later be used to refer to the Personal Data to which the data was once associated. Boom SMS uses only Anonymous Data in performing analyses, and may disclose Anonymous Data to its customers who have requested such analyses and to third parties where we are contractually entitled to do so.



    THIS SITE IS NOT FOR USE BY CHILDREN

    Protecting the privacy of children is important to Boom SMS. For that reason, the Site is structured specifically to not attract anyone under 13, nor do we collect or maintain Personal Data on the Site from those who Boom SMS actually knows are under 13. If we learn of, or are notified that we have collected information from users under the age of 13, Boom SMS will immediately delete such Personal Data.



    OPT-OUT

    We provide you the opportunity to ‘opt-out’ of having your Personal Data used for certain purposes, when we ask for this information. For example, if you register with us but no longer wish to receive our newsletters and/or related communications, you may opt-out of receiving them by us at legal@BoomSMS.co.uk



    SECURITY

    We take appropriate technical and organizational measures to guard against unauthorized or unlawful processing of your Personal Data and against accidental loss or destruction of, or damage to, your Personal Data. Boom SMS uses industry-standard security measures to protect the integrity and confidentiality of any Personal Data it owns or processes on behalf of customers, including, in appropriate circumstances, the use of firewalls, restricted access, and encrypted transmissions. Boom SMS limits access to Personal Data to those persons in Boom SMS’s organization who have a business need to process such Personal Data. However, no company, including Boom SMS, can fully eliminate the security risks associated with such Personal Data. Due to factors beyond Boom SMS’s control, Boom SMS cannot ensure that Personal Data will not be disclosed to third parties. For example, Boom SMS may become legally obligated to disclose such data, or, despite precautions, third parties may circumvent security measures to intercept or access such data.



    DISCLAIMER

    We cannot ensure that all of your private communications and other Personal Data will never be disclosed in ways not otherwise described in this Privacy Policy. By way of example (without limiting the foregoing), We may be forced to disclose Personal Data to the government or third parties under certain circumstances, third parties may unlawfully intercept or access transmissions or private communications, or users may abuse or misuse your Personal Data that they collect from the Site. Boom SMS does not review, comment upon, or monitor its customers’ compliance with their respective privacy policies, nor does Boom SMS review customer instructions to determine whether they are in compliance or conflict with the terms of a customer’s published privacy policy.



    THIRD PARTIES

    Please be advised this Privacy Policy does not apply to the practices of companies that Boom SMS does not own or control, or to people that Boom SMS does not employ or manage. This includes links to other websites on the Site as well as any companies from whom you may have ordered services or products that are transmitted over Boom SMS’s network, and any companies from whom you may be purchasing telecommunications services. Boom SMS recommends that you be aware when you leave the Site and read the terms of use and privacy policies of any site, product or service that collects Personal Data.



    CHANGES TO THIS PRIVACY POLICY

    We reserve the right to modify this Privacy Policy at any time, so please review it regularly. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on the Site and other places we deem appropriate. All such changes shall be binding on you 30 days after they are initially posted on the Site unless you are a new user, in which case they are binding on you immediately.



    ACQUISITIONS

    If another company acquires Boom SMS or its assets, that company will (a) process that Personal Data held by Boom SMS, and (b) assume the rights and obligations regarding such Personal Data described in this Privacy Policy.



    UPDATE INFORMATION / REVOKE CHOICES / SUGGESTIONS / CONTACT INFORMATION

    If you would like to update or correct any information that you have provided to Boom SMS through your use of our services or website, limit or opt-out of certain communications, revoke prior communication choices you have made, or if you have suggestions for improving this privacy policy, please contact us via your online account.

    We will use reasonable commercial efforts to address any concerns that you may have. Any person – including with inquiries or complaints regarding this privacy policy should contact Boom SMS.