GDPR Compliance

How BritishText handles data protection under the UK General Data Protection Regulation. Last updated: 1 March 2025

UK GDPR

Fully compliant

Data storage

UK servers only

DPA available

On request

ICO registered

Data controller

BritishText Ltd (“BritishText”) is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we handle personal data and how we help our customers maintain their own GDPR compliance when using the BritishText platform.

1. Roles and Responsibilities

BritishText as Data Controller

BritishText acts as a data controller in respect of personal data relating to our customers (account holders, billing contacts) that we collect and process to provide and improve the Service.

BritishText as Data Processor

BritishText acts as a data processor in respect of the personal data of your end-contacts (the recipients of your SMS and WhatsApp messages). As the data controller for those contacts, you are responsible for ensuring you have a lawful basis for processing their data and for obtaining any necessary consents before using BritishText to communicate with them.

2. Lawful Basis for Processing

UK GDPR requires a lawful basis for every processing activity. BritishText relies on the following bases:

Contractual necessity

Processing customer account data, billing information, and message logs is necessary to perform our contract with you.

Legitimate interests

We process usage data and analytics to improve the Service, prevent fraud, and maintain security. We have conducted legitimate interests assessments where applicable.

Legal obligation

We retain certain financial records to comply with HMRC requirements and respond to lawful requests from regulatory authorities.

Consent

We rely on your consent for optional marketing communications and non-essential cookies. You may withdraw consent at any time.

3. Data Subject Rights

UK GDPR grants individuals the following rights. We are committed to honouring all valid requests within the statutory 30-day period:

Right of access (Subject Access Request) — You may request a copy of the personal data we hold about you.
Right to rectification — You may request correction of inaccurate or incomplete personal data.
Right to erasure (“right to be forgotten”) — You may request deletion of your personal data where there is no compelling reason for its continued processing.
Right to restriction — You may ask us to restrict processing of your personal data in certain circumstances.
Right to data portability — You may request your personal data in a structured, commonly-used, machine-readable format.
Right to object — You may object to processing based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, contact us at support@britishtext.com. We may need to verify your identity before actioning a request.

4. Data Processing Agreement

In our role as data processor for your contact data, UK GDPR requires that we have a Data Processing Agreement (DPA) in place with our customers. A copy of our standard DPA is available on request.

Our DPA covers the subject matter, duration, nature, and purpose of processing; the type of personal data and categories of data subjects; our obligations and rights as processor; and the obligations of the data controller. Contact us at support@britishtext.com to request a DPA.

5. Data Breach Procedures

In the event of a personal data breach, BritishText will:

Contain and assess the breach as quickly as possible
Notify affected customers without undue delay and within 72 hours of becoming aware of the breach (where required by UK GDPR)
Provide affected customers with the information they need to fulfil their own notification obligations to the ICO and affected data subjects
Document all breaches, their effects, and the remedial action taken

If you become aware of a potential security incident affecting BritishText or your account, please contact us immediately at support@britishtext.com.

6. International Transfers

BritishText stores all customer data on servers located in the United Kingdom. We do not routinely transfer personal data outside the UK or the European Economic Area.

In limited circumstances, certain third-party service providers we use may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements (IDTAs) or adequacy decisions, in accordance with UK GDPR Chapter V.

7. Data Protection Officer

As a small business, BritishText is not currently required to appoint a formal Data Protection Officer under UK GDPR. Responsibility for data protection compliance rests with our founding team. For all data protection enquiries, please contact us at support@britishtext.com, marking your email “Data Protection Enquiry”.

8. Your Responsibilities

When you use BritishText to send messages to your contacts, you are the data controller for those contacts' personal data. This means you are responsible for:

Ensuring you have a lawful basis (typically explicit consent) for sending marketing messages under PECR
Maintaining records of consent for each contact
Honouring opt-out requests promptly (BritishText automatically processes STOP requests)
Ensuring your contact data was obtained lawfully
Providing your contacts with privacy information about how their data is used
Responding to data subject rights requests from your contacts

9. Supervisory Authority

The supervisory authority for data protection in the UK is the Information Commissioner's Office (ICO). You have the right to lodge a complaint with the ICO if you believe your personal data has been processed in a manner that does not comply with UK GDPR. The ICO can be contacted at ico.org.uk.