Users’ Personal Data Protection Policy (Privacy Policy)

Last update date: 20 January 2023


SMSBOX cares about your privacy and we are committed to protecting it. We collect your personal data (your "Data") in a transparent manner and believe that you should be able to know the purposes for which they are used, understand your rights with respect to such Data and know how to exercise them.

This Privacy Policy sets out our practices regarding the collection, use and possible transfer of your Data.

By accepting the General Terms and Conditions and using our services, you acknowledge that you accept the practices of SMSBOX, as described in this Privacy Policy.

For any information, question or remark concerning this Privacy Policy, we invite you to contact us (see "Contact" below).


All capitalized terms used in this Policy but not defined here have the definitions given to them in the SMSBOX T&Cs.

In addition, the following definitions apply to this Privacy Policy:

Data - means data that may directly or indirectly identify the Customer or a User within the meaning of the GDPR.

The GDPR - means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

The processing of Data

Categories of Data collected by SMSBOX

SMSBOX collects the following data for each Customer, representative or User:

i.          Name, first name,

ii.         Professional e-mail address,

iii.        Fixed and/or mobile telephone number

iv.        Company name,

v.         Company structure,

vi.        Intra-community (EU) VAT number

vii.       Registration number with a national or local register (Companies House, etc)

viii.      Postal address of the company's headquarters

ix.        Connection data

Except for direct debit or payment by cheque, we also inform you that SMSBOX does not have any banking information concerning you. All the banking information necessary for the payment during the ordering process is directly collected by our payment provider.

Data collection purposes

SMSBOX collects your Data when you create an account or if you contact us by email.

Depending on the case and context, we may collect your Data in order to:

  • process your purchases and orders and to provide you with the SMSBOX services you have ordered;
  • communicate to you the news, offers and promotions of SMSBOX, after having previously collected your consent for this specific purpose;
  • -ensure a service-after-sale including the management of refunds;
  • offer you a response in case of a request, query or suggestion from you;
  • enable you to exercise your rights;
  • ensure the management of complaints and disputes;
  • protect SMSBOX staff and customers;
  • carry out statistical analyses in order to improve the user experience on the SMSBOX website and the products and services provided by SMSBOX,
  • ensure the management of SMSBOX orders;
  • comply with our legal obligations with national control authorities and other regulatory bodies

Data are collected in accordance with the following legal bases:

  • You have given your explicit consent in accordance with Article 6.1(a) of the GDPR,
  • This is permitted and required by law under Article 6.1(b) of the GDPR, for the processing of contractual relationships,
  • We are legally obliged to do so under Article 6.1(c) of the GDPR
  • The disclosure is necessary under Article 6.1(f) of the GDPR to enable SMSBOX to establish, exercise or defend legal claims

Duration of retention of Data

We will only retain Data for the retention periods set out in the GDPR, if the purpose of the processing has not been fulfilled and depending on the nature of the Data. Once the time limits are exhausted, the Data will be deleted or archived in the cases provided for by the law.

The Data collected by SMSBOX are kept for the duration of the commercial and contractual relationship with the Customer.

Once the contractual relationship has ended, SMSBOX may keep your Data for a period of five (5) years, in view of the processing purposes previously set out in accordance with the provisions of the GDPR.

If you have created an account on the SMSBOX website without ever having placed an order, SMSBOX will keep your Data for a maximum period of fourteen (14) months from the last incoming contact.

Data Transfer

Access to your Data is strictly limited to SMSBOX's employees and agents, who are authorised by virtue of their functions and bound by an obligation of confidentiality. However, the Data collected may be communicated to processors contractually responsible for the performance of tasks necessary for the proper functioning of the Platform and/or Services as well as for the proper management of our relationship with you, without you having to give your permission.

Such processors are subject to a confidentiality obligation and may only use your Data in accordance with our contractual terms and applicable law.

Other than as set out above, we will not sell, rent, lease or otherwise give unauthorised third parties access to your Data without your prior consent.

SMSBOX may also share Customer Data if required by law or legal process, if requested by any public authority, or if the transmission of such Data is necessary to ensure the safety of its Customers and to protect its own rights, in accordance with the applicable provisions of the GDPR.

SMSBOX’ obligations

SMSBOX undertakes to comply with the provisions of the amended French Act of 6 January 1978 on data Processing, data Files and Civil Liberties, as well as the provisions of the GDPR and any other applicable regulations that may be added to or replaced at a later date.

To this end, SMSBOX undertakes to respect the following obligations:

  • To process the Data only within the framework of the present Privacy Policy and only in relation to the SMSBOX T&Cs.
  • To ensure that only duly trained personnel have access to the Data.
  • Implement technical and organisational measures to protect the Data, as required by the GDPR.
  • To ensure that the Data is not used, manipulated, distributed, copied, processed for any purpose other than the fulfilment of the obligations as explicitly agreed and resulting from this Privacy Policy.

Your Data are stored on secure servers protected by a firewall and anti-virus software. We have security measures in place to protect the confidentiality of your Data against accidental loss and against unauthorised access, use, modification and disclosure.

However, due to the inherent characteristics of the Internet, we cannot guarantee the optimal security of information exchanges on this network. We strive to protect your Data, but we cannot guarantee the absolute security of information transmitted on the Platform or when connecting to the Customer Area.

We cannot be held responsible in case of non-compliance with the privacy settings or security measures in place on the Platform. To that extent, you agree that the security of your information is also your responsibility. For example, it is your responsibility to keep secret the Authentication Data allowing you to access your Customer Area. Do not disclose it to third parties under any circumstances.

The exercise of your rights

In accordance with the provisions of the GDPR, you have rights in relation to the processing of your Data. To exercise your rights, please contact us by following the information in the following Section.

Right of access

Where we process personal information collected via our website for account management, billing or marketing purposes, we provide you with the opportunity to access, review, amend and delete any personal information we process in accordance with the provisions of the GDPR.

You have the right to request that we disclose to you certain information about the collection and use of your personal information.

Right to rectification

You have the right to obtain the rectification of inaccurate Data concerning you, and to have incomplete Data completed.

Right to restriction of processing

You have the right to restrict the processing of your Data in certain circumstances. This means that you can restrict how we use your Data.

The right to restrict the processing of your Data may be exercised in the following circumstances:

  • You dispute the accuracy of your Data.
  • Your Data have been processed unlawfully.

This right is an alternative to your right to erasure.

Right to erasure

You have the right to ask us to delete any Data we have collected from you and stored, subject to certain exceptions.

We may refuse your request for deletion if the retention of the information is necessary to enable us or our service providers, contractors and/or processors to:

  • Carry out the transaction for which we have collected the Data, provide the service you have requested, or reasonably fulfil our obligations,
  • Comply with a legal or regulatory obligation,
  • Detect security incidents, protect us from malicious, deceptive, fraudulent or illegal activities, or prosecute those responsible for such acts,
  • identify and repair errors that impair the existing functionality of the Services.

Right of withdrawal of consent

If we have collected and processed your Data on the basis of your consent, you may withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we have carried out prior to your withdrawal, or the processing of your Data based on other lawful bases under the GDPR.

Right to Data portability

The right to Data portability gives you the right to receive the Data you have provided to us in a structured, commonly used and machine-readable format. At your request, we may also transfer your Data directly to another entity.


If you have any questions, comments or requests regarding this policy, or if you wish to exercise any of your rights regarding the protection of your Data, you can contact us by:

  • sending us an email at the following address:
  • sending us a letter to the following address: SMSBOX, DPO, 20 avenue Élie Gautier, 83320 Carqueiranne, FRANCE

You can also lodge a complaint with the Commission Nationale Informatique et Libertés (CNIL), the relevant GDPR supervisory authority on French territory:

  • Through the online form available at:
  • By way of a letter sent to: CNIL - Service des Plaintes - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, FRANCE

Entry into force and modification of this Privacy Policy

The version in force is the existing one applicable at the date of creation of an Account.

SMSBOX reserves the right to modify this Policy, in particular according to changes in the regulations on data protection and according to date processing equiment implemented by SMSBOX.

SMSBOX will use its reasonable efforts to keep you informed by any means of possible modifications. Where processing will be based on consent, SMSBOX will notify you of changes to the Policy so that you can consent to the new version of the Policy.

If SMSBOX makes a change to this Policy, a new version will be published on the relevant media and the "last updated" date at the bottom of this Policy will be updated.

SMSBOX therefore invites you to regularly consult the media publishing this Policy.

+33 4 83 73 63 83
From France
0 805 03 03 61