Protecting your privacy is extremely important to us. The following information will help you understand the purposes for which we collect, store and use your information. We will keep your information confidential and will only share it if we are legally required to do so if we must do so in order to fulfil our agreement with you or if you have given your consent.
We have tried to make this notice as clear as possible, but if there is something we have not explained well, please contact us at email@example.com.
The last time this notice was changed: February 2021
We want you to understand who we are, what kind of personal information (“PI”) we collect, and what we do with it. This notice is part of our contract with you and it may change from time to time.
1.1 In your day-to-day dealings with us we obtain PI about you. We want you to understand who you are sharing your PI with, what kind we are collecting and how we use it.
1.2 PI does not include any anonymous, de-identified, or statistical information – provided that it cannot be linked back to you.
1.3 This privacy notice forms part of our contract with you. You should read it along with the terms applicable to services you use.
1.4 From time to time we may have to amend this notice to accommodate changes in our services, or if legal requirements change.
1.5 You agree to our information practices, including the collection, use, processing, and sharing of your information as described in this Privacy notice, as well as the transfer and processing of your information to the United States and other countries globally where we have or use facilities, service providers, or partners, regardless of where you use our services. You acknowledge that the laws, regulations, and standards of the country in which your information is stored or processed may be different from those of your own country.
You are sharing your information with the Clickatell Group. Sometimes we may need to share your PI with others in order to provide our services to you or if we are legally required to.
2.1 Clickatell is a global group of companies. When you share information with Clickatell, the information can be accessed by any of our subsidiaries. Clickatell’s head office is Clickatell Corporation – incorporated in Delaware USA.
2.3 In order to deliver our services we will have to share information with other communications service providers to enable them to transmit your communications. We only do so on your instruction and we will only share the information which is needed to fulfil our service obligation to you.
2.4 We also make use of third-party service providers or consultants who need access to information in order to do their jobs. An example of this is when we share information with service providers so they can store the data in our primary facility at AWS Ireland. These service providers are not entitled to use the information for any other purposes, must keep it confidential and have given us reasonable assurances that the information is safe.
2.5 Sometimes we may need to disclose your information to a third party:
2.5.1 if we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or a government request;
2.5.2 to enforce our contracts and policies;
2.5.3 to protect the security and integrity of our services;
2.5.4 to fulfil our legal obligation in connection with data subject requests;
2.5.5 to protect ourselves, our other customers and the public from illegal activities; or
2.5.6 to respond to an emergency which we believe in good faith requires us to disclose information.
2.6 If we go through a corporate sale, merger, reorganisation, dissolution or similar event, your information may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor of the Clickatell companies may continue to use the information as explained in this notice.
2.7 We will require anyone that we share your PI with to honour this policy in terms of applicable law.
3.1 Clickatell’s primary data locations are in two areas:
3.1.1 AWS Ireland – all messaging and transaction services; and
3.1.2 Nigeria – all airtime and transaction services offered within Nigeria to Nigerian customers.
3.2 Clickatell’s operations are in various locations in the world. Currently our primary locations of our staff are in USA, Canada, Nigeria and South Africa. Clickatell does not store copies of production data in these operational locations, but for some services such as support tickets and finance services, we may process some of your data in the operational locations where the applicable staff attending to the matter is working.
3.3 Clickatell makes use of service providers that process some of the data that forms part of the fulfilment of our services to you. Some of the data related to this third-party processing may be transferred from Clickatell to the service provider. As an example: for the processing of online payments on Clickatell’s website, we may need to transfer some of the data to our payment processor located in USA. Another example is where, for the delivery of a SMS, we are required so send the applicable mobile number and message content to a service provider, such as a mobile telecommunications network operator, to fulfil the last part of the service. Clickatell, however, processes all information in AWS Ireland.
3.4 Clickatell makes use of vendors such as legal firms to perform operational tasks, which may require access to some PI. The sharing of information with vendors will always be limited to what is necessary for Clickatell to deliver its services.
3.5 You consent to us processing your personal information in a foreign country with less stringent data protection laws than the country in which it was collected, to the extent allowed by applicable law.
3.6 Clickatell does not sell any customer data to any third parties.
3.7 Clickatell collects data from Clickatell customers in the following manner:
4.1 When you set up your account with us, we collect the following information directly from you:
4.1.1 your company names and names of your affiliates*, employees, account users and contact persons;
4.1.2 identifiers such as registration numbers, identity numbers and
4.1.3 contact details such as e-mail addresses, telephone numbers and fax numbers;
4.1.4 location information such as your country of incorporation and physical address;
4.1.5 financial information such as information held by credit bureaus, credit references, banking details, date of fiscal year end, the name of your auditor, date of last audit, payment method; and
4.1.6 your username, password and any other applicable authentication detail
4.2 We collect this information for all the obvious reasons:
4.2.1 we want to provide our services to you;
4.2.2 bill you;
4.2.3 communicate with you about your account;
4.2.4 recognise you when you communicate with us or want access to your account;
4.2.5 comply with any legislation or regulation which requires us to collect the information; and to
4.2.6 We may also verify the information which you provided about your company for purposes of fraud prevention and to ensure the accuracy of the information you provided to us.
4.2.7 We need some of the information (for instance the content of your messages) to provide our services.
4.2.8 We use the data to manage and route traffic, to analyse and improve our services and to identify and solve problems.
4.2.9 From time to time, we gather publicly available information about companies that are our customers, such as where they are located, their website URL, their industry and their size.
*When we say ‘affiliate’ we mean an entity or person that controls you, is controlled by you, or under common control with you, such as a subsidiary, parent company, employee, etc.
4.2.11 For some of our services we will require additional information. For instance, when you want to make use of short code we need additional information about your company and what you intend to use the product for. Another example is when you apply for credit with Clickatell.
4.2.12 When you interact with our support, sales and account management teams, we pick up personal information in order to effectively assist you.
We support all the required data subject rights, such as knowing what information we have and accessing, changing or erasing it (to name a few).
5.1 You have various rights in terms of applicable law, including (but not limited to) the right to:
5.1.1 ask what PI we hold about you;
5.1.2 ask us to update, correct or delete any we hold about you;
5.1.3 unsubscribe from any direct marketing communications we may send you;
5.1.4 object to the processing of your personal information.
5.1.5 to not receive discriminatory treatment by the business for the exercise of your privacy rights;
5.1.6 designate an Authorized Agent to submit any data privacy request on your behalf;
5.1.7 ask us any questions on the business’ privacy policies and practices by emailing firstname.lastname@example.org. From USA, you can contact us on this toll-free number +1 877 570 7383 – simply ask for the data protection officer, or notify the service desk of your query.
We will do our best to keep your PI that we collect accurate, complete and up to date and may ask you to update it yourself from time to time.
To exercise any of your rights, please email email@example.com. We will ensure our response and resolution align with timelines as prescribed by various data protection legislation. We may require you to go through an authentication process to confirm you are truly the owner of the PI. Our default process is as follows:
Clickatell fulfils the role as data processor for our customers and we adhere to privacy requirements as required by law.
6.1 Clickatell has implemented multiple policies, processes and procedures to support our and our customers’ requirements to adhere to various privacy laws.
6.2 Clickatell guides product decision with the concept of privacy by design in mind and we implement data retention policies for all PI.
6.3 Clickatell is able to support all data subject rights as prescribed by various privacy laws. Any data subject request can be sent to firstname.lastname@example.org
6.4 Clickatell has implemented multiple security protocols to ensure the safety of data.We offer different services to different customers.
Section 1: Services offered outside of Nigeria
6.4.1 We process data at AWS Ireland.
6.4.2 Information related to AWS and GDPR compliance:
AWS services provide Clickatell with the capability to implement security measures in the ways needed to enable Clickatell’s compliance with the GDPR, including specific measures such as:
Clickatell’s virtual instances are solely controlled by Clickatell. Clickatell has full root access and administrative control over accounts, services, and applications. AWS personnel do not have the ability to log into Clickatell instances. Formal policies and procedures delineating standards for logical access to the AWS infrastructure and hosts serve as a baseline for secure engagement with AWS.
6.4.3 Security management
6.4.4 Incident management
Clickatell has an incident management response team that are responsible to handle any breach or incident related to PI.
6.4.5 Data management and data classification
Clickatell has implemented strict role-based security protocols for all data in Clickatell. Clickatell has started data classification processes to ensure sensitive data is identified and classified to assign the appropriate access and retention of data.
6.4.6 Board awareness
Clickatell has a dedicated compliance management committee to oversee all data protection matters. The compliance management committee reports directly into the board through the audit committee to ensure board awareness of IT strategies, policies, risk and security.
6.4.7 Business Continuity and disaster recovery
Clickatell has a BCP and DR plan to ensure we are able to protect our data and our ability to sustain the services we offer to our customers. During the Covid-19 pandemic, Clickatell managed to get all staff 100% operational within 24h of the various lock-down protocols implemented by various governments. All our internal and external services are 100% available to all staff. For all Nigeria services we have implemented a backup site within Nigeria and for all other services we have multiple redundancy options through the various cloud technology services.
Section 2: Services offered inside Nigeria
The above sections 6.4.3 to 6.4.7 are applicable to these services.
The General Data Protection Regulation (GDPR) is a Regulation by the European Commission with the intention of making data protection stronger for people and organizations in the European Union. The deadline for compliance was 25 May 2018, and because Clickatell processes personal data of data subjects within the EU (on behalf of our Controllers), the regulation applies to our organization.
Although Clickatell specifically references GDPR, the information also relates to the California Consumer Privacy Act and multiple other privacy laws.
7.1 What approach did Clickatell take to comply with GDPR?
We’ve invested significant time and resources into our data protection compliance projects.
We planned our compliance efforts carefully by:
7.2 Where is Clickatell’s data infrastructure hosted?
In April 2018, Clickatell moved its data infrastructure to Amazon Web Services (AWS) in Ireland.
Data (including personal data) gathered by Clickatell is hosted and processed on the AWS Network.
AWS maintains an information security program that is certified under ISO 27001. ISO 27001 is the international best practice standard for information security. AWS also makes provision for GDPR compliance.
7.3 Where do we process data
Products and Services:
CRM and Account management:
Please reference the section above (4 What information we collect and why) for more information.
Clickatell uses various sub-processors to perform part of the services to our customers. We require any sub-processor that processes personal information to sign a data processing agreement and we started an audit process on vendors in Q4 2020. We also make use of TransUnion for sub-processor auditing.
7.5 Data processing agreement
Clickatell has a standard data processing agreement that we make available to both customers and vendors. Kindly request a copy from email@example.com.
7.6 Data security
Please refer to the section above – “Data Protection”.
7.7 Privacy by design
Clickatell has ensured that data protection is a topic that is addressed on all levels of the business. We have implemented (among others) key requirements as follows:
7.8 Data subject rights
We are able to process any data subject right. Our process:
7.9 Data protection officer
Clickatell has appointed a data protection officer, who can be contacted on firstname.lastname@example.org.
Clickatell is aware of various privacy laws in each country. We are also aware of various other legislation and requirements that pertain to specific industries. Please note that it is important that customers understand that adhering to their local privacy laws and to their own industry’s legislative requirements is something that they need to take ownership for. Clickatell can only support our customers in our obligation as a processor of data, but the onus is still on each customer to ensure it complies and to make Clickatell aware of its requirements.