ReSMS Logo

Data Processing Agreement (DPA)

Last updated: 1st June 2025

This Data Processing Agreement ("Agreement") is entered into by and between you ("Controller") and ReSMS ("Processor"), located at 27 rue Claude et Simone Millot, 44300 Nantes, France.

1. Purpose

This Agreement governs the processing of personal data by ReSMS on behalf of the Controller in accordance with Article 28 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

2. Scope of Data Processing

  • Nature: Processing of contact details (e.g. phone numbers) to send SMS messages.
  • Purpose: To deliver transactional and promotional SMS messages on behalf of the Controller.
  • Data subjects: Customers or contacts of the Controller.
  • Types of data: Phone numbers and message content (optional metadata).

3. Obligations of the Processor

  • Process personal data only on documented instructions from the Controller.
  • Ensure that persons authorized to process the personal data have committed to confidentiality.
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
  • Assist the Controller in fulfilling its obligations under GDPR, including responding to data subject rights requests.
  • Delete or return all personal data to the Controller at the end of the service provision unless otherwise required by law.

4. Subprocessors

ReSMS uses authorized subprocessors to help provide the service. A current list is maintained here. The Controller will be informed of any intended changes to subprocessors with the opportunity to object.

5. Security Measures

ReSMS implements appropriate security measures including encryption, access controls, secure infrastructure (via AWS), and regular monitoring. More details are available upon request.

6. Data Transfers

All personal data is stored and processed in the European Union. If data is transferred outside the EU, ReSMS will ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs).

7. Audits and Inspections

ReSMS agrees to make available all necessary information to demonstrate compliance with this Agreement and allow for audits, conducted by the Controller or a mutually agreed independent auditor, subject to reasonable notice and confidentiality obligations.

8. Liability

Each party remains liable for its own breaches of GDPR. ReSMS shall only be liable for damages caused by processing where it has not complied with its obligations under this DPA or the GDPR.

9. Duration

This Agreement remains in effect for the duration of the services provided by ReSMS and shall automatically terminate upon deletion or return of all personal data.

10. Contact

For any inquiries related to data processing or privacy concerns, please contact: contact@resms.dev