GDPR Compliance

1. GDPR Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process the personal data of individuals residing in the European Union (EU), regardless of where the organization is located.

Massejli SMS is committed to complying with the GDPR and ensuring the protection of personal data. This page outlines our GDPR compliance practices and your rights under this regulation.

1.1 Our Role

Depending on the context, Massejli SMS may act as:

• Data Controller: When we determine the purposes and means of processing personal data (e.g., account information, billing details)
• Data Processor: When we process personal data on behalf of our customers (e.g., SMS message content, contact lists uploaded by users)

2. Data Protection Principles

We adhere to the following GDPR data protection principles when processing personal data:

3. Your Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

3.1 Right to Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data along with information about how we process it.

3.2 Right to Rectification (Article 16)

You have the right to request that we correct inaccurate personal data and complete incomplete data.

3.3 Right to Erasure ("Right to be Forgotten") (Article 17)

You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

3.4 Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data.

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

3.6 Right to Object (Article 21)

You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

3.7 Right to Withdraw Consent (Article 7)

Where we process data based on your consent, you have the right to withdraw that consent at any time.

3.8 Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates the GDPR.

3.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

4. How We Process Data

4.1 Legal Basis for Processing

We process personal data based on the following legal grounds under GDPR Article 6:

• Contract (Article 6(1)(b)): Processing necessary for the performance of a contract with you
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, provided your rights do not override those interests
• Consent (Article 6(1)(a)): Processing based on your explicit consent, which you can withdraw at any time

4.2 Categories of Personal Data

We process the following categories of personal data:

• Identity Data: Name, username, company name
• Contact Data: Email address, phone number
• Financial Data: Payment information, billing address
• Technical Data: IP address, browser type, device information
• Usage Data: Information about how you use our Service
• Marketing Data: Your preferences in receiving marketing communications

4.3 Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. For detailed retention periods, please see our Privacy Policy.

5. International Data Transfers

As a global service provider, we may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place:

• Transfers to countries with an adequacy decision from the European Commission
• Use of Standard Contractual Clauses approved by the European Commission
• Implementation of appropriate technical and organizational security measures

If you would like more information about the specific mechanism used for transferring your personal data, please contact us.

6. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with GDPR.

You can contact our DPO at:

• Email: [email protected]
• Address: Data Protection Officer, Massejli SMS, Beirut, Lebanon

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and where feasible, within 72 hours of becoming aware of the breach.

Our breach notification will include:

• The nature of the personal data breach
• The categories and approximate number of affected individuals
• The likely consequences of the breach
• Measures taken or proposed to address the breach
• Contact details for more information

8. Filing Complaints

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

A list of EU data protection authorities can be found at: European Data Protection Board

9. Contact Information

For any questions or concerns regarding GDPR compliance or to exercise your data subject rights, please contact us:

© 2026 Massejli SMS. All rights reserved.
Terms of Service | Privacy Policy | Cookie Policy