SMSARENA.ES is a fully featured Bulk SMS platform, provided and supported by M-STAT SA (hereinafter ‘The Company’), which is a leading A2P company providing integrated mobile solutions and value-added services to the Greek and International market.
The Company assures providing its services with full respect for the personal data communicated to it and processing all data relating to natural persons in full compliance with the principles of lawfulness, fairness, transparency and accuracy of the information held. It also guarantees the confidentiality, integrity and availability of the data processed. The Company is fully compliant with the relevant, current legislation on data protection.
(a) Data collection
SMSARENA.ES collects only the personal data needed for the execution of the service, as provided by the users in their capacity as controllers.
The data SMSARENA.ES collects include:
– The mobile number of the user / member
– The Personal Password
– The PayPal ID (if purchases are made via PayPal)
– The saved texts
– Statistics – Message History
– The mobile phone numbers of other users
– Invoice information
– Data provided by the bank when purchase of credits is made through a bank deposit.
For the rest, M-STAT acting as an intermediary does not interfere with the content of the messages about to be sent.
M-STAT has appointed specific persons to collect data.
The personal data collected by the Company serve exclusively the performance of the task assigned to M-STAT. www.smsarena.es stores the messages sent by users/members in order to allow them to use those messages, as well as for communication and service improvement purposes. The principal purpose of SMSARENA.ES is the sending to end users of mobile telephone devices of the messages the users of SMSARENA.ES want to send.
c) Storage, security, deletion
The Company makes every effort to ensure that the personal data it collects are protected against accidental and unlawful intrusion, alteration and destruction and against any other illegal action. For this purpose, the Company is ISO 27001 certified and uses all the available high-standard means and security systems. The data is stored on proprietary servers in the company’s datacenter, which operates in an ISO 27001 certified collocation service provider in Attica. All company systems are protected by firewall while encryption is used when storing and transferring data.
The personal data provided by the Bulker user, is retained by the Company by default for six months from their introduction into the system and subsequently deleted or anonymized. The user has the right until the last day of the 6-month period to save the data he has transmitted. If, however, you want to keep the data for more than one year, you can do it from your account in the top right of the screen by clicking the username and then “Account Settings”. The user has the right to save the data he has forwarded to Bulker thru the last day of the year.
Under no circumstances does M-STAT undertake to keep data on behalf of the user with the latter being relieved from the obligation to keep copies of those data. Therefore, in the event of a loss or any other breach of data in M-STAT systems, the Company cannot be held responsible because the user has not kept copies of their data.
In the event the contract arrives to an end whatever the reason is, the data is returned to the customer within 48 hours from the notification of the termination of the contract and is then completely deleted from the Company’s systems (or anonymized) apart from the data the law expressly provides it should be retained for a longer period (ex. the data needed for the realization of the communication is retained for 12 months).
In case of an inactive account for reasons of clearance data is kept for 14 months and is then permanently deleted. Accounts which have a credit are exempted as they are not considered as inactive.
In the case of “links” to other sites, www.smsarena.es is not responsible for the terms and conditions for the management and protection of personal data they follow.
The Company does not disclose to third parties the data collected by SMSARENA.ES. However, access to the data held may be given at the request of the competent authorities where they have followed the legal procedures. The Company will not use sub-processors for the processing purposes unless it has first obtained the written (or digital) consent of SMSARENA.ES’s users. In this case, the Company undertakes to contract with sub-processors with strict data protection conditions. All staff of M-STAT are bound by confidentiality even after the termination of the contract linking each employee to the Company.
SMSARENA.ES does not transfer data outside of the EEA.
The Company has appointed a Data Protection Officer (DPO). It also takes all the physical, technical and organizational measures to secure data and access to it.
What information do we collect?
The cookies and the information collected through them are divided into the following categories:
Absolutely necessary cookies
The absolutely necessary cookies are essential for the proper operation of smsarena.es. They allow you to navigate and properly use the site features as well as to authenticate you when logging in. Without these cookies we cannot provide effective operation of SMSARENA.ES.
These cookies are not essential but they enhance your use of the website. They allow SMSARENA.ES to remember your choices and help you while browsing SMSARENA.ES. Without those cookies your use of SMSARENA.ES might be affected. SMSARENA.ES uses navigation cookies, usability error reporting cookies and application customization cookies.
SMSARENA.ES uses Google Analytics for statistical purposes. However, Google Analytics may use your information to provide you with ads when browsing in other websites. SMSARENA.ES also uses referrer cookies which allow for monitoring the webpages already visited.
You can completely delete cookies by following the instructions below, depending on the browser you are using:
Each Controller and data subject has the right to access their data, if they so request. In addition, data subjects have the right: a) to contest the validity of the data, b) to request suspension of storage, withdrawal, prohibition, deletion of his/her personal data and to declare withdrawal of his/her consent for processing, c) and to learn the means of data protection, as well as all the detailed ways of data processing on the part of the Company and to request a copy of the data kept by the Company; d) to complain and to claim compensation where they prove that they have suffered damage because of inaccurate, false, anachronistic and illegally collected data. They also maintain the right to submit complaints to the Personal Data Protection Authority.
The Company will attempt to respond as quickly as possible to the requests of each user. One week is considered as reasonable time.
For any issue regarding personal data, you can contact M-STAT in the following ways (phone, mail, etc.).
If you wish to change or delete data, you will need to send us in writing exactly the items you wish to modify / delete or the data you want to add. You can also modify or delete your data on your own by clicking here.
This policy is governed by the provisions of EU and Greek law. For any dispute that may arise in relation to personal data, exclusive jurisdiction is conferred upon the courts of Athens and the Greek law will be the only applicable law.
1) ‘’Personal data’’ (or data) means any information relating to an identified or identifiable natural person (‘data subject’).
2) “processing” means any act or set of operations carried out with or without the use of automated means in personal data or in sets of personal data such as the collection, registration,organization, structure, storage, adaptation or alteration, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, erasure or destruction.
3) “Pseudonymization” means the processing of personal data in such a way that the data can no longer be attributed to a particular data subject without the use of supplementary information provided that such additional information is kept separate and subject to technical and organizational measures in order to ensure that they cannot be attributed to an identified or identifiable natural person.
4) “Archiving” means the structuring of a set of personal data which is accessible according to specific criteria, whether this set is aggregated or decentralized or distributed on a functional or geographic basis.
5) ”Data subject” means the natural person whose data is collected.
6) “Controller” means a natural or legal person, a public authority, a service or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purpose of the present, should be considered as controllers the Company’s customers which hand to the Company the personal data of end-users linked in a way to the Company’s customers.
7) “Processor”, “Sub-processor” means a natural or legal person, a public authority, a service or another entity processing personal data on behalf of the controller or the processor. For the purpose of the present, as processor should be considered the Company.
8) “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
9) “Breach of personal data (or data breach)” means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, disclosure or access to personal data transmitted, stored or otherwise processed.
10) “Purpose of processing”: the reason for which the controller assigns to the Company the processing of the data it has collected.
11) “Authorities” means all judicial and administrative authorities, whether independent or not, entitled to request access to the personal data processed by the Company according to the current legislation.
12) “Third parties” means any natural or legal person, public authority, service or body, except the data subject, the controller, the processor, the sub-processor and the persons who, under the direct supervision of the controller, the processor or the sub-processor are authorized to process personal data.
13) “Employees-staff” means all natural persons directly related to the Company under any kind of employment relationship and who are paid by the Company for the provision of services.