Data Security

How VoicePro Plus complies with UK and EU data protection laws. This information answers the most frequently asked questions about the General Data Protection Regulation (GDPR).

10Sections
UKHeadquarters
200+Countries
24/7Support
Introduction

Introduction

VoicePro Plus provides this information to answer the most frequently asked questions that our customers ask about the General Data Protection Regulation (GDPR). It does not, and is not intended to, confer legal advice. You should always speak to your own, independent legal advisers to understand your legal responsibilities under the GDPR.

This information is organised in two sections. The first section provides an overview of the data protection law that applies to VoicePro Plus, and the second provides a description of VoicePro Plus's data processing operations and how the company complies with applicable data protection law.

Data Protection Law

Data Protection
Law

Data protection laws govern the way businesses collect, use and share personal data about individuals. Among other things, they require businesses to process individuals' personal data fairly and lawfully, to allow individuals to exercise legal rights with respect to their personal data (e.g. to access, correct or delete their personal data) and to have in place appropriate security protections in order to protect the personal data that they process.

01

What is the GDPR?

The General Data Protection Regulation (Regulation (EU) 2016/679) is Europe's data protection law that became effective on May 25, 2018. GDPR aims to update Europe's existing data protection rules to make sure they are fit for the 21st century. Among other things, it harmonises data protection rules throughout European Union member states, introduces new requirements for data processors, enhances individual's privacy rights and creates significant penalties for non-compliance (including potential fines of up to 4% annual worldwide revenue).

02

Who does the GDPR apply to?

The GDPR applies to any organisation which is established within the European Union. It also applies to any non-EU organisation which either offers goods or services to individuals in the EU (including free goods and services) or monitors the behaviour of individuals in the EU (for example, through the use of advertising or analytics technologies).

03

Controllers & Processors

A data controller is the entity that determines the "purposes and means of the processing" of data - in other words, how and why personal data will be processed. A data processor processes personal data only on behalf of, and under the instruction of, a data controller. One of the significant changes brought in by the GDPR is that it applies to both data controllers and to data processors.

VoicePro Plus's Approach to Data Protection

VoicePro Plus's Approach to Data
Protection

Like any responsible organisation, VoicePro Plus aims to comply with the data protection laws that apply to it. As a UK-incorporated company, VoicePro Plus is directly subject to the UK GDPR and the Data Protection Act 2018. The EU GDPR additionally applies to the extent VoicePro Plus offers services to individuals located in the EU, under Article 3(2) of the EU GDPR.

01

Services We Provide

VoicePro Plus processes transactions that include the authorization and delivery of end-user traffic, clearing of billing records and settlement of payments. VoicePro Plus also offers a unique portfolio of intelligent policy and charging tools that enable its customers to use the real-time data generated by these transactions to deliver customised services and choices to their end users.

02

Types of Personal Data Collected

The types of personal data VoicePro Plus will process as part of its normal business include device data, such as device identifiers and similar device-related information (e.g. IMSI, sender ID, destination MSISDN), as well as IP addresses and billing data (e.g. TAP files under GSMA rules). In addition, VoicePro Plus processes personal data about our employees and business contact data relating to our customers, suppliers and other individuals with whom we have a business relationship.

03

Sensitive Personal Data

VoicePro Plus does not generally process sensitive personal data, other than personal data of our employees. VoicePro Plus takes care to protect all the personal information that we hold in accordance with law.

Is VoicePro Plus a Controller or Processor?

Is VoicePro Plus a Controller or
Processor?

When providing its services to customers, VoicePro Plus is generally a data processor processing personal data at the instruction of its customers, the controller.

However, in some circumstances VoicePro Plus may be a data controller, such as when we collect business contact data relating to our customers, suppliers and other individuals with whom we have a business relationship and where we provide business analysis tools through various VoicePro Plus hosted portals to customer employees or gather personal information through our website.

VoicePro Plus also considers itself a controller of communications metadata (i.e. data processed for the conveyance of or billing of any electronic communication or communication on an electronic communications network, including connection and records, routing information, tracking information), where VoicePro Plus uses this data for its own billing and tracking purposes and is determining the routing for a message.

Lawful Basis for Processing

Lawful Basis for
Processing

VoicePro Plus will only be able to process personal data if it can demonstrate it has a lawful processing ground - such as performance of a contract, reliance on its legitimate interests - where processing is to comply with a legal obligation or with consent from the individual whose personal information is processed. As part of our data mapping exercise VoicePro Plus confirmed and recorded the legal basis for processing for each type of process or application.

Data Subject Rights

Data Subject
Rights

Under the GDPR, individuals can exercise the following rights against data controllers:

01

Right of Access

A right to request access to, and a copy of, personal information processed about them.

02

Right to Rectification

A right to correct any inaccurate or outdated personal information processed about them.

03

Right to Object

A right to object to processing of their personal information.

04

Right to Erasure

A right to request erasure of their personal information (e.g. end users may want that their data gets deleted).

05

Right to Restrict Processing

A right to request that processing of their personal information be restricted (e.g. this can be supported with the "do not track" option in the browser).

06

Right Against Automated Decisions

A right not to be subject to automated decisions that significantly or legally affect them.

International Data Transfers

International Data
Transfers

VoicePro Plus Limited is a UK-incorporated company providing wholesale and (from November 2026) consumer telecommunications services internationally from a single UK base. Our network footprint consists of data centres in Frankfurt and Los Angeles, with cross-connects to carrier-neutral colocation facilities in London and Paris.

Customer personal data may be transferred outside the UK in the course of service delivery and through named third-party processors (including Supabase, Twilio, Resend, Stripe, Sentry, Anthropic and IPInfo). Each such transfer is covered by the UK International Data Transfer Agreement (UK IDTA) or the EU Standard Contractual Clauses (SCCs) with the UK Addendum, as required by UK GDPR Article 46. The full processor list and transfer mechanisms are set out in our Privacy Statement.

Security Measures

Security
Measures

VoicePro Plus is committed to ensuring that personal data is secure. VoicePro Plus implements appropriate technical and organisational security measures to protect personal data against: (i) accidental or unlawful destruction; and (ii) loss, alteration, unauthorised disclosure or access.

For more information concerning the technical and organisational measures taken by VoicePro Plus please refer to the Data Protection Officer contact information below.

Accountability & Compliance Steps

Accountability & Compliance
Steps

We understand the single biggest novelty of the GDPR is the introduction of requirements intended to make businesses more accountable for their data practices. We realise that it is important for VoicePro Plus to document its activities, so the company can demonstrate compliance to a customer or competent authority.

VoicePro Plus has taken steps to adopt and enforce policies and procedures, including those regarding data retention, data privacy impact assessments, data security policies and incident response plans. VoicePro Plus has provided documented UK GDPR training for all staff, and has appointed a Data Protection Officer.

Contact

Contact

If you have any further questions about VoicePro Plus's compliance with EU data protection requirements or GDPR, please contact the VoicePro Plus Data Protection Officer at:

FAO: Data Protection Officer, VoicePro Plus Limited, 128 City Road, London EC1V 2NX, United Kingdom. Email: dpo@voicepro.plus.

Start a Discussion

Have questions?

Our team is ready to help. Get in touch and we'll respond within one business day.