Data Security
How VoicePro Plus complies with UK and EU data protection laws. This information answers the most frequently asked questions about the General Data Protection Regulation (GDPR).
Introduction
VoicePro Plus provides this information to answer the most frequently asked questions that our customers ask about the General Data Protection Regulation (GDPR). It does not, and is not intended to, confer legal advice. You should always speak to your own, independent legal advisers to understand your legal responsibilities under the GDPR.
This information is organised in two sections. The first section provides an overview of the data protection law that applies to VoicePro Plus, and the second provides a description of VoicePro Plus's data processing operations and how the company complies with applicable data protection law.
Data Protection
Law
Data protection laws govern the way businesses collect, use and share personal data about individuals. Among other things, they require businesses to process individuals' personal data fairly and lawfully, to allow individuals to exercise legal rights with respect to their personal data (e.g. to access, correct or delete their personal data) and to have in place appropriate security protections in order to protect the personal data that they process.
VoicePro Plus's Approach to Data
Protection
Like any responsible organisation, VoicePro Plus aims to comply with the data protection laws that apply to it. As a UK-incorporated company, VoicePro Plus is directly subject to the UK GDPR and the Data Protection Act 2018. The EU GDPR additionally applies to the extent VoicePro Plus offers services to individuals located in the EU, under Article 3(2) of the EU GDPR.
Is VoicePro Plus a Controller or
Processor?
When providing its services to customers, VoicePro Plus is generally a data processor processing personal data at the instruction of its customers, the controller.
However, in some circumstances VoicePro Plus may be a data controller, such as when we collect business contact data relating to our customers, suppliers and other individuals with whom we have a business relationship and where we provide business analysis tools through various VoicePro Plus hosted portals to customer employees or gather personal information through our website.
VoicePro Plus also considers itself a controller of communications metadata (i.e. data processed for the conveyance of or billing of any electronic communication or communication on an electronic communications network, including connection and records, routing information, tracking information), where VoicePro Plus uses this data for its own billing and tracking purposes and is determining the routing for a message.
Lawful Basis for
Processing
VoicePro Plus will only be able to process personal data if it can demonstrate it has a lawful processing ground - such as performance of a contract, reliance on its legitimate interests - where processing is to comply with a legal obligation or with consent from the individual whose personal information is processed. As part of our data mapping exercise VoicePro Plus confirmed and recorded the legal basis for processing for each type of process or application.
Data Subject
Rights
Under the GDPR, individuals can exercise the following rights against data controllers:
International Data
Transfers
VoicePro Plus Limited is a UK-incorporated company providing wholesale and (from November 2026) consumer telecommunications services internationally from a single UK base. Our network footprint consists of data centres in Frankfurt and Los Angeles, with cross-connects to carrier-neutral colocation facilities in London and Paris.
Customer personal data may be transferred outside the UK in the course of service delivery and through named third-party processors (including Supabase, Twilio, Resend, Stripe, Sentry, Anthropic and IPInfo). Each such transfer is covered by the UK International Data Transfer Agreement (UK IDTA) or the EU Standard Contractual Clauses (SCCs) with the UK Addendum, as required by UK GDPR Article 46. The full processor list and transfer mechanisms are set out in our Privacy Statement.
Security
Measures
VoicePro Plus is committed to ensuring that personal data is secure. VoicePro Plus implements appropriate technical and organisational security measures to protect personal data against: (i) accidental or unlawful destruction; and (ii) loss, alteration, unauthorised disclosure or access.
For more information concerning the technical and organisational measures taken by VoicePro Plus please refer to the Data Protection Officer contact information below.
Accountability & Compliance
Steps
We understand the single biggest novelty of the GDPR is the introduction of requirements intended to make businesses more accountable for their data practices. We realise that it is important for VoicePro Plus to document its activities, so the company can demonstrate compliance to a customer or competent authority.
VoicePro Plus has taken steps to adopt and enforce policies and procedures, including those regarding data retention, data privacy impact assessments, data security policies and incident response plans. VoicePro Plus has provided documented UK GDPR training for all staff, and has appointed a Data Protection Officer.
Contact
If you have any further questions about VoicePro Plus's compliance with EU data protection requirements or GDPR, please contact the VoicePro Plus Data Protection Officer at:
FAO: Data Protection Officer, VoicePro Plus Limited, 128 City Road, London EC1V 2NX, United Kingdom. Email: dpo@voicepro.plus.
Have questions?
Our team is ready to help. Get in touch and we'll respond within one business day.