GDPR Policy

Last updated: January 2026

Introduction

Rare Numbers is committed to protecting the privacy and security of your personal data. This GDPR Policy explains how we comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and your rights under this regulation when you use our services.

This policy applies to all individuals in the European Economic Area (EEA) and the United Kingdom whose personal data we process.

Data Controller

Rare Numbers acts as the data controller for the personal data we collect and process. This means we determine the purposes and means of processing your personal data.

For any questions about this policy or to exercise your rights, contact our Data Protection team at privacy@rarenumbers.com.

Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

Contract Performance: Processing necessary to fulfill our contract with you, such as processing your phone number purchases, managing your account, and providing customer support.
Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, improving our services, and analytics, provided these interests do not override your fundamental rights.
Legal Obligation: Processing necessary to comply with legal requirements, such as tax laws, telecommunications regulations, and responding to lawful requests from authorities.
Consent: Processing based on your explicit consent, such as sending marketing communications. You can withdraw consent at any time.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within 30 days of your request.

Right to Rectification

You have the right to request correction of inaccurate personal data or completion of incomplete data we hold about you.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or when you withdraw consent.

Right to Restriction of Processing

You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you, and to request human intervention in such decisions.

How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

Email our Data Protection team at privacy@rarenumbers.com
Use our contact form with "GDPR Request" in the subject
Update your preferences in your account settings

We will respond to your request within 30 days. If your request is complex, we may extend this by an additional 60 days, but we will notify you of any extension.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Binding Corporate Rules where applicable

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

Account data: Retained while your account is active and for 3 years after closure
Transaction data: Retained for 7 years for tax and regulatory compliance
Marketing preferences: Retained until you withdraw consent
Analytics data: Retained for 26 months

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments
Employee training on data protection
Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

Complaints

If you believe we have not handled your personal data properly or have not responded adequately to your requests, you have the right to lodge a complaint with a supervisory authority. In the EU, you can find your local authority through the European Data Protection Board.

However, we encourage you to contact us first so we can try to resolve your concerns directly.

Consent Management

When we process your data based on consent:

We will clearly explain what you are consenting to before you provide consent
You can withdraw consent at any time without affecting the lawfulness of prior processing
Withdrawing consent is as easy as giving it
We keep records of when and how consent was given

Changes to This Policy

We may update this GDPR Policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date at the top indicates when the policy was last revised.

Contact Us

For any questions about this GDPR Policy or to exercise your data protection rights:

Email: privacy@rarenumbers.com
Contact Form: rarenumbers.com/contact

Related Policies: Privacy Policy | Cookie Policy | Terms of Service