GDPR Compliance

Learn about eSIM Pal's compliance with the General Data Protection Regulation (GDPR) and your data protection rights as an EU resident.

Our Commitment to GDPR

eSIM Pal is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page explains how we handle your personal data and your rights under GDPR.

This information applies to all EU residents and individuals whose personal data is processed by eSIM Pal in connection with our services.

Data Controller Information

Company Name

eSIM Pal Ltd.

Registered Address

123 Tech Street
London, UK SW1A 1AA

Data Protection Contact

Email: info@getesimpal.com

Legal Bases for Processing

We process your personal data based on one or more of the following legal bases under GDPR:

Consent

You have given clear consent for us to process your personal data for specific purposes.

Examples:

  • Marketing communications
  • Newsletter subscriptions
  • Optional analytics

Contract

Processing is necessary for the performance of a contract with you or to take steps at your request.

Examples:

  • eSIM service delivery
  • Account management
  • Customer support

Legal Obligation

Processing is necessary for compliance with a legal obligation we are subject to.

Examples:

  • Tax reporting
  • Regulatory compliance
  • Fraud prevention

Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party.

Examples:

  • Service improvement
  • Security monitoring
  • Business analytics

Your Data Protection Rights

Under GDPR, you have several rights regarding your personal data. Here's how you can exercise them:

Right of Access

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to that data.

How to Exercise:

Contact us at info@getesimpal.com with your request

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete personal data completed.

How to Exercise:

Update your account information or contact our support team

Right to Erasure

You have the right to have your personal data erased in certain circumstances (the 'right to be forgotten').

How to Exercise:

Submit a deletion request through your account settings or contact us directly

Right to Restrict Processing

You have the right to restrict the processing of your personal data in certain circumstances.

How to Exercise:

Contact us to discuss your specific requirements

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

How to Exercise:

Request your data export through your account or contact our support team

Right to Object

You have the right to object to the processing of your personal data for certain purposes.

How to Exercise:

Use the unsubscribe links in our emails or contact us directly

International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place.

United States

Purpose:Cloud hosting and analytics services
Safeguards:Standard Contractual Clauses (SCCs) and adequacy decisions
Services:AWS, Google Analytics, Stripe

Various EU Countries

Purpose:Network partner operations and customer support
Safeguards:Adequacy decisions and contractual agreements
Services:Telecom partners, Customer support centers

United Kingdom

Purpose:Business operations and customer support
Safeguards:Adequacy decision and contractual agreements
Services:Headquarters, Customer support

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law.

Account Data

Retained for the duration of your account plus 3 years for legal compliance

Transaction Data

Retained for 7 years for tax and accounting purposes

Marketing Data

Retained until you unsubscribe or object to processing

Support Data

Retained for 2 years after case resolution

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

How We'll Contact You

  • Email notification to your registered email address
  • Notice on our website and social media
  • Notification to relevant data protection authorities

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance and handle any data protection concerns you may have.

Contact Our DPO

Email: info@getesimpal.com

Response Time: Within 72 hours

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.

UK (ICO)

Information Commissioner's Office
Website: ico.org.uk
Phone: 0303 123 1113

EU Residents

Contact your local data protection authority
Find yours at: edpb.europa.eu

gdpr.title | eSIM Pal