Conformità GDPR

Our Commitment

We take data protection seriously and have implemented appropriate technical and organizational measures to ensure that your personal data is processed lawfully, fairly, and transparently.

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request access to your personal data that we hold. We will provide you with a copy of your data in a structured, commonly used format.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data when there is no compelling reason for its continued processing.

Right to Restrict Processing

You have the right to request restriction of processing your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a portable format and transmit it to another data controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

How We Process Your Data

Legal Basis for Processing

We process your personal data based on:

• Contract Performance: To provide our eSIM services
• Legal Obligation: To comply with applicable laws
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For marketing communications and certain optional features

Data We Collect

We only collect personal data that is necessary for providing our services:

• Contact information (name, email, phone number)
• Account credentials
• Payment information (processed by third-party payment providers)
• Device information and usage data
• Communication records

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Employee training on data protection
• Incident response procedures

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions
• Other lawful transfer mechanisms

Third-Party Processors

We work with trusted third-party service providers who process personal data on our behalf. We ensure that all processors:

• Provide sufficient guarantees of GDPR compliance
• Process data only as instructed
• Maintain appropriate security measures
• Are bound by data protection agreements

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: privacy@esim.markets
Subject Line: GDPR Data Subject Request

We will respond to your request within one month. If your request is complex, we may extend this period by two additional months, and we will inform you of any such extension.

Updates to This Policy

We may update this GDPR Compliance statement from time to time. We will notify you of any material changes by posting the updated statement on our website.

Last updated: February 2026