PRIVACY POLICY

1. Data Controller

In compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Organic Law 3/2018 on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), users are informed that the personal data provided through the website will be processed by:

Website owner:
Luis Eduardo Rodriguez Garcia

Address:
Lugar A Grixa, nº67, 15270, CEE, A Coruña, Spain

Contact email:
contact@esimfly.io

Website:
www.esimfly.io

The data controller undertakes to process users’ personal data in accordance with current regulations, applying the principles of lawfulness, fairness, transparency, data minimization, accuracy, storage limitation, integrity, and confidentiality.

Likewise, the necessary technical and organizational measures are guaranteed to protect personal data and prevent its alteration, loss, processing, or unauthorized access, taking into account the state of the art, the nature of the data, and the risks to which they are exposed.

2. Personal Data Collected

We may collect and process the following categories of personal data:

Identification data

• First name
• Last name
• Email address
• Phone number

Account data

• Login email address
• Order history
• Subscription information

Billing data

• Address
• Country
• Postal code
• Information necessary for billing

Technical data

• IP address
• Device type
• Operating system
• Browser
• Session identifiers

Service usage data

• Purchase history
• eSIM activation
• Service usage
• Interactions with support

Under no circumstances do we store full bank card details, which are processed directly by external payment providers.

3. Purpose of the Processing

Personal data will be processed for the following purposes:

Service provision

• Create and manage user accounts
• Process purchases of eSIMs or data plans
• Activate contracted services
• Manage subscriptions

Payment management

• Process payments
• Manage subscription renewals
• Detect fraud or improper use

Customer support

• Manage inquiries
• Resolve technical issues
• Handle complaints

Legal compliance

• Comply with tax obligations
• Comply with requests from authorities

Service improvement

• Analyze website usage
• Optimize user experience
• Prevent abuse or fraudulent use

4. Legal Basis for Processing

The processing of personal data is based on the following legal grounds:

• Performance of a contract: to provide the services requested by the user.
• User consent: for commercial communications where applicable.
• Compliance with legal obligations: tax, accounting, and regulatory requirements.
• Legitimate interest: fraud prevention, system security, and service improvement.

5. Data Retention

Personal data will be retained:

• For as long as a contractual relationship with the user exists.
• For the time necessary to comply with legal obligations.
• For the periods required by tax or administrative regulations.
• Until the user requests its deletion where legally possible.

Once the legal retention periods have expired, the data will be deleted or anonymized.

6. Data Recipients

Personal data may be shared with third parties when necessary for the provision of the service, including:

Payment providers

To process payments or subscriptions, such as:

• Stripe

Technology providers

Services necessary for the operation of the website:

• Servers
• Cloud services
• Email delivery platforms
• Analytics tools

Telecommunications operators

For the provision of eSIM services and data plans. Under no circumstances are personal data sold to third parties.

Public authorities

When there is a legal obligation or judicial requirement.

7. International Transfers

Some technology providers may be located outside the European Economic Area (EEA). In such cases, it will be ensured that these transfers comply with the appropriate safeguards established by the GDPR, such as:

• Standard contractual clauses approved by the European Commission
• Providers with appropriate security certifications

8. Data Security

The data controller implements appropriate technical and organizational measures to protect personal data, including:

• Encrypted communications (SSL)
• Secure password storage
• Access controls
• Security monitoring
• Prevention of unauthorized access

However, users should be aware that no transmission over the Internet is completely secure.

9. User Rights

Users may exercise the following rights:

• Right of access to their personal data
• Right to rectification of inaccurate data
• Right to erasure
• Right to object
• Right to restriction of processing
• Right to data portability

To exercise these rights, the user may send a request to: contact@esimfly.io

The request must include:

1. Name of the requester
2. Email address associated with the account
3. The right they wish to exercise

The user may also file a complaint with the corresponding supervisory authority.

10. Cookies

The website may use its own and third-party cookies to:

1. Improve the user experience
2. Analyze website usage
3. Enable certain functionalities

The user may configure their browser to block or delete cookies. For more information, please consult the Cookie Policy.

11. Minors

The services offered on the website are intended for individuals over 18 years of age. The data controller does not intentionally collect personal data from minors. If it is detected that a minor has provided personal data, it will be deleted.

12. Changes to the Privacy Policy

The data controller reserves the right to modify this privacy policy in order to adapt it to legislative changes or modifications to the service. The changes will take effect from the moment they are published on the website.