1. Data Protection - GDPR

esimcards.co.uk is committed to protecting your personal data and ensuring your privacy in accordance with the General Data Protection Regulation (GDPR). GDPR provides individuals with greater control over their personal information and imposes strict obligations on organizations regarding data collection, processing, and storage.

What Is Personal Data?

Personal data refers to any information that can directly or indirectly identify an individual. At esimcards.co.uk, we collect only the data necessary to provide and improve our services, including:

• Basic Identification Information: Name, email address, and contact details.
• Transaction Data: Billing address and transaction history related to eSIM purchases.
• Technical Data: IP address, browser type, operating system, and access times.
• Preferences: Data regarding website behavior, cookie preferences, and browsing habits.

Why We Collect Your Data

We only collect data for legitimate purposes related to our website operations and service delivery, including:

• Order Processing: To process payments, issue invoices, and deliver digital eSIMs.
• Customer Support: To assist with queries or product-related issues efficiently.
• Account Management: To maintain account details, order history, and user preferences.
• Security: To prevent fraud, detect suspicious activity, and ensure safe browsing.
• Marketing and Personalization: To send relevant offers and updates, where consent is provided.

How We Use and Share Your Data

Your data is only used for agreed-upon purposes. We do not sell or rent your personal information. We may share data with trusted third-party partners such as:

• Payment Processors: For secure transaction handling.
• Analytics Providers: To monitor website performance and improve usability.
• Marketing Tools: For sending opt-in communications and promotional content.
• Service Providers: To perform operational tasks such as delivery or customer support.

All third parties are vetted to ensure GDPR compliance and secure handling of personal data.

Your Rights Under GDPR

Under GDPR, you have several rights that ensure control over your personal data:

• Right to Access: Request a copy of the data we hold about you.
• Right to Rectification: Correct inaccurate or incomplete information.
• Right to Erasure: Request deletion of your data where applicable.
• Right to Restrict Processing: Limit data processing under certain conditions.
• Right to Data Portability: Request data transfer in a machine-readable format.
• Right to Object: Object to processing for marketing or profiling purposes.

To exercise these rights, contact our Data Protection Officer (DPO) at support@pentagramsystems.co.uk. We will respond within the legally required timeframe.

How We Protect Your Data

We employ multiple layers of security to safeguard your data from unauthorized access or misuse:

• Encryption: Sensitive data, including payment details, is encrypted during transmission and storage.
• Access Control: Only authorized staff can access personal data, under strict confidentiality.
• Regular Audits: Security reviews and system checks are performed to maintain GDPR compliance.

In the unlikely event of a data breach, affected users and regulatory authorities will be notified promptly, as required under GDPR.

Data Retention

We retain personal data only as long as necessary for its intended purpose or legal compliance. Once no longer required, data is securely deleted or anonymized.

Cookies and Tracking Technologies

We use cookies to improve your browsing experience and understand website usage. These include:

• Essential Cookies: Enable basic site functions.
• Performance Cookies: Monitor visitor behavior and help improve performance.
• Targeting Cookies: Display personalized advertisements based on user preferences.

You can manage or block cookies via your browser settings. For more details, visit our Cookie Policy.

Legal Basis for Processing

We process personal data based on the following lawful grounds:

• Consent: When you have given explicit consent, such as for marketing communications.
• Contractual Obligations: When processing is necessary to fulfill your eSIM order.
• Legitimate Interests: For website functionality, fraud prevention, and improving services, while respecting user rights.

Data Transfers Outside the EEA

Some of your data may be transferred or stored outside the European Economic Area (EEA). We ensure such transfers are compliant with GDPR using safeguards such as:

• Standard Contractual Clauses approved by the European Commission.
• Data Processing Agreements ensuring equivalent protection standards.

Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee GDPR compliance. For questions or concerns regarding data protection, please contact:

Email: support@airhubsystems.co.uk

Conclusion

Protecting your privacy is a top priority at esimcards.co.uk. Our GDPR compliance ensures that your personal data is handled securely, transparently, and in accordance with your rights. We are dedicated to maintaining accountability and trust in all our data handling practices.

For more details, please visit our Privacy Policy or contact our support team at support@pentagramsystems.co.uk.