Privacy Policy
Introduction
This privacy policy ("Notice") is intended to inform you about how your Personal Data will be handled by Simline ("Simline", "we", "us" or "our") and sets out the information including personal information detailed below relating to you or which you provide to us ("Personal Data") that will be collected and processed by Simline and/or on its behalf by its third party service providers when you contact us through our channels, such as our application, website or, once you have contracted for our services. We are required to give you this information, including to inform you about your data protection rights, under the General Data Protection Regulation (EU) 2016/679 ("GDPR").
Does Simline comply with data protection laws?
Simline takes its data protection obligations seriously and will never share personal data with any third parties without the proper legal basis. We are committed to compliance with data protection and privacy regulations globally, including GDPR, UK data protection laws, and relevant privacy frameworks in North America, Australia, and Latin America, with privacy by design integrated into all our services.
Simline as data controller
Simline is committed to respecting your fundamental right to the protection of your Personal Data and this Notice is intended to inform you about the processing of your Personal Data by us.
Types of Personal Data we process about you
Website Usage and Device Data — when you visit our application, or our website:
- Your visits and interactions with our website including which webpages you visit, time and date of access, what you click on, when you perform these actions;
- Your device data including your IP address, location data, device type and language, browser type and other related information;
- Any linked websites that you access through the website.
Most of this Personal Data is collected using cookies on the Website.
Customer Data — when you purchase an eSIM or data plan:
- Full name; title, country of residence; current location; residential address; network provider; telephone number; payment information; e-mail address; device type (e.g. make and model); a copy of your passport, driving licence or similar documentation for identification (where necessary); and other details relating to you when you interact with us regarding the purchase of an eSIM.
Sources of your Personal Data
During the course of our contractual relationship with you or when you visit our website or application, we will collect Personal Data either:
- directly from you, or
- indirectly from third parties (for example, once you have contracted for our services, through our affiliates or travel agencies).
For what purpose and on what legal basis do we process personal data?
We process your Personal Data on the following key bases ("Legal Basis"), and explain below how and why we obtain and collect it.
Compliance with a Legal Obligation
- Simline may process your Personal Data where it is necessary to comply with legal obligations to which we are subject under European Union and/or applicable laws, including but not limited to safeguarding and complying with law enforcement requests.
Performance of a Contract
- To provide you with access to the website and to allow you to use the website.
- To manage the purchase of the eSIM or data plan that we sell on our website and the payment relating to such products.
- To calculate and issue charges for services provided to you.
- To review and attend to customer incidents, queries, complaints or requests relating to our products and services.
- To manage and perform any after-sales services.
- To manage your registration as a user of our website and/or application, as well as to allow your access to the Simline private user area.
Legitimate Interest
- To facilitate the use of your eSIM or data plan, including the administration of your account, and to provide customer care to you.
- To better understand how our customers use our website in order to improve it. To tailor products and services to you and, if you consent to direct marketing, to tailor direct marketing.
- To monitor against and prevent cyber-security issues and unauthorized use of our information, IT systems and/or equipment.
- To streamline our business processes by using external platforms.
- To conduct internal business reviews and, if necessary, contact the customer in the event that fraud or identity theft is detected or there are reasonable suspicions of fraud, identity theft or illegal activity.
- To record calls for training purposes and to improve our customer service.
- To conduct periodic reviews of our services and carry out satisfaction surveys to evaluate and improve the quality of the service we provide.
- To carry out any other activities necessary to the running of our business, including system testing, network monitoring, staff training, and quality control.
With whom do we share Personal Data?
Depending on the purpose for which we process your Personal Data, we may share such Personal Data with some or all of the following recipients to the extent necessary:
- Simline internal/intra-group entities — internal departments and services (such as our sales department, marketing department or IT department).
- Telecommunications service providers — service providers located in the appropriate jurisdiction for which the eSIM service was purchased.
- Regulatory authorities and law enforcement agencies — where we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation or request.
- Third party advisors / professionals — professional advisors who provide professional services to us, e.g. consultants, legal advisors.
- Third party service providers we engage to process your Personal Data on our behalf, including: administrative services; advertising and communication services; corporate social responsibility services; maintenance services; physical security services; archiving, custody, storage and digitalization services; document removal and destruction services; back-office services; IT services.
Does Simline share customer data with third parties?
Our network carriers only process the minimal technical information needed for the service to function, such as the IMSI (International Mobile Subscriber Identity), the MSISDN (mobile number identifier), and the IP addresses used to establish the connection. This information is standard in all mobile services worldwide and is necessary for routing traffic and enabling connectivity.
Our network partners only access technical data required for connectivity and cannot see details such as names, emails, payment information, or browsing activity. All communications use end-to-end encryption (HTTPS, SFTP, SSH), ensuring data remains encrypted in transit. We implement data minimization principles and maintain strict partner agreements to prevent linking internet traffic to identifiable individuals.
International Data Transfers
Users resident in the European Union should note that your Personal Data will be transferred to certain recipients (mainly our external service providers) who are located outside the European Economic Area ("EEA") in countries with laws and practices that do not contain equivalent data protection rights for your Personal Data. Where such transfers occur, we ensure that appropriate safeguards are in place by ensuring that: (a) transfers do not occur without our prior written authority; and (b) that an appropriate transfer mechanism, such as Module 2 of the Standard Contractual Clauses (as approved by the European Commission) or an adequacy decision of the European Commission, is in place to protect your Personal Data.
If you would like to find out more about any transfers which affect your Personal Data, please contact us at support@simline.com.
Your data protection rights
Right of Access — You have the right to request a copy of the Personal Data held by Simline about you and to access the Personal Data which we hold about you.
Right to Object — You have a right to object at any time to the processing of your Personal Data where Simline processes your Personal Data on the legal basis of pursuing its legitimate interests.
Right to Rectification — You have the right to have any inaccurate Personal Data which Simline holds about you updated or corrected.
Right to Erasure — In certain circumstances, you may also have your Personal Data deleted. For example, if you exercise your right to object and Simline does not have an overriding reason to process your Personal Data or if we no longer require your Personal Data for the purposes set out in this Notice.
Right to Restriction of Processing — You have the right to ask Simline to restrict processing your Personal Data in certain cases, including if you believe that the Personal Data that we hold about you is inaccurate or if our use of your Personal Data is unlawful.
Right to Data Portability — You may request Simline to provide you with the Personal Data which you have given Simline in a structured, commonly used and machine-readable format.
Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or in the place where an alleged infringement occurred.
Right to Object to Automated Decision-Making, including Profiling — You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning Data Subjects or similarly significantly affects them. We may not be able to comply with this request where the processing is necessary to enter or perform our contract with them or when the processing is authorised under a law to which we are subject.
How long do we retain your Personal Data
In general, we will store your Personal Data in accordance with our obligations under applicable laws and/or for as long as we have a relationship with you plus a reasonable period of time after that. Your Personal Data will be stored as long as necessary in light of the purpose(s) for which it was obtained. The criteria used to determine the retention periods include:
- The length of the contractual relationship plus 7.5 years after that from the date of termination;
- Whether retention is prudent in light of Simline's legal position (such as with respect to statutes of limitations, litigation or regulatory investigations);
- Whether there is a legal obligation to which Simline is subject; and/or
- 6 months for connection history and call recording.
What is the Simline data retention procedure?
Simline retains customer data only for as long as necessary to provide the service and comply with legal obligations. Once this period ends, the data is securely deleted or anonymized, in line with GDPR, giving customers the highest level of protection.
Children's Personal Data
Simline understands the importance of safeguarding the Personal Data of children, which we consider to be an individual under the age of 18 or the equivalent age as specified by law in your jurisdiction.
Children under the age of 18 years old are prohibited from using Simline's services. We do not knowingly collect (or knowingly allow any third party to collect) Personal Data from persons under the age of 18. If we become aware that Personal Data has been collected from a person under the age of 18, we will delete this Personal Data and terminate that individual's account as quickly as possible.
Who should I contact in order to exercise my data protection rights?
Simline has a Data Protection Officer in accordance with applicable laws. If you have any questions about the information detailed in this Notice or would like to exercise your data protection rights, please contact our data protection officer at support@simline.com.
Updates to this Notice and other information
We will make best efforts to keep this Notice up to date. This Notice will be regularly reviewed and may be amended and updated from time to time as necessary. Any updates to this Notice will be posted to this section of the website.
This Notice is drafted in the English language. In the event that there is a conflict between this English language version of the Notice and any translated copies of the Notice, the English version shall prevail.