Gdpr Policy
Effective date : 2026/06/22
- INTRODUCTION
- PERSONAL DATA COLLECTED
- Identity Information: Name, surname, date of birth, gender
- Contact Information: Email address, phone number, address
- Payment Information: Credit card details, billing address
- Usage Information: IP address, device information, browser type, pages visited
- Support Communications: the content of your messages to our support channels (website chat, email, WhatsApp, support tickets), including any order details, device information, or screenshots you choose to share
- Security Data: technical signals used to protect our services from abuse, such as IP address, device/browser fingerprint, and request patterns
- Other Information: survey responses and other information you provide
- PURPOSES OF USE OF PERSONAL DATA
- Service Delivery: To process the eSIM sales transaction, process orders, and provide customer support across our website chat, email, WhatsApp, and support-ticket channels
- Account Management: To create, manage, and secure user accounts
- Communication: To send users service updates, support replies, and (where permitted) promotional information
- Abuse Prevention & Security: To detect and prevent fraud, spam, and automated abuse of our services, including our support channels
- Marketing: To promote products and services that may be of interest to users, where permitted by law
- Legal Obligations: To comply with legal regulations
- LEGAL BASES FOR PROCESSING
- Performance of a contract (Art. 6(1)(b)): to create and manage your account, process orders, deliver and operate your eSIM, and provide customer support.
- Legitimate interests (Art. 6(1)(f)): to secure our services and prevent fraud and abuse (including bot-protection and abuse signals), to improve our products, and to keep records of support requests.
- Consent (Art. 6(1)(a)): for non-essential cookies, marketing communications, and optional WhatsApp promotional messages. You may withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)): to comply with accounting, tax, and other legal requirements.
- COOKIES & TRACKING
- SHARING OF PERSONAL DATA
- Payment service providers: to process payments and prevent fraud (for example PayPal and other approved processors).
- Connectivity provider: our eSIM/network partner, to provision and operate your eSIM.
- Customer-support & AI providers: third-party email, messaging, and AI-based assistance providers (such as Google's Gemini API) that help us receive, classify, and respond to your support messages. They process your message content solely to provide the service to us.
- Messaging providers: our WhatsApp Business provider (zavu.dev) and Meta Platforms, where you contact us via WhatsApp.
- Security providers: bot-protection and abuse-prevention tools (such as Google reCAPTCHA) that process technical signals such as IP address.
- Hosting & analytics providers: to operate, secure, and improve our website and services.
- Authorities: where required by law or to protect our rights.
- AUTOMATED & AI-ASSISTED SUPPORT
- STORAGE OF PERSONAL DATA
- Support conversations (chat, email, WhatsApp, tickets) are retained for up to 90 days after the request is resolved, after which they are anonymized or deleted, unless a longer period is required for legal or accounting reasons.
- Security and abuse-prevention logs (such as IP address and abuse signals) are kept only for the limited period needed to protect the service, then deleted.
- Account and transaction records are kept for the duration of your account and any period required by law.
- INTERNATIONAL DATA TRANSFERS
- RIGHTS OF THE PERSONAL DATA SUBJECT
- Right to be Informed: To learn whether your personal data is being processed
- Right of Access: To access your personal data
- Right to Rectification: To request correction of your personal data if it is inaccurate or incomplete
- Right to Erasure: To request deletion of your personal data
- Right to Object: To object to the processing of your personal data
- Right to Data Portability: To receive your personal data in a portable format and transfer it to another data controller
- Right to Withdraw Consent: To withdraw your consent at any time where processing is based on consent
- Right to Lodge a Complaint: To lodge a complaint with your local data-protection supervisory authority — for example, the Personal Data Protection Authority (KVKK) in Turkey, or your national Data Protection Authority in the EU/EEA
- DATA SECURITY
- POLICY CHANGES
- CONTACT
This Personal Data Protection Policy ('Policy') describes how eSIMno ('we,' 'us,' or 'Company'), as the data controller for the services provided through www.esimno.com, collects, uses, shares, and protects your personal data. For any data-protection request, you can contact us at [email protected].
We may collect the following types of personal data through our Website:
We use your personal data for the following purposes:
Where the GDPR applies, we process your personal data on the following legal bases:
We use cookies and similar technologies to operate our website (essential cookies), to remember your preferences, and — with your consent — for analytics and advertising. Essential cookies are necessary for the site to function; non-essential cookies are used only where you have given consent, which you can change at any time through your browser settings. For more detail on the categories of cookies and tracking technologies we use, please see the relevant section of our Privacy Policy.
We share personal data only as necessary, with the following categories of recipients, each acting under contract and applicable data-protection law:
To answer support requests quickly across our website chat, email, WhatsApp, and support-ticket channels, we use automated and AI-based tools, including third-party AI providers such as Google's Gemini API. These tools help classify your request, draft replies, and route complex or sensitive cases (such as refunds or account issues) to a member of our team. Automated replies do not produce legal or similarly significant decisions about you, and you can ask to speak with a human at any time. AI providers process your message content only to provide the service to us, under contract, and not to train their own models for their own purposes.
We retain personal data only for as long as necessary for the purposes described in this Policy and as required by applicable laws.
Some of our service providers (including AI, messaging, payment, and hosting providers) may process your data outside your country, including in the United States and the European Union. Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses and limit transfers to what is necessary. Contact us for more information about these safeguards.
In accordance with GDPR, as a personal data subject, you have the following rights:
We take necessary technical and administrative measures to ensure the security of your personal data. However, please note that data transmission over the Internet is not entirely secure.
We may update this Policy from time to time. Changes will be published on our Website.
If you have any questions or requests regarding this Policy, or if you are located in the EU/EEA and wish to exercise your data-protection rights, please contact us at [email protected].



