🔐Privacy Notice

Last updated: March 5th, 2024

This notice describes how we collect and process users’ data by SWALLET OU filialas through the S-eSIM https://s-esim.io/ website (hereinafter – the “Website”) and mobile application (“App”), collectively referred to as the “Platform”. The terms “Company” “S-eSIM”, “we”, “us”, and “our” refer to SWALLET OU filialas incorporated and registered under the laws of Lithuania.

We are committed to safeguarding the privacy of our users. We will not misuse your data.

From the data protection perspective, we are a data controller for the information collected through the Platform. You can contact us at:

SWALLET OU filialas

Registry code: 306106102

Contact email address: support@s-esim.io

DEFINITIONS

‘Applicable Law’ means all applicable laws, statutes, codes, ordinances, decrees, rules, regulations, municipal by-laws, judgments, orders, decisions, rulings or awards of any government, quasi-government, statutory or regulatory body, ministry, government agency or department, court, agency or association of competent jurisdiction.

‘Personal data’ means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Special categories of personal data’ (sensitive data) means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

‘Data controller’ (controller) means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘Data processor’ (processor) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

‘Data Subject’ means any living individual who is the subject of personal data processed by the Company, including Visitors, independent contractors/employees and other stakeholders.

‘DPO’ is a data protection officer appointed by a Controller (including a Joint Controller), or Processor to independently oversee relevant data protection operations in the manner.

‘Visitor or User’ means Data Subject who has entered the Website and/or uses Company’s Services with any purpose.

‘Services’ means legal services provided by the Company.

‘Website’ means https://s-esim.io/ website.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

‘Profiling’ means any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or analyses or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behavior. This definition is linked to the right of the data subject to object to profiling and a right to be informed about the existence of profiling, of measures based on profiling and the envisaged effects of profiling on the individual.

‘Automated decision-making’ means an ability to make decisions by technological means without human involvement that produces legal effects concerning the Data Subject or similarly significantly affects the Data Subject.

‘Personal data breach’ means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

‘Consent’ means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.

GENERAL

In collecting and using of the personal data, the Company is subject to a variety of applicable laws controlling how such activities may be carried out and the safeguards that must be put in place to data protect.

This Policy applies to all Company’s employees, independent contractors, stakeholders and all other subjects that directly or indirectly participate in the personal data processing, including Users and non-users who visit the website https://s-esim.io/, use our Service and application, within Company’s activities.

This Policy sets out how the Company uses, processes and stores Users personal information. The Company will obtain that information from the User with his/her permission and consent.

PRINCIPLES OF PROCESSING

1. Lawfulness, Fairness, and Transparency: We process your personal data in a lawful, fair, and transparent manner. Our terms of use clearly outline how your data will be used.

2. Purpose Limitation: We collect and process your data only for specific, explicit, and legitimate purposes. Your data will not be used for any purposes incompatible with the ones stated.

3. Data Minimization: We only collect and process the personal data necessary for the intended purpose. Rest assured, we avoid excessive or irrelevant data collection.

4. Accuracy: We strive to ensure that the personal data we process is accurate and up-to-date. If there are inaccuracies, we take prompt steps to correct or erase them.

5. Storage Limitation: Your personal data won't be kept longer than necessary for the purpose it was collected. We adhere to appropriate retention periods.

6. Integrity and Confidentiality (Security): We implement robust technical and organizational measures to secure your personal data, protecting it against unauthorized processing, loss, destruction, or damage.

7. Accountability: We demonstrate our commitment to GDPR principles by maintaining records of processing activities and regularly conducting risk assessments. Our policies ensure compliance with data protection standards.

8. Data Subject Rights: You have rights regarding your personal data. Our terms provide mechanisms for you to access, rectify, erase, and port your data easily.

9. Lawful Basis for Processing: We identify and document the lawful basis for processing your personal data. Our processing activities align with the chosen lawful basis.

10. Consent: If we rely on your consent, it is freely given, specific, informed, and unambiguous. You can withdraw your consent easily through the mechanisms we provide.

11. Children's Data: We implement special protections when processing children's data, especially in online services. Parental consent is obtained where required.

12. Data Protection Impact Assessment (DPIA): For processing activities with high risks to your rights and freedoms, we conduct a Data Protection Impact Assessment. Our Data Protection Officer (DPO), if any, advises on such matters.

By accepting these terms, you acknowledge our commitment to protecting your privacy and complying with the GDPR principles in the processing of your personal data.

We use your Account information:

  • to create and maintain your account. The applied legal basis for this is the performance of the contract (Terms of Use) between you and us;

  • to contact you regarding the work of the application or your Account, including by email and by sending you web notifications (if any);

  • to respond to support requests;

  • upon receiving your consent from you, to send you marketing or promotional materials;

  • to analyze the efficiency of our Services in our legitimate interests;

  • to store certain types of information for compliance with law, e.g., KYC obligations.

TYPES OF INFORMATION WE COLLECT FROM YOU

We may collect personally identifiable information when you specifically and knowingly provide it to us, for example when you sign up for our newsletter or chat, create an account, request more information on our contact us page, respond to a survey or questionnaire and provide personal information such as your email address, name or other information. Where applicable, personally identifiable information includes personal data as defined in applicable law.

This Privacy Policy does not apply to the privacy practices of third parties that we do not own or control, including but not limited to any third-party websites, services, applications, or online resources to which this Site may link or otherwise reference (collectively Third Party Services) that you may access through the Services. We encourage you to carefully review the privacy policies of any Third Party Services you access.

S-eSIM does not consider personally identifiable information to include information that has been anonymized so that it does not allow a third party to identify a specific individual. We collect and use your personally identifiable information to provide the services, operate and improve our service, provide customer service, perform research and analysis aimed at improving our products, service and technology, and display content that is customized to your interests and preferences.

You may always choose not to provide personally identifiable information, but if you choose so, certain parts of the Service may not be available to you. If you have registered an account with us, you will have agreed to provide your personally identifiable information in order to access the services. This consent provides us with the legal basis we require under applicable law to process your data. If you do not agree to our use of your personal data in line with this policy, please do not use our Services.

Subject to the following paragraph, we ask that you do not send us, and you do not disclose, any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services or otherwise to us.

If you send or disclose any sensitive personal data to us when you submit content to the services, you consent to our processing and use of such sensitive personal data in accordance with this policy. If you do not consent to our processing and use of such sensitive personal data, you must not submit such content to us. Please note that even if this information is provided, we will not store them anywhere on our side.

We may collect and aggregate non-personally identifiable information which is information that does not permit you to be identified or identifiable either by itself or in combination with other information available to a third party. This information may include information such as a website that referred you to us, your IP address, browser type and language, hardware types, geographic location, and access times and durations. We also may collect navigational information, including information about the service content or pages you view, the links you click, and other actions taken in connection with the Service. We use this information to analyze usage patterns as part of making improvements to the Service.

ACCOUNT INFORMATION

To begin using our Services, you need to create your Account. During the registration process, you will be asked to provide us email address. You will also need at certain conditions provide us with your First and Last name, your date of birth.

We use/store this information in order:

(a) to maintain your Account;

(b) to provide you with access to our Services;

(c) to contact you regarding your account and our updates (support emails); and

(d) to comply with our legal obligations;

(e) to attend and manage your requests to us

(f) to comply with legal obligation purposes such as tax reporting, fraud prevention, our reporting obligations etc.

(g) we may use your Personal Information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our service(s), products, services, marketing, and your experience.

SUPPORT REQUESTS AND OTHER INQUIRIES

To receive support or contact us with relevant questions about our Company, and Services, you will be asked to provide us with your email address and a brief description of your request that would be attached to your contact information.

We will use this information solely to contact you back and assist you with your request.

We will store your request data for as long as we keep in touch with you and as long as the law require.

COOKIES

A cookie is a small text file that is downloaded onto your ‘terminal equipment’ (e.g., a computer or smartphone) when you access our Platform. It allows us to recognize your device and store some information about your preferences or past actions.

We use cookies to appropriately run the Platform and analyze the Platform traffic. To learn more about cookies, please read our Cookie Notice on Website.

USER AGE

The Company collects the personal data on the basis of consent obtained from the Data Subjects who have reached the age of 18 years.

If you know that the Company processes the data of a person under 18 years old, please inform about this by writing to the e-mail address: support@s-esim.io

THE PERIOD OF STORAGE

The Company processes and stores the personal data during the period that is needed for the realization of the processing purposes, specified in this Policy.

After the expiration of the period of storage, the Company is obliged to delete the personal data or ask the Data Subject to provide the Company with new consent, if the necessity of processing remains actual for the Company or another purpose of processing appears.

The Company is entitled not to store more and delete the earlier collected Data Subject personal data of at any time if such personal data are not needed more. Herewith, the Company is obligated to notify the respective Data Subject that his/her personal data are deleted.

The Company may keep storing the personal data if subsequent processing is foreseen by law and is deemed relevant for a purpose that is not compatible with the original purpose of processing stated in this Policy. Herewith, under incompatible purposes means the purposes concerning archiving in the public interest, scientific, statistical, or historical use.

PROCESSORS

While processing the User's personal data, the Company may engage Google Inc. (by using Google Analytics) as a processor.

The Company is responsible for the proper processing of the User's personal data under the Law. Herewith, each processor is responsible for the adherence of the Law as well as for other legislative actions concerning data protection while processing the Users’ personal data.

The processors are not entitled to define any additional purposes for personal data processing.

YOUR RIGHTS

This Policy provide all Data Subjects with the opportunity to realize any of the following rights:

1. Right to Information: You have the right to be informed about how your personal data is collected, processed, and used. Our terms of use provide transparent information on these practices.

2. Right of Access: You can request access to the personal data we hold about you. We have mechanisms in place to provide you with a copy of this data upon request.

3. Right to Rectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request corrections. We strive to promptly rectify any inaccuracies.

4. Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data under certain circumstances. We respect your right to be forgotten, and we will erase your data when appropriate.

5. Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data in certain situations. We will honor such requests while verifying the necessity of processing.

6. Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format. We provide mechanisms to facilitate the portability of your data.

7. Right to Object: You have the right to object to the processing of your personal data, especially in cases of direct marketing or processing based on legitimate interests. We respect your preferences.

8. Rights Related to Automated Decision-Making, Including Profiling: We inform you if we make decisions based solely on automated processing, including profiling. You have the right to challenge such decisions and request human intervention.

9. Right to Withdraw Consent: If we rely on your consent for processing your data, you have the right to withdraw it at any time. We make this process straightforward and easily accessible.

10. Right to Lodge a Complaint: If you believe your rights under the GDPR have been violated, you have the right to lodge a complaint with a supervisory authority. Our terms provide information on how to do so.

DATA TRANSFER

The Company stores personal data in Lithuania.

The Company does not sell, trade or transfer personal data to any legal persons or individuals

SECURITY OF INFORMATION

We take necessary and sufficient measures to protect your information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.

Internally, immediate access to the data is only allowed to our authorized employees involved in maintaining our Platform and conducting other processing activities. Those employees include our backend software developer, operational and marketing team. Such employees keep strict confidentiality and prevent unauthorized third-party access to personal information.

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties.

THIRD-PARTY SERVICES

Our Platform may contain links to third-party services and platforms, including those posted by our partners and affiliate companies. Although we choose our partners thoroughly and diligently, we cannot be responsible for the content, terms, and conditions, or privacy policies of third-party services.

We encourage users to be aware when they leave our Platform and to read the privacy statements of the services that collect personally identifiable information.

Third-party Platforms may contain their own cookies. We are not responsible for their usage of cookies.

CHANGES TO THIS NOTICE

We may update this privacy notice from time to time by posting a new version on our Platform. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavor to provide you with an announcement about any significant changes.

CONTACT US

If you have any questions, comments, or concerns regarding our Privacy Policy and/or how we process your personal data, please contact us at the email address support@s-esim.io

Last updated