Privacy Policy

1. Introduction

This Privacy Policy explains how ESIMLYO ("we", "us", "our") collects, uses, shares, and protects personal data when you use our website, applications, and eSIM services (collectively, the "Services").

We are committed to protecting your privacy and processing personal data in accordance with applicable data protection laws, including the UK GDPR, EU GDPR (where applicable), and other relevant privacy regulations.

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Identity and contact data

• Name
• Email address
• Country of residence (where provided)

3.2 Account and transaction data

• Account credentials (e.g., email, password hash)
• Order history and purchased eSIM plans
• Payment status (processed via third-party payment providers; we do not store full card details)

3.3 Technical and usage data

• IP address and approximate location
• Device type and operating system
• Log data related to access and use of our website and portal

3.4 eSIM activation and connectivity data

• eSIM identifiers (e.g., ICCID, activation code)
• Plan details (destination, validity, data allowance)
• Basic network usage information as necessary for activation, troubleshooting, and fraud prevention

3.5 Verification data (where required)

In limited cases and where required by law or upstream providers, we may request additional information to verify your identity or eligibility (e.g., basic ID information or documentation).

4. How We Use Personal Data (Purposes and Legal Bases)

We process your personal data for the following purposes and legal bases:

5. Sharing of Personal Data

We may share personal data with the following categories of recipients where necessary:

• Upstream connectivity aggregators and mobile network providers, for eSIM activation, connectivity, and fraud prevention.
• Payment service providers, for processing your payments.
• Customer support tools and communication platforms we use to respond to your enquiries.
• Professional advisers (e.g., legal, accounting) where necessary.
• Public authorities, regulators, or law enforcement where required by law.

We do not sell your personal data to third parties.

6. International Transfers

Some of our service providers or network partners may be located outside the UK or European Economic Area (EEA). Where personal data is transferred internationally, we take appropriate safeguards, such as:

• using Standard Contractual Clauses approved by the European Commission or UK authorities; or
• transferring to countries determined to provide an adequate level of protection.

Further details on specific transfer mechanisms can be provided upon request.

7. Data Retention

We retain your personal data only for as long as reasonably necessary for the purposes described in this Policy, including for:

• providing the Services and managing your account;
• complying with legal, tax, and accounting obligations; and
• resolving disputes and enforcing our agreements.

Retention periods vary depending on the data type and legal requirements. When data is no longer needed, we will delete or anonymise it.

8. Your Rights

Subject to applicable law, you may have the following rights:

• Right of access – to obtain a copy of the personal data we hold about you.
• Right to rectification – to correct inaccurate or incomplete data.
• Right to erasure – to request deletion of your data in certain circumstances.
• Right to restriction – to restrict processing in certain circumstances.
• Right to data portability – to receive your data in a structured, commonly used format.
• Right to object – to object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent – where processing is based on consent.

To exercise any of these rights, please contact us at privacy@esimlyo.com. We may need to verify your identity before responding.

9. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to:

• enable essential site functions;
• measure performance and usage; and
• support optional marketing features.

You can manage your cookie preferences through your browser settings and, where implemented, our cookie banner or preferences tool. For more details, see our Cookies Policy.

10. Security

We use appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include, where appropriate, encryption, access controls, and secure data transfer.

While we strive to protect your data, no system is completely secure. You are responsible for keeping account credentials confidential and notifying us promptly if you suspect unauthorised access.

11. Children's Data

Our Services are not directed to children under 18, and we do not knowingly collect personal data from children. If you believe that a child has provided us with personal data without parental consent, please contact us and we will delete such information.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and, where appropriate, provide additional notice.

We encourage you to review this Policy periodically to stay informed about how we process your data.

13. Contact and Complaints

If you have any questions or concerns about this Privacy Policy or our data practices, please contact:

You may also have the right to lodge a complaint with a data protection authority in your country of residence or where you believe your rights have been infringed.