PRIVACY POLICY

MNB Teknoloji Danışmanlık Ltd. Şti., eSIM Station (esimstation.com) ("eSIM," "we," "us," or "our"), operates with a strong commitment to your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information, also referred to as personal data. Additionally, it outlines your rights and choices regarding your personal information, as well as how you can contact us to address any questions or concerns you may have.

By creating an account or using or visiting any eSIM Station website, application, product, software, tool, data stream, and/or service (collectively referred to as the "Service"), you acknowledge that you have read, understood, and agreed to the terms of this policy.

This Privacy Policy explains how we collect, use, share, store, and protect your personal information. Please take the time to read this Privacy Policy carefully.

Table of Contents:

  • Applicability of This Privacy Policy
  • How We Collect, Share, and Use Personal Information
  • Information We Collect
  • Data Retention
  • How We Use the Information
  • How We Share Personal Information
  • Your Rights
  • Data Transfers and International Data Transfers
  • Security
  • Changes to This Policy
  • Children
  • Contact Information
  • Additional Information for California Residents

1. Applicability of This Privacy Policy

This Privacy Policy applies to eSIM Station's mobile applications, Partner Platform, websites, features, and other services (collectively, "Services") provided to users worldwide, including interactions with eSIM Station (both online and offline), employees, and job applicants.

This Privacy Policy explains how eSIM Station collects and uses data and is applicable to all eSIM Station users globally unless they are using a service covered by a separate privacy notice. Specifically, this Privacy Policy applies to the following groups:

  • End Users: Individuals who use Services through their eSIM Station accounts for personal purposes and directly interact with the Services.
  • Corporate Users: Organizations that either directly or indirectly provide eSIM Station with personal information about End Customers and use eSIM Station's services for their own business and operations.
  • End Customers: Individuals receiving services requested by other eSIM Station account holders, such as when interacting or transacting with a Corporate User.
  • Job Applicants: Individuals applying for employment with eSIM Station.

2. How We Collect, Share, and Use Personal Information

We collect information about you in various ways, depending on your interactions with us and our Services:

Directly from You:

We collect information directly from you when you provide it to us, such as when you register for an account, sign up to receive notifications, place an order, make a purchase, or contact us via phone, email, or other communication methods.

Automatically Through Interaction with Our Services:

We automatically collect information when you interact with our Services and/or emails, using cookies, server logs, and other similar technologies, where permitted by law or with your consent.

From Other Sources:

We may receive information from affiliates, business partners, service providers, online social networks, and other third parties, including publicly available sources. For instance:

  • If you apply for a job or are an employee, we may conduct a background check.
  • Information may also be shared with us by third-party platforms or services that you interact with.

The data collected helps us provide, improve, and personalize the Services we offer, while ensuring compliance with applicable legal requirements.

eSIM Station classifies data and information systems based on their sensitivity, legal requirements, and business criticality to ensure an appropriate level of protection. This classification helps maintain compliance with applicable regulations and safeguards the integrity and confidentiality of data.

Data Controller:

The "Data Controller" is the entity that determines the purposes and means of processing personal data.

Data Processor:

The "Data Processor" is the entity that processes personal data on behalf of and under the instructions of the Data Controller.

This framework ensures that personal data is handled responsibly and securely, aligned with the legal standards and the nature of the information being processed.

eSIM Station as a Data Controller

As a Data Controller, eSIM Station determines the purposes and methods of processing personal data. In this role, eSIM Station ensures that personal data is processed in compliance with applicable data protection laws. The activities carried out by eSIM Station as a Data Controller include:

Direct Registrations:

eSIM Station acts as the Data Controller when users register directly for its services. This applies to:

  • B2C Context: End users who directly register for eSIM Station's services.
  • B2B Context: Corporate Users or End Customers who register directly with eSIM Station.

Core Activities:

  • Service Delivery: Using data to provide eSIM Station's products and services.
  • Fraud Prevention: Monitoring and detecting fraudulent activities and transactions.
  • Legal Compliance: Adhering to applicable financial, legal, and regulatory obligations.
  • Service Improvement: Developing and enhancing products and services through data analysis.
  • Job Application Processing: Processing personal data obtained through job applications.

By acting as a responsible Data Controller, eSIM Station upholds the integrity, security, and legal compliance of personal data, ensuring trust and reliability in its operations.

eSIM Station as a Data Processor

In scenarios where eSIM Station provides services on behalf of and under the instructions of a Corporate User, it acts as a Data Processor. This role applies in the following contexts:

B2B Context for End Customers:

eSIM Station serves as a Data Processor for data related to End Customers in a B2B setup, working under the directives of Corporate Users.

Service Execution for Corporate Users:

This includes tasks such as creating accounts and distributing eSIMs to End Customers based on instructions received from Corporate Users.

When acting as a Data Processor, eSIM Station adheres strictly to the instructions provided by the Data Controller (Corporate User). We recommend that individuals review the privacy policy of the relevant Data Controller to understand how their data is processed and protected.

eSIM Station is committed to maintaining the confidentiality and security of the data it processes. It ensures compliance with applicable data protection laws and contractual obligations, safeguarding the data at every stage of its handling.

3. Information We Collect

Below are examples of the types of information we collect in various contexts and how we use this information:

Personal Information Provided by You

  • Account Information: When you create an account, we may collect your name, email address, phone number, and payment details.
  • Customer Support: Information shared when contacting our support team, such as details about your issue or request.
  • Order and Transaction Details: Information related to purchases, such as billing and shipping addresses, and transaction history.

Automatically Collected Information

  • Device Information: Details about your device, including operating system, browser type, and device identifiers.
  • Usage Data: Information about your interactions with our Services, such as pages visited, links clicked, and time spent on the platform.
  • Cookies and Tracking Technologies: Data collected through cookies or similar tools to enhance your user experience and personalize content.

Information from Other Sources

  • Third-Party Platforms: Data shared with us by platforms you use to interact with our Services (e.g., social media or payment processors).
  • Corporate Users: Information provided by Corporate Users about their End Customers, such as for account setup or eSIM distribution.
  • Publicly Available Data: Information sourced from publicly accessible platforms or directories.

Examples of Use

  • Service Delivery: To provide and improve our products and services.
  • Personalization: Tailoring the user experience based on preferences and usage patterns.
  • Compliance and Fraud Prevention: Ensuring adherence to legal obligations and preventing fraudulent activities.
  • Marketing: Sending promotional messages and updates about our products and services, where permitted.

4. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law for legal, financial, or reporting obligations.

To determine the appropriate retention period for personal information, we consider:

  • The quantity, nature, and sensitivity of the information.
  • The potential risk of harm from unauthorized use or disclosure.
  • The purposes for which we process the information and whether those purposes can be achieved through other means.
  • Applicable legal requirements and obligations.

Once the retention period expires or the data is no longer needed, we securely delete or anonymize the information to ensure compliance with data protection standards.

5. How We Use Personal Information

In addition to the purposes and uses outlined above, we use your information for the following reasons:

  • Identification: To recognize you when you visit our websites.
  • Service Delivery: To provide products and services or process returns.
  • Improvement: To enhance our services and product offerings.
  • Payment Processing: To facilitate transactions.
  • Analytics: To perform data analysis.
  • Customer Support: To respond to and follow up on your requests, questions, issues, or feedback.
  • Marketing: To send marketing and promotional materials about our products, services, sales, promotions, or those of our partners.
  • Fraud Prevention: To detect and protect against malicious, deceptive, fraudulent, or illegal activities, such as policy violations, security issues, or harm to the rights, property, or safety of our company, users, employees, or others.
  • Error Detection and Repair: To identify, diagnose, and fix errors that impair our website or services' intended functionality.
  • Legal Compliance: To comply with legal or regulatory obligations, establish or exercise our rights, and defend against legal claims.
  • Administrative Purposes: For internal administrative purposes, including managing relationships with users.
  • Other Purposes with Consent: For purposes you may consent to from time to time.

Multiple Purposes for Data Collection

Although we collect your information for specific purposes, in many cases, there are overlapping reasons for processing. For instance:

  • When completing an online purchase, we collect your information to fulfill our contractual obligations.
  • Simultaneously, we retain the information to address any post-transaction inquiries efficiently, which is in our legitimate business interest.

Thus, the basis for collecting and processing your information may vary depending on the context. It could rely on your consent, the need to perform a contract, compliance with legal obligations, or our legitimate interest in running our business effectively.

6. How We Share Personal Information

In addition to the specific circumstances outlined elsewhere in this Privacy Policy, we may share personal information in the following situations:

Affiliates and Acquisitions

  • Affiliates: We may share information with our corporate affiliates, such as parent companies, sister companies, subsidiaries, joint ventures, or other companies under common control.
  • Acquisitions: If another company acquires or plans to acquire our business, assets, or shares, we may share information with that company, including during the negotiation phase.

Without Requiring Your Consent

  • Legal Compliance: We may share information to comply with subpoenas, orders, or court rulings, or to meet any other legal obligations.
  • Protecting Rights: We may disclose information to establish or defend our rights, prevent or investigate illegal activities, suspected fraud, threats to safety, or violations of our policies.
  • Third-Party Fulfillment: We may share information with third-party intermediaries to fulfill requests, such as shipping products or providing services.

Partner Promotions

We may collaborate with third-party partners to offer promotions. If you choose to participate in a promotion sponsored by a third-party partner, the information you provide will be shared with both us and the partner. The use of your information by the partner is not covered by this Privacy Policy.

Service Providers

We may share your information with service providers who assist us in operating our business effectively. These providers may help manage our website, offer technical support, process payments, or fulfill orders.

With Your Consent

We may share your information with third parties when you provide explicit consent or instructions to do so.

We ensure that any data shared is handled responsibly and in compliance with applicable data protection laws.

7. Your Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

Access Your Data

You have the right to request information about the personal data we collect, use, or share about you and our data practices. In certain cases, you may also request access to your personal data in a machine-readable, portable format.

Request Correction

You have the right to request corrections to inaccurate personal data we hold about you. We rely on you to update and correct your personal information. You can edit or delete your profile through our website. If certain updates are not possible online, you can contact us using the information provided below. Note that we may retain historical data in backup files where permitted by law.

Request Deletion

You have the right to request the deletion or removal of the personal data we have collected about you.

Withdraw Consent

Where we rely on your consent for processing, you may withdraw your consent at any time.

Object to Processing

You have the right to object to the processing of your personal data where it is based on legal grounds other than consent.

Online Tracking

Currently, we do not recognize Do Not Track signals.

Important Notes

The above rights are not absolute and may not apply in all circumstances. For example, we may deny or limit your request where the law permits or requires us to retain the information, or where we cannot verify your identity adequately.

We will not discriminate against individuals who exercise their privacy rights under applicable laws.

How to Exercise Your Rights

To exercise any of the rights outlined above or to appeal a decision regarding a data subject rights request, please contact us via the contact details below or through our Contact Us page.

We may require you to verify your identity before proceeding with your request. Depending on the request, we may ask for information such as your name, your last purchase from us, or the date of your last transaction. We may also request a signed declaration verifying your identity.

Authorized Representatives

You may designate an authorized representative to make certain privacy-related requests on your behalf. If you are acting on behalf of another individual, you must include a signed document proving you are authorized to act on their behalf.

Opting Out of Marketing Emails

To unsubscribe from marketing-related emails, log in to your account, navigate to your Profile Settings, and toggle the "I want to receive promotional emails" option off. Your email address will be removed from our marketing communications as quickly as possible.

For further assistance, you can contact us at info@esimstation.com.

Deleting Your Account

You can delete your account using the Delete Account option in your Profile Settings. Log in to your account, go to your Profile Settings, click "Delete Account," and confirm your request. We will process your request promptly or within one month, depending on the circumstances.

Please note that we may need to verify your identity and connection to the account before proceeding.

Retention of Data After a Deletion or Objection Request

In certain cases, eSIM Station may be legally required to retain and process your personal data even after a deletion request or objection. For instance, we may need to retain specific information to comply with Know Your Customer (KYC) and payment processing obligations.

8. Data Transfers and International Data Transfers

The eSIM Station Service can be accessed from Europe and other countries around the world. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than those in your home country.

However, we take steps to process personal information using the same privacy principles that apply in the country where your information was initially collected, whenever possible. By providing your personal information to us, you consent to the transfer, storage, and processing of your data in countries outside of your residence, including but not limited to the United States.

If you would like more information about how we apply privacy principles from one jurisdiction to data transferred to another, please contact us using the details provided below.

9. Security

We adhere to generally accepted industry standards to help protect your personal information. However, no method of transmission over the internet, mobile technology, or electronic storage is entirely secure. While we strive to implement physical, electronic, and procedural safeguards to protect the confidentiality of the information we collect online, we cannot guarantee its absolute security.

It is the responsibility of eSIM Station users to keep their passwords and account credentials secure. If you believe that your interaction with us is no longer secure (for instance, if you suspect that the security of your account has been compromised), please notify us immediately by contacting us at info@esimstation.com.

10. Changes to This Policy

We reserve the right to modify the terms of this Privacy Policy at any time. If significant changes are made to this statement or to how we use your personal information, we will notify you by prominently posting a notice on this page or our homepage, or by sending you an email.

We recommend reviewing this policy each time you visit our websites or use our applications. Our Privacy Policy includes both an "effective date" and a "last updated" date:

  • The effective date indicates when the current version of the policy became applicable.
  • The last updated date reflects the most recent date of significant revisions to the policy.

By staying informed of changes to this policy, you can ensure you understand how we continue to protect your personal information.

11. Children

Our Services are not directed at children under the age of 13, and we do not knowingly collect personal information from minors under the age of 16 without parental consent. Children under the age of 13 should not provide their personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 13 without appropriate consent, we will take steps to delete the information as soon as possible. If you believe we may have collected such information, please contact us at info@esimstation.com

12. Contact Information

If you have any questions, comments, concerns, or complaints about our privacy practices, or if you require access to this Privacy Policy in an alternative format due to a disability, please contact us at:

info@esimstation.com

We will do our best to respond to your inquiries and provide additional information regarding privacy as needed.

If you are not satisfied with our response and reside in the European Union or the United Kingdom, you may have the right to file a complaint with your local supervisory authority.