Privacy Policy

This privacy policy (“Notice”) is intended to inform you about how your Personal Data will be handled by eSIM70 (“eSIM70”, “we”, “us” or “our”) and sets out the information including personal information detailed below relating to you or which you provide to us (“Personal Data”) that will be collected and processed by eSIM70 and/or on its behalf by its third party service providers when you contact us through our channels, such as our application, website or, once you have contracted for our services. We are required to give you this information, including to inform you about your data protection rights, under the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

eSIM70 takes its data protection obligations seriously and will never share personal data with any third parties without the proper legal basis. We are committed to compliance with data protection and privacy regulations globally, including GDPR, UK data protection laws, and relevant privacy frameworks in North America, Australia, and Latin America, with privacy by design integrated into all our services.

We have set out in the table below the key context (“Legal Basis”) on which we process your Personal Data. We also explain how (“Nature of Processing”) and why (“Purposes”) we obtain and collect your Personal Data.

Depending on the Purpose for which we process your Personal Data, we may share such Personal Data with some or all of the following recipients to the extent necessary:

• eSIM70 internal/intra-group entities: internal departments and services (such as our sales department, marketing department or IT department).
• Telecommunications service providers: service providers located in the appropriate jurisdiction for which the eSIM service was purchased.
• Regulatory authorities and law enforcement agencies: where we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation or request, such as the Revenue Commissioners, Department of Social Protection, the Data Protection Commission, Workplace Relations Commission, the Irish courts, An Garda Síochána or any other applicable authorities.
• Third party advisors and professionals: professional advisors who provide professional services to us (e.g. consultants, legal advisors).
• Third party service providers: we engage third party suppliers who may process your Personal Data on our behalf for the above Purposes. These include administrative services, advertising and communication services, corporate social responsibility services, maintenance services, physical security services, archiving, custody, storage and digitalisation services, document removal and destruction services, back-office services, and IT services.

Our network carriers only process the minimal technical information needed for the service to function, such as the IMSI (International Mobile Subscriber Identity), the MSISDN (mobile number identifier), and the IP addresses used to establish the connection. This information is standard in all mobile services worldwide and is necessary for routing traffic and enabling connectivity.

Our network partners only access technical data required for connectivity and cannot see details such as names, emails, payment information, or browsing activity. All communications use end-to-end encryption (HTTPS, SFTP, SSH), ensuring data remains encrypted in transit. We implement data minimisation principles and maintain strict partner agreements to prevent linking internet traffic to identifiable individuals.

In general, we will store your Personal Data in accordance with our obligations under applicable Irish and European Union laws and/or for as long as we have a relationship with you plus a reasonable period of time after that. Your Personal Data will be stored as long as necessary in light of the purpose(s) for which it was obtained. The criteria used to determine the retention periods include:

• The length of the contractual relationship plus 7.5 years from the date of termination.
• Whether retention is prudent in light of eSIM70’s legal position (such as with respect to statutes of limitations, litigation or regulatory investigations).
• Whether there is a legal obligation to which eSIM70 is subject.
• 6 months for connection history and call recording.

eSIM70 retains customer data only for as long as necessary to provide the service and comply with legal obligations. Once this period ends, the data is securely deleted or anonymised, in line with GDPR.

eSIM70 understands the importance of safeguarding the Personal Data of children, which we consider to be an individual under the age of 18 in Ireland or the equivalent age as specified by law in your jurisdiction.

Children under the age of 18 are prohibited from using eSIM70’s services. We do not knowingly collect (or knowingly allow any third party to collect) Personal Data from persons under the age of 18. If we become aware that Personal Data has been collected from a person under the age of 18, we will delete this Personal Data and terminate that individual’s account as quickly as possible.

We will make best efforts to keep this Notice up to date. This Notice will be regularly reviewed and may be amended and updated from time to time as necessary. Any updates to this Notice will be posted to this section of the website.

This Notice is drafted in the English language. In the event that there is a conflict between this English language version of the Notice and any translated copies of the Notice, the English version shall prevail.