Legal

Privacy Policy

Last updated: 1 June 2025

1. Introduction

ValaeSIM Ltd. (β€œValaeSIM”, β€œwe”, β€œus”, β€œour”) is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights under applicable data protection law, including the EU General Data Protection Regulation (GDPR).

By using our website (valaesim.com) and services, you acknowledge this Privacy Policy. If you do not agree, please discontinue use of our services.

2. Who We Are

ValaeSIM Ltd. is the data controller responsible for your personal data. We are registered in Albania and operate globally.

Contact: support@valaesim.com

3. Information We Collect

Information you provide directly:

  • Name and email address (account registration and order fulfilment)
  • Payment details (processed by Stripe β€” we do not store card data)
  • Support messages and correspondence
  • Contact form submissions

Information collected automatically:

  • IP address and approximate location (country/city)
  • Browser type, operating system, device type
  • Pages visited, time spent, referrer URL
  • Cookies and similar tracking technologies (see Section 10)

Information from third parties:

  • Payment processors (Stripe) for transaction verification
  • Analytics providers (aggregated, anonymised data only)

4. How We Use Your Information

  • Order fulfilment: Deliver eSIM QR codes and purchase confirmations to your email
  • Customer support: Respond to enquiries and resolve technical issues
  • Account management: Maintain your account and purchase history
  • Service improvement: Analyse usage patterns to improve our platform
  • Legal compliance: Meet regulatory obligations and prevent fraud
  • Marketing: Send promotional emails only with your explicit consent (opt-in)

5. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract performance β€” processing necessary to fulfil your order
  • Legitimate interests β€” fraud prevention, service improvement, security
  • Legal obligation β€” compliance with applicable laws
  • Consent β€” marketing communications (you can withdraw at any time)

6. Data Sharing and Disclosure

We do not sell your personal data. We share data only as necessary:

  • Stripe β€” payment processing (PCI DSS compliant)
  • eSIM network providers β€” to activate your data plan (email address only)
  • Email service providers β€” to deliver your QR code and receipts
  • Analytics providers β€” anonymised/aggregated data only
  • Law enforcement β€” only when required by a valid legal request

7. International Data Transfers

Some of our service providers operate outside the European Economic Area (EEA). Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.

8. Data Retention

We retain personal data only as long as necessary:

  • Order records β€” 7 years (legal/tax obligation)
  • Account data β€” until you delete your account + 30 days
  • Support tickets β€” 2 years after resolution
  • Marketing consent β€” until you withdraw consent
  • Analytics data β€” 14 months (Google Analytics default)

9. Your Rights Under GDPR

If you are in the EEA or UK, you have the following rights:

  • Right of access β€” request a copy of your personal data
  • Right to rectification β€” correct inaccurate data
  • Right to erasure β€” request deletion of your data (β€œright to be forgotten”)
  • Right to restriction β€” limit how we process your data
  • Right to data portability β€” receive your data in machine-readable format
  • Right to object β€” object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent β€” withdraw marketing consent at any time
  • Right to lodge a complaint β€” with your national Data Protection Authority

To exercise your rights, email: support@valaesim.com. We will respond within 30 days.

10. Cookies

We use cookies and similar technologies to operate our website and improve your experience:

  • Essential cookies β€” required for the website to function (cannot be disabled)
  • Analytics cookies β€” help us understand how visitors use our site (you can opt out)
  • Marketing cookies β€” used for retargeted advertising (only with your consent)

You can manage cookie preferences through the cookie banner displayed on your first visit, or through your browser settings.

11. Data Security

We implement industry-standard security measures including TLS encryption, secure data centres, access controls, and regular security audits. However, no internet transmission is 100% secure. We will notify you promptly in the event of a data breach affecting your personal data.

12. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us immediately at support@valaesim.com and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email (if you have an account) and update the β€œLast updated” date at the top. Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

For any privacy-related questions or to exercise your rights:

  • Email: support@valaesim.com
  • Website: Contact form
  • Address: ValaeSIM Ltd., Tirana, Albania