Privacy Policy


Last updated: 27.03.2026

 

 

1. Data Controller

The data controller responsible for your personal data is:


GeneralAtomicos OÜRegistration number: 16861460Harju maakond, Lääne-Harju vald, Paldiski linn, Kivi tn 1-2, 76805, EstoniaEmail: [email protected]: https://esimvibe.io


GeneralAtomicos OÜ operates the platform esimvibe.io and is the entity responsible for the collection and processing of your personal data.


2. Personal Data We Collect

We collect the following categories of personal data:


2.1 Data you provide directly

  • Full name and email address (account registration)

  • Billing name and billing address

  • Payment method details (processed by our payment processor — we do not store full card numbers)


2.2 Data collected automatically

  • Device information (model, operating system, IMEI/EID identifiers required for eSIM provisioning)

  • IP address, browser type, and operating system

  • Usage logs and session data

  • Cookies and similar tracking technologies (see Section 9)


2.3 Transaction data

  • Order history, plan selection, and activation records

  • Payment confirmation references


3. Lawful Basis for Processing

We process your personal data under the following lawful bases as defined in Article 6 of the General Data Protection Regulation (GDPR):


  •  — Performance of a contract

Processing your order, activating your eSIM, and delivering the service you have purchased.

  •  — Legal obligation

Compliance with applicable law, including financial record-keeping, fraud prevention, and regulatory reporting.

  •  — Legitimate interests

Service improvement, security monitoring, and fraud detection, where these do not override your rights and freedoms.

  •  — Consent

Marketing communications and non-essential cookies. You may withdraw your consent at any time (see Section 7).


4. How We Use Your Data

Your personal data is used for the following purposes:


  • Registering and managing your account

  • Processing payments and issuing confirmations

  • Activating and provisioning eSIM plans

  • Providing customer support and technical troubleshooting

  • Complying with legal and regulatory obligations

  • Detecting and preventing fraud and abuse

  • Improving our platform and analysing usage patterns (where consent has been obtained)

  • Sending transactional emails (e.g. order confirmations, activation notices)

  • Sending marketing communications (only with your prior consent)


5. Data Sharing and Third Parties

We do not sell your personal data. We may share limited personal data with the following categories of third parties, strictly for the purposes described in this policy:


  • Payment processors (e.g. Stripe or equivalent) — to process your transactions securely

  • eSIM network partners — to provision and activate your data plan

  • Customer support tools — to manage support tickets and communications

  • Analytics providers — only with your consent, to analyse platform usage

  • Regulatory and law enforcement authorities — where required by applicable law or a lawful order


All third parties are required to handle your data in accordance with applicable data protection law. Where we engage processors, we do so under data processing agreements as required by GDPR Article 28.


6. International Data Transfers

GeneralAtomicos OÜ is incorporated in Estonia and operates within the European Economic Area (EEA). Some of our third-party service providers may be located outside the EEA, including in the United States.


Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:


  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Transfers to countries covered by an EU adequacy decision


You may request further information about these safeguards by contacting us at [email protected].


7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The following retention periods apply:


  • Account data: retained for the duration of your account, plus 2 years after account closure

  • Transaction and billing records: 7 years, in accordance with Estonian and EU accounting obligations

  • eSIM activation logs: 12 months from activation

  • Marketing consent records: retained until consent is withdrawn, plus 1 year thereafter

  • Server logs and technical data: 90 days


Upon expiry of the applicable retention period, data is securely deleted or anonymised.


8. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:


  • Right of access — to obtain a copy of the personal data we hold about you (Article 15)

  • Right to rectification — to correct inaccurate or incomplete data (Article 16)

  • Right to erasure — to request deletion of your data in certain circumstances (Article 17)

  • Right to restriction — to restrict processing of your data in certain circumstances (Article 18)

  • Right to data portability — to receive your data in a structured, machine-readable format (Article 20)

  • Right to object — to object to processing based on legitimate interests or for direct marketing (Article 21)

  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing


To exercise any of these rights, please contact us at: [email protected]


We will respond to your request within 30 days. In complex cases, this may be extended by a further 60 days, of which we will notify you.


You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), our lead supervisory authority:


Andmekaitse InspektsioonWäike-Ameerika 19, 10129 Tallinn, EstoniaWebsite: www.aki.ee


9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on esimvibe.io. These include strictly necessary cookies (required for the site to function), functional cookies, analytics cookies, and marketing cookies. Non-essential cookies are only placed with your consent, which you may withdraw at any time via the cookie preference panel on our website.


For full details on the cookies we use and how to manage them, please refer to our Cookie Policy.


10. Security, Minors, and Policy Updates

Security

We implement appropriate technical and organisational measures to protect your personal data, including TLS encryption in transit and strict access controls. In the event of a personal data breach posing a risk to your rights, we will notify the relevant supervisory authority within 72 hours and inform you directly where required.


Children

Our services are not directed at individuals under 18. We do not knowingly collect data from minors. If you believe we hold data about a child, please contact us at [email protected] and we will delete it promptly.


Updates to this Policy

We may update this policy periodically. The 'Last updated' date at the top reflects the most recent revision. For material changes, we will notify registered users by email or via a prominent notice on our website.


11. Contact Us

For any questions, requests, or complaints relating to this Privacy Policy or the processing of your personal data, please contact us:


GeneralAtomicos OÜ — Data Privacy Email: [email protected] maakond, Lääne-Harju vald, Paldiski linn, Kivi tn 1-2, 76805, Estonia

We may use cookies or any other tracking technologies when you visit our website, including any other media form, mobile website, or mobile application related or connected to help customize the Site and improve your experience. learn more

Allow