Informativa sulla Privacy

- If necessary to perform a contract (e.g. with our employees, contractors, clients, suppliers); in particular, we will use Application Data only for the purpose of providing online services as provided in such contract; or

- If required to comply with a legal obligation (e.g. when we need to satisfy our obligations as employer); or

- Where we have a legitimate business need or a legitimate business reason to use Personal Data as part of our business activities (e.g. when carrying out a processing to better know our clients and send them promotional offers), except that this shall not apply to Application Data; or

- Where we have obtained the Data Subject’s Informed Consent when it is specifically required by law or by applicable policy. This may notably be the case where none of the other legal grounds described above is applicable and to the extent permitted under applicable law. We consider that it is important to assess the privacy risks before we collect, use, retain or disclose Personal Data, such as in a new system or as part of a new project. eSIM4Travel will only Process Personal Data in the way described in its specific privacy notices or privacy policies and in accordance with any Informed Consent we may have obtained from the Data Subject. eSIM4Travel will not carry out profiling activities based on automated decision making, unless legally grounded on a requirement of applicable law or the performance of a contract or the Data Subject's consent and provided that suitable safeguards are implemented to protect the Data Subjects rights. Where legally required, we will ensure that Data Subjects are provided with relevant information concerning the processing of their Personal Data, unless there is an impossibility to provide such information or if it requires disproportionate efforts to provide such information.

Personal Data will only be collected and processed for specified, explicit and legitimate purposes (which could be multiple), complying with the Personal Data minimization principle and ensuring the accuracy of the Personal Data processed.

Personal Data will not be further processed in a manner that is incompatible with those purposes. We carefully evaluate and define the purposes of any Personal Data Processing before launching a project (e.g. management of HR data, management of recruitment data, payroll purpose, accounting and financial management, allocation of IT tools and any other digital solutions or collaborative platforms, IT support management, health and safety management, information security management, client relationship management, bids, sales and marketing management, supply management, internal and external communication and events management, compliance with anti-money laundering and anti-bribery obligations or any other legal requirements, data analytics operations, implementation of compliance processes).

We will ensure that the Personal Data we collect are relevant, adequate and not excessive in relation to the purpose of the Processing and its eventual use (e.g. insights, marketing, promotions). This means that only necessary and relevant information for the purpose sought can be collected and processed.

When collecting Sensitive Data or Personal Data relating to criminal convictions and offences, proportionality is fundamental. We do not collect Sensitive Data or Personal Data relating to criminal convictions and offences, unless required by applicable law or when allowed by applicable law with the Data Subject's prior express consent.

Every reasonable step will be taken to ensure that Personal Data are maintained in an appropriately accurate and up-to-date form at every step of Personal Data Processing (i.e. collect, transfer, storage and retrieval).

We encourage the Data Subjects to help us maintaining your Personal Data up to date by exercising your rights, notably of access and rectification.

Since employees, contractors, customers, suppliers, consumers and business partners put their trust in eSIM4Travel when they provide us with their Personal Data, eSIM4Travel ensures the security and confidentiality of the Personal Data it processes.

We protect any Personal Data collected, used, retained and disclosed to support our business activities by following the relevant usage, technical and organizational policies, standards and processes.

Industry standard technical and organizational measures are implemented to prevent against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access, or any other unlawful or unauthorized forms of Processing.

Where processing is to be carried out on behalf of eSIM4Travel, it will select service providers providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of applicable data protection laws and ensure the protection of the rights of the data subject.

eSIM4Travel endeavors to take reasonable measures based on Privacy by design and Privacy by default as appropriate to implement necessary safeguards when processing Personal Data. eSIM4Travel will thus implement technical and organizational measures, at the earliest stages of the design of the Processing operations, in such a way that safeguards privacy and data protection principles right from the start (‘Privacy by design’). By default, eSIM4Travel should ensure that Personal Data is processed with privacy protection (for example only the data necessary should be processed, short storage period, limited accessibility) so that by default Personal Data is not made accessible to an indefinite number of persons (‘Privacy by default’).

When Personal Data Processing is likely to result in a high risk to the rights and freedoms of Data Subjects, we will carry out a privacy impact assessment or “Personal Data impact assessment” prior to its implementation.

No breach is too small for action. We will examine all claims related to any breach to this Global Privacy Policy or applicable data protection laws, potential or actual, that are brought to our attention or that we become aware of and will take all reasonable measures to limit their impact.

Any person or entity handling Personal Data for eSIM4Travel will keep it only for as long as it is necessary for the purpose for which it has been collected and processed (and other compatible purposes) which may include:

- To meet or support eSIM4Travel business activity; or

- To comply with a legal or regulatory requirement and comply with applicable statute of limitation requirements;

- To defend against legal or contractual actions (in which case, the Personal Data may be retained until the end of the corresponding statute of limitation or in accordance with any applicable litigation hold policies).

- Personal Data is retained and destroyed in a manner consistent with applicable law.

We are receptive to queries or requests made by Data Subjects in connection with their Personal Data and, where required by law, we provide Data Subjects with the ability to access, correct, restrict and erase their Personal Data as set forth by applicable law. We also allow them to oppose the processing of their personal data, and to exercise their right to portability.

- Access right: We will provide access to all Personal Data related to a Data Subject as required by law, to the purposes of the Processing, categories of Personal Data processed, categories of recipients, data retention term, rights to rectify, delete or restrict the Personal Data accessed if applicable, etc.

- Right to portability: We may also provide a copy of any Personal Data that We hold in our records in a format compatible and structured to allow the exercise of right to data portability to the extent it is relevant under applicable law.

- Right to rectification: Data Subjects can request that we correct, amend, erase, any Personal Data which is incomplete, out of date or inaccurate.

- Right to erasure: Data Subjects can request the deletion of their Personal Data (i) if such Personal Data is no longer necessary for the purpose of the data processing, (ii) the Data Subject has withdrawn his/her consent on the Processing based exclusively on such consent, (iii) the Data Subject objected to the Processing, (iv) the Personal Data Processing is unlawful, (v) the Personal Data must be erased to comply with a legal obligation applicable to eSIM4Travel. eSIM4Travel will take reasonable steps to inform the other entities of the eSIM4Travel of such erasure.

- Right to restriction: Data Subjects can request the restriction of their Personal Data (i) in the event the accuracy of the Personal Data is contested to allow eSIM4Travel to check such accuracy, (ii) if the Data Subject wishes to restrict the Personal Data rather than deleting it despite the fact that the processing is unlawful, (iii) if the Data Subject wishes eSIM4Travel group to keep the Personal Data because he/she needs it for his/her defense in the context of legal claims (iv) if the Data Subject has objected to the Processing but eSIM4Travel conducts verification to check whether it has legitimate grounds for such Processing which may override the Data Subject's own rights.

- Right to withdraw his/her consent: when the Personal Data Processing is based on Data Subject's consent, Data Subject may withdraw such consent at any moment, without affecting the lawfulness of Processing based on consent before its withdrawal.

- Right to object: Data Subject can also indicate his/her objection to the Processing of his/her Personal Data at any time:

when used for marketing purpose or profiling to send targeted advertising, or to object to the sharing of his/her Personal Data with third parties or within the eSIM4Travel group, or when the Processing is based on eSIM4Travel’s legitimate interest, unless eSIM4Travel demonstrates compelling legitimate grounds for the Processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.

- Digital legacy: Data Subjects have the right to define (general or specific) directives regarding the usage of their personal data after their death.

Personal Data is only disclosed outside eSIM4Travel where there is an overarching legal justification to do this.

- Disclosure is made on a strictly limited 'need to know' basis where there is clear justification for transferring Personal Data - either because the Data Subject has consented to the transfer or because disclosure is required to perform or reach an agreement, or for a legitimate purpose that does not infringe the Data Subject's fundamental rights, including the right to privacy (e.g. sharing in the context of a merger and acquisition operation). In each case the Data Subject will be aware that the disclosure is likely to take place. Assurances will also be sought from the recipients that they will only use the Personal Data for legitimate / authorized purposes and keep it secure.

- If necessary and relevant, Personal data can be disclosed: