Lotsotravel Privacy Policy

1. Information We Collect

We collect various types of information from and about you to provide, maintain, and improve our Services.

A. Information You Provide Directly

This includes information you voluntarily submit when creating an account, making a purchase, or contacting us.

• Account/Contact Data: Name, email address, password (hashed), billing address. Used for account creation, management, communication, and security.
• Payment Data: Last four digits of your payment card, payment token, or details of your chosen payment provider (e.g., PayPal email). We do not store full credit card numbers. Used for processing payments and fulfilling orders.
• KYC/Regulatory Data: Government-issued ID, date of birth, proof of address (only where required by local telecommunications law in the destination country). Used for mandatory legal compliance for eSIM activation in certain jurisdictions.
• Support Data: Content of your communications with our customer support team (chat transcripts, emails). Used for responding to inquiries and providing technical support.

B. Information Collected Automatically

This information is generated as you use our website and Service.

• eSIM Profile Data: eUICC Identifier (EID), ICCID (SIM serial number), activation date, deactivation date. Used for provisioning, activating, and managing the eSIM profile on your device.
• Service Usage Data: Data consumption (MB used), Plan validity period, purchased destination country/region. Used for monitoring usage, managing data allowances, and billing. We do not track the content of your communications or the websites you visit.
• Technical/Device Data: IP address, device type, operating system, browser type, timestamps, pages viewed, referring website. Used for website security, analytics, fraud prevention, and service optimization.
• Location Data (Non-Specific): The general, city-level location derived from your IP address or mobile network connection point. Required for Service provisioning and to identify the appropriate Partner Network. We do not collect real-time, precise GPS location data.

2. How We Use Your Information (Legal Basis)

We use your personal data for the following purposes and on the corresponding legal bases:

• Service Provision & Contract Fulfillment: To provide the Service you purchased. (Legal Basis: Performance of a Contract)
• Legal/Regulatory Compliance: To meet required laws (e.g., tax, KYC). (Legal Basis: Legal Obligation)
• Customer Support & Communication: To assist you and manage our relationship. (Legal Basis: Performance of a Contract or Legitimate Interest)
• Fraud Prevention & Security: To protect our Service and users. (Legal Basis: Legitimate Interest)
• Service Improvement & Analytics: To enhance our offerings (often using aggregated/anonymized data). (Legal Basis: Legitimate Interest)
• Direct Marketing: To send you promotions (if you agreed). (Legal Basis: Consent - you can opt-out at any time)

3. Sharing and Disclosure of Your Information

We do not sell your personal data. We only share your information with the following categories of third parties necessary to operate our business or comply with the law:

• Partner Network Operators: We share necessary eSIM Profile Data (like EID and ICCID) and usage data with our global partner carriers and roaming hubs to activate and deliver the mobile data service in your travel destination.
• Payment Processors: We share Payment Data with secure, PCI-compliant payment gateways to process your purchases and refunds.
• Service Providers: We engage third-party companies (e.g., cloud hosting, email service providers, analytics platforms) to perform functions on our behalf. These third parties are bound by strict contractual obligations to keep your data confidential and use it only for the purposes for which we disclose it to them.
• Legal & Regulatory Authorities: We will disclose your information when required by law, such as to comply with a subpoena or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

4. International Data Transfers (Data Routing)

To provide you with international mobile data, your data must be transferred and processed in other countries.

• Data Provisioning: Data related to your eSIM activation is transferred securely to the Partner Network in your travel destination.
• Data Traffic Routing: When you use the Service, your internet traffic will be routed through the infrastructure of our Partner Networks. The specific path (routing) may vary and is determined by the mobile network operator providing the connection. We strive to partner with carriers who uphold strong privacy standards, but we cannot control the routing practices of every third-party network your data passes through.

We rely on legally approved mechanisms, such as Standard Contractual Clauses, to ensure your data receives adequate protection when transferred outside of your home jurisdiction.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data from accidental loss, unauthorized access, use, alteration, or disclosure. These measures include:

• Encryption: Using TLS/SSL to encrypt data transmitted between your device and our servers.
• Access Control: Limiting employee access to personal data on a need-to-know basis.
• Data Minimization: Collecting only the data necessary for the functionality of the Service.

Despite these measures, no data transmission over the internet can be guaranteed to be 100% secure. You use the Service at your own risk.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Account Data: Retained for the lifetime of your account and a short period thereafter (e.g., 90 days) in case of re-activation.
• Payment Records: Retained for 7 years to comply with tax and financial regulations.
• Usage Logs (Technical): Retained for up to 12 months for troubleshooting and security analysis, then permanently anonymized or deleted.

7. Your Data Protection Rights

Depending on your location (e.g., GDPR, CCPA), you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request corrections to incomplete or inaccurate data.
• Right to Erasure (Right to be Forgotten): Request the deletion of your personal data, subject to certain legal exceptions (e.g., retention for billing/tax purposes).
• Right to Restrict Processing: Request us to suspend the processing of your personal data.
• Right to Data Portability: Request that we transfer your personal data to you or a third party.
• Right to Object: Object to the processing of your personal data where we are relying on a legitimate interest.
• Right to Withdraw Consent: Withdraw your consent to marketing communications at any time.

To exercise any of these rights, please contact our Data Protection Officer using the contact details in Section 9.

8. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on this page and updating the "Effective Date" at the top.

9. Contact Us (Data Protection Officer)

If you have any questions or concerns about this Privacy Policy or our data practices, please contact our designated Data Protection Officer:

Lotsotravel Data Protection Officer
Email: privacy@lotsotravel.com