Privacy Policy

1. Introduction

eSIM Store ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our eSIM services.

We comply with the Norwegian Personal Data Act (Personopplysningsloven) and the EU General Data Protection Regulation (GDPR). As a Norwegian company, we are subject to supervision by the Norwegian Data Protection Authority (Datatilsynet).

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide

• Account Information: Name, email address, and password when you create an account
• Purchase Information: Email address for eSIM delivery, billing details
• Communication Data: Any information you provide when contacting our support

3.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, time spent on site, referring website
• Cookies: Session cookies for authentication and preferences

3.3 Payment Information

Payment processing is handled by Stripe, a PCI DSS compliant payment processor. We do not store your full credit card details on our servers. Stripe's privacy policy governs their handling of your payment information.

4. Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b)): Processing necessary to fulfill your eSIM purchase and deliver our services
• Legal Obligation (Art. 6(1)(c)): Processing required to comply with Norwegian tax and accounting laws
• Legitimate Interest (Art. 6(1)(f)): Processing for fraud prevention, security, and service improvement
• Consent (Art. 6(1)(a)): Marketing communications (only with your explicit consent)

5. How We Use Your Data

We use your personal data for the following purposes:

• Processing and fulfilling your eSIM orders
• Sending order confirmations and eSIM activation instructions
• Providing customer support and responding to inquiries
• Processing refunds and handling disputes
• Preventing fraud and ensuring platform security
• Complying with legal obligations (e.g., tax records)
• Improving our services and user experience
• Sending marketing communications (only with consent)

6. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

• eSIM Providers: To provision and activate your eSIM (email address only)
• Payment Processors: Stripe for secure payment processing
• Cloud Services: Cloudflare for hosting and security
• Legal Authorities: When required by Norwegian law or court order

We do not sell your personal data to third parties. All our service providers are bound by data processing agreements ensuring GDPR compliance.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Binding Corporate Rules where applicable

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

• Account Data: Until you delete your account, plus 30 days
• Order Records: 5 years (Norwegian accounting law requirement)
• Support Communications: 2 years after resolution
• Marketing Consent: Until you withdraw consent

9. Your Rights Under GDPR

Under Norwegian and EU data protection law, you have the following rights:

• Right of Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing (Art. 18): Limit how we use your data
• Right to Data Portability (Art. 20): Receive your data in a machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time

To exercise any of these rights, please contact us at privacy@duasim.com. We will respond within 30 days as required by GDPR.

10. Cookies

We use the following types of cookies:

• Essential Cookies: Required for authentication and security (no consent needed)
• Functional Cookies: Remember your preferences
• Analytics Cookies: Help us understand how you use our site (with consent)

You can manage cookie preferences through your browser settings.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• TLS/SSL encryption for all data transmission
• Secure password hashing
• Regular security audits
• Access controls and authentication
• DDoS protection via Cloudflare

12. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Complaints

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet):

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: