Privacy Policy

Effective date: 3 June 2024

AIRGSM PTE. LTD., doing business as Airalo (www.AIRALO.com) (“Airalo,” “we,” “us,” or “our”), recognizes the importance of your privacy. This Privacy Policy describes how we collect, use, share and protect your personal information, also known as personal data. This Privacy Policy also tells you about your rights and choices with respect to your personal information, and how you can reach us to get answers to your questions.

By registering an account or otherwise using or visiting any Airalo website, application, product, software, tool, data feed, and/or service (collectively the “Service”), you understand and agree to the terms of this policy.

This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information. Please read this Privacy Policy carefully.

Table of contents:

1. Applicability of this Privacy Policy

2. How We Collect, Disclose, and Use Personal Information

3. Information We Collect

4. Data Retention

5. How We Use Information

6. How We Share Personal Information

7. Your Rights

8. Data Transfer & International Data Transfer

9. Security

10. Changes to This Policy

11. Children

12. Contact Information

13. Additional Information for California Residents

1. Applicability of this Privacy Policy

This Privacy Policy applies to users of Airalo’s services globally, including users of Airalo’s mobile applications, Partner Platform, websites, features, or other services, interactions (online and offline) with Airalo, employees, and job applicants (the “Services”).

This Privacy Policy describes how Airalo collects and uses data and applies to all Airalo users globally, unless they use a service covered by a separate privacy notice. This Privacy Policy specifically applies to:

• End Users: Individuals who use and interact directly with Services via their Airalo account for their personal use.
• Business Users: Airalo provides services to entities (“Business Users”) who directly and indirectly provide us with End Customer’s personal information in connection with those Business Users’ own business and activities.
• End Customers: Individuals who receive services ordered by other Airalo account owners, for example, when you do business with, or otherwise transact with a Business User.
• Job applicants: Individuals who submit a job application to Airalo.

2. How we collect, disclose, and use personal information

We collect information about you in a variety of ways depending on how you interact with us and our Services, including:

• Directly from you when you provide it to us, such as when you register for an account, sign up to receive communications from us, place an order, make a purchase, or contact us by phone, email, or otherwise.
• Automatically, using cookies, server logs, and other similar technologies when you interact with us through our Services and/or through emails, where permitted by law or where you consent.
• From other sources, including, for example, our affiliates, business partners, service providers, online social media networks, and other third parties, or from publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.

Airalo classifies data and information systems in accordance with legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. The “data controller” is the entity which determines the purposes and means of the data processing taking place. The “data processor” is an entity acting on behalf, and under the instructions, of a controller in processing personal information.

 

Airalo as a data controller

Airalo assumes the role of data controller when it determines the purposes and means of processing personal data. As a data controller, Airalo is responsible for ensuring that personal data is processed in compliance with applicable data protection laws. Activities under Airalo's data controller capacity include:

• Direct Sign-ups: Airalo is the data controller when users sign up directly with the service. This applies to both:
  • B2C Context: End users who register directly for Airalo's services.
  • B2B Context: Business Users or End Customers who sign up directly with Airalo.

Key activities:

• Service Delivery: Using data to provide Airalo's products and services.
• Fraud Prevention: Monitoring and detecting fraudulent transactions and activities.
• Legal Compliance: Adhering to applicable financial, legal, and regulatory obligations.
• Service Enhancement: Developing and improving products and services based on data analysis.
• Job Application Processing: Handling personal data from job applications.

 

Airalo as a data processor

In scenarios where Airalo provides services on behalf of and as per the directions of a Business User, it functions as a data processor. This includes situations such as:

• B2B Context for End Customers: Airalo serves as a data processor for the data related to End Customers of Business Users in the B2B setup.
• Service Execution for Business Users: Following instructions from Business Users, like creating accounts and distributing eSIMs to End Customers.

When acting in the capacity of a data processor, we advise users to consult the privacy policy of the respective data controller (the Business User) for information on how their data is handled and protected. Airalo adheres strictly to the instructions provided by the data controller and commits to ensuring the confidentiality and security of the processed data in accordance with applicable data protection laws and contractual obligations.

3. Information we collect

The following provides examples of the type of information that we collect in a variety of contexts and how we use that information.

Context	Types of Data	Primary Purpose for Collection and Use of Data
Account Registration	We collect your name and contact information, including email, when you create an account. We also collect information relating to the actions that you perform while logged into your account.	We have a legitimate interest in providing account related functionalities to our users. Accounts can be used for easy checkout and to save your preferences and transaction history. We may also process this information to fulfill our contract with you.
Biometric information	Biometric identifiers from photo IDs and selfies.	We process biometric information with your explicit consent in order to confirm your identity through the eKYC process where required by law.
Business Users	We collect the name, and contact information, including email, phone number, and physical address, of employees of our Business Users with whom we may interact.	We have a legitimate interest in contacting our clients and communicating with them concerning normal business administration such as projects, services, and billing.
Necessary Online Tracking Technologies	We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a website is viewed. Clear GIFs refer to pixels that are loaded by your browser when you access a website. These tracking technologies may collect information about your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.	We have a legitimate interest in making our website operate efficiently.
Non-Essential Tracking Technologies	We may place tracking technologies on our website (e.g., cookies or pixels) that collect analytics, record how you interact with our website, or allow us to participate in behavior-based advertising. These technologies may collect information about your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. We or a third party might also collect information over time and across different websites in order to serve advertisements on our website or other websites.	Where required by law, we base the use of third-party cookies upon consent.
Demographic Information	We collect personal information, such as your age or location.	We have a legitimate interest in understanding our users and providing tailored services.
Job Applicants	If you apply for a job posting, or become an employee, we collect information necessary to process your application or to retain you as an employee, including your contact information, education, and job history.	We have a legitimate interest in evaluating individuals for a potential position in our workforce. In some contexts, we are also required by law to collect information about employees or applicants. We also have a legitimate interest in using your information to have efficient staffing and workforce operations.
Feedback/Support	If you provide us feedback or contact us for support, we will collect your name and email address, as well as any other content that you send to us, in order to reply.	We have a legitimate interest in receiving, and acting upon, your feedback or issues.
Mobile Devices	We collect information from your mobile device such as unique identifying information broadcast from your device when visiting our website.	We have a legitimate interest in identifying unique visitors and monitoring visits to our website.
Order Placement	We collect your name, billing address, shipping address, email address, phone number, and payment card number when you place an order.	We use your information to perform our contract to provide you with our Services.
Partner Promotion	We collect information that you provide as part of a co-branded promotion with another company.	We have a legitimate interest in fulfilling our promotions.
Surveys	When you participate in a survey, we collect information that you provide through the survey. If the survey is provided by a third party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information.	We have a legitimate interest in understanding your opinions and collecting information relevant to our organization.

 

4. Data retention

We retain your personal information for only as long as necessary to fulfill the purposes outlined in this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we obtained the information and whether we can achieve those purposes through other means, as well as applicable legal requirements.

5. How we use personal information

In addition to the purposes and uses described above, we use information in the following ways:

• To identify you when you visit our websites.
• To provide products and services or to process returns.
• To improve our services and product offerings.
• To streamline the checkout process.
• To conduct analytics.
• To communicate with you, such as to respond to and/or follow-up on your requests, inquiries, issues, or feedback.
• To send marketing and promotional materials including information relating to our products, services, sales, or promotions, or those of our business partners.
• To detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violation of our policies and terms and conditions, security incidents, and harm to the rights, property, or safety of our company and our users, employees, or others.
• To debug, identify and repair errors that impair existing intended functionality of our website and services.
• To comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against legal claims.
• For internal administrative purposes, as well as to manage our relationships.
• For such other purposes as you may consent to (from time to time).

Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you complete an online purchase, we may collect your information to perform our contract with you, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your order. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.

 

6. How we share personal information

In addition to the specific situations discussed elsewhere in this Privacy Policy, we may disclose personal information in the following situations:

• Affiliates and Acquisitions: We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
• Other Disclosures without your consent: We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.
• Partner promotion: We may offer promotions with third party partners. If you decide to enter a promotion that is sponsored by a third party partner the information that you provide will be shared with us and with them. Their use of your information is not governed by this privacy policy.
• Service providers: We may share your information with service providers. Among other things, service providers help us to administer our website and provide services for the effective functioning of our business, provide technical support, process payments, and assist in the fulfillment of orders.
• Other disclosures with your consent: We may disclose your information to other third parties when we have your consent or direction to do so.

7. Your rights

Depending on your location and subject to applicable law, you may have the following rights:

• Access your data: The right to request that we disclose to you the personal information we collect, use, or disclose about you, and information about our data practices. In certain limited circumstances, you may also request to receive access to your personal information in a portable, machine-readable format.
• Verify and seek rectification: The right to request that we correct inaccurate personal information that we maintain about you. We rely on you to update and correct your personal information. Our website allows you to modify or delete your account profile. If our website does not permit you to update or correct certain information, you can contact us at the address described below in order to request that your information be modified. Note that we may keep historical information in our backup files as permitted by law.
• Have your personal information deleted or otherwise removed: The right to request that we delete personal information that we have collected about you.
• Withdraw your consent at any time: The right to withdraw consent where you have previously given consent to the processing of your personal information.
• Object to processing of your personal information: The right to object to the processing of your personal information if the processing is carried out on a legal basis other than consent.
• Online tracking: We do not currently recognize the “Do Not Track” signal.

Please note, not all of the rights described above are absolute, and they do not apply in all circumstances. In some cases, we may limit or deny your request because the law permits or requires us to do so, or if we are unable to adequately verify your identity. We will not discriminate against individuals who exercise their privacy rights under applicable law.

Please read this section to find out more about specific rights. To submit a request to exercise any of the rights described above, or to appeal a determination we made related to a data subject rights request, please reach out to us using the contact information below, or via our Contact Us page.

Note that, as required by law, we will require you to prove your identity. Depending on your request, we will ask for information such as your name, the last item you purchased from us, or the date of your last purchase from us. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete personal information about you in our files.

In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of a signed document indicating that you are able to act on another person’s behalf.

How do I unsubscribe from marketing emails?

You may opt-out from marketing-related emails by using the unsubscribe function from within your Profile Settings. To manage your preferences log into your account, then navigate to your Profile settings. Turn “I'd like to receive promotional emails.” on or off to save the changes. Your email address will be opted out of email marketing communications as soon as possible.

If you have any questions about how to opt-out of Airalo marketing communications, please feel free to contact us at support@airalo.com.

How do I delete my account?

You may delete your account by using the “Delete Account” function from within your Profile Settings. Please log into your account, then navigate to your Profile settings. Click the “Delete Account” button and confirm your intention. We will process the request without delay or within one month of receipt of the request should there be special requirements attached.

Please note that in any case, we may need to verify your identity and your relationship with us before we can proceed with your request.

When does Airalo continue to process data after it has received a deletion request or objection to the processing?

In certain circumstances, Airalo may be required by law to retain and process your Personal Data even after a deletion request or objection to the processing. For instance, Airalo is required to retain certain personal information to satisfy legal obligations under Know Your Customer (KYC) and Payment transactions details.

9. Data transfer & International data transfer

The Service is owned by Airalo and may be accessed in Europe and abroad. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible, we take steps to treat personal information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. By submitting your personal information to us you agree to the transfer, storage, and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction you can contact us using the contact information below.

9. Security

We follow generally accepted industry standards to help protect your personal information. No method of transmission over the internet, mobile technology, or method of electronic storage, is completely secure. Therefore, while we endeavor to maintain physical, electronic, and procedural safeguards to protect the confidentiality of the information that we collect online, we cannot guarantee its absolute security.

Airalo’s users remain responsible for keeping their password and credentials secure. If you have reasons to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at support@airalo.com.

10. Changes to this policy

We reserve the right to change the terms of this Privacy Policy at any time. If there are material changes to this statement or in how we will use your personal information, we will notify you by prominently posting a notice of such changes here or on our home page, or by sending you an email. We encourage you to review this policy whenever you visit one of our websites or applications. Our privacy policy includes an “effective” and “last updated” date. The effective date refers to the date that the current version took effect. The last updated date refers to the date that the current version was last substantively modified.

11. Children

Our Services are not intended for children under the age of 13 and we do not knowingly collect personal information from unemancipated minors under age 16, without parental consent. Children under the age of 13 should not provide their personal information to us.

12. Contact information

If you have any questions, comments, appeals, or complaints concerning our privacy practices, or if you need to access this Privacy Policy in an alternative format due to having a disability, please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.

• support@airalo.com
• US toll-free phone number: +1 (888) 870-2848

If you are not satisfied with our response, and are in the European Union or United Kingdom, you may have a right to lodge a complaint with your local supervisory authority.

13. Additional information for California residents

California law requires us to disclose the following additional information related to our privacy practices. If you are a California resident, the following privacy disclosures apply to you in addition to the rest of the Privacy Policy.

• California Shine the Light: If you would like more information concerning the categories of personal information (if any) we share with third parties or affiliates for those parties to use for direct marketing, please submit a written request to us using the information in the Contact Information section above.
• Notice of Collection: The table below describes the categories of personal information we collect, disclose for a business purpose, “sell” and/or “share” (as those terms are defined by California law). Please note, in addition to the recipients identified below, we may disclose any of the categories of personal information we collect with government entities, as may be needed to comply with law or prevent illegal activity. We do not “sell” your personal information for money. As discussed elsewhere in the Privacy Policy, we use cookies and similar tracking technologies for purposes of targeted advertising. For more information, please see the Cookies and Other Technologies section of the Privacy Policy. For details regarding how we use personal information, please see the Information we collect section of the Privacy Policy.

 

Category of Personal Information	Category of Recipients
	Disclosures for a Business Purpose	Sharing for Cross-Context Behavioral Advertising
Identifiers – this may include real name, alias, postal address, unique personal identifier, online identifier, email address, account name, or other similar identifiers.	Affiliates or subsidiaries Business partners Data analytics providers Internet service providers Joint marketing partners  Operating systems and platforms Other Service Providers Payment processors and financial institutions  Professional services organizations, this may include auditors and law firms Social networks	Advertising networks
Government Issued Identification – this may include social security number, driver’s license number, or state issued identification number, passport number.	Network operators (where eKYC is required) Professional services organizations, this may include auditors and law firms
Financial Information – this may include bank account number, credit card number, debit card number, and other financial information.	Operating systems and platforms Payment processors and financial institutions  Professional services organizations, this may include auditors and law firms
Characteristics of protected classifications – this may include age, sex, race, ethnicity, physical, or mental handicap, etc.	Network operators (where eKYC is required) Professional services organizations, this may include auditors and law firms
Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Affiliates or subsidiaries Business partners Data analytics providers Internet service providers Joint marketing partners  Operating systems and platforms Other Service Providers Payment processors and financial institutions  Professional services organizations, this may include auditors and law firms• Social networks
Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.	Data analytics providers	Advertising networks
Professional or employment-related information	Affiliates or subsidiaries Business partners Operating systems and platforms Other Service Providers Professional services organizations, this may include auditors and law firms
Non-public education information (as defined in the Family Educational Rights and Privacy Act)	Affiliates or subsidiaries Business partners Operating systems and platforms Other Service Providers Professional services organizations, this may include auditors and law firms
Additional categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – this may include signature, physical characteristics, or description, insurance policy number.	Network operators (where eKYC is required) Professional services organizations, this may include auditors and law firms

 

• California Sensitive Information Disclosure. We collect the following categories of sensitive personal information (as defined under California law): biometric information, geolocation, social security number or other government issued ID information, account log-in, payment information. This information is collected in order to process transactions, comply with laws, manage our business, or provide you with services. Note that we do not use such information for any purposes that are not identified within the California Privacy Rights Act Section 1798.121.

---

2024 AIRGSM PTE. LTD.

All rights reserved