Privacy Policy

Effective date — 25 March 2026
Last updated — 25 March 2026
Version — 1

1. Introduction

1.1 This Privacy Policy explains how INSTANTSIM LTD (15419267) processes personal data when you visit Jettello.com, place an order, receive eSIM installation details, contact customer support, or otherwise interact with our Website, products, and services.

1.2 We process personal data as a controller in accordance with the UK GDPR, the Data Protection Act 2018.

1.3 This Privacy Policy is intended to provide the information that individuals are entitled to receive about the collection and use of their personal data. Where mandatory law gives you stronger rights than those described here, that law will prevail.

2. Controller Details and Contact Information

2.1 The data controller is INSTANTSIM LTD (15419267), Registered office address: Dept 6659 126 East Ferry Road, Canary Wharf, London, United Kingdom, E14 9FP.

2.2 Our Website is Jettello.com.

2.3 For privacy, data protection, or data rights requests, you may contact us at info@jettello.com.

2.4 If we are required by law to appoint a data protection officer or another designated privacy contact, the relevant contact details will be made available on the Website.

3. Scope of this Policy and Role Allocation

3.1 This Privacy Policy applies to personal data processing for which we determine the purposes and means of processing.

3.2 Payment providers used to process card payments or other payment methods may process payment-related personal data either as our processors or as independent controllers, depending on the service structure and the provider’s legal role.

3.3 Technical suppliers involved in eSIM provisioning, connectivity, activation, fraud screening, hosting, support, or infrastructure may process personal data either on our behalf or in their own capacity where this is required by law or by the nature of the service they provide.

3.4 Where another organisation acts as an independent controller, its own privacy notice will apply to the processing for which it is responsible.

4. Categories of Personal Data We Process

4.1 Depending on how you use the Website and our services, we may process the following categories of personal data.

4.2 Identity and contact data, including your name if you provide it, your email address, and your country or region where relevant to your order or support request.

4.3 Account and authentication data, where account functionality is available, including account identifiers, login-related metadata, and securely stored password data in hashed form where applicable.

4.4 Order and contract data, including order number, product selection, country or region, data allowance, validity period, order status, delivery status, timestamps, and records showing when Installation Details were made available.

4.5 eSIM provisioning and service data, including QR code payload data, SM-DP+ address, activation code, provisioning identifiers, activation status, assignment status, technical diagnostic information, and limited usage indicators available to us, such as whether an eSIM has been activated or whether allowance remains. We do not process the content of your communications.

4.6 Payment and transaction data, including payment reference numbers, payment status, amount, currency, payment method type, and fraud screening results. We do not ordinarily receive or store full payment card numbers.

4.7 Communications and support data, including emails, support requests, complaint submissions, attachments, screenshots, and technical logs you send to us.

4.8 Technical, device, and usage data, including IP address, device type, browser type, operating system version, language settings, time stamps, referral source, and security or diagnostic logs.

4.9 Cookie and similar technology data, where relevant, including identifiers necessary for security and operation, and additional analytics or preference data where you have consented to non-essential cookies.

4.10 Legal and compliance data, including records required for legal compliance, fraud prevention, dispute handling, enforcement, and the establishment, exercise, or defence of legal claims.

5. Purposes of Processing and Legal Bases

5.1 We process personal data only where we have a valid legal basis under the UK GDPR and only for specific and legitimate purposes.

5.2 We process personal data where necessary for the performance of a contract or to take steps at your request before entering into a contract. This includes enabling orders through the Website, processing purchases, providing Installation Details, provisioning eSIMs, assigning Data Packages, delivering service-related communications, and providing customer support connected to your order.

5.3 We process personal data where necessary to comply with our legal obligations. This includes compliance with accounting, tax, record-keeping, consumer law, fraud-prevention, and regulatory requirements that apply to our business.

5.4 We process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This includes securing the Website, preventing fraud and misuse, maintaining service quality, troubleshooting technical issues, improving operational reliability, and establishing, exercising, or defending legal claims.

5.5 We process your purchase data to fulfil our legal obligations under the Consumer Rights Act 2015. This includes maintaining records relevant to your statutory rights if digital content or digital services are faulty, not as described, or otherwise not in conformity with contract, and processing data relevant to the 14-day cancellation framework where that regime applies, including cases where you have expressly requested immediate supply and acknowledged that your cancellation right may be affected once supply begins.

5.6 We process personal data on the basis of consent where consent is required by law. This includes placing non-essential cookies or similar technologies and sending marketing communications where consent is legally required. Where processing is based on consent, you may withdraw that consent at any time, but this will not affect processing already carried out before withdrawal.

6. Recipients of Personal Data

6.1 We may share personal data with service providers that support the operation of the Website and our services, including hosting providers, infrastructure providers, support platforms, email providers, analytics providers where permitted, fraud prevention tools, and security vendors.

6.2 We may share personal data with payment service providers, banks, card schemes, and related financial institutions involved in payment processing, chargeback handling, fraud checks, and transaction verification.

6.3 We may share personal data with technical eSIM provisioning suppliers, telecommunications partners, roaming partners, and other technical service providers where this is necessary to provision an eSIM, assign a Data Package, enable connectivity, investigate faults, or maintain service continuity.

6.4 We may disclose personal data to regulators, law enforcement bodies, courts, public authorities, insurers, professional advisers, auditors, and legal counsel where disclosure is required by law or reasonably necessary for compliance or legal protection.

6.5 We do not sell your personal data.

7. International Transfers

7.1 The Company is incorporated in the United Kingdom. While we may use service providers and data centres located in the European Economic Area (EEA) and globally, your data is primarily governed by UK data protection standards.

7.2 Where personal data is transferred outside the UK, we will do so only where the transfer is permitted under applicable law and supported by an appropriate safeguard. Depending on the circumstances, this may include adequacy regulations, standard contractual clauses, the UK Addendum, the ICO’s International Data Transfer Agreement, or another lawful transfer mechanism recognised under the UK GDPR.

7.3 You may contact us at info@jettello.com if you want further information about the safeguards we use for restricted international transfers.

8. Data Retention

8.1 We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer period is required or permitted by law.

8.2 Order, contract, support, and technical records are retained for as long as reasonably necessary to provide the service, manage troubleshooting, deal with complaints, handle refunds, and address disputes or legal claims.

8.3 Notwithstanding account inactivity, we are required by UK tax law and HMRC record-keeping expectations to retain records of financial transactions and related business records for a minimum period that may extend to at least six years, depending on the nature of the record and the applicable tax framework.

8.4 Where we retain personal data for compliance, dispute resolution, or legal claims, the retention period will be determined by the relevant statutory limitation periods, tax requirements, regulatory obligations, and evidential needs.

8.5 When retention is no longer required, personal data will be deleted, anonymised, or securely put beyond use, unless continued retention is required by law.

9. Your Rights

9.1 Subject to the conditions and limits set by the UK GDPR and the Data Protection Act 2018, you may have the right to request access to your personal data, rectification of inaccurate data, erasure of data, restriction of processing, data portability, and to object to certain processing, including processing based on legitimate interests and direct marketing.

9.2 Where processing is based on consent, you also have the right to withdraw consent at any time.

9.3 If you wish to exercise any of your rights, you may contact us at info@jettello.com. We may ask for information reasonably necessary to verify your identity before acting on your request.

9.4 We will respond to rights requests in accordance with the timeframes and requirements laid down by applicable law.

10. Security Measures

10.1 We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

10.2 These measures may include access controls, credential security, encryption in transit where appropriate, internal permission management, monitoring, logging, incident handling processes, and minimisation of access on a need-to-know basis.

10.3 No system is completely secure. You are also responsible for protecting your own devices, credentials, and access to your email and account.

11. Cookies and Similar Technologies

11.1 The Website may use cookies and similar technologies for essential functionality, security, fraud prevention, and performance.

11.2 Where required by law, we will ask for your consent before placing non-essential cookies or similar technologies on your device.

11.3 You can also manage cookies through your browser settings, although doing so may affect the functionality of parts of the Website.

12. Children’s Data

12.1 Our services are not directed to children, and we do not knowingly collect personal data from children.

12.2 If you believe that a child has provided personal data to us, please contact us at info@jettello.com so that we can review the matter and take appropriate action.

13. Automated Decision-Making and Fraud Screening

13.1 We may use automated tools and rules-based checks for fraud prevention, payment screening, account security, and operational protection.

13.2 Where such processing would produce legal effects concerning you, or similarly significantly affect you, we will apply the safeguards required by applicable data protection law, including the possibility of human review where required.

14. Third-Party Links

14.1 The Website may contain links to third-party websites, platforms, or services.

14.2 We are not responsible for the privacy practices of third parties, and their own privacy notices will govern their processing of your personal data.

15. Complaints

15.1 If you have concerns about how we process your personal data, we ask that you contact us first at info@jettello.com so that we can try to resolve the issue.

15.2 You have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You have the right to complain to them at any time, though we appreciate the chance to deal with your concerns before you approach them.

16. Changes to this Privacy Policy

16.1 We may amend this Privacy Policy from time to time to reflect changes in our services, processing activities, legal requirements, or operational practices.

16.2 The version published on the Website at the relevant time will apply from the date of publication unless mandatory law requires otherwise.