Privacy Policy

Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Sirat Studios Dijital Sanayi ve Ticaret Limited Şirketi
Yavuz Sultan Mah., Rıhtım Cad. No:42, Kat:1 Daire:1, 60 Evler – Derince, 41940 İzmit/Kocaeli, Turkey
E-mail: support@easysimy.com
Represented by: Yasemin Süme

Important note: The controller is based outside the European Union (Turkey). As we specifically offer our digital services (eSIM data plans) to consumers in the European Union, the GDPR applies to the processing of your personal data in accordance with its market place principle (Art. 3 Para. 2 GDPR).

2. Representative in the EU (Art. 27 GDPR)

[At this point, the name and address of the representative designated in the EU in accordance with Art. 27 GDPR must be entered, if one has been designated or if the exceptions of Art. 27 Para. 2 GDPR do not apply. Please check and complete.]

3. Data Protection Officer

A Data Protection Officer has not been appointed, as the legal requirements for this (Art. 37 GDPR) are not currently met. For questions regarding data protection, please contact the address provided above.

4. Transfer of your data to a third country (Turkey)

Since the controller is based in Turkey, your personal data will be transferred to a country outside the EU/EEA, for which there is no adequacy decision by the EU Commission, as part of contract processing. The transfer takes place on the basis of appropriate safeguards within the meaning of Art. 46 GDPR (in particular EU standard contractual clauses) or on the basis of your explicit consent or the necessity for contract fulfilment in accordance with Art. 49 Para. 1 GDPR. You can request a copy of the respective safeguards via the contact address provided above.

5. Hosting and provision of the website by Shopify

Our online shop is operated on the technical infrastructure of Shopify International Limited (Ireland) or Shopify Inc. (Canada) ("Shopify"). Shopify processes, among other things, IP addresses, order and payment data, and server log files on our behalf. The legal basis is Art. 6 Para. 1 lit. b and lit. f GDPR, as well as a data processing agreement with Shopify. Further information: Shopify's Privacy Policy.

6. Collection and storage of personal data

When you visit our website, our hosting provider automatically collects information in so-called server log files, which your browser automatically transmits (IP address, date and time of the request, browser type, operating system, search engine used, referrer URL). This data cannot be assigned to specific persons and is used exclusively to ensure trouble-free operation and to improve our offer (Art. 6 Para. 1 lit. f GDPR).

7. Registration, order and contract processing

When you purchase an eSIM in our shop, we collect and process the data required for contract processing (name, email address, billing address, payment data, if applicable device/eSIM technical details). The legal basis is Art. 6 Para. 1 lit. b GDPR (contract fulfilment) and Art. 6 Para. 1 lit. c GDPR (commercial and tax law retention obligations).

8. Payment processing

Payments in our shop are processed by credit card via Shopify Payments. Payment data (card data, billing address, transaction amount) is transferred to the respective payment service provider. The processing is based on Art. 6 Para. 1 lit. b GDPR. The payment service provider may in turn process the data under its own responsibility; its data protection provisions apply additionally in this respect.

9. Cookies and consent management

Our website uses cookies and similar technologies. Technically necessary cookies are used on the basis of Art. 6 Para. 1 lit. f GDPR or § 25 Para. 2 TDDDG. All other cookies (especially for analysis and marketing) are only set with your prior consent, obtained via our cookie consent tool (Art. 6 Para. 1 lit. a GDPR, § 25 Para. 1 TDDDG). You can revoke or adjust your consent at any time with effect for the future via the cookie banner.

10. Web analysis – Google Analytics

If you have given your consent, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies that enable an analysis of the use of our website (e.g., IP address (shortened), page views, time spent). The legal basis is your consent according to Art. 6 Para. 1 lit. a GDPR. A transfer to servers in the USA cannot be excluded; Google has submitted to the EU-US Data Privacy Framework principles or standard contractual clauses. Further information: Google Privacy Policy.

11. Online Marketing – Google Ads

If you have given your consent, we use Google Ads to promote our offers outside our website and for success measurement (conversion tracking) via Google Ireland Limited. Cookies are set which enable an analysis of the use of our ads. The legal basis is Art. 6 Para. 1 lit. a GDPR.

12. Meta Pixel (Facebook/Instagram)

If you have given your consent, we use the Meta Pixel from Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. This enables the tracking of user behaviour after users have seen or clicked on a Facebook or Instagram ad (conversion measurement), as well as the creation of target audiences for advertising purposes. The legal basis is Art. 6 Para. 1 lit. a GDPR. Further information can be found in Meta's data policies and on advertising under Meta's information on business tools.

13. TikTok Pixel

If you have given your consent, we use the TikTok Pixel from TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, Ireland, to measure the effectiveness of our advertisements on TikTok and to create target audiences. The legal basis is Art. 6 Para. 1 lit. a GDPR.

14. Email Marketing – Klaviyo

For sending newsletters and marketing emails, we use the Klaviyo platform (Klaviyo, Inc., 225 Franklin St, Boston, MA, USA). If you sign up for our newsletter, we use the data you provide (email address, name if applicable, purchasing behaviour) for personalised promotional emails. The legal basis is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time via the unsubscribe link in any email or by sending us a message.

15. Storage duration

We store personal data only for as long as is necessary for the respective purposes, or as required by commercial and tax law retention periods (usually 6-10 years). After that, the data is deleted or blocked, unless there is a further legal retention obligation.

16. Your rights as a data subject

You have the following rights against us:

  • Right to information (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw given consents with effect for the future (Art. 7 Para. 3 GDPR)

To exercise any of these rights, please contact: support@easysimy.com

17. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

18. Data Security

When visiting the website, we use the common SSL/TLS procedure (Transport Layer Security) in conjunction with the highest encryption level supported by your browser.

19. Changes to this Privacy Policy

We reserve the right to adapt this Privacy Policy so that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy. The new Privacy Policy will then apply to your next visit.

Status: July 2026