Client Area

Buy OneSIM

Features

Who It's For

How It Works

Pricing

FAQ

Client Area

Buy OneSIM

Privacy Policy

Company: ONECONNECT LTD
Registration number: HE 457873
Jurisdiction: Cyprus
Registered office: 28 Oktovriou 243, Christiana Sea View Court, Floor 3, Flat/Office 301-302, 3035 Limassol, Cyprus
Last updated: 9 April 2026

1. Introduction

This Privacy Policy explains how ONECONNECT LTD ("OneSIM," "OneConnect," "we," "us," or "our") collects, uses, stores, shares, and protects personal data when you use our website, create an account, purchase a plan, activate a SIM or eSIM, contact support, or otherwise interact with our Services.

We act as the data controller for personal data processed in connection with our Services, except where another role is expressly stated.

2. Controller Details

Data Controller: ONECONNECT LTD
Registration number: HE 457873
Registered office: 28 Oktovriou 243, Christiana Sea View Court, Floor 3, Flat/Office 301-302, 3035 Limassol, Cyprus
Privacy contact: privacy@oneconnect.world

Data Protection Officer / Privacy Contact:
ONECONNECT LTD has determined that appointment of a DPO is not mandatory for its current processing activities. Privacy and data protection inquiries may be directed to privacy@oneconnect.world.

3. Personal Data We Collect

Depending on how you use the Services, we may collect the following categories of personal data.

A. Identity and account data

Full name

Username and password credentials

Billing and account identifiers

Customer type (individual or business)

B. Contact data

Email address

Phone number

Correspondence address

Communication preferences

C. Verification and compliance data

Company verification documents where relevant to business accounts or partnerships

Limited account or transaction verification information where reasonably necessary for fraud prevention, payment-provider requirements, telecom-partner requirements, or legal compliance

Sanctions, fraud, or risk-screening results

Tax or regulatory information required for compliance

D. Transaction and billing data

Order history

Active plan or service-term status

Invoices and payment records

Billing information connected to your purchase

Where you pay by card, payment card and transaction information processed by our payment providers and billing/payment records available to us in connection with the transaction

Payment method metadata provided by payment processors

Chargeback, dispute, and refund data

E. Service and technical usage data

SIM/eSIM identifiers

Device identifiers

IP addresses

Operating system, browser, app, and device information

Activation records

Connectivity logs, session timestamps, and plan usage metrics

Network, roaming, and destination-related technical events

Approximate location derived from service use or network activity

F. Support and communications data

Support tickets

Emails, chats, and call records where permitted

Feedback, surveys, and complaint records

G. Marketing and analytics data

Website interactions

Referral source

Campaign attribution

Cookie or similar technology data, subject to applicable consent requirements

We do not intentionally collect special-category personal data unless this is strictly necessary and lawful, such as where required for compliance or dispute handling.

4. How We Collect Data

We collect personal data:

Directly from you when you sign up, place an order, provide account or billing details, submit business information where relevant, or contact us

Automatically through your use of the website or Services

From payment processors, fraud prevention providers, carriers, and business partners, including card-payment and billing information where relevant to a transaction

From public or compliance databases where lawful

From referrals or business representatives acting on your behalf

5. Purposes and Legal Bases for Processing

Where the GDPR applies, we process personal data on one or more of the following legal bases.

A. Contract performance

We process data as necessary to:

Create and manage your account

Process orders and payments

Provision SIM/eSIM services

Deliver connectivity, prepaid services, and support

Notify you about service-related matters

B. Legal obligation

We process data where required to:

Comply with tax, accounting, consumer, telecom, sanctions, anti-fraud, anti-money laundering, lawful disclosure, or other legal obligations

Respond to lawful requests from authorities

Maintain required business records

C. Legitimate interests

We process data where necessary for our legitimate interests, provided these interests are not overridden by your rights and freedoms, including to:

Secure the Services and prevent fraud or abuse

Troubleshoot, monitor, and improve performance

Manage disputes and enforce our legal rights

Conduct internal reporting, forecasting, and operational analysis

Protect our users, network partners, payment providers, and infrastructure

D. Consent

Where required, we rely on your consent for:

Certain marketing communications

Certain cookies or analytics tools

Certain device-based security or verification steps where consent is the appropriate legal basis

Fraud prevention, account protection, transaction review, and similar security measures are generally carried out on the basis of our legitimate interests and/or legal obligations where applicable.

You may withdraw consent at any time, but this does not affect processing already carried out lawfully before withdrawal.

6. Sharing of Personal Data

We may share personal data with:

Mobile network operators, roaming partners, and telecom infrastructure providers to provide connectivity

Payment processors, banks, and fraud-screening providers, including where card-payment and billing information is processed in connection with a transaction

Business verification, compliance, and fraud-screening vendors where relevant

Hosting providers, cloud infrastructure providers, data storage providers, customer support tools, CRM tools, analytics providers, and communication tools

Professional advisers, auditors, insurers, and legal counsel

Regulators, law enforcement bodies, courts, and competent authorities where required by law

Buyers, investors, or successors in connection with a merger, financing, acquisition, restructuring, or asset sale, subject to appropriate safeguards

We require service providers acting on our behalf to process personal data under appropriate contractual and security obligations where required by law.

7. International Transfers

Because OneSIM operates internationally, your personal data may be transferred to and processed in countries outside the European Economic Area, including countries in which our network partners, cloud and infrastructure providers, customer-support providers, analytics providers, fraud-prevention providers, business-verification or compliance providers where relevant, and payment processors operate.

Where required by law, we use appropriate safeguards for such transfers, such as:

Adequacy decisions

Standard contractual clauses

Other lawful transfer mechanisms recognized under applicable data protection law

Further details about relevant categories of recipients, international transfer routes, and, where applicable, our current sub-processor or recipient list may be made available in supplementary privacy materials, a vendor list, or upon request, subject to security and confidentiality considerations.

8. Data Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and maintain security and fraud records.

Our standard retention approach is as follows, unless a longer period is required or permitted by law, needed for the establishment, exercise, or defence of legal claims, or justified by fraud, abuse, or security investigations:

Account profile and contract data: for the duration of the customer relationship and for a post-termination period consistent with applicable limitation periods, contractual recordkeeping needs, and legal obligations

Billing, invoicing, payment, tax, and accounting records: for the period required by applicable tax, accounting, and audit laws

Business verification, transaction-review, and compliance records: for the period required by applicable legal, regulatory, sanctions, anti-fraud, or anti-money laundering requirements, where applicable

Customer support correspondence and complaint records: typically up to 24 months after closure unless linked to an active dispute or legal obligation

Security logs, authentication logs, and fraud-prevention records: typically up to 24 months, subject to extension where reasonably necessary for security, abuse prevention, or investigations

Service usage, provisioning, and technical diagnostics records: retained for the period reasonably necessary to operate, secure, analyse, troubleshoot, bill, and support the Services, and then deleted, anonymised, or aggregated where feasible

Marketing consent and suppression records: retained for as long as needed to demonstrate compliance with consent/opt-out obligations

We may retain anonymised or aggregated information for analytics, service improvement, financial modelling, and business planning where that information no longer identifies you.

9. Automated Decision-Making and Safeguards

We may use automated tools to detect fraud, payment abuse, sanctions risks, unusual usage patterns, or security threats.

In some cases, these tools may help us decide whether to accept an order, provision a Service, require additional verification, restrict an account, or block a transaction. Where a decision producing legal effects or similarly significant effects, such as rejection of a purchase or permanent account suspension, is based solely on automated processing, we will do so only where permitted by applicable law and will provide the safeguards required by law.

Where applicable, those safeguards may include the right to request human review, express your point of view, and contest the decision. To exercise those rights, contact us at privacy@oneconnect.world.

10. Your Rights

Where the GDPR or similar laws apply, you may have the right to:

Request access to your personal data

Request rectification of inaccurate or incomplete data

Request erasure in certain circumstances

Request restriction of processing

Object to processing based on legitimate interests

Withdraw consent where processing is based on consent

Request data portability where applicable

Lodge a complaint with a supervisory authority

To exercise your rights, contact us at privacy@oneconnect.world. We may ask you to verify your identity before responding.

If you are not satisfied with our response, you may lodge a complaint with the Cyprus Commissioner for Personal Data Protection or the supervisory authority in your place of residence, work, or the place of the alleged infringement.

11. Security

We implement reasonable technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

However, no transmission or storage system is completely secure, and we cannot guarantee absolute security.

12. Children

The Services are not intended for children, and we do not knowingly collect personal data from individuals who are under the age required to lawfully use the Services. If you believe a child has provided personal data to us, contact us so that we can take appropriate action.

13. Cookies and Similar Technologies

We may use cookies, pixels, SDKs, and similar technologies to operate the website, remember preferences, measure traffic, improve user experience, and support marketing.

Strictly necessary cookies may be used without consent where permitted by law because they are required for core website functionality, security, network management, fraud prevention, or to provide a service you explicitly request.

Analytics, performance, advertising, and similar non-essential cookies or technologies will be used only with your consent where required by law. You can manage your preferences through our cookie banner or consent management tools, and you can also control cookies through your browser settings.

Further details are set out in our Cookie Policy.

14. Third-Party Links and Services

Our website or Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of those third parties, and you should review their policies separately.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will publish the updated version and revise the "Last updated" date. Where required by law, we will provide additional notice.