Kaspersky eSIM Store Privacy Policy and Cookie Policy

BACKGROUND:

BNESIM Limited understands that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits the Kaspersky eSIM Store website or uses the Kaspersky eSIM Store mobile application. We will only collect and use information in ways that are useful to you and in a manner consistent with your rights and Our obligations under the law.

This Policy applies to Our use of any and all data collected by Us in relation to your use of the Kaspersky eSIM Store website and mobile application. Please read this Privacy Policy carefully and ensure that you understand it. You will be required to read and accept this Privacy Policy when signing up for an Account. If you do not accept and agree with this Privacy Policy, you must stop using the Kaspersky eSIM Store website and mobile application immediately.

1. DEFINITIONS AND INTERPRETATION

In this Policy, the following terms shall have the following meanings:

• “Account” means an account required to access and/or use certain areas and features of the Kaspersky eSIM Store website or mobile application.

• “Cookie” means a small text file placed on your computer or device by our website or mobile application when you visit certain parts and/or when you use certain features. Details of the Cookies used are set out in section 12 below.

• “Kaspersky eSIM Store website and mobile application” means the website https://www.kasperskyesimstore.com/ and the Kaspersky eSIM Store app for iOS and Android.

• “Hong Kong and EU Privacy Laws” means the relevant parts of the Personal Data (Privacy) Ordinance, Laws of Hong Kong (Cap 486) (PDPO) and the General Data Protection Regulation (Regulation (EU) 2016/679).

• “We/Us/Our” means BNESIM Limited, a limited company registered in Hong Kong under license 2531485, whose registered address is Unit C, 8/F, King Palace Plaza, No. 55 King Yip Street, Kwun Tong, Kowloon, Hong Kong.

2. INFORMATION ABOUT US

1. The Kaspersky eSIM Store website https://www.kasperskyesimstore.com/ is operated by BNESIM Limited, a limited company registered in Hong Kong under license 2531485, with its registered address at Unit C, 8/F, King Palace Plaza, No. 55 King Yip Street, Kwun Tong, Kowloon, Hong Kong.

2. We are regulated as a data controller by applicable data protection laws, including GDPR.

3. Our Data Protection Officer is Christian Brilli, who can be contacted at: [email protected]

4. Representative in EU**:** Dromedian S.r.l., Via Erasmo Piaggio, 35, 66100 Chieti CH, Italy.

3. POLICY SCOPE AND COVERAGE

This Privacy Policy applies only to your use of the Kaspersky eSIM Store website and mobile application. It does not extend to any websites or apps that are linked to from our platform (whether we provide those links or they are shared by other users). We have no control over how your data is collected, stored, or used by other websites or services, and we advise you to review the privacy policies of any such third parties before providing any data to them.

4. WHAT DATA DO WE COLLECT?

Some data will be collected automatically by the Kaspersky eSIM Store website and mobile application, while other data will only be collected if you voluntarily submit it and give consent. Depending on your use of our services, we may collect some or all of the following data:

1. Name

2. Email address

3. Financial information, such as credit/debit card numbers

4. IP address (automatically collected)

5. Web browser type and version (automatically collected)

6. Operating system (automatically collected)

7. A list of URLs starting with the referring site and your activity on the Kaspersky eSIM Store website or app

5. WHY WE PROCESS YOUR DATA

We collect and process your data for various purposes, depending on your interactions with the Kaspersky eSIM Store website and mobile application. Each processing activity is carried out based on a specific legal basis under applicable data protection laws.

A. To fulfil our contract with you

We process your data to provide the services you request and to perform our contractual obligations. This includes:

• Creating and managing your account

• Providing access to the Kaspersky eSIM Store website and mobile application

• Supplying our products and services to you

• Processing payments and transactions

• Responding to your inquiries and communications

B. Based on our legitimate interests

Where permitted by applicable laws, we process your data to improve our services and ensure a secure experience. This includes:

• Personalising and tailoring your experience

• Improving our products, services, and platform based on feedback and usage data

• Conducting market research and user analysis

• Ensuring network and information security

We ensure that our legitimate interests do not override your fundamental rights and freedoms. You have the right to object to such processing at any time.

C. With your explicit consent

We only process your personal data for the following purposes when we have obtained your consent:

• Sending marketing communications, newsletters, and promotional content

• Using cookies and tracking technologies for analytics and advertising (see Section 12)

• Customising offers based on your preferences and activity

You may withdraw your consent at any time by contacting us at [email protected] or by using the unsubscribe link included in our communications.

D. To comply with legal obligations

We may also process your data to comply with applicable laws, regulations, and legal requirements.

E. Other legal bases

In accordance with data protection principles, we ensure that all personal data is processed lawfully, fairly, and transparently. We will only process your personal data if at least one of the following applies:

• You have given clear and informed consent for one or more specific purposes

• Processing is necessary for the performance of a contract or to take steps at your request before entering into a contract

• Processing is required to comply with a legal obligation

• Processing is necessary to protect your vital interests or those of another individual

• Processing is carried out in the public interest or in the exercise of official authority

• Processing is necessary for our legitimate interests or those of a third party, provided your rights do not override those interests

6. HOW AND WHERE DO WE STORE YOUR DATA

1. We only retain your data for as long as necessary to fulfill the purposes outlined in Section 5, or as long as we have your permission to keep it. We conduct periodic reviews to determine whether we still need your data, and we delete it when it’s no longer required.

2. Some or all of your personal data may be stored or transferred outside of the European Economic Area (“EEA”) — which includes all EU member states, as well as Norway, Iceland, and Liechtenstein.

By using the Kaspersky eSIM Store website and mobile application, you are informed that your data may be processed in countries outside the EEA. Where such transfers occur, we take all reasonable steps to ensure that your data is treated securely and in accordance with applicable data protection laws. These steps may include the use of Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent legal safeguards.

3. Data security is of great importance to us. We have implemented appropriate physical, electronic, and managerial procedures to safeguard and secure personal data collected via our services.

4. Steps we take to protect your data include:

• Using encryption and secure data transmission protocols

• Restricting access to personal data to authorized personnel only

• Storing personal data on secure servers within protected networks

7. DO WE SHARE YOUR DATA?

1. We may contract with third parties to provide services on our behalf, including payment processing, delivery of goods, search engine optimization, analytics, marketing, and customer support. In some cases, these third parties may require access to certain personal data.

Where any such data is shared, we ensure that it is handled securely, responsibly, and in compliance with applicable privacy laws and contractual safeguards.

2. We may compile anonymized statistics about usage of the Kaspersky eSIM Store website and mobile application, including data on traffic, patterns, user demographics, and sales. This data does not contain any personally identifiable information. We may share this anonymized data with business partners, investors, or advertisers, strictly within the bounds of applicable law.

3. In certain circumstances, we may be legally required to disclose personal data. This could include situations where we are compelled by a court order, law enforcement agency, regulatory authority, or other legal process. In such cases, we will disclose only the minimum data necessary and only as required by applicable law.

8. WHAT HAPPENS IF OUR BUSINESS CHANGES HANDS?

1. We may, from time to time, expand, reduce, or otherwise restructure our business. This may involve the sale and/or transfer of control of all or part of BNESIM Limited or the Kaspersky eSIM Store. Any personal data you have provided, where relevant to the part of our business being transferred, will be transferred along with that business segment.

2. In such cases, the new owner or newly controlling party will be permitted to use your data, but only for the same purposes originally collected and processed by us. They will be required to honor the terms of this Privacy Policy or a policy no less protective of your personal data.

3. You will be informed in advance of any such transfer and provided with an opportunity to review any changes to the applicable privacy terms.

9. HOW CAN YOU CONTROL YOUR DATA?

1. When submitting your information via the Kaspersky eSIM Store website or mobile application, you may be given options to restrict our use of your data. We aim to provide clear choices regarding how your data is used, including tools to manage your marketing preferences and privacy settings within your account.

2. You can opt out of receiving marketing communications from us at any time by:

• Clicking the “unsubscribe” link included in our emails, or

• Contacting us at: [email protected]

3. Users located in Hong Kong may register with preference services such as the Telephone Preference Service (TPS), the Corporate Telephone Preference Service (CTPS), or the Mailing Preference Service (MPS), which may help to reduce unsolicited marketing communications. Please note, however, that these services will not block messages you have explicitly consented to receive.

10. YOUR RIGHT TO WITHHOLD INFORMATION AND YOUR RIGHT TO WITHDRAW CONSENT

1. You may access the Kaspersky eSIM Store website and mobile application without providing any personal data. However, to use certain features or services (such as purchasing an eSIM or creating an account), the submission of specific personal data may be required.

2. You may configure your web browser or device settings to restrict the use of cookies. For more information, see Section 12 of this Privacy Policy.

3. If you have previously given consent for us to process your personal data, you may withdraw that consent at any time by contacting us at: [email protected]. Upon receiving your request, we will delete your personal data from our systems, unless we are legally required or otherwise entitled to retain it.

Please note that withdrawing consent may limit our ability to provide certain services to you.

11. HOW CAN YOU ACCESS YOUR DATA?

You have the legal right to request access to a copy of any personal data we hold about you. If you wish to do so, please contact us at: [email protected]. We will respond in accordance with applicable data protection laws.

12. WHAT COOKIES DO WE USE AND WHAT FOR?

1. The Kaspersky eSIM Store website uses cookies to enhance user experience, deliver services, and analyze site traffic. In accordance with GDPR and other applicable laws, we request your consent before placing any cookies that are not strictly necessary.

2. Strictly necessary cookies are essential for the functioning of the website and are always enabled.

3. Non-essential cookies (e.g., analytics, advertising, personalization) are disabled by default and are only activated with your explicit consent through our Cookie Management Platform (CMP). You can manage your preferences or withdraw consent at any time.

4. Cookies are categorized as follows:

• Necessary: Login sessions, basic site functions

• Analytics: Understand how visitors interact with the site

• Marketing: Track user behavior to show relevant ads

5. The first-party cookies we use include:

• affiliate, click_id, landing, source_id: track customer origin (consent required)

• lgac: authentication (necessary)

• PHPSESSID: session cookie (necessary)

6. We use third-party cookies for analytics and advertising, including services from:

• Google

• Facebook

• AppsFlyer

7. You can configure your browser to block or delete cookies. However, disabling certain cookies may affect site functionality.

8. For more information on managing cookies, refer to your browser’s help section.

13. SUMMARY OF YOUR RIGHTS UNDER GDPR

Under the GDPR, you have the right to:

• Request access to your personal data

• Request correction or deletion of your data

• Object to or restrict processing

• Withdraw consent at any time

• Request data portability

• Lodge a complaint with a supervisory authority

• Be informed about automated decision-making and profiling (see Section 14)

To exercise these rights, contact us at: [email protected].

14. AUTOMATED DECISION-MAKING AND PROFILING

14.1 In the event that we use personal data for automated decision-making that produces legal effects or similarly significant consequences, you have the right to request human intervention, express your point of view, and contest the decision.

14.2 This right does not apply where the automated decision:

• Is necessary for entering into or performing a contract with you

• Is authorized by applicable law

• Is based on your explicit consent

14.3 When we conduct profiling, we ensure that:

• You are provided with clear information, including the purpose and potential consequences

• Appropriate statistical or mathematical procedures are used

• Technical and organizational safeguards are in place to minimize errors and prevent discriminatory outcomes

• All profiling is conducted securely

14.4 We currently make automated decisions based on user profile fields such as language and location, for the purpose of content personalization.

14.5 We currently use profiling to:

• Send newsletters and communications in your preferred language

• Offer services and promotions relevant to your location and previous purchases

14.6 Contacting Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at: [email protected]. Be sure to clearly state your request, especially if you’re asking for information about your personal data.

14.7 Changes to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. Any updates will be published on the Kaspersky eSIM Store website. Continued use of our services after such changes constitutes acceptance of the revised policy. We encourage you to check this page regularly to stay informed.

RISKS OF THE INTERNET

Certain activities performed while accessing the internet carry inherent risks and may result in harm or loss to the Subscriber or others. These activities include, but are not limited to:

(i) Downloading content (including emails) that may contain viruses, malware, or other harmful elements;

(ii) Purchasing goods or services online from unverified sources;

(iii) Transmitting confidential information over the internet (e.g., credit card numbers, personal data);

(iv) Accessing or viewing content that may be inappropriate or offensive, including material unsuitable for children.

The Subscriber assumes all risks associated with these activities. BNESIM shall not be liable for any loss, damage, or legal consequence resulting from such use. To help mitigate these risks, Subscribers may choose to use content filtering or parental control solutions.

CONTENT PUBLISHING

The Subscriber is solely responsible for any content they publish using the Service, including but not limited to websites, emails, online forums, and newsgroups. Accordingly, the Subscriber agrees to:

(i) Avoid publishing any material that constitutes a Prohibited Activity under this policy;

(ii) Take appropriate measures to prevent minors from accessing or receiving content that may be inappropriate for them, such as implementing age restrictions, access controls, or clear content warnings.

BNESIM does not monitor the content of user traffic transmitted via the Service. However, BNESIM reserves the right to restrict access to, block, or remove specific content or services if required to do so by applicable law, relevant authorities, or based on formal legal notices. BNESIM may also take action to prevent abuse or to protect the integrity and security of its network, including cooperating with authorities in the event of verified violations.

BNESIM may, at its sole discretion, remove prohibited content from its infrastructure or restrict access to certain internet resources to enforce this policy or respond to third-party requests. This may include filtering, blocking, suspending accounts, or disabling access to content.

BNESIM also reserves the right to respond to copyright takedown requests, such as removing copyrighted material or suspending accounts involved in infringement.

By using the Service to transmit or publish content, the Subscriber represents that the content complies with this policy and authorizes BNESIM to store, transmit, and reproduce such content to deliver the Service.

ELECTRONIC MESSAGING AND SPAM

The Subscriber must not use the Service to send spam, scam messages, or bulk and/or unsolicited texts or communications. For clarity:

• Spam refers to unsolicited communications (including promotions, product advertisements, event invitations, or campaigns) sent via any device or application, regardless of whether they include sender identification or opt-out options.

• Scam messages are fraudulent or misleading communications intended to deceive recipients for financial or personal gain.

Such prohibited communications include, but are not limited to:

• Commercial advertising or promotions not requested by the recipient;

• Informational announcements sent in bulk;

• Chain letters, political or religious mass messaging.

The Subscriber must not:

(i) Send messages to any party who has opted out or objected to receiving them;

(ii) Collect or redirect responses from unsolicited messages in violation of this policy or the policies of other providers;

(iii) Obscure the origin of messages or forge message headers;

(iv) Send multiple identical or disruptive messages (e.g., “mail bombing”);

(v) Distribute chain messages, regardless of consent.

BNESIM is not responsible for delivering or storing messages sent to accounts that are suspended or terminated. Such messages may be deleted, returned to the sender, or ignored at BNESIM’s discretion.

ONLINE FORUMS

When using the Service to access third-party platforms, including online forums, the Subscriber agrees not to use the Service in a way that violates the terms or usage policies of those platforms.

BNESIM does not control or moderate external forums, but may take action if a Subscriber’s use of the Service contributes to abuse, spam, disruption, or other behavior that impacts the quality or integrity of the Service or its network.

Examples of misuse include:

• Posting or cross-posting the same or similar content to multiple forums in a disruptive manner;

• Attempting to flood, overload, or derail online discussions through excessive or meaningless content;

• Using the Service to access platforms from which the Subscriber has previously been banned.

The Subscriber is solely responsible for ensuring that their forum activity via the Service does not cause service degradation or violate this policy.

RESALE OR BUNDLING OF SERVICE

The Subscriber agrees not to resell, redistribute, or otherwise share access to the Service with any third party, whether temporarily or permanently, for compensation or other value. This includes:

• Providing access to the Service to individuals outside of the Subscriber’s household or organization without prior written approval from BNESIM;

• Using the Service as part of another telecommunications offering or bundled service;

• Promoting or publicizing the Service in a way that could result in abnormal usage or contribute to network congestion.

The Service is intended solely for the individual use of the Subscriber under the terms of their subscription.