Tutorial Sign In

Privacy Policy

Last updated: 6/25/2025

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on data protection, please refer to our privacy policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the "Information about the responsible party" section of this privacy policy.

How do we collect your data?

Your data is collected when you provide it to us. This could be data you enter in a contact form, for example.

Other data is collected automatically or with your consent when you visit the website through our IT systems. This is mainly technical data (e.g. internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders, or other order inquiries.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right to request restriction of processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time regarding this and other questions about data protection.

Analysis Tools and Third-Party Tools

When visiting this website, your surfing behavior may be statistically evaluated. This is mainly done with analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

External hosting is carried out for the purpose of contract fulfillment towards our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 para. 1 lit. f GDPR). If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as consent includes storage of cookies or access to information in the user's terminal device (e.g., device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time.

Our host will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions regarding this data.

We use the following host:

Contabo GmbH
Aschauer Straße 32a
81549 Munich
Germany

3. General Information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We point out that data transmission on the Internet (e.g., communication by email) can have security vulnerabilities. Complete protection of data from access by third parties is not possible.

Information about the Responsible Party

The responsible party for data processing on this website is:

YaySIM
Alexander Schauff
Mühlenstr. 223a
41236 Mönchengladbach

Phone: [Phone number]
Email: [email protected]

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage duration is mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to exist. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion occurs after these reasons cease to exist.

Specific retention periods:
• Customer and order data: 10 years (commercial and tax law retention obligations)
• Server log files: 30 days
• Cookie data: Depending on cookie type (see cookie settings)
• Email communication: 6 years (commercial law retention obligation)

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Recipients of Personal Data

Recipients for Tracking and Analysis

When using our tracking and analysis tools, your data may be transmitted to the following recipients:

We have concluded data processing agreements in accordance with Art. 28 GDPR with all mentioned providers where required.

4. Data Collection on This Website

Cookies

Our website uses so-called "cookies". Cookies are small data packets that do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit ends. Permanent cookies remain stored on your device until you delete them yourself or automatic deletion occurs through your web browser.

CookieYes Cookie Management

We use CookieYes as a cookie consent management platform. Provider is CookieYes Limited, 3, Carryon House, Georges Avenue, Blackrock, County Dublin, A94 K6K2, Ireland.

CookieYes helps us to:
• Obtain your consent to use cookies
• Store your cookie preferences
• Ensure compliance with GDPR requirements
• Give you control over your cookie settings

Data processing is based on Art. 6 para. 1 lit. c GDPR (legal obligation to obtain consent) and Art. 6 para. 1 lit. f GDPR (legitimate interest in the legally compliant design of our website).

CookieYes itself sets the following technically necessary cookies:
• cookieyes-consent: Stores your consent status
• cookieyes-session: Technical session management

These cookies are required for the operation of consent management and cannot be deactivated.

Further information can be found in CookieYes's privacy policy: https://www.cookieyes.com/privacy-policy/

Cookie Categories

Necessary Cookies

These cookies are essential for the operation of the website and cannot be deactivated.

  • p
  • r
  • i
  • v
  • a
  • c
  • y
  • .
  • s
  • e
  • c
  • t
  • i
  • o
  • n
  • 4
  • .
  • c
  • o
  • o
  • k
  • i
  • e
  • s
  • .
  • c
  • o
  • o
  • k
  • i
  • e
  • C
  • a
  • t
  • e
  • g
  • o
  • r
  • i
  • e
  • s
  • .
  • n
  • e
  • c
  • e
  • s
  • s
  • a
  • r
  • y
  • .
  • c
  • o
  • o
  • k
  • i
  • e
  • s
Analytics Cookies

These cookies help us understand how visitors interact with our website.

NameProviderPurposeExpiry
Marketing Cookies

These cookies are used to make advertising more relevant.

NameProviderPurposeExpiry

Google Tag Manager

We use Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

Purpose and Function

Google Tag Manager is a tag management system that allows us to centrally manage and control various tracking and analysis tools without having to intervene in the source code of our website. The Tag Manager itself is a domain that does not set cookies and does not store personal data. It acts solely as a technical management tool.

Data Processed

When loading the website, your IP address is briefly transmitted to Google servers. The tools integrated via Tag Manager process data according to their respective privacy policies, which are explained below.

Use is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via our cookie settings.

Data is transmitted to Google Ireland Limited and may include forwarding to Google LLC in the USA. Transfer to the USA is based on the EU-US Data Privacy Framework.

Further information can be found in Google's privacy policy: https://policies.google.com/privacy

Google Analytics 4

This website uses Google Analytics 4, a web analytics service from Google Ireland Limited. If you have your habitual residence in the European Economic Area or Switzerland, Google Ireland Limited is the controller responsible for your data.

Purpose of Processing

Google Analytics uses cookies that enable analysis of website usage. We use Google Analytics exclusively with IP anonymization activated. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Data Processed

  • Browser type and browser version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Hostname of the accessing computer
  • Time of server request
  • IP address (anonymized)
  • Pages visited and user behavior
  • Geographic location (country/region)
  • Duration of stay and bounce rate
  • Goals achieved (conversions)

Storage Duration

• Event data: 2 months
• User data: 14 months
• Aggregated statistics: unlimited

We have concluded a data processing agreement with Google and fully implement the strict requirements of German data protection authorities when using Google Analytics.

Use of Google Analytics is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Opt-Out Options

You can prevent the collection and processing of your data by Google Analytics by:
• Adjusting your cookie settings on our website
• Downloading the browser add-on for deactivating Google Analytics: https://tools.google.com/dlpage/gaoptout

Facebook Pixel and Facebook Conversion API

We use the Facebook Pixel and Facebook Conversion API from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Purpose of Processing

These tools enable us to:
• Measure the effectiveness of our Facebook and Instagram advertising
• Perform statistical evaluations of user behavior
• Optimize our advertising measures
• Display personalized advertisements (remarketing)

Facebook Pixel

The Facebook Pixel is a code snippet on our website that is activated upon consent and captures certain user actions.

Facebook Conversion API

In addition to the Facebook Pixel, we use the server-side Conversion API. This transmits event data (such as purchases) directly from our servers to Facebook, which increases data quality and measurement accuracy.

Data Processed

  • HTTP header information (including browser information)
  • Your Facebook ID (if you are logged in to Facebook)
  • Pages visited and actions on our website
  • For purchases: Hashed email address for conversion attribution
  • Device information
  • Timestamp of actions

Enhanced Matching

When completing purchases, we transmit your email address in hashed (encrypted) form to Meta to better attribute the conversion. The email address is encrypted using a one-way hash function before transmission.

Use is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Facebook Pixel cookies have a lifespan of up to 180 days.

Joint Controllership

For certain processing operations, we are jointly responsible with Meta Platforms Ireland Limited. Details on the division of tasks can be found in the agreement at: https://www.facebook.com/legal/controller_addendum

Opt-Out Options

You can object to the use of your data for advertising purposes:
• Via our cookie settings on this website
• In your Facebook advertising settings: https://www.facebook.com/settings?tab=ads
• Via the European Digital Advertising Alliance website: http://www.youronlinechoices.com

Microsoft Clarity

We use Microsoft Clarity, a web analytics service from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Purpose of Processing

Microsoft Clarity helps us better understand user behavior on our website through:
• Heatmaps (visualization of clicks and scrolling behavior)
• Session replays (anonymized recordings of user interactions)
• Frustration metrics (e.g., rage clicks, excessive scrolling)
• JavaScript error analysis

Data Processed

  • Anonymized IP address
  • Device information (screen size, device type)
  • Browser type and version
  • Geographic location (country only)
  • Preferred language
  • Mouse movements and click behavior
  • Scroll depth and interactions
  • Pages visited and time spent

Privacy at Clarity

Microsoft Clarity is configured to automatically mask sensitive content such as password fields. Text inputs are not recorded.

Use is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Microsoft stores the data for a maximum of 90 days.

Data is processed on Microsoft Azure servers. Transfer to the USA is based on the EU-US Data Privacy Framework.

Further information can be found in Microsoft's privacy policy: https://privacy.microsoft.com/en-us/privacystatement

Google Consent Mode v2

We use Google Consent Mode v2 to transmit your consent decisions to all Google services used.

Function

Google Consent Mode adjusts the behavior of Google tags (Analytics, Ads, etc.) based on your cookie settings. The following types of consent are distinguished:
• analytics_storage: Storage of analytics cookies
• ad_storage: Storage of advertising cookies
• ad_user_data: Use of user data for advertising purposes
• ad_personalization: Personalized advertising

Our Implementation

We use Consent Mode in 'Basic' mode. This means:
• Without your consent, no Google tags are loaded
• No data is transmitted to Google
• No cookieless pings or measurements without consent
• Only after your explicit consent are the corresponding services activated

Implementation of Consent Mode itself is based on our legitimate interest in the legally compliant design of our website (Art. 6 para. 1 lit. f GDPR).

Cloudflare

We use the "Cloudflare" service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter "Cloudflare").

Cloudflare offers a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed through Cloudflare's network. This enables Cloudflare to analyze traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the Internet. Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our web offering as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/

Supabase

We use Supabase for database infrastructure and user management. Provider is Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992.

Processing takes place exclusively on servers in Germany. The following data is stored in Supabase:
• Email addresses (from the order process)
• Order history and eSIM information
• Login data for your customer account

The use of Supabase is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment) as well as Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient data management).

Further information: https://supabase.com/privacy

Newsletter and Marketing Emails

Consent During Order

During the ordering process, you can optionally consent to receive information beyond your order (e.g., offers, product news). This consent is based on Art. 6 para. 1 lit. a GDPR and can be revoked at any time.

Withdrawal

You can revoke your consent at any time via email to [email protected] or via the unsubscribe link in any marketing email.

Contact via Email, Phone, or Fax

If you contact us by email, phone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

Processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or necessary for carrying out pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries directed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

Important Notes on Tracking

Consent Required

All mentioned tracking and analysis tools are only activated after your explicit consent via our cookie banner.

Withdrawal

You can revoke your consent at any time with effect for the future by accessing the cookie settings on our website.

Data Transfer to Third Countries

When using the mentioned services, data may be transferred to the USA. The transfer is based on the EU-US Data Privacy Framework, which ensures an adequate level of data protection.

No Profiling Without Consent

Without your consent, no profiling, tracking, or personalized advertising takes place.

5. Payment Providers

Stripe

On this website, we offer payment via Stripe. The provider of this payment service is Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA.

When you select payment via Stripe, you will be redirected to Stripe's secure payment page. Your payment data is transmitted directly to Stripe and is not stored or processed on our servers. Data processing by Stripe is based on Art. 6 para. 1 lit. b GDPR (processing for contract fulfillment) as well as Stripe's legitimate interest in secure payment processing.

Details about Stripe can be found at: https://stripe.com/privacy

Resend

For sending transactional emails (order confirmations, eSIM deliveries) we use the Resend service. Provider is Resend, Inc.

Resend processes only the data necessary for email sending:
• Email address
• Order-relevant information

Processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment).

Further information: https://resend.com/privacy

6. Data Transmission for Contract Conclusion for Services and Digital Content

We transmit personal data to third parties only when this is necessary for contract processing, such as to the company commissioned with delivery or the credit institution commissioned with payment processing. Further transmission of data does not occur or only occurs if you have expressly consented to the transmission. Data will not be passed on to third parties without your express consent, for example for advertising purposes.

For the provision of eSIM services, we work with specialized eSIM providers. The transmission of your data to these partners occurs exclusively for the purpose of contract fulfillment (Art. 6 para. 1 lit. b GDPR) and includes only the data necessary for providing eSIM services.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for contract fulfillment or pre-contractual measures.

7. Registration and Customer Account

Automatic Account Creation

When placing an order via Stripe, a customer account is automatically created with your email address. This enables you to:
• View your order history
• Manage your eSIMs
• Access purchase receipts

Processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment) as well as Art. 6 para. 1 lit. f GDPR (legitimate interest in providing customer service).

Account Deletion

You can request the deletion of your account at any time at [email protected]. Please note that certain data must be retained for 10 years for tax reasons.

Contact

If you have any questions about this Privacy Policy, please contact us at: [email protected]