Legal Document

Privacy Policy

How Sinda-SG collects, processes, and protects your personal data under EU GDPR.

Last updated: March 2026 · Effective: March 2026

1. Data Controller

The Data Controller for processing of your personal data is:

Antonio Sambrotta
Sinda-SG
Via della Lucchina, 00135 Roma, Italy
Email: [email protected]

Antonio Sambrotta acts as Data Controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 (GDPR).

2. Scope

This policy covers data collected through sinda-sg.com, our eSIM purchase/delivery process, customer support, and related digital services. Third-party network operators in Singapore are governed by their own privacy policies.

3. Data We Collect

Purchase Data: Name, email, billing address, payment info (processed by PCI-DSS-compliant processor — we never store full card numbers).

Technical Data: Device type, OS version, eSIM profile identifiers (ICCID), QR code delivery metadata.

Support Data: Information voluntarily provided in support communications.

Analytics Data: Anonymised usage data via privacy-respecting analytics. No third-party tracking cookies.

Advertising Data: If you arrive at our website via a Google Ads campaign, Google may collect advertising identifiers, click IDs (gclid), and conversion data via Google Ads tags present on our site. This data is used to measure advertising effectiveness and optimise campaigns. Google processes this data as a joint controller under the Google Ads Data Processing Terms. See Section 10 below for details.

4. Legal Basis

Contract Performance (Art. 6(1)(b)): Processing account and delivery data to fulfil your eSIM order.

Legitimate Interest (Art. 6(1)(f)): Anonymised analytics to improve services. Advertising conversion measurement to evaluate marketing effectiveness.

Legal Obligation (Art. 6(1)(c)): Tax and accounting records per Italian law.

Consent (Art. 6(1)(a)): Marketing emails (withdrawable anytime). Non-essential cookies and advertising tracking technologies (withdrawable via our Cookie Settings).

5. Data Retention

  • Purchase data: 24 months (up to 10 years for tax records under Italian Civil Code Art. 2220).
  • Technical data: 12 months from eSIM expiry.
  • Support data: 24 months from resolution.
  • Analytics/advertising data: 14 months maximum (Google Ads data per Google's retention settings).

6. Data Sharing

  • Payment processors: PCI-DSS-certified. No full card number access.
  • eSIM provisioning: Device type and ICCID shared with Singapore network partners (Art. 28 GDPR data processing agreements).
  • Email delivery: Email address for QR code and receipt delivery.
  • Advertising platforms: Google Ads receives conversion data (purchase confirmation, not personal details) to measure campaign effectiveness. See Section 10.

We do not sell, rent, or trade your personal data.

International Transfers: Limited technical data to Singapore partners, protected by Standard Contractual Clauses (Art. 46(2)(c) GDPR). Google processes data in accordance with their EU data transfer framework.

7. Your Rights (GDPR)

  • Access (Art. 15): Obtain a copy of your data.
  • Rectification (Art. 16): Correct inaccurate data.
  • Erasure (Art. 17): Request deletion (subject to legal retention).
  • Restriction (Art. 18): Restrict processing in certain cases.
  • Portability (Art. 20): Receive data in machine-readable format.
  • Object (Art. 21): Object to processing based on legitimate interest, including profiling for advertising purposes.
  • Withdraw Consent (Art. 7(3)): Withdraw any time without affecting prior processing.

Contact [email protected]. Response within 30 days.

8. Data Security

TLS 1.3 in transit, AES-256 at rest, access controls, regular security assessments, secure development practices (Art. 32 GDPR).

9. Cookies

See our dedicated Cookie Policy for full details on cookie categories, third-party cookies, and your choices. You can manage preferences at any time via the cookie settings accessible from any page.

10. Advertising & Google Ads

Sinda-SG may use Google Ads to promote our services. When enabled (with your consent for non-essential cookies), the following technologies may be active:

  • Google Ads Conversion Tracking: Measures whether a click on our ad led to a purchase. Uses a gclid parameter and a conversion cookie. No personal data is shared — only anonymised conversion signals.
  • Google Remarketing: May show you Sinda-SG ads on other websites you visit. Only active with your explicit consent via our cookie banner. You can opt out at any time via Cookie Settings or at ads.google.com/settings.

Google processes this data as described in their privacy policy at policies.google.com/privacy. You have the right to object to advertising-related processing under Art. 21 GDPR.

11. Children's Privacy

Our services are not directed at individuals under 16. We do not knowingly collect data from minors. If we learn such data was collected, it will be promptly deleted.

12. Supervisory Authority

Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma, Italy
www.garanteprivacy.it

13. Changes

Material changes communicated via email to registered customers 14 days before taking effect.

14. Contact

Antonio Sambrotta — Data Controller
Sinda-SG · Via della Lucchina, 00135 Roma, Italy
[email protected] · Response: 30 days