eSIM card for travel

Privacy policy

YESIM Privacy Policy

Effective date:

Data Controller:
Genesis Group AG
Chamerstrasse 172, CH-6300 Zug, Switzerland
Registration number: CHE-135.623.633

Email: support@yesim.app

1. WHEN DOES THIS PRIVACY POLICY APPLY?

Summary: This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have.

1.1. We are committed to respecting your privacy and safeguarding your personal data. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, and what rights you have in relation to your data.

1.2. In this Privacy Policy, references to “YESIM”, “we”, “us”, or “our” refer to Genesis Group AG, Registration number: CHE-135.623.633, Chamerstrasse 172, CH-6300 Zug, Switzerland, acting as the data controller for the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nFADP), meaning we determine the purposes and means of processing your personal data. Our contact details, as well as the contact information of our Data Protection Officer, are provided at the beginning and at the end of this Privacy Policy.

1.3. This Privacy Policy applies to you if you:

  • access or use our website, social media pages (collectively, the “Website”) or mobile application (“Application”);
  • purchase, activate, or use our services and products (collectively, the “Services”), including, where applicable, services enabling you to obtain and use virtual phone numbers and related communication functionality (the “Virtual Number Services”);
  • communicate with our customer support or commercial teams;
  • receive emails, messages, or other communications from us;
  • participate in our marketing campaigns, surveys, or events.

2. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS?

Summary: We collect different categories of personal data – from your contact details and payment information to technical data from your device and how you use our Services.

2.1. Agreement (Registration) Data

Details you provide when registering or managing your account, including:

  • your identity information, such as name, surname, identity code or number, if any,
  • payment method,
  • date of birth,
  • residence (including tax residence),
  • address,
  • email,
  • phone number,
  • identity document data (when provided by law).

2.2. Billing and Accounting Data

Data related to your purchases, service usage and your selected tariff plan:

  • number of minutes of voice call (incoming or outgoing),
  • megabytes of data (incoming or outgoing),
  • messaging (SMS),
  • other payments and payment terms, defined in your agreement with YESIM,
  • payment-related information such as transaction identifiers, masked card details, billing data, and payment status,
  • related taxes, fees and other obligatory payments.

Please note that we do not store full payment card details. Payments are processed by our payment service providers. We may receive limited payment-related information, some of which may be provided in a pseudonymised form, and store such information for billing, accounting, and fraud prevention purposes.

2.3. Correspondence Data

Any data you share with us when you contact customer support or send us questions, claims, complaints, or job applications:

  • your identity information, such as name, surname and correspondence address/method,
  • other personal data you submit to YESIM by any written or oral correspondence.

2.4. Login and Authentication Data

Information related to your login and technical environment, including:

  • your login credentials and identifiers (for example, username, Facebook user ID),
  • registration timestamps and session lifecycle data (including access duration),
  • Facebook login integration and associated SDK events (e.g. “Download”, “Like”),
  • basic in-app interactions and event metadata (e.g. app installs, launches),
  • system events and error logs,
  • IP address and time zone,
  • device and application metadata, including: mobile OS type and version, application version, device model, carrier, screen size, processor cores, total and remaining disk space, device opt-out setting.

2.5. Data from Public or Legal Authorities

Personal data received from law enforcement authorities or courts and/or other competent authorities that varies per case:

  • may include identity, contact, or behavioral data.

2.6. Promotional Data

Information used to send you service updates and legal notices or invite you to surveys or provide promotions:

  • your email, phone number,
  • other data used to notify you about changes to our Services, Terms of Service, or this Privacy Policy, to contact you for market research purposes and to keep you up to date.

2.7. Service Usage Data

Information about what and how you use our Services (excluding data specifically related to Virtual Number Services, which is described separately below):

  • purchased and used Services,
  • geolocation data, including information about the location of your purchase.

2.8. Virtual Number Service Data (if applicable)

Information in connection with your use of our Virtual Number Services, which may include:

  • assigned virtual phone number,
  • call and messaging metadata (e.g. timestamps, duration, sender/recipient identifiers),
  • routing and delivery information,
  • service configuration settings.

2.9. Website (Cookies) and Application Data

Information collected automatically when you use our Website or Application:

  • your IP address,
  • device and browser metadata (device type, OS and version, browser type and version, screen resolution, language settings),
  • date and time of access,
  • referral sources (e.g. external websites or links that directed you to our Website or Application),
  • user interaction data (e.g. button clicks, page navigation, login events),
  • form input data and stored user preferences,
  • activity logs and behavioral analytics data, cookie identifiers and similar tracking elements (see our Cookie Policy).

3. HOW DO WE USE YOUR PERSONAL DATA?

Summary: We use your data depending on how you interact with us – to run our services, help you use them effectively, support you, improve what we do, and keep you informed. This Section explains the types of individuals concerned, the categories of personal data processed, the purposes for which they are used, and the sources from which the data are collected.

3.1. Website Visitors and Application Users

Who this applies to: Individuals who access or use our Website and Application, including via social media integrations.

We use:Why:Where from:
  • Website (Cookies) and Application Data,
  • Login and Authentication Data.
  • To operate and secure our Website and Application,
  • To analyze and improve performance,
  • To remember user settings and form inputs,
  • To perform statistical analysis and optimize user experience.
  • You,
  • Your device, your browser,
  • Credit reference and fraud prevention agencies (if applicable),
  • Group Account Holder, if applicable,
  • Our agents.

3.2. Services Users (Customers)

Who this applies to: Individuals who register for, purchase, activate or use our Services.

We use:Why:Where from:
  • Agreement (Registration) Data,
  • Billing and Accounting Data;
  • Service Usage Data,
  • Correspondence Data,
  • Promotional Data.
  • To register and authenticate users,
  • To provide, manage and bill for the Services,
  • To analyze and improve performance of our Services,
  • To fulfill legal obligations (e.g. AML, tax, identity checks),
  • To manage your account and support queries,
  • To provide services of AI customer support agent;
  • To conduct credit and fraud screening (where required by law),
  • To notify you of material changes or legal matters related to your agreement.
  • You,
  • Credit reference and fraud prevention agencies (if applicable),
  • Group Account Holder, if applicable,
  • Our agents,
  • Public databases.

3.3. Virtual Number Services Users

Who this applies to: Services Users (Customers) who use our Virtual Number Services.

We use:Why:Where from:
  • Virtual Number Service Data (in addition to the data categories described for Services Users (Customers) above)
  • To provide and maintain virtual number functionality;
  • To support message and calls handling, routing, and service delivery;
  • To ensure service security and fraud prevention;
  • To comply with applicable contractual, legal and regulatory requirements;
  • To manage user settings and service configuration.
  • You,
  • Your device, your browser.

3.4. Support Inquirers and Correspondents

Who this applies to: Individuals who communicate with us via written or oral means (email, chat, phone, forms).

We use:Why:Where from:
  • Correspondence Data,
  • Service Usage Data.
  • To respond to your queries, complaints, or feedback,
  • To handle account or service issues,
  • To provide services of AI customer support agent,
  • To improve support processes.
  • You.

3.5. Marketing Recipients and Campaign Participants

Who this applies to: Individuals who subscribe to communications, respond to marketing offers, or participate in research or promotional activities.

We use:Why:Where from:
  • Promotional Data.
  • To send product updates and marketing offers,
  • To analyze consumer behavior and preferences,
  • To personalize communications and outreach.
  • You.

4. WHAT IF YOUR COMPANY GIVES YOU ACCESS (CORPORATE ACCOUNTS)?

Summary: If you use YESIM through your employer or organization, some of your data may be shared between us and your company.

4.1. In certain cases, our Services may be purchased and managed by a corporate customer (“Group Account Holder”) for the benefit of individual users, such as employees, contractors, or other members (“End Users”).

Where a Group Account Holder purchases plans and distributes access to our Services to End Users, we may process personal data related to:

  • the Group Account Holder (for example, business contact and Billing and Accounting Data), and
  • the End Users who use the Services (Agreement (Registration) Data, Correspondence Data, Login and Authentication Data, Promotional Data, Service Usage Data, Virtual Number Service Data (if applicable), Website (Cookies) and Application Data).

Depending on the circumstances, we may process End User data:

  • on our own behalf, where we collect and use personal data directly for our Service provision, technical operation, legal compliance, or improvement purposes,
  • or in conjunction with the Group Account Holder, where both parties influence how certain data is processed (e.g., for account administration, usage tracking, or internal reporting).

4.2. In such cases, we and the Group Account Holder may act as independent or joint controllers, depending on the nature of the processing. Each party is responsible for ensuring that processing is carried out lawfully and transparently. End Users may exercise their data protection rights under applicable laws by contacting either YESIM or the relevant Group Account Holder.

4.3. End Users are encouraged to review both this Privacy Policy and the privacy notice of the relevant Group Account Holder to understand how their data is processed and protected.

5. WHY MAY WE USE YOUR DATA (LEGAL GROUNDS FOR PROCESSING)?

Summary: We only use your personal data when the law allows it — here are the reasons why and when.

We only process your personal data where there is a valid legal basis to do so under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nFADP).

Depending on the context and nature of your interaction with us, we rely on one or more of the following legal grounds:

5.1. Contractual Performance: To deliver the service you asked for

We process your personal data where it is necessary to enter into, perform, or administer an agreement with you. This includes:

  • enabling the purchase, activation, and use of our Services,
  • managing your user account,
  • processing payments,
  • providing customer support, and
  • fulfilling our obligations under our Terms of Service.

5.2. Legal Obligations: Because the law says so

We process your personal data where we are legally required to do so, including for compliance with obligations under applicable tax, accounting, anti-money laundering, consumer protection, and telecommunications regulations, where applicable. This may include:

  • retaining transaction, service, and other records where required by applicable law,
  • verifying identity, and
  • disclosing data to competent authorities upon lawful request.

5.3. Legitimate Interests: For things that help us run and protect our Services

We may process your personal data where it is necessary for the purposes of our legitimate interests or those of a third party – as long as it doesn’t unfairly affect your rights. This includes:

  • maintaining and improving the functionality and security of our Services;
  • preventing fraud or misuse of our Website and Application;
  • conducting internal analytics and performance tracking;
  • managing and defending legal claims.

We carefully assess these uses to make sure they’re fair and proportionate.

5.4. Consent: When you’ve agreed

In specific cases, we rely on your prior, explicit, and informed consent to process your personal data, for example, for some types of marketing or data sharing with third parties.

You may withdraw your consent at any time – it won’t affect what we did before you changed your mind.

If we ever need to process your data for a new or different reason that isn’t listed above (and isn’t compatible with the original reason), we’ll tell you first – either through an update to this Privacy Policy or a separate notice when we collect the data.

6. WHO DO WE SHARE YOUR DATA WITH?

Summary: We only share your personal data when necessary – and only with trusted third parties who help us deliver our Services, support our business, or work with us under specific agreements. These third parties may process your data on our behalf (as processors) or for their own purposes (as independent controllers).

Service Providers: We engage external vendors and service providers to help us operate, maintain, and support our services. These entities process personal data based on our instructions and are bound by contractual obligations. They include:

  • providers of cloud hosting and infrastructure,
  • customer support platforms,
  • analytics and diagnostics tools,
  • payment and billing services,
  • email delivery and communications,
  • fraud detection and prevention systems.

6.1. Connectivity Infrastructure Providers: To provide you with our Services, we work with connectivity infrastructure providers, including roaming and network partners, providers of voice, messaging, numbering, and routing infrastructure. In order to enable and maintain connectivity, certain personal data may be processed within their infrastructure, subject to specific arrangements and applicable regulatory requirements.

6.2. Commercial and Business Partners: In limited cases, we may share certain categories of personal data with third-party partners for joint service delivery, marketing cooperation, AI-powered customer support, or as part of a contract you enter into. Such sharing is carried out in accordance with applicable data protection laws and, where required, based on your consent or another valid legal basis.

6.3. Local Service Partners: In some countries, our Services may be sold, distributed, or supported through authorized local partners. These partners may process some of your personal data either as processors on our behalf or as independent controllers, depending on the structure of the Services provided – for example, to manage billing, provide customer support, or deliver local onboarding.

6.4. Professional Advisors: We may disclose your personal data to legal, tax, insurance, audit, or other professional advisors, where necessary for the services they provide to us, and subject to confidentiality obligations.

6.5. Group Companies: We may disclose your personal data within our corporate group, including with affiliated entities, where this is necessary to operate and support our Services, manage our business operations, ensure internal administrative coordination, or comply with legal obligations.

6.6. Investors: We may disclose or transfer your personal data in connection with any actual or contemplated business transactions, including mergers, acquisitions, restructurings, asset sales, or similar events. In such cases, we will ensure that appropriate safeguards are implemented, and you will be informed where required by law.

6.7. Legal and Regulatory Authorities: We may disclose your personal data to competent public authorities, courts, law enforcement, or regulatory bodies where required to comply with legal obligations, enforce our terms, protect our rights, or respond to lawful requests.

7. DO WE TRANSFER YOUR DATA ABROAD?

Summary: We sometimes send your personal data to trusted partners outside the EU or Switzerland. When we do, we use legally approved safeguards – such as Standard Contractual Clauses and extra security measures – to ensure your data stays protected.

7.1. Some of our service providers and partners may be located outside the European Economic Area (EEA), or Switzerland. This includes, for example, Hong Kong.

Where we transfer your personal data to countries that are not recognized by the European Commission or the Swiss Federal Data Protection and Information Commissioner (FDPIC) as providing an adequate level of protection, we implement appropriate safeguards in accordance with applicable data protection laws. These safeguards may include:

  • the use of Standard Contractual Clauses (SCCs) approved by the European Commission or the Swiss FDPIC,
  • supplementary technical and organizational measures, such as encryption and strict access controls.

You may request further details about these safeguards by contacting us at the address provided in this Privacy Policy.

8. HOW LONG DO WE RETAIN YOUR DATA?

Summary: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.

8.1. We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, as outlined in this Privacy Policy, or to comply with applicable legal, regulatory, or contractual obligations.

8.2. Where data is processed based on your consent, we will retain it until you withdraw your consent or the purpose for which the data was collected no longer applies, whichever occurs first.

8.3. Where retention is no longer justified, your personal data will be securely deleted or irreversibly anonymized in accordance with industry standards.

8.4. More specific retention periods may apply to certain types of data or processing contexts. Please contact us if you wish to receive further information about applicable retention schedules.

9. WHAT ARE YOUR DATA PROTECTION RIGHTS?

Summary: You have rights that allow you access to and control over your personal data.

You have the following rights under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nFADP):

9.1. Right of Access: You have the right to request confirmation as to whether we process your personal data, and, if so, to obtain a copy of that data along with relevant information about how and why we process it.

9.2. Right to Rectification: You have the right to request that we correct or complete any personal data that you believe is inaccurate or incomplete.

9.3. Right to Erasure: You have the right to request the deletion of your personal data where, for example, the data is no longer necessary for the purposes for which it was collected, or where you have withdrawn your consent (if consent was the legal basis).

9.4. Right to Restriction of Processing: You may request that we temporarily suspend the processing of your personal data, for example, while we verify its accuracy or assess an objection.

9.5. Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, you have the right to request that we provide you or another data controller with your personal data in a structured, commonly used, and machine-readable format.

9.6. Right to Object: You have the right to object to processing based on our legitimate interests (including profiling), unless we can demonstrate compelling legitimate grounds to continue such processing. You also have the absolute right to object to direct marketing at any time.

9.7. Right to Withdraw Consent: Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing carried out prior to the withdrawal.

9.8. Right to Lodge a Complaint: If you believe that we have infringed your data protection rights, you have the right to file a complaint with the competent supervisory authority, in particular in the country of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of your rights, or if you have any questions about your rights or how we process your data, you may contact us at: support@yesim.app.

10. HOW DO WE PROTECT YOUR DATA?

Summary: We aim to protect your personal data through a system of organizational and technical security measures.

10.1. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with applicable data protection laws. These measures are designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and other unlawful or unauthorized forms of processing.

10.2. We ensure that any third parties processing personal data on our behalf (for example, service providers or contractors) are contractually bound to implement appropriate security measures and comply with applicable data protection requirements.

10.3. While we take reasonable steps to protect your personal data, no system or transmission over the internet can be guaranteed to be 100% secure. If you believe that your data has been compromised, please contact us immediately using the contact information provided in this Privacy Policy.

11. DO WE USE COOKIES?

Summary: We may use cookies and other tracking technologies to collect and store your information.

11.1. We use cookies and similar technologies on our Website and Application to ensure proper functionality, enhance user experience, personalize content, and analyze website traffic and user behavior.

11.2. Where required by law, we obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences at any time through our cookie banner or browser settings.

11.3. For more information about the types of cookies we use, their purposes, the duration of storage, and how to manage or withdraw your consent, please refer to our Cookie Policy.

12. DO WE MAKE CHANGES TO THIS PRIVACY POLICY?

Summary: Yes, we will update this Privacy Policy as necessary to reflect relevant changes.

12.1. We may update this Privacy Policy from time to time to reflect changes in legal requirements, technological developments, or our business practices. When we make material changes, we may notify you in a manner appropriate to the significance of those changes – for example, by displaying a prominent notice within our Website or Application or by sending you a direct notification.

12.2. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data. The “Effective date” at the top of this page indicates when this Privacy Policy was last revised.

13. HOW CAN YOU CONTACT US?

13.1. If you have any questions, comments, or requests regarding this Privacy Policy or the way we process your personal data, you may contact us at:

  • Email: support@yesim.app;
  • Postal address: Chamerstrasse 172, CH-6300 Zug, Switzerland.

We will respond to your inquiry in accordance with applicable data protection laws.

Cookies on this website

We use cookies. Some are necessary for the website to function properly. Others help us improve your experience, and some are used for marketing. Select 'Accept all' to allow all cookies, 'Customize' to adjust your preferences, or 'Basic only' to allow only essential cookies. Cookie Policy