PRIVACY POLICY

Last version - August 1, 2025

At GlobusTelecom, we are committed to protecting your privacy and ensuring the security of the personal data we process. All personal data collected by GlobusTelecom in connection with our services is processed in compliance with the UK General Data Protection Regulation (UK GDPR), the General Data Protection Regulation (EU GDPR) 2016/679, the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended), and all other applicable data protection laws. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our services, including any data you may provide us when you purchase and use our mobile communication services, and to inform you about your privacy rights and how the law protects you. Unless you are based in one of the countries listed in the table below, your data controller will be GLOBUS TELECOM LTD, a company incorporated in England and Wales with company No 16568217 and whose registered address is International House, 66 Lavender Hill, London, SW11 5RQ, United Kingdom (“Data Controller”). If you are based in one of the listed countries, the Data Controller will be the GlobusTelecom entity relevant to the provision of the services you are using or the country in which you are located.

Country	Contracting Entity

1. IMPORTANT INFORMATION AND WHO WE ARE

Purpose of this privacy policy

This privacy policy aims to provide you information on how GlobusTelecom collects and processes your personal data and applies to the services we provide to you, namely our data and connectivity services and associated products, including our apps and our websites. This policy addresses personal data we receive directly from you as data subject.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when collecting or processing your personal data. This ensures you are fully aware of how and why we use your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Contact details

If you have any questions about this privacy policy or our privacy practices, please reach out to our Admin Officer via the following e-mail address: admin@globustele.com.

Changes to the privacy policy and your duty to inform us of changes.

We regularly review and update our privacy policy. Any modifications will be posted on our websites as will be reflected in the “Last version” heading, and where applicable (for material changes), communicated to you. It is essential to ensure that the personal data we hold about you is accurate and up to date. Please inform us if your personal data changes during your relationship with us.

Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When leaving our website, we recommend reviewing the privacy policy of every website you visit.

2. THE DATA WE PROCESS ABOUT YOU

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Technical Data. This category encompasses a range of information including EID, Type Allocation Code (TAC), IMSI, ICCID, MSISDN.

Usage and Connection Data. This means how you use our services, including the call date, times and lengths, meta data related to SMS sent/received, network usage made and routing. It also includes information in relation to the websites visited as long as you are using GlobusTelecom’s network, except if you are using WiFi or another SIM card.

Identity Data. This category may include name, surname, username, billing address, email address or similar identifier, tax ID and identity document’s number if required for regulatory purposes.

Payment Data. This information necessary to process the payment, including details of services you have purchased from us, amount/unit price paid, method of payment used during the purchase, payer ID and e-mail address, wallet type (e.g apple_pay, google_pay), customer ID. We do not store credit card numbers as payments are processed securely through third-party PCI payment providers.

We also collect and use aggregated data such as statistical or demographic data. Aggregated data could be derived from your personal data but will not directly or indirectly reveal your identity. For example, we may aggregate your Usage and Connection Data to calculate the percentage of users accessing a specific website feature.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We employ different methods to collect data from and about you including through:

Direct interactions. You may give us your personal data through direct interactions, such as filling in forms, corresponding with us via post, phone, email, our Apps, websites or other means. This includes information you provide when you:

Send a request to our customer service.
Give us feedback or contact us;
Purchase or use our services;
Create an account on our website or application;
Request marketing to be sent to you;

Automated technologies or interactions. As you interact with our website and use our services, we may automatically collect the IP address that your devices have used, including data about your equipment, browsing actions and patterns. We collect this by using cookies and other similar technologies.

4. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA AND LAWFUL BASIS

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data based on more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity	Type of data	Lawful basis for processing
To allow you to use our services, website and install and use the application, including establishing a technical connection between your devices and our server infrastructure.	Technical Data. Usage and Connection Data.	Necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
To process and deliver your purchase order including manage payments, fees and charges.	Identity data. Payment data. Usage and Connection Data.	Performance of a contract with you or in order to take steps at your request prior to entering into a contract.
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy Customer support Collect and recover money owed to us.	Identity data. Technical Data. Usage and Connection Data. Payment Data.	Necessary to comply with a legal obligation. Necessary for our legitimate interests. Performance of a contract.
To administer and protect our business, the website and applications (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, service improvement).	Technical Data. Usage and Connection Data.	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise).
Based on an official request, if we are legally required to transmit data about your use of telecommunications services, such as telephony and the internet, to the competent authority.	Technical Data. Usage and Connection Data. Identity Data.	Necessary to comply with a legal obligation.
Regulatory Compliance. Under certain circumstances for regulatory purposes in some countries in order to provide the services we may require copies of personal documentation (Passport, ID document, etc) from you which will be held by us and made available to national regulators or authorities if they so request.	Identity data.	Necessary to comply with a legal obligation.
To use data analytics to improve our website and APP, services, marketing, customer relationships and experiences. To define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.	Usage and Connection Data. Contact data.	Consent when using tracking cookies to monitor user activity. Under certain circumstances, including the analysis of aggregated and anonymized customer behavior to improve network performance or assessing user navigation patterns within the app for UI optimization, we may rely on our legitimate interest as a legal basis for processing, provided that such processing does not override the rights and freedoms of data subjects.
To make suggestions and recommendations to you about goods or services that may be of interest to you. To develop our services and grow our business.	Identity Data. Technical Data. Usage and Connection data.	Consent. Necessary for our legitimate interests if you are an existing customer who has previously purchased or engaged in negotiations to acquire a similar service from us.

Purpose/Activity

Type of data

Lawful basis for processing

To allow you to use our services, website and install and use the application, including establishing a technical connection between your devices and our server infrastructure.

Technical Data. Usage and Connection Data.

Necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.

To process and deliver your purchase order including manage payments, fees and charges.

Identity data.

Payment data.

Usage and Connection Data.

Performance of a contract with you or in order to take steps at your request prior to entering into a contract.

To manage our relationship with you which will include:

Notifying you about changes to our terms or privacy policy

Customer support

Collect and recover money owed to us.

Identity data.

Technical Data.

Usage and Connection Data.

Payment Data.

Necessary to comply with a legal obligation.

Necessary for our legitimate interests.

Performance of a contract.

To administer and protect our business, the website and applications (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, service improvement).

Technical Data.

Usage and Connection Data.

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise).

Based on an official request, if we are legally required to transmit data about your use of telecommunications services, such as telephony and the internet, to the competent authority.

Technical Data.

Usage and Connection Data.

Identity Data.

Necessary to comply with a legal obligation.

Regulatory Compliance.

Under certain circumstances for regulatory purposes in some countries in order to provide the services we may require copies of personal documentation (Passport, ID document, etc) from you which will be held by us and made available to national regulators or authorities if they so request.

Identity data.

Necessary to comply with a legal obligation.

To use data analytics to improve our website and APP, services, marketing, customer relationships and experiences. To define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.

Usage and Connection Data.

Contact data.

Consent when using tracking cookies to monitor user activity.

Under certain circumstances, including the analysis of aggregated and anonymized customer behavior to improve network performance or assessing user navigation patterns within the app for UI optimization, we may rely on our legitimate interest as a legal basis for processing, provided that such processing does not override the rights and freedoms of data subjects.

To make suggestions and recommendations to you about goods or services that may be of interest to you. To develop our services and grow our business.

Identity Data.

Technical Data.

Usage and Connection data.

Consent.

Necessary for our legitimate interests if you are an existing customer who has previously purchased or engaged in negotiations to acquire a similar service from us.

5. DISCLOSURE OF YOUR PERSONAL DATA

GlobusTelecom Group of companies: We share your information among the GlobusTelecom group as needed for: data processing and storage; providing you with access to our services; providing customer support; making decisions about service improvements and for other purposes described in this Privacy Policy.

Third Party Service Providers: We may use third party service providers to perform services on our behalf or to assist us with the provision of services to you. Therefore, we may engage third party service providers to provide marketing, advertising, communications, payment, security, infrastructure and IT services, to customize, personalize and optimize our Service, to provide bank account or balance information, to process credit card transactions or other payment methods, to provide customer service, to analyse and enhance data (including data about users’ interactions with our service), and to process and administer consumer surveys. In the course of providing such services, these third-party service providers may have access to your personal data or other information. We do not authorize them to use or disclose your personal information except in connection with providing their services to us. Third party service providers have a data processing agreement enforced by GlobusTelecom, thus cascading to them the security and privacy requirements we uphold with you.

Business transfers: In connection with any reorganization, restructuring, merger or sale, or other transfer of assets, we will transfer information, including personal information, provided that the receiving party agrees to respect your personal information in a manner that is consistent with our Privacy Policy.

Official and regulatory authorities: Under certain circumstances for regulatory purposes, we may be required to share personal data with regulatory authorities.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. INTERNATIONAL TRANSFER

Whenever we transfer personal data outside the United Kingdom or the European Economic Area (EEA), we will ensure that such transfers comply with UK GDPR and GDPR requirements. We rely on adequacy decisions, Standard Contractual Clauses (SCCs), or other appropriate safeguards as permitted under Articles 44-49 GDPR.

7. DATA SECURITY

GlobusTelecom implements appropriate organizational and technical measures to protect personal data and traffic data that it processes. It retains personal and traffic data only for as long as necessary to provide its services or as required by applicable laws. Only authorized employees of GlobusTelecom, with a legitimate need to fulfil their duties, may process personal and traffic data.

GlobusTelecom maintains robust information security policies and processes and has obtained ISO/IEC 27001 and GSMA accreditation.

GlobusTelecom implements technical measures to ensure the confidentiality of communications content across its services and complies with all applicable legal obligations and exceptions under relevant legislation.

8. DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to comply with legal, regulatory, tax, accounting, or reporting obligations. We ensure that personal data is securely deleted or anonymized when no longer needed, in compliance with Article 5(1)(e) GDPR. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

9. YOUR LEGAL RIGHTS

You can request from GlobusTelecom access to your personal data, rectification, deletion, restriction of processing or transfer and you have the right to object to the processing of your personal data. If we have collected and process your personal information based on your consent, then you can withdraw your consent at any time; withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. These rights are not absolute and may be subject to applicable laws and our own legitimate interests. If you want to contact us about any of your rights or complain about how we use your information, please contact us at admin@globustele.com.

You have the right to file a complaint at any time with the relevant data protection authority in your country. If you are located in the United Kingdom, your relevant data protection authority is the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you informed of the progress, including providing an estimated timeframe for our response, in accordance with Article 12(3) GDPR.