Privacy Policy · RoamingFlex

This Privacy Policy describes how Vektor Utility Holdings Limited, operating the RoamingFlex platform, collects, uses, and protects your personal data. We are committed to compliance with the General Data Protection Regulation (GDPR) and applicable UK data protection law.

Data controller: Vektor Utility Holdings Limited (a company registered in England & Wales, company number 17174994), registered office 12A Mead Way, Group First House, Padiham, Lancashire, BB12 7NG, United Kingdom. Email: privacy@roamingflex.com. Phone: +44 7888 861340.

1. Data We Collect

Personal data you provide directly:

Account information: full name, email address, password (hashed, never stored in plain text)
Payment information: billing name, payment method details (processed and tokenised by our PCI-DSS compliant payment processor; we never store raw card numbers)
Communications: support emails, contact form submissions, refund requests

Data collected automatically:

Usage data: pages visited, features used, session duration, referring URL
Device data: browser type, operating system, screen resolution
IP address: used for fraud detection and rough geolocation (country level)
Cookies: session cookies for authentication, analytics cookies (with consent)

2. How We Use Your Data

To create and manage your account
To process purchases and deliver eSIM QR codes
To send transactional emails (verification, order confirmation, password reset) from noreply@roamingflex.com or billing@roamingflex.com
To respond to support enquiries
To detect and prevent fraud and abuse
To improve platform performance and user experience (analytics)

3. Legal Basis for Processing (GDPR)

Contract performance: processing necessary to provide the service you purchased
Legitimate interests: fraud prevention, security, platform analytics
Consent: marketing emails and non-essential cookies (you can withdraw consent at any time)
Legal obligation: retaining transaction records for tax and regulatory compliance

4. Data Retention

We retain personal data for as long as your account is active and for up to 7 years thereafter to comply with financial and legal obligations. Purchase records are retained for 7 years. Support communications are retained for 3 years. You may request earlier deletion (see Your Rights below).

5. Third-Party Sharing

We share your data only with service providers necessary to operate the platform:

Payment processors: to handle card transactions securely
Email delivery providers: to send your QR code and transactional emails
Analytics providers: to understand platform usage (data anonymised where possible)

We do not sell, rent, or trade your personal data with advertisers or data brokers. We do not transfer data to countries outside the UK/EEA without adequate safeguards (Standard Contractual Clauses or equivalent).

6. Cookies

Strictly necessary cookies (no consent required): session authentication, CSRF protection.

Analytics cookies (consent required): usage tracking to improve the platform. You can manage cookie preferences at any time via the cookie settings link in the footer.

7. Your Rights (GDPR)

You have the following rights regarding your personal data:

Access: request a copy of the data we hold about you
Rectification: correct inaccurate or incomplete data
Erasure ("right to be forgotten"): request deletion of your data (subject to legal retention obligations)
Portability: receive your data in a structured, machine-readable format
Restriction: restrict certain processing of your data
Objection: object to processing based on legitimate interests
Withdraw consent: for any processing based on consent, at any time

To exercise any right, email privacy@roamingflex.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

8. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act. You may request to know, delete, or opt out of the sale of your personal information. We do not sell personal information. Contact privacy@roamingflex.com to exercise CCPA rights.

9. Data Security

We implement industry-standard security measures: TLS 1.3 encryption in transit, AES-256 encryption at rest for sensitive data, access controls, and regular security reviews. However, no system is completely immune to risk. In the event of a breach affecting your rights, we will notify you and relevant authorities within 72 hours as required by GDPR.

10. Changes to This Policy

We may update this policy periodically. Material changes will be communicated by email. Continued use of the platform after changes are posted constitutes acceptance.

11. Contact

Data protection enquiries: privacy@roamingflex.com · Vektor Utility Holdings Limited · Company No. 17174994 · 12A Mead Way, Group First House, Padiham, Lancashire, BB12 7NG, United Kingdom.