プライバシーポリシー
最終更新: 2026年3月
このプライバシーポリシーは、Telcomia OÜが欧州連合一般データ保護規則(GDPR)に従って、個人データをどのように収集、使用、および保護するかについて説明しています。
1. データ管理者
The data controller responsible for processing your personal data is:
Telcomia OÜ
Registrikood: 17447975
Narva mnt 5, Tallinn 10117, Estonia
Email for privacy enquiries: support@telcomia.com
2. データ保護責任者
Given Telcomia's current size and nature of data processing, we are not required to appoint a formal Data Protection Officer (DPO) under Article 37 of the GDPR. However, all privacy-related enquiries can be directed to support@telcomia.com and will be handled with priority.
3. 収集する個人データ
We collect and process the following categories of personal data:
| Category | Data | Legal Basis (GDPR) | Purpose |
|---|---|---|---|
| Account | Email address, name, password (hashed) | Art. 6(1)(b) — Performance of a contract | Create and manage your account |
| Purchase | Payment data (processed by our PCI-DSS certified payment processor), purchase history, selected country | Art. 6(1)(b) — Performance of a contract | Process your order and deliver your eSIM |
| eSIM/Technical | ICCID, activation status, data usage | Art. 6(1)(b) — Performance of a contract | Provisioning and technical support |
| Browsing | IP address, user agent, pages visited, language preference | Art. 6(1)(f) — Legitimate interest | Security, service improvement |
| Communications | Support emails, messages | Art. 6(1)(b) / Art. 6(1)(f) | Customer support |
Telcomia does not collect sensitive personal data as defined in Article 9 of the GDPR (such as health data, biometric data, or political opinions).
4. 第三者との共有
We share your personal data with the following categories of processors, each acting under a Data Processing Agreement (DPA):
| Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Stripe, Inc. | Payment processing | United States | EU-US Data Privacy Framework (DPF) / Standard Contractual Clauses (SCCs) |
| Supabase, Inc. | Database infrastructure and authentication | United States | DPA / SCCs |
| Vercel, Inc. | Website hosting | United States | DPA / SCCs |
| Wildbit LLC (Postmark) | Transactional emails | United States | DPA / SCCs |
| Connectivity providers | eSIM provisioning (receive ICCID and provisioning data) | Various | Contractual obligations |
We do not sell your personal data to any third party.
5. 国際データ移転
Some of our service providers are located outside the European Economic Area (EEA), primarily in the United States. We ensure that your data is protected when transferred internationally through the following mechanisms:
- EU-US Data Privacy Framework (DPF): For providers that have been certified under the framework adopted by the European Commission's Adequacy Decision of 10 July 2023.
- Standard Contractual Clauses (SCCs): As approved by the European Commission (Decision 2021/914), incorporated into our agreements with all US-based processors.
You may request further details about the safeguards in place by contacting support@telcomia.com.
6. データの保持
We retain your personal data only for as long as necessary for the purposes for which it was collected:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data | Duration of active account + 3 years after deletion | Tax and legal obligations |
| Purchase data | 7 years | Estonian accounting requirements |
| Browsing / Cookies | Maximum 13 months | Analytics and security |
| Support communications | 3 years | Service quality and dispute resolution |
7. あなたの権利
Under the GDPR, you have the following rights regarding your personal data:
| Right | GDPR Article | How to Exercise |
|---|---|---|
| Access | Art. 15 — Obtain a copy of all your personal data | Email support@telcomia.com. Response within 30 days. |
| Rectification | Art. 16 — Correct inaccurate data | Via your account dashboard or by email |
| Erasure (Right to be forgotten) | Art. 17 — Request deletion of your personal data | By email. Subject to legal retention exceptions (tax, contractual) |
| Restriction | Art. 18 — Restrict the processing of your data | By email. Data is retained but not processed. |
| Portability | Art. 20 — Receive your data in a structured, machine-readable format | By email. Delivery in JSON/CSV within 30 days. |
| Objection | Art. 21 — Object to processing based on legitimate interest | By email. Applies to data processed under Art. 6(1)(f). |
| Automated decisions | Art. 22 — Not to be subject to solely automated decisions with legal effects | Telcomia does not use automated decision-making with legal or similarly significant effects. |
8. 苦情申立の権利
If you believe that we have not handled your personal data in accordance with applicable data protection law, you have the right to lodge a complaint with a supervisory authority.
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):
Website: www.aki.ee
You also have the right to lodge a complaint with the data protection authority in your country of residence.
9. データセキュリティ
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS for all communications)
- Encryption at rest for stored data
- Secure authentication mechanisms
- Access controls limiting data access to authorised personnel only
- Regular security reviews
While we strive to protect your data, no system is completely secure. If you become aware of any security vulnerability, please contact us immediately at support@telcomia.com.
10. 子どもと未成年者
Telcomia does not direct its services to persons under the age of 18. Under Estonian law, full legal capacity to enter into contracts is acquired at the age of 18. Separately, for the processing of personal data of minors in the context of information society services, the GDPR (Article 8) establishes a minimum age of 16 in Estonia.
We do not knowingly collect personal data from anyone under 18 years of age. If we become aware that we have collected data from a minor, we will promptly delete such data.
11. 本ポリシーの変更
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or by posting a prominent notice on our website.
The date of the last update is indicated at the top of this page. We encourage you to review this policy periodically.