"Account" means a Customer’s account, which is identified by the Customer’s information entered during the registration of the Customer in the Company’s system, and which contains the Customer’s balance;
"Company", means MTX Connect S.a.r.l. and/or any of its affiliates, subsidiaries, and parent companies involved in rendering the Services to the Customer;
"Customer" means a registered or potential user of the Services;
"Data Privacy Laws" mean a set of rules, including their respective modifications, re-enactments and substitutions, which govern the protection of information provided by the Customer to the Company and/or to its third-party subcontractors. Data Privacy Laws applicable to the Company include, in particular: the European Union’s General Data Protection Regulation EU 2016/679 (“GDPR”), Directive 2002/58/EC o privacy in electronic communications, the Luxembourg Law of 30 May 2005 concerning the protection of privacy in the electronic communications sector;
"Service" means the telecommunication services consisting of conveyance of specific types of communication signals and provided by the Company in accordance with the Agreement;
"Permanent Roaming" means the use of Services within the same country for more than 60 (sixty) cumulative days within any 4 (four) consecutive months’ period;
"Personal Data", has the meaning as defined in the GDPR;
"Processing" or to "Process" means any operation(s) performed on the Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"SIM Card" means, as the case may be, either:
- a physical SIM card manufactured upon request of and in accordance with requirements of the Company; or
- an eSIM, a downloadable SIM profile that is remotely provisioned on a compatible Customer’s mobile device,
which is designed to facilitate internet access on the designated territory, at the price of and under the terms and conditions as are set out on in the Agreement;
"Website" means the Company’s website www.mtxc.eu.
A reference to applicable laws means a reference to statutory or other regulatory requirement, including its respective modifications, re-enactments and substitutions, that is applicable to a given person, services or a situation. With respect to the Company, the applicable laws include, inter alia, Luxembourg Law of 17 December 2021 transposing Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code.
PURPOSE OF PROCESSING
The Processing is performed exclusively for the purposes of rendering the Services, which comprise a set of activities (such as: administrative, financial, marketing, sales, management, technical, engineering and other support services) aimed to enable, operate and facilitate the conveyance of electronic communication signals, to improve the performance and utilization of the Services, to develop new features, to protect the security and safety of the Services and the Customers, and to provide customer support. In particular, the Personal Data is processed for: billing purposes (such as: verification of payment instruments, application of money owed for the Services, calculation of charges depending on the roaming parameters, etc.); SIM Card shipping; fraud and similar incident prevention; implementation and maintenance of telecommunications network safety measures; control over and prevention of Permanent Roaming; contract management; compliance with applicable laws (including lawful interception); resolution of disputes; enforcement of the Company’s rights under the Agreement, or other legal rights, or as may be required by applicable laws and/or requested by any judicial or governmental authorities; and other similar auxiliary processing.
The Company recognizes the importance of protecting the Customer’s Personal Data. The Company is committed to safeguarding the Customer’s privacy through instituting policies and security measures intended to ensure that Customer’s Personal Data is handled in a responsible and safe manner, and in compliance with Data Privacy Laws.
The Company is a data controller of the Processing of Personal Data.
NOT FOR CHILDREN
A Customer must be at least 18 years old. Persons under 18 years old are not permitted to use the Services and must not send the Company any information. If a person under 18 submits any information through any part of the Website, such information will be treated by the Company as the information submitted by a person over 18 years old. Should the Company become aware that the person submitting the information is under 18, the Company will attempt to delete this information as soon as possible and to the extent permitted by applicable law. The Company neither knowingly collects any Personal Data about persons under 18, nor it knowingly uses nor discloses or otherwise processes such information.
PERSONAL DATA COLLECTION AND PROCESSING POLICY
INFORMATION PROVIDED BY THE CUSTOMER
SIM Card Ordering and Account Opening. When the Customer orders a SIM Card or opens an Account, the Company needs to collect certain information about identity of the Customer, his/her registered address, billing information and contact details. For these purposes the Company will ask for the Customer to provide his/her: name; date of birth; registered, billing, shipping and email addresses; contact phone number; personal identification documents; bank account details; documents confirming the Customer’s strong ties with a particular country for the roaming purposes; other documents and information that may be requested by the Company in accordance with applicable laws and/or requested by relevant regulatory authorities.
Authentication data. The Company may store certain Personal Data for the purposes of authentication in connection with the use of the Services or access to the information related to the Services, such as: user name, password, personal identification number, password hints, and similar data.
Payment Information. When the Customer adds his/her payment instrument information to the Account, that information is directed to our third-party payment processors under the Data Privacy Laws requirements. The Company does not store the Customers’ payment instrument information on the Company systems; however, the Company has access to, and may retain, the Customer’s payment instrument information through the Company’s third-party payment processors for the purposes of: financial and audit control of the Company; any legal interception in case of fraudulent or similar incidents or dispute resolution; applying the funds owed to the Company as a result of Services rendered.
Communications. If a Customer contacts the Company directly, the Company may ask such Customer to provide the following Personal Data in order to properly handle a respective query to the Customer’s satisfaction: name, email address, phone number, and any other information the contacting Customer may choose to provide along with his/her query.
INFORMATION COLLECTED WHEN THE CUSTOMER USES THE SERVICES, INCLUDING INFORMATION RECEIVED FROM THE THIRD PARTIES:
Cookies and Other Tracking Technologies.
To allow the Company to constantly improve the workability, usefulness and efficiency of the Website and to better respond to the Customers’ orders and requests, the Company uses "cookies" to track the Customers’ visits to and activity on the Website. Such tracking is performed for statistics purposes and all information thus collected is Processed in anonymous form without identification of each particular visitor.
A cookie is a piece of information sent to the website visitor’s browser by a web server that uniquely identifies the website visitor’s browser and tracks a visit. This information does not identify the Website visitor’s personally and such visitor remains anonymous, unless the visitor visits the Website under his/her login and password and can be identified in accordance with his/her previously provided Personal Data. Most browsers are structured to accept cookies but the Customer can set his/her browser to turn the cookies off or to set up a notification upon receipt of a cookie, which gives the Customer an option whether to accept the cookie or not. The Customer can see the cookies in the cookies folder on his/her devise used to access the Website and can delete the cookies at any time. However, if the Customer disables the cookies, he/she may not be able to access certain areas or to take advantage of certain features or services available on the Website.
Device Identification Data. For transmission of communications the Company needs an information that identifies a device from which (or to which) electronic communications are sent (or received). Such information may include: Internet Protocol (IP) address; International Mobile Equipment Identity (IMEI) number; International Mobile Subscriber Identity (IMSI) number; Serial Number; Unique Device Identifier (UDID).
Electronic Communications Metadata. For the purposes of transmitting, distributing, or exchanging electronic communications content (but excluding the content itself), the Company Processes certain metadata in an electronic communications network. Such metadata includes: data used to trace and identify the source and destination of a communication; data on the location of the device generated in the context of providing electronic communications services; the date, time, duration, and type of communication.
Data Received from Third-Party Accounts. Should the Customer choose to link the Company’s Services to a third-party account, the Company will receive information about that account, such as authentication token from the third-party account, to authorize the linking. Should the Customer wish to limit the third-party information available to the Company, the Customer should visit the privacy settings of his/her third-party accounts to learn about available options.
INFORMATION SHARING POLICY
The Company may sub-Process the Customer’s Personal Data by the Company’s affiliates and third-party contractors in a form, for the purposes and within the limits stated below, but at all times subject to the requirements of the Data Privacy Laws.
Third-Party Subcontractors. The Company may sub-Process certain Personal Data to its third-party service providers that participate in the provision of or in facilitation of rendering of the Services.
Aggregate Information. Where legally permissible, the Company may sub-Process the Personal Data in aggregated or de-identified form that cannot reasonably be used to identify the Customer.
Advertising The Company engages various third-party advertising partners to market and promote the Services. For the marketing and promotional purposes the Company may make available certain Personal Data to such partners in aggregated and anonymized form.
Business Transfers. Subject to the provisions of Data Privacy Laws, a Personal Data may be made available to any potential acquirer, successor, or assignee of the Company as a part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which the Company information, including its Customers’ Personal Data, is transferred to one or more third parties as one of the Company’s business assets.
As Required By Law and Similar Disclosures. The Company may make available the Personal Data to its third-party subcontractors and judicial or governmental authorities to: (i) satisfy any applicable law, regulation, legal process, or governmental request; (ii) enforce the Agreement, including investigation of potential violations thereof; (iii) detect, prevent, or otherwise address fraud, spam/malware or similar incident, security, or technical issues; (iv) respond to the Customer’s requests; (v) protect the Company’s rights and property; insure and protect the safety of the Customers and the public.
The Customer hereby acknowledges and agrees that the Company may sub-Process the Personal Data in accordance with this section E.
INFORMATION RETENTION POLICY
The Company retains the collected Personal Data for the purposes of ongoing legitimate business needs, such as: billing, contract management, compliance with applicable legal, tax, and accounting requirements and for other similar legitimate purposes.
In case where there is no ongoing legitimate business needs to process the Personal Data, the Company either deletes or anonymizes it or, if this is not possible (for example in a situation when the Personal Data has been stored in backup archives), then it is securely stored and isolated from any further processing until deletion is possible.
The Personal Data provided by the Customer may be archived or stored periodically by the Company according to the backup processes conducted in the ordinary course of business for the disaster recovery purposes.
The Company stores the Customer’s Personal Data only for as long as it is necessary to achieve the purpose for which it was collected. The Personal Data required for identification purposes under the mandatory provisions of applicable laws is stored for the whole period while the Services are rendered plus certain period after deactivation of the respective Account as the applicable laws may command. Should the Customer want his/her Personal Data deleted at any time, the Customer shall contact the Company at: [email protected]. For the avoidance of doubt, the Customer hereby acknowledges and agrees that deletion of his/her Personal Data makes it impossible for the Company to render the Services to such Customer. The Company may take reasonable steps to verify the Customer’s identity before deleting the Customer’s Personal Data.
Certain Persona Data is accessible on the Customer’s Account. For other Personal Data the Customer needs to contact the Company at [email protected].
The Customer’s ability to access and correct the Customer’s information may be temporarily limited where access and correction could: inhibit the Company’s ability to comply with a legal obligation; inhibit the Company’s ability to investigate, make or defend legal claims; result in disclosure of Personal Data about a third party; or result in a breach of contract or disclosure of trade secrets or other proprietary business information belonging to the Company or to a third party.
To protect the Customer’s privacy and security the Company may take reasonable steps to verify the Customer’s identity before updating or removing Customer’s Personal Data.
CUSTOMER DATA PROTECTION RIGHTS UNDER DATA PRIVACY LAWS
The Customer may at any time access, correct, update, or request deletion of the Customer’s Personal Data by emailing to [email protected].
The Customer may at any time object to the Processing of Customer’s Personal Data, ask the Company to restrict the Processing of Customer’s Personal Data, request portability of Customer’s Personal Data or withdraw his/her consent to Process the Personal Data. The Customer can exercise these rights by emailing to [email protected]. Withdrawing the consent by the Customer will not affect the lawfulness of any Processing the Company conducted prior to the withdrawal, nor will it affect the Processing of the Customer’s Personal Data conducted in reliance on lawful processing grounds other than consent. For the avoidance of doubt, the Customer hereby acknowledges and agrees that withdrawal of consent, objection to or restriction of any Processing of his/her Personal Data makes it impossible for the Company to render the Services to such Customer.
Customer has the right to complain to a data protection authority about the Company’s Processing of the Customer’s Personal Data. For more information, the Customer should contact the local data protection authority.
The Company responds to all requests received from individuals wishing to exercise their data protection rights in accordance with Data Privacy Laws.
OPTING IN AND OUT
Upon registering an Account or anytime thereafter, the Customer may consent to an option of receiving the information from the Company about updates to the Services, promotions, special offers and other marketing and promotional communications. To unsubscribe or opt out from such communications the Customer shall withdraw his/her consent through the Website, or use the unsubscribe weblink contained in a respective communication, or send a request at [email protected].
The Company is committed to protecting its Customers’ Personal Data. To do so, the Company maintains physical, electronic, and procedural safeguards in connection with the Processing of the Customer’s Personal Data, designed to protect the information from unauthorized access, use, or disclosure. The measures the Company uses are designed to provide a level of security appropriate to the risk of Processing Personal Data.
INTERNATIONAL DATA TRANSFERS
The Customer hereby acknowledges and agrees to the international Personal Data transfer by the Company.
MTX Connect S.à r.l. 4, 37 Grand Rue, L-4393 Pontpierre, Luxembourg.