Effective Date: 28 March 2026

This Privacy Policy explains how Digital Felicitatem OÜ, registry code 17468612, registered at Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152, Estonia (“Reconected”, “we”, “us”, or “our”), collects, uses, stores, discloses, and otherwise processes personal data when you access or use https://reconected.com, purchase our eSIM products, contact support, interact with our communications, or otherwise engage with our services.

This Privacy Policy is designed primarily for compliance with the EU General Data Protection Regulation (“EU GDPR”) and applicable Estonian law. Where we actively offer goods or services to individuals in the United Kingdom, relevant UK GDPR and PECR requirements may also apply as an additional compliance layer.

If you do not agree with this Privacy Policy, you should not use our website or services.

1.1. The data controller responsible for your personal data is:

Digital Felicitatem OÜ

Registry code: 17468612

Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152, Estonia

Email: [email protected]

Website: https://reconected.com

1.2. For the purposes of applicable data protection law, Digital Felicitatem OÜ is the controller of the personal data described in this Privacy Policy, except where another party independently determines the purposes and means of processing.

2.1. This Privacy Policy applies to personal data processed in connection with:

a) your use of our website;

b) your purchases of eSIM plans and related services;

c) your account registration and account management, if account functionality is available;

d) your communications with our support team;

e) payment processing and fraud prevention;

f) marketing communications, where permitted by law;

g) cookies and similar technologies, subject to our Cookie Policy.

2.2. This Privacy Policy does not apply to third-party websites, carrier networks, PSP environments, app stores, social media platforms, or third-party services that may be linked from or integrated with our website, except to the extent we directly control the relevant processing.

3.1. We may collect and process the following categories of personal data:

A. Identity and Contact Data This may include your name, billing name, email address, and any contact details you provide when placing an order or contacting support.

B. Account Data If account functionality is available, this may include your login credentials, account identifier, account settings, order history, and account-related preferences.

C. Transaction and Order Data This may include order number, product selection, country or region package, plan type, data allowance, order date, order status, price, currency, billing status, refund or dispute status, and limited billing information.

D. Payment-Related Data We do not store full payment card numbers or card security codes on our own systems. However, we may receive limited payment-related metadata, such as payment status, issuer response indicators, partial card descriptors where available, anti-fraud results, PSP reference numbers, and billing-related information necessary to process your purchase and respond to disputes.

E. Device and Technical Data This may include IP address, browser type, device type, operating system, language settings, time zone, approximate location inferred from technical data, session identifiers, and technical diagnostics associated with website access or service troubleshooting.

F. eSIM and Service Data This may include the eSIM product purchased, destination or region, activation status, provisioning status, installation-related support records, service validity period, plan status, and technical support data associated with use of the purchased product.

G. Communications Data This may include emails, chat messages, support requests, complaint correspondence, claim submissions, screenshots, and troubleshooting communications exchanged with you.

H. Marketing and Preference Data This may include your communication preferences, consent choices, subscription status, and records of whether you agreed to receive promotional messages where applicable.

I. Cookie and Tracking Data

This may include cookie identifiers, online identifiers, browsing events, and analytics or marketing signals collected through cookies or similar technologies, subject to applicable consent requirements.

4.1. We may collect personal data:

a) directly from you when you place an order, fill in a form, contact support, subscribe to communications, or otherwise interact with us;

b) automatically when you use the website, through server logs, cookies, pixels, tags, device signals, and similar technologies;

c) from payment service providers, anti-fraud tools, telecom or provisioning partners, analytics providers, hosting providers, email service providers, and support tools;

d) from publicly available sources or lawful third-party sources where necessary for fraud prevention, legal compliance, or dispute handling.

5.1. We process personal data for the following purposes:

a) to operate, maintain, and secure the website and services;

b) to process purchases and deliver eSIM products and related digital services;

c) to create and manage customer accounts, where available;

d) to send order confirmations, delivery emails, and service communications;

e) to verify transactions and detect, prevent, investigate, and respond to fraud, abuse, chargebacks, and other misuse;

f) to provide customer support and troubleshoot technical issues;

g) to maintain records for tax, accounting, legal, regulatory, and evidential purposes;

h) to improve our products, user experience, website performance, and support operations;

i) to send marketing communications where permitted by law or where you have provided consent;

j) to comply with legal obligations, court orders, lawful requests, and enforcement actions;

k) to establish, exercise, or defend legal claims.

6.1. Where EU GDPR applies, we rely on one or more of the following legal bases:

A. Performance of a Contract We process personal data where necessary to enter into, perform, and administer the contract with you, including to process your order, deliver your eSIM, provide support, and manage your account.

B. Legal Obligation

We process personal data where necessary to comply with applicable legal obligations, including accounting, tax, anti-fraud, consumer law, and law enforcement cooperation obligations.

C. Legitimate Interests We process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests may include website security, fraud prevention, service improvement, operational analytics, internal administration, dispute management, business continuity, and legal risk management.

D. Consent We rely on consent where required by law, including for certain marketing activities and for non-essential cookies and similar technologies.

6.2. Where UK GDPR applies to UK users, we rely on the corresponding UK GDPR legal bases.

6.3. Where we rely on legitimate interests, you may have the right to object in certain circumstances.

7.1. Payments on our website are processed by third-party payment service providers.

7.2. We do not store full payment card numbers or card verification values on our own systems.

7.3. Payment service providers may process your payment details as independent controllers or processors under their own privacy notices and security frameworks, including PCI DSS or equivalent controls where applicable.

7.4. We may receive limited information from PSPs necessary to:

a) confirm payment success or failure;

b) detect and prevent fraud;

c) reconcile orders;

d) respond to payment disputes, chargebacks, and claims;

e) comply with accounting and legal obligations.

8.1. We may process personal data for fraud detection, prevention, and response purposes, including identifying suspicious transactions, repeated disputes, abuse patterns, false claims, chargeback misuse, and technical or behavioural indicators associated with fraud or misuse.

8.2. This may include the use of manual review, internal risk rules, and third-party fraud-screening or fraud-scoring tools.

8.3. Where necessary, we may retain and use order records, checkout logs, account logs, email delivery records, support records, and technical provisioning records as evidence in connection with payment disputes, chargebacks, complaints, and legal claims.

9.1. We may send you service-related communications that are necessary for your order or account, such as delivery, operational, security, and support messages.

9.2. We may send you promotional communications where:

a) you have given valid consent; or

b) we are otherwise permitted to do so under applicable law.

9.3. You can unsubscribe from marketing communications at any time by using the unsubscribe link where available or by contacting us at [email protected].

9.4. Unsubscribing from marketing does not affect service-related communications necessary for the contract or account administration.

10.1. We may use cookies, pixels, tags, local storage, and similar technologies to operate the website, remember preferences, measure performance, improve usability, analyse traffic, and support marketing activities.

10.2. Strictly necessary cookies may be used without consent where permitted by law and required for website operation, checkout functionality, security, fraud prevention, or other exempt purposes.

10.3. Non-essential cookies, including analytics, preference, and marketing cookies, should be deployed only where valid consent has been obtained, if required by applicable law.

10.4. Where a cookie banner is used, it should provide meaningful choices, including the ability to accept, reject, or customise non-essential cookies.

10.5. You can manage your preferences through our cookie settings tool, where available, and through your browser controls.

10.6. For more details, please see our Cookie Policy.

11.1. We may disclose personal data to the following categories of recipients, where necessary for the purposes described in this Privacy Policy:

a) payment service providers, payment gateways, fraud prevention providers, and related payment ecosystem participants;

b) hosting providers, cloud service providers, website infrastructure providers, and IT support vendors;

c) customer support tools, email delivery services, CRM systems, and communications providers;

d) analytics, marketing, and performance measurement providers, subject to applicable consent rules;

e) telecom, eSIM, carrier, roaming, and provisioning partners where necessary to deliver the purchased service;

f) professional advisers, including accountants, auditors, lawyers, and consultants;

g) competent authorities, regulators, courts, law enforcement bodies, and dispute resolution bodies where disclosure is required or justified by law;

h) any purchaser, investor, successor, or group entity in connection with a reorganisation, merger, financing, acquisition, or sale of business assets, subject to appropriate confidentiality and legal safeguards.

12.1. Because our providers, infrastructure partners, PSPs, and telecom partners may operate internationally, your personal data may be transferred to or accessed from countries outside the European Economic Area or the United Kingdom.

12.2. Where required by applicable law, we take steps to ensure that international transfers are protected by appropriate safeguards, which may include:

a) adequacy decisions;

b) Standard Contractual Clauses;

c) supplementary contractual, organisational, or technical measures where appropriate;

d) other lawful transfer mechanisms recognised under applicable law.

12.3. Due to the nature of telecom, cloud, support, fraud prevention, and payment ecosystems, some processing chains may involve multiple jurisdictions.

13.1. We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including for contractual performance, legal compliance, dispute management, security, and evidential purposes.

13.2. Retention periods may vary depending on the data category and applicable legal requirements. Typical retention logic may include:

a) account data: retained while the account remains active and for a reasonable period after closure, unless longer retention is necessary for legal, security, or evidential reasons;

b) order, billing, and accounting records: retained for as long as required by applicable tax, accounting, and legal obligations;

c) support records and troubleshooting correspondence: retained for as long as reasonably necessary to handle support, complaints, disputes, and related legal risk;

d) fraud prevention and risk records: retained for as long as reasonably necessary to detect, investigate, respond to, and defend against fraud, abuse, chargebacks, and repeated disputes;

e) cookie consent records: retained for as long as reasonably necessary to demonstrate compliance and manage preferences;

f) marketing consent or opt-out records: retained for as long as reasonably necessary to maintain suppression lists, preference management, and compliance records.

13.3. We may retain certain information longer where necessary to establish, exercise, or defend legal claims, or where retention is required by law.

14.1. We implement reasonable technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

14.2. Such measures may include access controls, authentication measures, limited data access, provider due diligence, logging, and administrative controls appropriate to the nature of the data and the processing involved.

14.3. However, no online system, transmission method, or storage environment can be guaranteed to be completely secure, and we cannot guarantee absolute security.

15.1. Our services are not directed to children.

15.2. We do not knowingly collect personal data from children where doing so would require parental consent under applicable law.

15.3. If you believe that a child has provided personal data to us unlawfully, please contact us so that we can take appropriate steps.

16.1. Subject to applicable law and any relevant limitations or conditions, you may have the right to:

a) request access to your personal data;

b) request correction of inaccurate or incomplete data;

c) request erasure of personal data;

d) request restriction of processing;

e) object to processing based on legitimate interests;

f) withdraw consent at any time where processing is based on consent;

g) request data portability where applicable;

h) lodge a complaint with a competent supervisory authority.

16.2. These rights are not absolute and may be limited where lawful exceptions apply.

16.3. If you wish to exercise your rights, please contact us at [email protected]. We may request information necessary to verify your identity before processing your request.

17.1. If you are in the European Union or EEA and believe that our processing of your personal data infringes applicable data protection law, you may lodge a complaint with the Estonian Data Protection Inspectorate or with the supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement.

17.2. If UK GDPR applies and you are in the United Kingdom, you may also have the right to complain to the UK Information Commissioner’s Office.

18.1. Our website may contain links to third-party websites, platforms, payment pages, network providers, or other services.

18.2. We are not responsible for the privacy practices, content, or security of third-party services that we do not control.

18.3. We encourage you to review the privacy notices of third parties before providing them with personal data.

19.1. We may update this Privacy Policy from time to time.

19.2. The version published on the website at the relevant time will apply from its stated effective date.

19.3. Where required by law, we will take appropriate steps to notify you of material changes.

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact:

Digital Felicitatem OÜ

Registry code: 17468612

Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152, Estonia

Email: [email protected]

Website: https://reconected.com