Top.Mail.Ru

Privacy Policy and Personal Data Processing

Website: esim.bar
Effective Date: 12.06.2026

1. Data Operator

This Policy defines the procedure for processing and protecting personal data of users of the esim.bar website and the client portal.

Data operator: LLC "SYSTEM", INN 6677012280.

Contact for inquiries regarding personal data: support@esim.bar.

The operator processes personal data in accordance with the Federal Law of 27.07.2006 No. 152-FZ "On Personal Data", the Consumer Rights Protection Law of the Russian Federation, the Civil Code of the Russian Federation, and other applicable acts of Russian legislation.

2. Terms

Personal data - any information relating to an identified or identifiable individual, directly or indirectly.

Processing of personal data - any action with personal data, including collection, recording, systematization, accumulation, storage, clarification, use, transfer, anonymization, blocking, deletion, and destruction.

User - a visitor to the website, a buyer of a digital product, or an account holder of the client portal.

3. Data Processed

The operator processes only the data necessary for the operation of the website, order processing and fulfillment, user support, and compliance with legal requirements:

  • contact details: email, first name and last name, if provided by the user during registration or inquiry;
  • account data: account identifier, email status, registration date, login date, technical session information;
  • order data: selected eSIM package, quantity, price, currency, order number, payment status, digital product issuance status;
  • data of the issued digital product: identifiers of the eSIM profile and installation parameters, if necessary for displaying the product to the user;
  • support inquiry data: inquiry text, attachments, communication history;
  • technical data: IP address, date and time of the request, interface language, user-agent, browser and device information, cookies, and similar identifiers;
  • payment data in a limited scope: payment status, payment identifier, payment provider, amount, and currency. Full bank card details are not stored by the operator.

The operator does not request special categories of personal data or biometric personal data.

4. Purposes of Processing

Personal data is processed for the following purposes:

  • registration and maintenance of the account in the client portal;
  • order placement, payment, fulfillment, and support;
  • electronic delivery of the activation code for the tourist eSIM package;
  • displaying purchased products and order history;
  • customer support, installation error diagnostics, and responses to inquiries;
  • email confirmation and access recovery;
  • fulfilling obligations under accounting, tax, claims, and consumer legislation;
  • ensuring website security, preventing abuse, fraud, and unauthorized access;
  • analytics of website performance in anonymized or aggregated form;
  • sending informational and marketing messages only with separate consent, if such consent is required by law.

5. Legal Grounds for Processing

The operator processes personal data on the following grounds:

  • execution of a contract with the user or actions at the request of the user prior to the conclusion of the contract;
  • user consent to the processing of personal data;
  • fulfillment of obligations imposed by Russian legislation;
  • exercising the rights and legitimate interests of the operator, provided that the rights and freedoms of the user are not violated.

Consent to the processing of personal data is provided separately from the acceptance of the User Agreement and other documents. The user may withdraw consent by sending a request to support@esim.bar. The withdrawal of consent does not affect the legality of processing carried out before the withdrawal and does not terminate processing that the operator is obliged or entitled to continue under the law or contract.

6. Consent to Process Personal Data

By confirming a separate consent checkbox on the website or in the client portal, the user gives the operator consent to process personal data specified in section 3 for the purposes indicated in section 4.

Permitted actions with personal data: collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer to authorized recipients, anonymization, blocking, deletion, and destruction.

Consent is valid until the purposes of processing are achieved, the storage periods expire, the account is terminated, or consent is withdrawn, unless a longer period is required by law.

7. Data Storage and Localization

When collecting personal data from citizens of the Russian Federation through the website, the operator ensures the recording, systematization, accumulation, storage, clarification, and extraction of such data using databases located in the territory of the Russian Federation, unless applicable legislation allows for exceptions.

Storage periods are determined by the purposes of processing:

  • account data is stored until the account is deleted or until there is no longer a need for its maintenance;
  • order, payment, and accounting document data are stored for the periods established by Russian legislation;
  • correspondence with support is stored until the inquiry is resolved and for the period necessary to protect rights and consider claims;
  • security technical logs are stored for a limited period necessary to protect the website and investigate incidents.

After the purposes of processing are achieved, the operator ceases processing and destroys personal data or ensures their destruction within the periods provided by Russian legislation, if further storage is not required by law.

8. Transfer to Third Parties

The operator may transfer personal data only to the extent necessary for the purposes of processing:

  • to payment providers - for receiving and confirming payments;
  • to eSIM profile providers and technical providers - for issuing and supporting digital products;
  • to hosting providers, security services, email delivery, and support - for the operation of the website and client portal;
  • to government authorities - in cases and procedures provided by Russian legislation.

Persons receiving personal data on behalf of the operator are obliged to maintain confidentiality and ensure data protection.

9. Cross-Border Transfer

Since tourist eSIM packages are provided by foreign eSIM profile providers, in certain cases, the transfer of a limited set of data to a foreign provider or technical provider may be required to fulfill the order.

Before initiating a cross-border transfer, the operator fulfills the requirements of Article 12 of Federal Law No. 152-FZ, including assessing the conditions of the transfer and notifying Roskomnadzor if such notification is required. The cross-border transfer is carried out only to the extent necessary for order fulfillment, technical support, or legal compliance.

10. Cookies and Analytics

The website uses mandatory cookies for the operation of the cart, checkout, sessions, security, and language selection. Analytical and marketing cookies are used in accordance with the Cookies Policy and applicable consent settings.

The user can limit cookies in the browser, but this may affect the operation of order placement and personal account features.

11. User Rights

The user has the right to:

  • receive information about the processing of their personal data;
  • request clarification, blocking, or destruction of data if they are incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose;
  • withdraw consent to the processing of personal data;
  • object to processing in cases provided by law;
  • appeal the actions or inaction of the operator to Roskomnadzor or court.

To exercise rights, send a request to support@esim.bar. The operator has the right to request information necessary to verify the identity of the applicant.

12. Protection of Personal Data

The operator takes necessary legal, organizational, and technical measures to protect personal data from unauthorized access, destruction, alteration, blocking, copying, provision, distribution, and other unlawful actions.

Measures include access control, logging, backup, use of secure channels, contractor oversight, and internal rules for processing personal data.

13. Policy Changes

The operator may update the Policy in case of changes to the website, processing procedures, or legislation. The current version is published on the website and is available without restrictions.