Privacy Policy

1. Data Controller

eSIM Agents Co., Ltd. (“we”, “our”, “us”), a company registered in Thailand, is the data controller responsible for personal data collected through the Platform at esim.agents.co.th. Contact: privacy@esim.agents.co.th.

2. Data We Collect

We collect the following categories of personal data:

• Account data: Business email address, account registration date.
• KYC data: Business name, registration documents, identity documents of authorized representatives, as required for verification under Thai telecommunications regulations.
• Transaction data: Order history, payment history, eSIM issuance records.
• Technical data: IP address, browser type, device identifiers, access logs.
• API usage data: API key activity, request logs (retained for security and fraud prevention).

3. Legal Basis for Processing

We process your personal data on the following legal bases under the PDPA:

• Contractual necessity: To provide the Platform services and process orders.
• Legal obligation: To comply with Thai telecommunications regulations, KYC requirements, and financial reporting obligations.
• Legitimate interests: To maintain security, prevent fraud, and improve the Platform.
• Consent: For marketing communications (where applicable).

4. How We Use Your Data

• To verify your identity and business via KYC onboarding
• To create and manage your wholesale account
• To process orders and issue eSIM activation codes
• To manage account balance and transaction history
• To send transactional communications (OTP codes, order confirmations)
• To detect and prevent fraud and abuse
• To comply with applicable laws and regulations

5. Data Sharing

We do not sell your personal data. We may share data with:

• Network operators: Minimum data required to provision eSIMs (no personal data beyond order reference).
• Payment processors: To process balance top-ups, in accordance with their own privacy policies.
• Cloud infrastructure providers: For hosting and data storage (data processed within secure, PDPA-compliant environments).
• Regulatory authorities: Where required by Thai law or court order.

6. Data Retention

We retain personal data for as long as your account is active and for a minimum of 3 years after account closure, as required by Thai financial record-keeping laws. KYC documents are retained for 5 years from the date of collection. You may request deletion of data not subject to legal retention requirements.

7. Your Rights Under PDPA

As a data subject under Thailand's Personal Data Protection Act, you have the right to:

• Access and receive a copy of your personal data
• Rectify inaccurate or incomplete data
• Request erasure of data (subject to legal retention obligations)
• Restrict or object to processing
• Data portability
• Withdraw consent for consent-based processing

To exercise any of these rights, email privacy@esim.agents.co.th. We will respond within 30 days.

8. Security

We implement industry-standard technical and organizational security measures including encryption in transit (TLS), secure credential storage, access controls, and regular security reviews. In the event of a data breach affecting your rights, we will notify you as required by the PDPA.

9. Cookies

We use essential session cookies for authentication and platform functionality. See our Cookie Policy for details.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated to registered account holders via email. Your continued use of the Platform after such notification constitutes acceptance of the revised Policy.

11. Contact & Complaints

For privacy inquiries: privacy@esim.agents.co.th. If you believe your rights have been violated, you have the right to lodge a complaint with the Office of the Personal Data Protection Committee (PDPC) of Thailand.