a company registered under the laws of Italy, with registration number RM-1449947
with registered office in Rome (Italy), Via E. D’Onofrio 67, 00155 (“MMS”).


as identified during registration on the web page


  • MMS operates in the tourism and hospitality industries, both in Italy and abroad, and has recently started in selling Internet data traffic on behalf of a third party company, that can be used without the need for physical SIM cards (hereinafter also referred to as eSim), offering flat rate plans (hereinafter also referred to as Data Plans) that end users (hereinafter also referred to as Customers) can purchase as indicated below;
  • The Affiliate, thanks to the contacts that come from his business activity, has made himself available to propose the sale of the above-mentioned eSIM to everyone that may be interested in buying it.


    1. MMS hereby assigns to the Affiliate, who accepts, the task of proposing to all those who may be interested in purchasing the above-mentioned eSIMs;
    2. This promotion activity will be conducted by the Affiliate without any obligation to MMS, except the duty to act in good faith and fair dealing;
    3. For promotion purposes, MMS provides the Affiliate with a web dashboard and dedicated landing page to promote the sale of eSIMs to Customers, both offline and online;
    4. The Data Plans and related sales prices, as described in detail at the following link https://manet.travel, may be modified at any time at the discretion of MMS, without notice to Affiliate.
    5. The Affiliate is aware that MMS is not in any way responsible for the purchases that Customers will make, as eSIM are managed by third party companies, nor for the absence or inefficiency of the data line nor for any loss of data of any kind due to any inefficiency of the data line.
    6. 1.6. The Affiliate undertakes to inform Customers that the eSims and related Data Plans are managed by MMS and/or third party companies and that their use is governed by the conditions set forth in the following links:
    7. Which Customers must accept prior to purchase. The Affiliate shall be liable to MMS for any damages resulting from any failure to comply with the aforementioned conditions.

    8. 1.7. The Parties mutually grant each other the non-exclusive, non-transferable, royalty-free right to use their respective trademarks for the purpose of promoting the services covered by this contract, including through inclusion in the websites and applications they own, in advertising material and in any other form of communication suitable for this purpose and for the purpose of publicizing the partnership.

  2. FEES
    1. On each purchase made by Customers, the Affiliate will be entitled to a fee. The amount of the fee will be equal to 10% of the total cost of the bundle sold, net of taxes and charges.
    2. 2.2. In the case of offline sales, Customers will pay the purchase price of the eSIM directly to the Affiliate who will, in turn, pay it to MMS, through an electronic wallet (hereinafter also Wallet), from which MMS can withdraw the relevant amount of money. In this case, the above percentages will be calculated net of taxes, fees and charges;
    3. In the case of online sales, Customers will personally make purchases through the landing page and/or referral link and payment will be received directly from MMS. In this case, the above percentages will be calculated net of taxes, fees and charges and an amount equal to the fee due to the payment gateway (STRIPE) applied to each transaction, which is 1.5% + €0.25 for standard European cards, 1.9% + €0.25 for premium European cards, 2.5% + €0.25 for UK cards, 3.25% + €0.25 for non-European and non-UK cards. For detailed information please check Stripe pricing page.
    4. The fees, as indicated above, are the only compensation due to the Affiliate by reason of this contract, expressly excluding any reimbursement of expenses.
    5. The payment of the fee will be made to the achievement of a share of at least € 50.00 (fifty/00) within the month following the achievement of this amount and after issuance of the invoice by the Affiliate;
    6. In the event that MMS is forced, for whatever reason, to refund the Customer with the amount paid, nothing will be due to the Affiliate for the purchase and in the event that it had already made the payment, MMS will be entitled to obtain the return of that amount, even by offsetting the amounts still due to the Affiliate, which by signing this contract authorizes the execution.


  4. Either party may terminate this contract at any time and without obligation to state reasons by registered mail (with return receipt) or by using a certified e-mail address, with notice of at least 30 days.


  6. All disputes relating to the interpretation, execution and termination of this contract will be the exclusive jurisdiction of the Court of Rome, therefore derogating any other competing jurisdiction.

    1. The provisions of this agreement are to be considered confidential information and the parties undertake not to disclose, publish or communicate them to third parties, directly or indirectly.
    2. The parties also undertake to ensure compliance with this clause by their employees, professionals, collaborators and anyone else who becomes aware of it.


  9. MMS may at any time assign this contract and all rights and obligations under it, in whole or in part.

    1. By signing this contract, the Affiliate declares that he received and red a comprehensive information, as prepared pursuant to articles 13 and 14 of EU Regulation 2016/679 (hereinafter, the “GDPR”), regarding the personal data processing by MMS.
    2. 7.2. For the purposes of the execution of this contract, MMS assumes the title of Data Controller of the personal data of the Customers who will purchase the eSIM. In the case of offline sales, the Affiliate will collect and process the personal data of the Customers: i) as independent Data Controller, with regard to the Customer data processed for tax, administrative and accounting purposes related to the payment of the eSIM price; ii) as Data Processor pursuant to art. 28 of the GDPR, with regard to the Customer data processed for the purpose of inclusion in the MMS Customer registry. Therefore, MMS, before executing the contract, will appoint in writing the Affiliate Data Processor pursuant to art. 28 of the GDPR, using the form accessible at the following link https://about.manet.travel/esim-affiliate-program-terms-and-conditions/?lang=en#nomina.


Information pursuant to art. 13 of European Regulation no. 679 of 2016
on the protection of personal data


  1. Premise

Pursuant to Art. 13 of European Regulation no. 679 of 2016 (hereinafter, the “Privacy Regulation“), Manet Mobile Solutions S.r.l. (hereinafter, “MMS“, the “Owner” or the “Company“), with registered office in Rome, Via Edoardo D’Onofrio no. 67, 00155 Rome, tax code and VAT number 13464271009, telephone 06-40409801, mail info@manetmobile.com, in its capacity as the Data Controller of the personal data already communicated or which will be communicated in the future and from which the personal data are or will be collected, wishes to inform the party adhering to the Procurement Agreement (hereinafter, the “Interested“) – concerning the task of proposing, to all those who may be interested, the purchase of eSim – that the data concerning him/her may be processed, in compliance with the above-mentioned regulations, by the Company in relation to pre-contractual and/or contractual relations that have taken place or that may take place in the future.

  1. Personal data source

The personal data acquired or that will be acquired in relation to contractual relations or in the pre-contractual phase, are collected directly from the interested party. All personal data collected are treated in accordance with current legislation and, however, with due confidentiality.

  1. Nature of collection

For the stipulation and execution of the contractual relationship, the collection of personal data is also obligatory since it is necessary to fulfil legal and fiscal obligations; refusal to provide such personal data will make it impossible to establish relations with the Company. The relative treatment does not require the consent of the interested party.

  1. Purpose of processing and legal basis of processing

The collection or processing of personal data has the sole purpose of adequately fulfilling the obligations connected with the performance of the Company’s economic activity and in particular for the following purposes

    • the performance of pre-contractual activities and the acquisition of preliminary information for the purposes of entering into a contract;
    • the management of the contractual relationship and all administrative, fiscal, operational, management and accounting activities relating to the contract;
    • any management of litigation, breach of contract, warnings, settlements, arbitration, legal disputes, etc.;
    • the fulfilment of the obligations provided for by laws, regulations, community rules and provisions issued by public authorities.

The data processing is carried out by virtue of the fulfilment of pre-contractual and/or contractual and legal obligations related to the relationship established between the interested party and the Company, pursuant to art. 6, paragraph 1, lett. b) of the Privacy Regulation.

  1. Treatment modes

The processing of personal data will be carried out in a lawful and correct manner and, in any case, in accordance with the aforementioned legislation, using instruments that guarantee security and confidentiality and can also be carried out using computer tools to store, manage and transmit the data.

The treatment will be carried out, primarily, by internal staff of the Company, for the purposes indicated above.

Personal data will be stored in a form that allows the identification of the interested party for a period of time not exceeding that necessary for the purposes for which they are collected and processed.

  1. Treatment duration

The personal data subject to processing will be kept for the time strictly necessary with regard to the contractual relationship and, subsequently, for the fulfilment of all legal and/or accounting obligations connected with or deriving from the contract entered into by the interested party with the Company.

  1. Recipients of personal data

Without prejudice to communications made in compliance with an obligation of law, regulation or legislation, the communication, even by simple consultation or making available of personal data concerning the person concerned may be made to the following subjects:

    1. public bodies, supervisory bodies, authorities or institutions;
    2. natural or legal persons who provide specific services, such as – by way of example but not limited to – data processing, logistics and postal services, legal, administrative, tax and/or accounting consultancy, etc.;
    3. commercial intermediaries, banks and credit institutes, financial intermediation companies, natural or legal persons in charge of credit recovery, independent collaborators of the Company, etc.

The aforementioned subjects operate as autonomous Data Controllers.

In any case, to the mentioned subjects are transferred exclusively, if not aggregated personal data and in anonymous form, the personal data necessary and relevant to the purposes of the treatment to which they are assigned.

The list of such third parties will be constantly updated and accessible to the interested party upon request to the Company. By virtue of the existence of links with the same by telematic, computerized or correspondence means, personal data may be made available abroad, possibly even outside EU countries in consideration of the existence of the relative consent, of an adequacy decision or on the basis of standard contractual clauses.

Personal data will not be disseminated in any case.

  1. Rights of the interested party

The interested party has the right to exercise, at the addresses of the Owner previously indicated, the rights of access to personal data provided by art. 15 of the Privacy Regulation and the rights provided for by Articles 16, 17, 18, 21 of the Privacy Regulation regarding the rectification, cancellation, limitation of processing and the right to object, in the manner established by art. 12 of the Privacy Regulations and within the limits established by art. 2-undecies of Legislative Decree. June 30, 2003, no. 196, as amended by Legislative Decree. August 10, 2018, no. 101 (hereinafter, the “Privacy Code“).

  1. Right to complain ex 77 of the Privacy Regulation

If the Company does not provide feedback to the interested party within the time provided for by law or the response to the exercise of his rights is not appropriate, the same may complain to the Guarantor for the protection of personal data, at the following coordinates: website www.gpdp.it o www.garanteprivacy.it, email garante@gpdp.it, fax (+39) 06.69677.3785, telephone switchboard (+39) 06.69677.1.

  1. Further information

Further information regarding the processing and communication of personal data may be requested from the Company.

The updated list of Data Processors, where appointed, is available at the Company.

The Controller has appointed a DPO, who can be reached at dpo@manetmobile.com.



with registered office in Rome (00155), Via Edoardo D’Onofrio 67, tax code and VAT number 13464271009, with the person of its legal representative Antonio Calia (hereinafter, “MMS” or the “Data Owner“)


(also hereinafter the “Data Manager“)



  1. pursuant to art. 24 of EU Regulation no. 2016/679 (hereinafter, the “Privacy Regulation“), MMS is the Data Owner for personal data of Customers who purchase the eSIMs marketed by the same and has a contractual relationship with the Procurer (hereinafter, the “Contract”) whose purpose is to propose to all those who may be interested in the purchase of the aforementioned eSIMs;
  2. for the execution of some activities of the Contract, or for the inclusion of the personal data of the eSIM Customers in the MMS registry, the Procurer is responsible for carrying out processing operations on the personal identification data of third parties, as well as for processing the aforementioned personal data only according to the instructions of the Data Owner, acting exclusively as “Data Manager” pursuant to art. 28 of the Privacy Regulation. The Data Owner and the Data Manager are in any case required to comply with their respective obligations under the Privacy Regulation, Legislative Decree of June 30, 2003, n. 196, as amended by the Legislative Decree August 10, 2018, n. 101 (hereinafter, the “Privacy Code“) and by the additional rules applicable to the processing of personal data, including the provisions of the Guarantor and other competent supervisory authorities and by further acts of adaptation of national legislation to the provisions of the Privacy Regulation (hereinafter, collectively, the “Applicable Privacy Regulations“)


  1. MMS, as Data Owner, confirms the appointment of the Procurer, in accordance with art. 28 of the Privacy Regulation, as Personal Data Manager, having positively evaluated the characteristics of experience, capacity and reliability.
  2. The processing of data carried out by the Data Manager on behalf of the Data Owner will be carried out for the purposes referred to in the Contract or subsequently agreed in writing between the Parties.
  3. The Data Manager will implement appropriate technical and organizational measures in such a way that the processing meets the requirements of the Applicable Privacy Regulations, as amended and/or supplemented from time to time, and guarantees the protection of the rights of the data subjects.
  4. Pursuant to art. 29 of the Privacy Regulation and art.2-quaterdecies of the Privacy Code, the Data Owner authorizes the Data Manager to carry out – also through one or more natural persons identified by the same and appointed as subjects operating under its authority and expressly designated for this purpose (hereinafter, the “Designated Persons“) – processing of personal data in electronic and/or manual form, in accordance with the Applicable Privacy Regulations, as amended and/or supplemented from time to time. It is understood that the processing will include:
    • paper and electronic databases, containing personal data of Customers who intend to purchase the eSIM marketed by MMS, belonging to the following types:
      • “common personal data” / “identifiers” (including identity documents);
    • contained in:
      • paper and management documentation for the management of the MMS Customer data.
  5. In particular, the Data Manager undertakes to:

    a) constantly verify and monitor that its processing is carried out lawfully, correctly and in compliance with the principle of necessity, for specific, explicit and legitimate purposes and in ways that are not incompatible with those purposes;

    b) where applicable pursuant to art. 30 of the Privacy Regulation, according to the indications of the Data Owner, keep a register of the categories of activities related to the processing carried out on behalf of the Data Owner;

    c) process personal data according to the Contract and/or the Owner’s documented instructions;

    d) adopt the appropriate data protection measures pursuant to Article 32 of the Privacy Regulation and the Applicable Privacy Regulations, as amended and/or supplemented from time to time;

    e) take into account the nature of the processing and as far as possible, provide the Owner with appropriate technical and organisational measures, in performing the obligations resulting from the requests for the exercise of the data subject rights provided for by the Applicable Privacy Regulations, as amended and/or supplemented from time to time, in particular by Articles. 15 et seq. of the Privacy Regulation;

    f) assist the Owner as far as possible in ensuring compliance with the obligations under Articles 32 to 36 of the Privacy Regulation, taking into account the nature of the processing and the information available to the Processor;

    g) upon indication of the Data Owner, delete or return personal data after the provision of the services related to the processing has ended and delete existing copies, unless Union or Member State law provides for the retention of the data for a certain period;

    h) make available to the Data Owner the information necessary to demonstrate compliance with the obligations referred to in art. 28 of the Privacy Regulation and allow and contribute to the verification activities, including inspections, carried out by the Data Owner or by another person appointed by him. The Data Manager undertakes to inform the Owner immediately if, in its opinion, an instruction violates the Applicable Privacy Regulations, as amended and/or supplemented from time to time, or other national or Union provisions relating to data protection;

    i) report to the Owner what instructions, in its opinion, constitute violations of the Applicable Privacy Regulations;

    j) where applicable pursuant to Article 37 of the Privacy Regulations, appoint a Data Protection Officer (hereinafter, the “DPO”).

  6. The Data Manager will not use a sub-Data Processor – for the execution of specific processing activities on behalf of the Data Owner – without the prior written authorization of MMS. In this case, the sub-Data Processor, by means of a contract or other legal act, will be subject to the same data protection obligations as those contained in this deed. It is understood that in the event that the sub-Data Processor fails to fulfil its data protection obligations, the Data Manager will retain full responsibility for the fulfilment of the obligations of the other Data Processing for the Data Owner. It is understood that the Procurer will be fully responsible to the Data Owner for full compliance with the Applicable Privacy Regulations and these instructions by third parties used in the execution of the Contract. The Data Manager must also provide the Data Owner with a list of sub- Data Processors, actively notifying the Data Owner of any changes to the list. In any case, the subsequent right of the Data Owner to oppose the addition or replacement of the authorized sub-Data Processor with other sub-Data Processors remains unaffected.
  7. The Data Manager guarantees that it will process the personal data owned by the Data Owner exclusively to fulfil the contractual obligations. In particular, the Data Manager guarantees not to disseminate or disclose this data, nor make it available, directly or indirectly, to third parties, except in the cases where this is necessary to fulfil legal or contractual obligations.
  8. The Data Manager also undertakes to:
    1. process and manage personal data in accordance with:
      • with the Applicable Privacy Regulations, as amended and/or supplemented from time to time;
      • with the conditions and provisions set forth in the Contract and in this Deed;
      • with the instructions from time to time received from the Customer/Owner.
    2. to ensure the implementation and execution of all necessary technical and organisational measures to prevent unauthorized or unlawful processing or accidental loss, damage or destruction of personal data;
    3. not to retain any copies, extracts or summaries of personal data, except where required for the performance of obligations under applicable law and the Contract
    4. designate and identify for the Data Owner an individual within its organization authorized to respond to requests for information by the Guarantor or other national or foreign supervisory authorities;
    5. pursuant to art. 29 of the Privacy Regulation and art.2-quaterdecies of the Privacy Code, appoint in writing as Designated Persons the persons who will materially carry out the processing of personal data, in any case carrying out a strict supervision of their activities, periodically verifying that they perform their duties in accordance with the Contract and/or the written instructions given by the Data Owner;
    6. to give written notice, promptly and not later than 48 hours, to the Owner in the event of a data breach so that the latter may adopt the appropriate measures to be taken pursuant to Articles 33 and 34 of the Privacy Regulation.
  9. The obligations deriving from this deed will be interpreted and fulfilled by the Data Manager in accordance with the Applicable Privacy Regulations and with any modification and integration that may occur following the signing of the same.
  10. The Owner retains the right to periodically verify the organisational and security measures adopted by the Data Manager, in order to ensure compliance with the instructions given, as well as the Applicable Privacy Regulations, as amended and/or supplemented from time to time.
  11. This appointment as Data Manager has a duration equal to the duration of the Contract and will cease upon termination of the Contract itself, for whatever reason; in the latter case, the Procurer undertakes to return, within 10 (ten) days of termination, all personal data of MMS Customers in its possession, in paper and/or computer form.
  12. The Data Owner and the Data Processor undertake to modify and/or supplement the provisions of this deed in compliance with the Applicable Privacy Regulations, as amended and/or supplemented from time to time, and to the extent that this is necessary to ensure full compliance of this deed with the aforementioned Regulations.