Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Pursuant to Art. 13 of the EU Regulation no. 2016/679 (hereinafter, the “Regulations“) and Legislative Decree. June 30, 2003, no. 196, as amended by Legislative Decree. August 10, 2018, no. 101 (hereinafter, the “Code“), Manet Mobile Solutions S.r.l., as the Data Controller is required to provide certain information regarding the processing of personal data carried out by the Purchaser (hereinafter, the “Data Subject“) of the prepaid virtual SIM of third-party telecommunications companies (hereinafter, the “eSIM“) resold by it.

The following personal data or information may be processed: first and last name, e-mail address, country of residence, data package that the Data Subject wants to activate, date on which the package is to be activated, any other information that third-party telecommunications companies may request for the purpose of eSIM activation.

Personal data collected are processed for the following purposes:

  1. Establishment of the contract for resale of prepaid eSIMs, consisting of the possibility – for the Buyer – to purchase a prepaid eSIM from third-party telecommunication companies for traffic data, as well as to receive from MMS appropriate sales and after-sales support. The provision of personal data for this purpose is mandatory, as it is indispensable for the use of the goods and/or services requested, and any refusal to provide them means that MMS will be unable to make available to the Buyer what was requested. The legal basis for the processing is the performance of the contractual relationship to which the Data Subject is a party (art. 6 letter b) of the Regulations);
  2. feedback activities, opinions, reviews, and the like, consisting of asking the Data Subject to provide (if he/she wants to) an assessment of the quality of the requested good and/or services (prepaid eSIM), as well as the support service provided, again for the purpose of the best use of the requested good and/or services. The provision of data for this purpose is optional and the legal basis is the legitimate interest of the Data Controller (Art. 6(f) of the Regulations).
  3. legal fulfillment, i.e., to fulfill specific obligations under the law, a regulation or EU legislation. Once the data subject has voluntarily provided his or her data to receive the requested goods and/or services from MMS, the subsequent provision of personal data for that purpose is mandatory. In fact, the legal basis for the processing is the fulfillment of legal obligations on the part of the Data Controller (Art. 6(c) of the Regulations);
  4. Marketing activities related to services/products similar to those you have requested, or for marketing and advertising communication purposes, aimed at informing you about promotional initiatives, carried out through automated means of contact exclusively by e-mail or for market research and statistical surveys, related to services/products similar to those you have requested, within the limits allowed by Art. 130(4) of the Code. The processing, as mentioned, is carried out in accordance with Art. 130, paragraph 4 of the Code, without prejudice to the possibility for the Interested Party to object to such use initially or when sending subsequent communications, by following the indications at the bottom of e-mail communications by writing to the address
    . In this case, the legal basis for processing is the fulfillment of legal obligations on the part of the Data Controller (Art. 6(c) of the Regulations);
  5. Newsletter activities, i.e. for the provision of a monthly newsletter service in favor of the Data Subject who requests it. The provision of data for this purpose is optional and the legal basis is the informed, free and express consent of the customer (Art. 6(a) of the Regulations).

In relation to the purposes of this notice, personal data are processed by automated and non-automated means by individuals specifically Designated for processing under Art. 2-quaterdecies of the Code and Art. 29 of the Regulations, for the time strictly necessary to achieve the purposes for which they were collected and in full compliance with all precautionary measures, which guarantee their security and confidentiality, as well as full compliance with legal obligations.

Personal data used for the purposes stated in this policy will be retained:

  • for the purpose referred to in Section 2.1, for a time necessary and not exceeding the achievement of the purpose and, in any case, to the termination, by the Interested Party, of the goods and/or services offered by MMS;
  • For the purpose of 2.2, data will be kept for 24 months;
  • for the purpose mentioned in Section 2.3, for the period of time required by the applicable law, regulation or EU legislation;
  • For the purpose of 2.4, data will be kept for 24 months;
  • For the purpose of 2.5, the data will only be kept for as long as the newsletter service is active.

Withdrawal from processing is done by contacting the Controller at the contact details given in Section 6.

After the above retention period has expired, the data will be made totally anonymous and used only for statistical research purposes under Art. 89 of the Regulations.

As noted above, upon the termination of the Data Subject’s enjoyment of the goods and/or services rendered by MMS (specifically, resale of eSIMs from third-party telecommunications companies and after-sales services), the data will be archived and retained for an additional twelve months solely for purposes of defense in court for contractual liability, as per the obligations established by legal regulations.

The sale of eSIMs of third-party telecommunications companies and the provision of related services offered by MMS are reserved for parties legally capable, based on the relevant national legislation, to conclude contractual obligations.

Personal data may be processed by Data Processors (art. 29 of the Regulations) in charge of managing the requested services and/or by Data Processors (art. 28 of the Regulations) appointed by MMS. You can request the list of Designated and Responsible Persons from the Data Controller at the contact details given in sections 5 and 6.

If necessary, in relation to the eSIMs of third-party telecommunications companies resold by MMS, as well as to the related sales and after-sales services offered by MMS itself, the Data Subject’s personal data may be disclosed to third parties who perform, as autonomous Data Controllers, functions closely related and instrumental to what has just been illustrated (e.g., credit institutions and online payment platforms to which the entire management of eSIM payments by the Data Subject is delegated, etc.).

Personal data may be disclosed to third parties to comply with legal obligations, MMS may transfer your personal data to government authorities, courts, external consultants, and similar third parties that are public entities to the extent required or permitted by applicable law, such as if the processing is necessary for the pursuit of MMS’s legitimate interests. This may happen, for example, if wrongdoing of any kind has been committed in the purchase of eSIMs from third-party telecommunications companies.

Pursuant to the Regulations and applicable national legislation, the Data Subject may, in the manner and within the limits provided, exercise the following rights:

  • Request confirmation of the existence of personal data concerning him/her (right of access);
  • Know its origin;
  • Receive intelligible communication;
  • Have information about the logic, methods and purposes of processing;
  • request the updating, rectification, integration, cancellation, transformation into anonymous form, and blocking of data processed in violation of the law, including data no longer necessary to achieve the purposes for which they were collected;
  • in cases of consent-based processing, receive their data provided to the data controller, in a structured, machine-readable form and in a format commonly used by an electronic device;
  • in cases of processing based on consent, to revoke it at any time, without affecting the lawfulness of the processing based on the consent given before revocation;
  • The right to file a complaint with the Supervisory Authority.

If you have any questions and want to exercise your rights, you can contact MMS at:

The owner of the above data is Manet Mobile Solutions S.r.l., based in Rome (00155), Via Edoardo D’Onofrio no. 67, tax code and VAT number 13464271009, in the person of legal representative Dr. Antonio Calia.

The full list of data processors and processors is available at MMS headquarters and can be found by contacting the following e-mail address

The Data Controller employs a Data Protection Officer (hereinafter, the “D.P.O.“) to supervise the protection related to personal data, designated pursuant to Art. 37 of the Regulations.

We remind you that you can at any time contact the D.P.O. and send any questions or requests regarding personal data by writing to

For the purpose of providing the requested goods and/or services, MMS may need to transfer the Data Subject’s data to entities residing in countries outside the European Economic Area (EEA) (consisting of the countries of the European Union and Switzerland, Iceland, Liechtenstein and Norway, which are considered countries with equivalent data protection and privacy laws).

This type of data transfer may occur if our servers (on which we store data) or our or other providers are located outside the EEA or if you use our products and services while in countries outside this area. In that case we will make sure that your data is properly and adequately protected.

We always make sure that there is a contract governing the transfer of data between the parties, in compliance with the current decisions of the European Commission.

If the state does not have equivalent data protection and privacy laws (i.e., there are no so-called “adequacy decisions” former Article 45 of the Regulations), we require third parties located outside the EEA to sign a contract with the standard contract clauses (former Art. 46 of the Regulation) for the transfer of personal data under the Regulation, as outlined in European Commission Decision no. 2021/914 of June 4, 2021.

Updated 03/21/2024