GDPR Compliance

We are committed to protecting the privacy rights of EU citizens under the General Data Protection Regulation (GDPR).

Compliance effective

May 25, 2018

Last reviewed

January 15, 2024

Our GDPR Commitment

The General Data Protection Regulation (GDPR) represents the strongest data protection framework in the world. As a global service provider, Mob Upgrade fully complies with GDPR requirements for all users, regardless of their location.

We have implemented comprehensive technical, organizational, and legal measures to ensure your personal data is processed lawfully, fairly, and transparently.

Lawful Processing

All data processing has a clear legal basis

Data Minimization

We collect only necessary data for our services

Transparent Processing

Clear information about how we use your data

Your Data Protection Rights

Right to Access

Request copies of your personal data

  • Receive a copy of all personal data we hold about you
  • Information about how your data is processed
  • Details about data sharing with third parties
  • Response provided within 30 days of request

Right to Rectification

Correct inaccurate or incomplete data

  • Update incorrect personal information
  • Complete incomplete data records
  • Immediate correction of critical information
  • Notification to third parties when applicable

Right to Erasure

Request deletion of your personal data

  • Complete deletion of personal data when no longer needed
  • Right to be forgotten in search results
  • Secure deletion from all systems and backups
  • Confirmation of deletion provided

Right to Restrict Processing

Limit how we process your data

  • Temporarily halt data processing activities
  • Maintain data but restrict usage
  • Apply during dispute resolution periods
  • Clear notification of restrictions applied

Right to Data Portability

Transfer your data to another service

  • Receive data in machine-readable format
  • Direct transfer to another service provider
  • Structured, commonly used file formats
  • No charge for data portability requests

Right to Object

Object to certain data processing

  • Object to processing for direct marketing
  • Object to automated decision-making
  • Object to processing based on legitimate interests
  • Immediate cessation upon valid objection

Legal Bases for Processing

Consent

You have given clear consent for processing

Examples:

  • Email marketing subscriptions
  • Optional data collection
  • Cookie preferences
Withdrawal: Can be withdrawn at any time

Contract

Processing necessary for service delivery

Examples:

  • eSIM activation
  • Customer support
  • Service delivery
Withdrawal: Required for service provision

Legal Obligation

Required by law or regulation

Examples:

  • Tax records
  • Fraud prevention
  • Regulatory compliance
Withdrawal: Cannot be withdrawn

Legitimate Interest

Necessary for legitimate business purposes

Examples:

  • Service improvement
  • Security monitoring
  • Analytics
Withdrawal: Can object with valid reason

Data Protection Measures

Technical Safeguards

End-to-end encryption for all data transmissions
Advanced access controls and authentication
Regular security audits and penetration testing
Automated threat detection and response systems
Secure data centers with 24/7 monitoring

Organizational Safeguards

Privacy by design in all system development
Regular staff training on data protection
Data Protection Impact Assessments (DPIAs)
Incident response and breach notification procedures
Third-party vendor security assessments

Legal Safeguards

Standard Contractual Clauses for international transfers
Data Processing Agreements with all vendors
Regular compliance audits and certifications
Clear data retention and deletion policies
Transparent privacy notices and consent mechanisms

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through approved mechanisms:

Transfer Mechanisms

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (BCRs)
  • Explicit consent where required

Additional Safeguards

  • Technical measures (encryption, pseudonymization)
  • Organizational measures (access controls, training)
  • Regular compliance monitoring and audits
  • Data subject rights enforcement mechanisms

Data Protection Officer

Contact Our DPO

Our Data Protection Officer is available to assist with all GDPR-related inquiries, complaints, and requests for exercising your rights.

Email: [email protected]

Phone: +1-308-856-3253

Response Time: Within 72 hours

Certified Professional

IAPP Certified Information Privacy Professional (CIPP/E)

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

EU Supervisory Authorities

  • Contact the authority in your EU member state
  • File complaints online or by mail
  • No cost to lodge a complaint
  • Independent investigation process

Before Filing a Complaint

  • Contact our DPO first for resolution
  • Allow 30 days for response
  • Document all communications
  • Keep records of your requests