隐私政策
最后更新: 2026年5月
目录
- 1. 简介
- 2. 数据控制方信息
- 3. 我们收集的个人数据
- 4. 个人数据来源
- 5. 处理的法律依据
- 6. 数据共享与接收方
- 7. 数据跨境传输
- 8. 您的数据保护权利
- 9. 数据保留
- 10. 儿童个人数据
- 11. Cookie与追踪技术
- 12. 联系方式
- 13. 加利福尼亚州隐私权利(CCPA/CPRA)
- 14. Brazil Privacy Rights (LGPD)
- 15. Japan Privacy Rights (APPI)
- 16. Canada Privacy Rights (PIPEDA)
- 17. India Privacy Rights (DPDP Act)
- 18. Additional Regional Privacy Rights
- 19. AI and Machine Learning
- 20. Referral Program Privacy
1. Introduction
本隐私政策(以下简称「本声明」)说明Future Syncs Limited(英国)以HelloRoam品牌名义运营时,如何处理您的个人数据。涵盖您在联系我们、使用应用、访问网站或购买服务时提供或我们收集的个人信息。
根据《通用数据保护条例》(EU)2016/679(GDPR)及英国GDPR的要求,我们有义务向您说明相关信息,包括您的数据保护权利详情。
HelloRoam是否遵守数据保护法律?
HelloRoam非常重视数据保护,未经合法依据绝不向第三方共享您的个人数据。我们遵守GDPR、英国数据保护法以及北美、澳大利亚和拉丁美洲的隐私法规,所有服务均内置隐私保护设计。
We run Data Protection Impact Assessments when we start new services or data processing that may pose a high risk to your rights.
2. Data Controller Information
就本声明而言,数据控制方为Future Syncs Limited(英国),以HelloRoam品牌运营。HelloRoam对您的个人数据负责。
Company:Future Syncs Limited
Brand:HelloRoam(Future Syncs Limited旗下品牌)
Address:英国伦敦
Company Registration:15950168
Email:admin@helloroam.com
HelloRoam致力于保护您的个人数据。本声明详细说明我们如何处理您的数据。
3. Personal Data We Collect
我们收集和处理以下类别的个人数据:
| 类别 | 示例 |
|---|---|
| 身份数据 | 名字、姓氏、用户名或类似标识符、称谓、出生日期 |
| 联系数据 | 电子邮件地址、电话号码、账单地址、配送地址 |
| 财务数据 | 支付卡信息(由我们的支付服务商处理)、银行账户信息 |
| 交易数据 | 您与我们之间的付款明细、您购买的产品和服务详情 |
| 技术数据 | IP地址、登录数据、浏览器类型及版本、时区和位置设置、浏览器插件类型及版本、操作系统及平台、设备标识符 |
| 个人资料数据 | 您的用户名和密码、购买或订单记录、您的兴趣偏好、反馈和调查回复 |
| 使用数据 | 您使用我们网站、产品和服务的相关信息,包括eSIM激活数据和流量使用模式 |
| 营销数据 | 您对接收我们及第三方营销信息的偏好,以及您的通信偏好 |
4. Sources of Your Personal Data
我们从以下来源收集您的个人数据:
直接互动
当您填写表单或通过电话、电子邮件或其他渠道联系我们时,您会向我们提供身份、联系和财务数据。包括您创建账户、购买套餐、订阅服务、申请营销信息、参加促销活动或提供反馈时分享的数据。
自动化技术
当您使用我们的网站和应用时,我们可能通过Cookie、服务器日志及类似技术自动收集有关您设备、浏览行为和使用模式的技术数据。
第三方
我们可能从第三方获取个人数据,包括分析服务商、广告网络、搜索信息提供商、支付和配送服务商,以及身份核验服务商。
5. Legal Basis for Processing
我们仅在法律允许的情况下使用您的个人数据。以下是最常见的情形:
合同履行
履行我们与您签订或即将签订的合同所必需的情形。
合法利益
基于我们(或第三方)的合法利益,且该利益不凌驾于您的基本权利和利益之上。
法律义务
遵守法律或监管义务所必需的情形。
同意
您已就一个或多个特定目的同意处理您的个人数据。
您撤回同意的权利
我们仅在法律允许的情况下使用您的个人数据。以下是最常见的情形:
6. Data Sharing & Recipients
我们可能与以下类别的接收方共享您的个人数据:
服务提供商
代表我们提供服务的公司,包括支付处理、数据分析、邮件发送、托管、客户服务和营销支持。
网络合作伙伴
为我们提供网络连接服务的移动网络运营商和eSIM提供商。
专业顾问
提供法律、财务和咨询服务的律师、银行、审计师和保险公司。
监管机构
在法律要求的情况下,向政府机构、监管机构、执法机关、法院及其他权威机构披露。
数据保护标准
我们要求所有第三方遵守数据安全标准,依法处理您的个人数据。我们不允许第三方服务商将您的数据用于自身目的,他们只能按照我们规定的特定目的处理数据。
Our Data Processors
We share your data with these trusted service providers. Each one has a data processing agreement with us.
| 处理方 | 用途 |
|---|---|
| Stripe | Payment processing. Card details go directly to Stripe and are never stored on our servers. |
| Supabase | User authentication and account management. |
| Google Analytics (GA4) | Website usage analytics. Only active after you give consent. |
| Google Ads | Conversion tracking for advertising. Only active after you give consent. |
| Google Tag Manager | Tag management for analytics and marketing scripts. |
| Meta (Facebook Pixel) | Marketing analytics and conversion tracking. Only active with marketing consent. |
| Microsoft Clarity | Behavioral analytics and session recordings to improve user experience. Only active with analytics consent. |
| Sentry | Error monitoring and performance tracking. Personal data is automatically redacted. |
| VWO (Visual Website Optimizer) | A/B testing to help us improve the website experience. |
| Vercel | Website hosting, analytics, and performance monitoring. |
| Rewardful | Affiliate referral tracking. Stores a referral token for 90 days when you arrive via an affiliate link. |
We have Data Processing Agreements in place with all processors listed above.
Affiliate Partners
When you arrive through an affiliate link, we share a referral token with Rewardful to attribute your purchase and calculate rewards. This data is kept for 90 days.
7. International Data Transfers
我们可能将您的个人数据传输至英国和欧洲经济区(EEA)以外的国家。每次传输时,我们都会采取保障措施,确保您的数据受到同等保护。
• 向欧盟委员会或英国政府认定具有充分数据保护水平的国家传输。
• 使用欧盟委员会或英国政府批准的标准合同条款(Standard Contractual Clauses)。
• 向经EU-US数据隐私框架认证的美国服务商传输。
联系我们了解数据跨境传输
如需了解我们在英国或欧洲经济区以外传输您个人数据时采用的具体保障措施,请发送邮件至privacy@helloroam.com联系我们。
Transfer Mechanisms by Processor
Stripe, Google, Meta, Microsoft, Sentry, VWO, and Vercel transfer data to the United States under Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework. Supabase processes data in the US under SCCs. For UK-origin transfers, we use the UK International Data Transfer Agreement (IDTA) alongside SCCs.
8. Your Data Protection Rights
根据数据保护法律,您享有以下权利:
查阅权
您可以申请获取我们持有的您的个人数据副本。
更正权
您可以要求我们更正不准确的信息或补全不完整的记录。
删除权
在特定条件下,您可以要求我们删除您的个人数据。
限制处理权
在特定条件下,您可以要求我们限制处理您的个人数据。
反对权
在特定条件下,您可以反对我们处理您的个人数据。
数据可携带权
在特定条件下,您可以要求我们将您的数据转移给其他机构或直接提供给您。
撤回同意
当我们基于您的同意处理数据时,您可随时撤回同意。
投诉权
您可以向监管机构提出投诉。
We do not use solely automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.
如何行使您的权利
如需行使上述任何权利,请发送邮件至privacy@helloroam.com联系我们。查阅数据或行使权利无需缴纳费用。仅当您的请求明显无根据、重复或过度时,我们才可能收取合理费用。
9. Data Retention
我们仅在必要时间内保留您的个人数据,包括满足法律、财务或报告要求所需的时间。
在决定数据保留时长时,我们会综合考量数据的数量与敏感程度、未授权使用造成的危害风险、收集目的、是否有其他方式实现该目的,以及适用的法律要求。
| Category | Retention Period |
|---|---|
| 账户数据 | 账户存续期间及注销后6年 |
| 交易数据 | 交易日期起7年 |
| 营销偏好 | 直至您退订或3年无活动 |
| 技术/使用数据 | 收集后13个月 |
10. Children's Personal Data
我们的服务面向16岁及以上用户。我们不会有意收集16岁以下儿童的个人数据。如果您是家长或监护人,认为您的孩子已向我们提供数据,请立即联系我们。
如果我们发现在未获得家长同意的情况下收集了儿童的个人数据,我们将立即从系统中删除。
家长须知
如果您认为我们持有16岁以下儿童的数据,请立即发邮件至admin@helloroam.com联系我们。
12. Contact Information
如对本隐私政策或我们的数据处理方式有疑问,请联系我们:
投诉权利
如对本隐私政策或我们的数据处理方式有疑问,请联系我们:
13. 加利福尼亚州隐私权利(CCPA/CPRA)
如果您是加利福尼亚州居民,《加利福尼亚州消费者隐私法》(CCPA)和《加利福尼亚州隐私权利法》(CPRA)赋予您对个人信息的特定权利。本节说明这些权利及其行使方式。
HelloRoam不出售CCPA所定义的个人信息。
我们收集的个人信息
我们从加利福尼亚州居民处收集以下类别的个人信息:
- 标识符:姓名、电子邮件地址及账户凭据
- 设备信息:设备类型、操作系统及用于eSIM激活的设备标识符
- 支付信息:由我们的支付服务商安全处理的账单详情
- 使用数据:您与我们网站和应用的互动情况
- 互联网或其他网络活动:IP地址、浏览器类型及访问的页面
知情权
您可以询问我们收集了您哪些个人信息、信息来源、收集目的以及共享对象。
删除权
您可以要求我们删除从您处收集的个人信息。部分情形除外,例如我们需要该数据完成交易或履行法律义务时。
选择退出权
您可以要求我们不出售或共享您的个人信息。HelloRoam不出售个人信息,因此此权利已默认受到保障。
非歧视权
我们不会因您行使加利福尼亚州隐私权利而对您区别对待或拒绝提供服务。
如何提交CCPA请求
如需行使上述任何权利,请发邮件至privacy@helloroam.com联系我们。邮件中请注明您的姓名、电子邮件地址及请求说明。如您持有书面授权或授权委托书,也可代他人提交请求。
身份验证流程
在处理您的请求之前,我们需要验证您的身份。我们将要求您确认与账户关联的电子邮件地址,并可能要求提供其他信息以核实身份。我们将在45天内响应您的请求。如需更多时间,我们会提前告知。
14. Brazil Privacy Rights (LGPD)
Brazil's Lei Geral de Proteção de Dados (LGPD) applies to HelloRoam when we process personal data from individuals in Brazil. This section explains your rights and how we handle your data under Brazilian law.
Legal Bases Under LGPD
We process your personal data based on your consent, to perform a contract with you, to meet a legal obligation, or to serve our legitimate interests. We tell you the applicable legal basis at the time we collect your data.
Your Rights Under LGPD
- Confirmation that we process your personal data and access to a copy of it.
- Correction of incomplete, inaccurate, or outdated data.
- Anonymization, blocking, or deletion of unnecessary or excessive data.
- Portability of your personal data to another service provider.
- Deletion of personal data processed with your consent.
- Information about which public and private entities we share your data with.
- Information about your option to deny consent and the consequences of doing so.
- Withdrawal of consent at any time, free of charge.
- Review of decisions made by automated means that affect your interests.
Data Protection Officer
Our Data Protection Officer handles privacy matters for Brazilian residents. Contact them at admin@helloroam.com with the subject line "LGPD Request." We will respond within the timeframes required by Brazilian law.
If you believe we have not handled your data correctly, you have the right to file a complaint with Brazil's national data protection authority, the Autoridade Nacional de Proteção de Dados (ANPD), at gov.br/anpd.
15. Japan Privacy Rights (APPI)
Japan's Act on Protection of Personal Information (APPI) applies when we process personal data from individuals in Japan. We handle your data in line with APPI requirements and the guidelines issued by Japan's Personal Information Protection Commission (PPC).
Purpose of Data Use
We use your personal data to process eSIM orders, manage your account, provide customer support, send service notifications, and improve our platform. We will not use your data for other purposes without notifying you first.
Cross-Border Transfers
Your personal data is transferred to and stored in the United Kingdom. The UK has been recognized as providing an adequate level of personal data protection by the European Commission. We apply equivalent safeguards for transfers under APPI.
Your Rights Under APPI
- Disclosure of the personal data we hold about you.
- Correction of any inaccurate personal data.
- Cessation of use or deletion of your personal data where it is no longer needed.
- Cessation of provision of your personal data to third parties.
To exercise your rights or to submit a complaint, email us at admin@helloroam.com. You may also contact the Personal Information Protection Commission (PPC) at ppc.go.jp.
16. Canada Privacy Rights (PIPEDA)
Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) applies to HelloRoam's handling of personal information from Canadian residents. We follow the fair information principles that PIPEDA requires.
How We Apply PIPEDA Principles
- Accountability: We are responsible for all personal information under our control and have designated a privacy contact to oversee compliance.
- Consent: We collect, use, or disclose your personal information only with your knowledge and consent, except where the law permits otherwise.
- Limiting Collection: We collect only the information we need for the identified purposes.
- Accuracy: We keep your personal information as accurate, complete, and up to date as necessary.
- Safeguards: We protect your personal information with security appropriate to its sensitivity.
Your Rights Under PIPEDA
- Access to the personal information we hold about you.
- Challenge the accuracy and completeness of your information and request corrections.
- Withdraw consent for non-essential data collection at any time.
To make a privacy request, email us at admin@helloroam.com. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.
17. India Privacy Rights (DPDP Act)
India's Digital Personal Data Protection Act 2023 (DPDP Act) applies when we process personal data from individuals in India. HelloRoam acts as a Data Fiduciary under this law and processes your data only for clear, lawful purposes.
Your Rights Under the DPDP Act
- Access to a summary of the personal data we process and how we use it.
- Correction and updating of inaccurate or incomplete personal data.
- Erasure of personal data that is no longer necessary for the purpose it was collected.
- Grievance redressal through our dedicated grievance mechanism.
- Nomination of another individual to exercise your rights on your behalf in case of death or incapacity.
As a Data Fiduciary, HelloRoam collects only the personal data needed to provide our eSIM services. We keep it secure, use it only for stated purposes, and delete it when it is no longer needed. We do not process the personal data of children without verifiable parental consent.
To raise a grievance or exercise any DPDP right, email us at admin@helloroam.com with the subject line "DPDP Request." We will acknowledge your request within 48 hours and resolve it within the timeframe required by law.
18. Additional Regional Privacy Rights
HelloRoam operates in 185+ countries. In addition to GDPR, CCPA, LGPD, APPI, PIPEDA, and the DPDP Act, the following regional laws may apply to you depending on where you live.
South Africa (POPIA)
South Africa's Protection of Personal Information Act (POPIA) gives you rights to access, correct, and delete your personal data. Cross-border transfers require adequate protection. To exercise your rights or file a complaint, contact us at admin@helloroam.com or reach the Information Regulator at inforegulator.org.za.
Thailand (PDPA)
Thailand's Personal Data Protection Act (PDPA) requires your consent for most processing. You have the right to access, correct, delete, and port your data, and to object to processing. To exercise your rights or complain to the Personal Data Protection Committee (PDPC), contact us at admin@helloroam.com.
Singapore (PDPA)
Singapore's Personal Data Protection Act (PDPA) requires your consent before we collect, use, or disclose your personal data. You can withdraw consent at any time. We notify affected individuals promptly in the event of a data breach. Contact admin@helloroam.com for any PDPA-related request.
Turkey (KVKK)
Turkey's Personal Data Protection Law (KVKK) requires explicit consent for cross-border data transfers. You have the right to know whether your data is processed, access it, request correction or deletion, and object to automated decisions. To submit a request or file a complaint with the KVKK Board, contact us at admin@helloroam.com.
Switzerland (nFADP)
Switzerland's revised Federal Act on Data Protection (nFADP) applies to both natural and legal persons. You have the right to access your data, correct inaccuracies, and object to certain processing. We notify the Federal Data Protection and Information Commissioner (FDPIC) of significant data breaches. Contact admin@helloroam.com with any nFADP request.
Indonesia (UU PDP)
Indonesia's Personal Data Protection Law (UU PDP) requires your consent for data collection and cross-border transfers. We maintain a designated Data Protection Officer to oversee compliance. To exercise your rights or raise a concern, email admin@helloroam.com.
China (PIPL)
China's Personal Information Protection Law (PIPL) requires us to notify you and obtain separate consent before transferring your personal data outside China. We process data from Chinese residents only for the purposes clearly stated at the time of collection. Contact admin@helloroam.com for any PIPL-related request.
19. AI and Machine Learning
HelloRoam uses AI tools carefully and only where they improve our service without compromising your privacy. We do not use AI in ways that produce automated decisions with legal or similarly significant effects on individual users.
AI Crawler Access
Our public website content, including eSIM pricing, coverage information, and FAQs, is accessible to AI crawlers. Your account data, personal information, and order history are never exposed to or shared with AI crawlers. We protect all personal data from AI training pipelines.
How We Use AI Internally
We use AI tools to support content research and review customer support quality. These tools process anonymized or aggregated data only. They are not used to make automated decisions about individual users.
HelloRoam does not sell user data to AI companies, data brokers, or any third parties for AI model training purposes.
20. Referral Program Privacy
When you participate in the HelloRoam referral program, we collect limited technical data to attribute referrals accurately and prevent fraud.
Data Collected
- IP address (anonymized after attribution)
- Browser user-agent string
- Device fingerprint (hashed, non-reversible)
Purpose
This data is used solely to attribute referral purchases to the correct referrer, prevent duplicate or fraudulent claims, and calculate referral rewards. We do not use this data for advertising or sell it to third parties.
Data Retention
Referral attribution data is retained for 90 days after the referred purchase. After this period, the data is automatically deleted. Aggregated, non-personal statistics (total referrals, reward amounts) are kept for accounting purposes.
Your Privacy Matters
We care about your data rights. Our practices are transparent, and you can exercise your rights anytime by contacting us at admin@helloroam.com.
Related Policies
Questions About This Policy?
Have questions about this Privacy Policy or how we handle your data? We're happy to help.
