Privacy Policy

1. Introduction and Scope

bdeshConnect ("we", "our", or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use our website and services (collectively, the "Services").

Our Services include eSIM products (via Airalo), Uber vouchers, accommodation bookings (via Amber Student and Uni Places), and other travel essentials delivered digitally through your account and email. This policy applies to all users of our Services, including customers in Bangladesh and internationally.

We comply with:

• The Digital Security Act 2018 (Bangladesh)
• The Privacy Act 1988 (Cth) including the Australian Privacy Principles (APPs)
• General Data Protection Regulation (GDPR) principles where applicable

By using our Services, you consent to the collection and use of your information as described in this policy. If you do not agree with this policy, please do not use our Services.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account, make a purchase, or contact us, we collect:

• Full name and email address (required)
• Phone number (optional, for order updates)
• Billing address and payment information
• Transaction and order history
• Communication preferences
• Support ticket messages and attachments

2.2 eSIM and Product-Related Information

When you purchase eSIM products, we may collect:

• Destination country for eSIM activation
• Device type and compatibility information
• eSIM activation status (shared with Airalo)

2.3 Automatically Collected Information

When you access our Services, we automatically collect:

• IP address and approximate geographic location
• Device information (type, operating system, browser)
• Pages visited, time spent, and clickstream data
• Referral source and exit pages
• Session information and authentication tokens

2.4 Payment Information

Payment card information is collected and processed directly by our PCI DSS compliant payment processor (Stripe). We do not store complete payment card numbers on our servers. We only retain the last 4 digits and card type for reference purposes.

3. How We Use Your Information

We use your personal information for the following purposes:

• Order Processing: To process, fulfill, and deliver your orders
• Communication: To send transaction confirmations, delivery codes, invoices, and receipts
• Customer Support: To respond to inquiries, resolve issues, and provide assistance
• Account Management: To maintain your account and provide access to order history
• Fraud Prevention: To detect, prevent, and investigate fraudulent transactions
• Service Improvement: To analyze usage patterns and improve our Services
• Legal Compliance: To comply with legal obligations and enforce our Terms
• Marketing: To send promotional emails (with your consent, which you may withdraw at any time)

We process your personal information based on: (1) your consent; (2) performance of our contract with you; (3) our legitimate business interests; or (4) compliance with legal obligations.

4. Information Sharing and Disclosure

We may share your personal information with:

4.1 eSIM Providers

When you purchase an eSIM, we share necessary information with our providers:

• Airalo: Email address for eSIM delivery, order details. See Airalo Privacy Policy

4.2 Other Service Providers

• Stripe: Payment processing. See Stripe Privacy Policy
• Email Services: For sending transactional and marketing emails
• Hosting Providers: For secure data storage and website hosting
• Analytics Services: For website performance and user behavior analysis

4.3 Uber Vouchers

For Uber voucher purchases, we only deliver the voucher code to your email. We do not share your personal information with Uber Technologies Inc. When you redeem the voucher in the Uber app, you are subject to Uber's Privacy Notice.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or to:

• Comply with legal processes and obligations
• Protect our rights, property, or safety
• Investigate fraud or security issues
• Enforce our Terms of Service

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Security

We implement industry-standard technical and organizational measures to protect your personal information:

• Encryption: SSL/TLS encryption for all data transmission; encryption at rest for stored data
• Access Controls: Role-based access restrictions limiting employee access to personal data
• Authentication: Secure password hashing using bcrypt with industry-standard salt rounds
• Monitoring: Regular security audits, vulnerability assessments, and intrusion detection
• Secure Infrastructure: Hosting with reputable providers offering physical and network security
• Incident Response: Documented procedures for detecting and responding to data breaches

While we strive to protect your personal information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you promptly of any data breach as required by law.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

• Account Information: Retained while your account is active and for 2 years after account closure
• Transaction Records: Retained for 7 years to comply with tax and accounting requirements
• eSIM Order Data: Retained for 2 years for support purposes; activation data is managed by Airalo
• Uber Voucher Records: Retained for 2 years for support and verification
• Support Communications: Retained for 3 years for quality assurance and dispute resolution
• Marketing Data: Retained until you withdraw consent or for 2 years of inactivity

After the retention period, we securely delete or anonymize your personal information. You may request earlier deletion subject to our legal obligations.

7. Your Privacy Rights

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information we hold
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Restriction: Request restriction of processing in certain circumstances
• Portability: Request transfer of your data to another service provider
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for marketing communications at any time
• Complaint: Lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy.legal@bdeshconnect.com. We will respond within 30 days. Australian customers may also contact the Office of the Australian Information Commissioner (OAIC).

We may require verification of your identity before processing requests. Some rights may be limited by legal obligations or legitimate business interests.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for authentication, security, and basic functionality
• Analytics Cookies: Help us understand how users interact with our Services
• Preference Cookies: Remember your settings and preferences

We do not use third-party advertising cookies or sell your data to advertisers. You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence, including Bangladesh, the United States, and the European Union.

We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses, adequacy decisions, or other legally approved mechanisms. For Australian customers, we comply with APP 8 regarding cross-border disclosure.

10. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you are under 18, you must have parental or guardian consent to use our Services.

If we become aware that we have collected personal information from a child without proper consent, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services. Material changes will be communicated by:

• Updating the "Last updated" date at the top of this policy
• Posting a notice on our website
• Sending an email notification to registered users

Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact: