PRIVACY POLICY
This Privacy Policy describes how LLC Vaperi ("the Company", "we", "us", or "our") collects, uses, and discloses personal and business data when partners and agents ("Partner", "you") access and use the Viberest Partners platform (p.viberest.com) to manage and resell eSIM services.
By accessing the Viberest Partners platform, you acknowledge that you have read, understood, and agreed to this Privacy Policy. This document complies with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable Georgian data protection law.
Table of Contents
1.DEFINITIONS AND INTERPRETATION
For the purposes of this Privacy Policy: 'Personal Data' means any information relating to an identified or identifiable natural person. 'Partner' refers to any registered business or individual using the Viberest Partners dashboard to resell eSIM services. 'End-User' or 'Customer' refers to the final consumer to whom the Partner sells eSIM products. 'Services' refers to the Viberest Partners platform, dashboard, brand management tools, and eSIM reselling infrastructure provided by LLC Vaperi.
2.COLLECTION OF PERSONAL DATA
2.1. Data Collected Directly from Partners
We collect the following data provided directly by Partners upon registration and platform use: full name, email address, phone number, company name (if applicable), payout and payment processing details (managed via Stripe and PayPal), brand assets including logos and cover images (stored securely on Amazon S3), and account credentials.
2.2. Technical Data Related to End-User eSIM Activity
When a Partner generates eSIM profiles for their customers, our system records limited technical data strictly for service delivery and connectivity assurance: ICCID (eSIM serial number), network activation status, and data usage volume. We do not collect, store, or process personal identification data (such as names or payment details) of the Partner's end-users, as those transactions occur between the Partner and their customer.
2.3. Automatically Collected Technical Data
When you access the platform, we automatically collect: IP address, browser type, device type, and operating system; session and authentication data via secure cookies; and usage analytics to maintain and improve platform performance.
3.PURPOSE AND LEGAL BASIS FOR PROCESSING
We process your data under the following legal bases as defined by GDPR Article 6: (a) Performance of a Contract — to provide the Partner dashboard, process orders, manage payouts, and deliver eSIM services; (b) Legal Obligation — to comply with applicable tax, anti-money laundering (AML), and financial reporting requirements under Georgian and EU law; (c) Legitimate Interests — to prevent fraud, ensure platform security, and improve our services. We do not use your data for automated decision-making or profiling purposes.
4.DATA SHARING AND DISCLOSURE
We do not sell, rent, or trade your personal data or your customers' data to any third party. Data is disclosed only to the following strictly necessary sub-processors: Stripe and PayPal for payment processing and payout management; Airalo API and EsimAccess API for eSIM profile generation and network connectivity; Amazon Web Services (AWS) for secure cloud storage of brand assets and platform infrastructure; MongoDB Atlas for encrypted database hosting. All third-party processors are bound by data processing agreements and are obligated to handle your data in compliance with applicable data protection law.
5.DATA SECURITY AND INTERNATIONAL TRANSFERS
We implement robust technical and organisational security measures including SSL/TLS encryption for all data in transit, bcrypt hashing for stored passwords, and strict access controls limiting data access to authorised personnel only. Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (AWS infrastructure). All such international transfers are conducted in compliance with GDPR Chapter V, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission or other applicable transfer mechanisms ensuring an equivalent level of data protection.
6.YOUR LEGAL RIGHTS
Under the GDPR and applicable data protection law, you have the following rights regarding your personal data: (i) Right of Access — to obtain a copy of the personal data we hold about you; (ii) Right to Rectification — to correct inaccurate or incomplete data; (iii) Right to Erasure ('Right to be Forgotten') — to request deletion of your data, subject to applicable legal retention obligations; (iv) Right to Restriction of Processing — to request that we limit the manner in which we process your data; (v) Right to Object — to object to processing carried out on the basis of our legitimate interests; (vi) Right to Data Portability — to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller; (vii) Right to Lodge a Complaint — you have the right to lodge a complaint with a competent supervisory authority, including the Personal Data Protection Service of Georgia or the relevant EU supervisory authority in your country of residence.
To exercise any of these rights, please submit a formal written request to our Data Protection Officer at info@llc-vaperi.de. We will respond within 30 days as required by applicable law.
7.CONTACT INFORMATION
For all inquiries regarding this Privacy Policy, data processing practices, or to exercise your legal rights, please contact our Data Protection Officer: