Data Protection

GDPR and UK GDPR Notice

Last updated: 18 July 2026 · Effective: publication date · Reference language: English

This Notice explains the additional standards HANKATONG CONNECT follows when the UK GDPR or EU GDPR applies. Read it together with our Privacy Policy.

1. Scope and controller

HANKATONG LTD is the contracting, payment and data-controller entity for HANKATONG CONNECT. Company number 16087577, registered in England and Wales. Office 10779, 182-184 High Street North, East Ham, London, E6 2JA, United Kingdom. Privacy contact: cs@hankatong.app.

The UK GDPR applies to processing in the context of our UK establishment. EU GDPR may apply where we specifically offer services to people in the EEA or monitor their behaviour there. Where an EEA representative is legally required, its contact details will be published before the relevant processing begins.

2. CONNECT data and purposes

We do not use this Notice for HANKATONG prepaid-card, transport-card or stored-value services.

3. Lawful bases

4. Automated recommendations and decisions

Recommendations may automatically compare the trip, device and preferences you provide with available product information. They help you choose a product but do not create legal or similarly significant effects by themselves. Price, coverage, device support and product conditions remain visible for your review. Fraud and security signals may trigger review or temporary restriction; meaningful human review is available where applicable law requires it.

5. Recipients and international transfers

Necessary data may be provided to Stripe and other payment processors, cloud and security providers, communications and support providers, analytics providers where enabled, and SIM suppliers, carriers, fulfilment or delivery partners. Data may be processed in the UK, Republic of Korea, United States, Japan or a supplier location. Where required, we rely on adequacy regulations, approved contractual clauses, transfer risk assessments and supplementary technical or organisational safeguards.

6. Retention and security

Account data is kept until deletion unless law requires retention. Contract, payment, refund and supply records are generally retained for 5 years, and complaint or dispute records generally for 3 years after resolution. Security and support data is kept only as reasonably necessary. We use access controls, encryption in transit, monitoring, backups, separation of retained records and limited staff access.

7. Your rights

Where applicable, you may request access, correction, deletion, restriction, portability or objection; withdraw consent; and object to direct marketing. You may also request human review of certain automated decisions and complain to the UK Information Commissioner’s Office or your EEA supervisory authority. Identity verification and lawful retention exceptions may apply. Use our account deletion page or email us.

8. Required and optional data

Account credentials, contact details and order information may be contractually required to create an account or fulfil an order. Without them, the relevant service may not be available. Optional permissions and marketing consent are not required for unrelated service functions.

9. Contact and changes

Privacy requests: cs@hankatong.app. We will announce material changes before they take effect where required. This Notice does not replace rights granted by mandatory law.