GDPR and UK GDPR Notice
This Notice explains the additional standards HANKATONG CONNECT follows when the UK GDPR or EU GDPR applies. Read it together with our Privacy Policy.
1. Scope and controller
HANKATONG LTD is the contracting, payment and data-controller entity for HANKATONG CONNECT. Company number 16087577, registered in England and Wales. Office 10779, 182-184 High Street North, East Ham, London, E6 2JA, United Kingdom. Privacy contact: cs@hankatong.app.
The UK GDPR applies to processing in the context of our UK establishment. EU GDPR may apply where we specifically offer services to people in the EEA or monitor their behaviour there. Where an EEA representative is legally required, its contact details will be published before the relevant processing begins.
2. CONNECT data and purposes
- Account and contact data for registration, authentication and support.
- Destination, travel dates, party size and preferences for trip management and SIM recommendations.
- Device model, operating system, eSIM compatibility and optional permissions for compatibility and setup guidance.
- Order, payment status, refund, eSIM issuance, SIM delivery, activation and usage-status records for contract performance.
- Support messages, attachments, reviews, security logs and fraud signals for assistance, safety and dispute handling.
We do not use this Notice for HANKATONG prepaid-card, transport-card or stored-value services.
3. Lawful bases
- Contract: accounts, recommendations requested by you, orders, payment, fulfilment, activation, usage support and refunds.
- Legal obligation: tax, accounting, consumer protection, sanctions, regulatory requests and legally required records.
- Legitimate interests: service security, fraud prevention, reliability, customer support, product improvement and legal claims, balanced against your rights.
- Consent: optional precise location, non-essential marketing, optional notifications or cookies where consent is required. You may withdraw consent at any time.
4. Automated recommendations and decisions
Recommendations may automatically compare the trip, device and preferences you provide with available product information. They help you choose a product but do not create legal or similarly significant effects by themselves. Price, coverage, device support and product conditions remain visible for your review. Fraud and security signals may trigger review or temporary restriction; meaningful human review is available where applicable law requires it.
5. Recipients and international transfers
Necessary data may be provided to Stripe and other payment processors, cloud and security providers, communications and support providers, analytics providers where enabled, and SIM suppliers, carriers, fulfilment or delivery partners. Data may be processed in the UK, Republic of Korea, United States, Japan or a supplier location. Where required, we rely on adequacy regulations, approved contractual clauses, transfer risk assessments and supplementary technical or organisational safeguards.
6. Retention and security
Account data is kept until deletion unless law requires retention. Contract, payment, refund and supply records are generally retained for 5 years, and complaint or dispute records generally for 3 years after resolution. Security and support data is kept only as reasonably necessary. We use access controls, encryption in transit, monitoring, backups, separation of retained records and limited staff access.
7. Your rights
Where applicable, you may request access, correction, deletion, restriction, portability or objection; withdraw consent; and object to direct marketing. You may also request human review of certain automated decisions and complain to the UK Information Commissioner’s Office or your EEA supervisory authority. Identity verification and lawful retention exceptions may apply. Use our account deletion page or email us.
8. Required and optional data
Account credentials, contact details and order information may be contractually required to create an account or fulfil an order. Without them, the relevant service may not be available. Optional permissions and marketing consent are not required for unrelated service functions.
9. Contact and changes
Privacy requests: cs@hankatong.app. We will announce material changes before they take effect where required. This Notice does not replace rights granted by mandatory law.