Privacy policy

Last updated: 24 June 2026

1. Who we are

GulfData is a trading name of Vector Retail Group Limited (“GulfData”, “we”, “us”), the data controller responsible for your personal data.

Business address: 30 Allt-Yr-Yn Heights, Newport, NP20 5DX, United Kingdom
Email: support@gulfdata.io
Telephone: +44 1633 603635

We are registered with the UK Information Commissioner’s Office (ICO), registration number ZA901522. We have not appointed a statutory Data Protection Officer; privacy queries should be sent to support@gulfdata.io.

This policy applies to our website (gulfdata.io) and the GulfData mobile app.

2. What personal data we collect

  • Account data: your email address (used to sign you in via a one-time code), and your name and phone number where you provide them at checkout.
  • Order & transaction data: the plans you buy, order number, date and amount, billing address, and payment confirmation. We do not store full payment card details — these are handled directly by our payment processors.
  • eSIM service data: the technical details needed to provide and manage your eSIM (for example ICCID, plan and activation details) and your data-usage information.
  • Account identifiers: an internal customer/account identifier linking your records.
  • Technical & website data: IP address, device/browser information, and basic usage analytics collected via cookies and similar technologies on our website.

The GulfData app collects no advertising identifiers and uses no analytics, advertising or tracking software. We do not knowingly collect special-category data, and our service is intended for users aged 18 and over.

3. How we use your data and our lawful bases (UK GDPR Article 6)

  • Performance of a contract: to create and secure your account, deliver and manage your eSIM, process orders, refunds and top-ups, and provide customer support.
  • Legal obligation: to keep financial, tax and accounting records, and to meet sanctions, fraud-prevention and other legal requirements.
  • Legitimate interests: to secure our service, prevent fraud and abuse, and improve our products. We balance these against your rights.
  • Consent: for non-essential cookies and analytics on our website and for any marketing communications. You can withdraw consent at any time.

4. Who we share your data with

We share the minimum personal data necessary with trusted service providers who act on our instructions. These fall into the following categories:

  • our e-commerce and website platform (store, checkout and order management);
  • hosting and database providers (where your account and eSIM data are stored);
  • payment processors (to take payment securely — they handle your card details directly; we never store full card numbers);
  • email delivery providers (to send sign-in codes and service emails);
  • eSIM network providers and their mobile-operator partners (to provision and run your eSIM — they receive only what is needed to deliver the service).

We may also disclose data where required by law, to enforce our terms, or to protect our rights, users or others. We do not sell your personal data. If you'd like details of the specific providers we use, contact us at support@gulfdata.io.

5. International data transfers

Some of our providers process data outside the UK or EEA (for example in the United States). Where this happens, we rely on appropriate safeguards — UK adequacy regulations, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses — together with each provider’s data-processing terms. You can request details from support@gulfdata.io.

6. How long we keep your data

  • Account data (email, name, phone, eSIM records, usage): kept while your account is active and deleted when you ask us to delete your account.
  • Order, transaction and financial records: retained for up to 6 years after the transaction to meet UK tax, accounting and legal obligations.
  • Sign-in codes: short-lived and deleted once used or expired.
  • Customer-support correspondence: kept for up to 2 years.
  • Website cookies and analytics: kept for the lifetime of the relevant cookie.

When data is no longer needed we delete or anonymise it. You can delete your account and associated data in the app (Profile → Settings → Delete Account) or by emailing support@gulfdata.io.

7. Your rights (UK GDPR)

You have the right to: access your data; have inaccurate data corrected; have your data erased (the “right to be forgotten”); restrict or object to our processing; data portability; withdraw consent at any time where processing is based on consent; and not be subject to solely automated decisions with legal or similarly significant effects (we do not carry these out).

To exercise any right, email support@gulfdata.io. We will respond within one month and will not charge a fee in most cases.

If you are unhappy with how we handle your data, you can complain to the Information Commissioner’s Office (ICO): ico.org.uk, helpline 0303 123 1113, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. We would appreciate the chance to put things right first.

8. Cookies and analytics

Our website uses cookies and similar technologies to run the site, understand usage, improve performance and measure marketing. Non-essential cookies are used only with your consent, which you can give or withdraw via our cookie banner and manage in your browser settings. See our Cookie Policy for details.

9. Data security

We use appropriate technical and organisational measures to protect your data, including encrypted (TLS) connections, reputable hosting and processors, access controls, and collecting only the data we need.

10. Changes to this policy

We may update this policy from time to time. The current version is always available on our website, and we will update the “Last updated” date at the top.

11. Contact

Questions about this policy or your data:
Email: support@gulfdata.io
Vector Retail Group Limited, 30 Allt-Yr-Yn Heights, Newport, NP20 5DX, United Kingdom