Privacy Policy
Effective as of 16 May 2026
At MyBestSim, we take the protection of your personal data seriously. This policy explains, clearly and completely, what data we collect when you use our website, why we do it, how long we keep it, who we share it with, and what your rights are.
If you have any questions, please write to us: [email protected].
1. Who is responsible for processing your data
The data controller is :
- Company: MBS, simplified joint-stock company with a sole shareholder (SASU)
- Share capital: €1,000
- Trade Register: Paris 993 863 174
- SIRET: 993 863 174 00013
- EU VAT number: FR42 993 863 174
- Registered office: 60 rue François 1er, 75008 Paris, France
- Publication Director: Etienne Tillier, President
- Data contact: [email protected]
MyBestSim has not appointed a Data Protection Officer (DPO), as this is not required given the nature of our activity. The contact for any data-related question is the address above.
2. What data we collect
We collect only the data strictly necessary for the purposes described in section 3. Here is the exhaustive list :
2.1 Data automatically collected when you browse the site
| Data | Detail | Source |
|---|---|---|
| IP address | Technically transmitted to our hosting provider and Cloudflare to route your request | All visitors |
| Approximate country | Inferred from your IP by Cloudflare | All visitors |
| Device type | Mobile / tablet / desktop | Visitors who consented to audience measurement |
| Browser language | Detected via URL or browser | All visitors |
| Pages visited, time spent, scrolling | Audience measurement | Visitors who consented |
| Clicks on eSIM offers and banners | Performance measurement | Visitors who consented |
| Characteristics of the clicked offer | Provider name, price, data amount, duration, destination country | Visitors who consented |
| Technical session ID | Random, generated for each visit, not linked to your identity | Visitors who consented |
2.2 Data you provide voluntarily
| Data | When | Purpose |
|---|---|---|
| Email address | Subscription via one of our forms (guide download, contact, etc.) | Send you what you requested |
| First name / Last name | Contact form | Respond to your request |
| Message content | Contact form or direct email | Process your request |
2.3 Technical security data
| Data | Detail |
|---|---|
| Server logs (Hostinger) | IP, timestamp, URL requested, response code, user-agent — used for security and debugging |
| Security logs (Wordfence, Sucuri, Cloudflare) | Intrusion attempts, suspicious requests |
We collect no banking data on this site. Transactions, if any, are processed by the partner sites to which you are redirected.
3. Why we use your data (purposes)
Each piece of data is used for a specific purpose :
| Purpose | Data used | Legal basis |
|---|---|---|
| Display the site correctly | IP, language, country | Legitimate interest (technical operation) |
| Secure the site | IP, server logs, Wordfence logs | Legitimate interest + legal obligation |
| Measure audience and improve the site | Page views, clicks, time, scrolling, session, device | Consent (via the cookie banner) |
| Compare eSIM offers and improve them for you | Clicks on offers, filters used, results shown | Consent (via the cookie banner) |
| Track the effectiveness of affiliate links | Clicks to partner providers | Consent (via the cookie banner) |
| Respond to your contact request | Email, name, message content | Pre-contractual measures / legitimate interest |
| Send you a requested guide or resource | Consent (at the time of download) | |
| Comply with our legal obligations | All data concerned by a legal request | Legal obligation |
4. What tools we use
To operate the site and measure its audience, we rely on the following tools. Each receives only the data necessary for its task.
| Tool | Provider | Role | Data received | Prior consent required |
|---|---|---|---|---|
| Hostinger | Hostinger International Ltd. (Cyprus) | Site hosting | All requests (IP, URL, logs) | No (technical) |
| MyBestSim Consent Manager | MBS SASU | Cookie consent management (banner, choice memorisation) | None (local storage only) | No (strictly necessary) |
| Cloudflare | Cloudflare, Inc. (United States) | CDN, firewall, aggregated audience measurement | IP, requests, anonymous statistics | No for security part; yes for Web Analytics |
| Google Tag Manager | Google Ireland Ltd. | Loading of measurement tags | No direct user data; then loads the tools below | No, but the loaded tags do |
| Google Analytics 4 | Google Ireland Ltd. | Audience measurement | Page views, clicks, truncated IP, cookie ID | Yes |
| Microsoft Clarity | Microsoft Corporation (United States) | Usage analysis (heatmaps, anonymised replays) | Page views, mouse movements, session ID | Yes |
| MyBestSim internal tracking (Cloudflare Worker + D1) | MBS SASU | Measurement of clicks on offers and banners | Anonymous session ID, page, device, language, offer characteristics | Yes |
| Content Egg | RealMag | Affiliate link management | Referrer to partner sites | No for simple redirection; yes if tracker is set |
| Internal automation infrastructure | MBS SASU | Routing emails submitted through our forms to our internal tools | Email, form source | Yes (at form submission) |
| WP Mail SMTP + Hostinger SMTP | Hostinger International Ltd. (Cyprus) | Sending outgoing emails | Recipient email, message content | No (technical) |
| Wordfence, Sucuri | Defiant Inc., Sucuri Inc. | Site security | IP, suspicious requests | No (security, legitimate interest) |
5. Cookies and trackers
Our site uses cookies and similar technologies (localStorage). Full details are available in our Cookie Policy.
In summary :
- Strictly necessary cookies: set without consent (WordPress session, security, memorisation of your cookie choice).
- Audience measurement cookies (Google Analytics, Microsoft Clarity, MyBestSim tracking): set only after your consent via the cookie banner.
- Affiliate cookies: set only after consent and when you click on a partner offer.
You can modify or withdraw your consent at any time via the « Manage my cookies » link in the footer.
6. Who we share your data with
Your data is never sold. It is shared only with :
6.1 Our technical processors (acting on our instructions)
- Hostinger (hosting) — Cyprus, EU
- Cloudflare (CDN, security, Web Analytics) — US headquarters, EU processing possible
- Google (Analytics, Tag Manager) — Ireland for the contract; US servers
- Microsoft (Clarity) — US headquarters
- Our SMTP provider (sending emails)
All these processors are bound by a GDPR-compliant Data Processing Agreement.
6.2 Our eSIM partners
When you click on an eSIM offer, you are redirected to the partner provider’s site. From that moment, the partner’s privacy policy applies. The partner receives the information that you are coming from mybestsim.com (called « referrer »), so that the affiliate commission can be attributed to us. No identifying personal data is transmitted to the partner by MyBestSim.
The up-to-date list of our partners is available on the site’s comparison pages.
6.3 Public authorities
We may be required to transmit your data to a competent authority (police, justice, tax authority in response to a lawful request.
6.4 Transfers outside the European Union
Some processors (Google, Microsoft, Cloudflare) are US-based companies. Data transfers to the United States are governed by the Data Privacy Framework (DPF), an adequacy decision adopted by the European Commission on 10 July 2023, which ensures a level of data protection equivalent to that of the EU.
7. How long we keep your data
We keep your data for as long as necessary for the purpose pursued, in compliance with legal retention periods and the recommendations of the French Data Protection Authority.
| Data | Retention period |
|---|---|
| Audience measurement data (Google Analytics) | 14 months |
| Audience measurement data (Microsoft Clarity) | 1 year |
| Internal tracking data (Cloudflare D1) | 25 months maximum then automatic deletion |
| Technical session ID | Duration of your visit |
| Popup memorisation cookie | 24 hours |
| « Returning visitor » localStorage | 13 months |
| Proof of your cookie consent | 6 months (re-prompt) then 5 years (proof) |
| Email submitted via a form | Time to respond to your request, then 3 years after the last contact |
| Server logs and security logs | 6 months maximum |
| Administrator account data | For the duration of the account |
Beyond these periods, data is automatically deleted or anonymised.
8. Your rights
In accordance with the GDPR and the French Data Protection Act, you have the following rights over your data :
- Right of access: obtain confirmation that we are processing data about you, and obtain a copy
- Right to rectification: have inaccurate data corrected
- Right to erasure (« right to be forgotten »): request deletion of your data
- Right to restriction: ask us to temporarily suspend the use of your data
- Right to object: oppose the processing of your data on legitimate grounds
- Right to portability: receive your data in a structured, readable format
- Right to withdraw your consent at any time (for example via the cookie banner)
- Right to set directives on the fate of your data after your death
- Right to lodge a complaint with the competent supervisory authority
How to exercise your rights
Send your request to [email protected] specifying :
- The right you wish to exercise
- A proof of identity if necessary (to avoid a third party exercising your rights on your behalf)
We will respond within a maximum of one month, in accordance with article 12 of the GDPR.
9. Data security
We implement the following security measures :
- HTTPS (TLS) encryption across the entire site
- Cloudflare and Wordfence application firewalls
- Intrusion monitoring (Sucuri)
- Hashed and securely stored passwords
- Regular updates of WordPress, plugins and theme
- Access to administrative data strictly limited to authorised persons
Despite these measures, no system is 100% invulnerable. In the event of a breach likely to result in a risk to your rights and freedoms, we will inform the competent supervisory authority within 72 hours and, if necessary, the persons concerned.
10. Changes to this policy
This policy may change to reflect legal or technical changes. The version in force is always the one published on this page, with its date at the top of the document.
Version history
| Version | Date | Changes |
|---|---|---|
| 2.0 | 16 May 2026 | Complete overhaul: addition of internal tracking, third-party tools, detailed retention periods and cookie banner |
| 1.0 | (previous version) | Initial version |
11. Applicable law
This policy is governed by French law. Any dispute falls under the jurisdiction of French courts.
For any question: [email protected]