1. Welcome to our privacy policy!

Lyca Mobile respects your privacy and is committed to protecting your personal data. This privacy policy will inform you:

• About how we use your personal data through your use of this website, including any data you may provide us when you purchase a product or service from us, sign up to our communications or take part our competitions.
•  About your privacy rights and
•  How the law protects you.

This privacy policy is provided in a layered format so you can choose the specific areas in which you are particularly interested

Alternatively, you can find a summary here.

2. About us

We, Lycatel Germany GmbH, operate in Germany. We provide electronic communication services including national and international calls, texts, and data to customers. When we say, “we”, “us” or “our” in this policy, we are referring to the relevant Lyca Mobile entity responsible for processing your data.

Lycatel Germany GmbH

Mainzer Landstr. 349, 60326 Frankfurt am Main Germany

For Contact information including our Data protection officer, see Nr. 13.

3. What data do we collect about you?

Personal Data is any information about you from which you can be identified. It does not include data where your identity has been removed (it’s called anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data includes your first name, last name, date of birth, language.
• Contact Data includes your email address, contact number, full address.
• Financial Data includes your bank account and payment card details (where you choose to purchase products from us and make a payment directly to us, such as on our website).
• Billing Data includes your details about payments about the products and services you have purchased from us.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, and platform you use to access our website.
• Profile Data includes your username and password, purchases made by you, your interests, and preferences.
• Usage Data includes information about how you use our website, products and services, top up records, call data records which includes traffic data and location data under the telecommunications law.
• Marketing and Communications Data includes your preferences in receiving marketing from us and other Lyca entities (as chosen and consented to) and your communication preferences.
• Customer Care Data includes your feedback to us, survey responses and voice mail recordings when you contact us.

We process your data exclusively in accordance with this privacy policy and the applicable data protection regulations, in particular the General Data Protection Regulation (“GDPR”), the Telecommunications Act (“TKG”) and the Telecommunications and Telemedia Data Protection Act (“TTDSG”).

 

4. How do we collect your personal data and for what purpose?

We use different methods to collect data from you and about you through:

• Indirect interactions via our independent distributors, wholesalers, and retailers.
• Direct interactions. You may give us your personal data by filling in forms on our website or by corresponding with us by post, phone, email or otherwise.

Your personal data is collected for the purpose of contract fulfilment or pre-contractual measures (Art. 6 (1) b) GDPR), when you do the following:

• Purchase our products or services;
• Create an account on our website;
• Subscribe to our services or communications;
• Use our telecommunications services;
• Request marketing to be sent to you;
• Enter a competition, promotion, or survey; or
• Give us some feedback.
• Download our app.

Automated technologies or interactions. As you interact with our website, we may automatically collect and process Technical Data about your equipment, browsing actions and patterns as far as this is necessary to conduct the service (Art. 6 (1) b) GDPR). Additionally, we collect and process this personal data by using cookies as far as this is necessary to conduct our services, justified by your consent (Art. 6 (1) a) GDPR) or our overriding interest (Art. 6 (1) f) GDPR). Please see our Cookie Policy for further details.

 

5. SIM card registration criteria

For the purpose of contract fulfilment and to use the Services, you must first register (Art. 6 (1) b) GDPR) and activate your SIM Card, and to ensure that the SIM Card is working properly, you must also make a call, send an SMS and/or use the data services in your Home Country (which is identified by the country code of your mobile number). Please ensure you have sufficient credit on your Account prior to use. We must also collect this data in accordance with the legal obligation (Art. 6 (1) c) GDPR) under § 172 TKG and, in the case of prepaid services, verify it using an identification document.

 

6. How do we use your personal data?

We will only use your personal data when the law (GDPR, TTDSG) allows us to, most commonly, in the following circumstances and under the following justifications:

• Where we need to perform the terms and conditions we are about to enter into or have entered into with you (Art. 6 (1) b) GDPR).
• Insofar as traffic data is generated in the provision of telecommunications services, data processing is primarily governed by the TTDSG. Telecommunications secrecy applies to the data.
• Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (Art. 6 (1) f) GDPR).
• Where we need to comply with a legal or regulatory obligation (Art. 6 (1) c) GDPR).
• Where we have your specific consent which is always revocable for the future (Art. 6 (1) a) GDPR).

We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.

Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

• Purpose – To register you as a new customer:

Type of data – (a) Identity (b) Contact  Lawful basis for processing

(a) Performance of terms and conditions with you

(b) Where applicable, as required by law (§ 172 TKG) including the check of an identity document when conducting a prepaid service contract.

• Purpose – To supply products and services to you including:

• Performing Telecommunications Services and billing (§§ 9, 10, 11 TTDSG)
• Managing payments
• Collecting money owed to us
• Detecting and prevent fraudulent act as well as disruption of the services (§ 12 TTDSG)

Type of data – (a) Identity (b) Traffic data (c) Contact (d) Financial (e) Billing

Lawful basis for processing

• Performance of terms and conditions with you
• § 9 ff. TTDSG
• Purpose – To manage our relationship with you and administer your account which will include:

• Notifying you about changes to our terms and conditions or privacy policy
• Detecting and preventing crime and fraud
• Asking you to leave a review or take a survey
• Manage any concerns that you raise to our customer care department
• Quality assurance and monitoring purposes

Type of data – (a) Identity (b) Contact (c) Profile (d) Marketing and Communications (e) Customer Care (f) Usage and billing

Lawful basis for processing

(a) Performance of terms and conditions with you
(b) Necessary to comply with a legal obligation

• Purpose – To enable you to participate in a competition or complete a survey (non-promotional)

Type of data – (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications

Lawful basis for processing

(a) Performance of terms and conditions with you

• Purpose – To market products and services to you to complete a survey (promotional)

Type of data – (a) Identity (b) Contact (c) Marketing and Communications (d) Profile

Lawful basis for processing including basis of legitimate interest

(a) Legitimate interest to process marketing data (to grow our business) and consent for sending electronic marketing communications for new customers or reliance on existing customer relationship to send electronic marketing communications

• Purpose – To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

Type of data– (a) Technical (b) Usage

Lawful basis for processing including basis of legitimate interest

Your data will not be process via the website analytics unless you agree or consent. You are allowed to reject such cookies under GDPR, in which case such analytical data will not be processed.

• Purpose – To make suggestions and recommendations to you about goods or services that may be of interest to you

Type of data – (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile

Lawful basis for processing is consent

Marketing

You will receive marketing communications from only if you have consented to receive them or you have purchased products or services from Lyca Mobile, and in each case, you have consented to receive marketing.
You will also receive marketing communications from other Lyca entities if you have consented to receive such communications on their Lyca products or services.

 

7. How can you manage your marketing preferences?

If you have given us your consent, you can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by Contacting our Customer Services Department:

To contact Customer Services:

• Dial 322 from your Lyca Mobile
  Charges: Free
• You can also dial 069 1200 7322 from another phone.
  Charges: call charges to this number may vary from other network providers.
• Send an email to cs@lycamobile.de

You can also Contact our Customer Services Department to let us know whether you’re happy to hear from us by email, text, or telephone.

Where you declare to stop of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase or other purposes.

 

8. To whom do we disclose your personal data?

We may have to share your personal data with the parties set out below for the purposes set out:

• Other Lyca affiliated entities under common control (hereinafter “Lyca entities”) who provide ancillary services such as call centre support for the fulfilment of your orders and clarification any of your queries.
• Other Lyca entities where you have chosen to receive marketing communications from them on other Lyca products and services other than Lyca Mobile.
• External third parties who provide IT technical support services, data centre services and call centre support.
• External third parties who provide network and telecommunications services that are necessary to provide the telecommunications services including billing and collection fees.
• Regulators and judicial authorities who require reporting of processing activities in certain circumstances and legal interception as regulated by §§ 170 ff. TKG.

Where applicable, we require all external third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

9. Where is your data transferred to?

Some of our service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring that the following safeguard is implemented so that there is no detriment to you.

Specifically, Lyca Mobile uses call centres operated by an associated company, and they are based in Morocco and Philippines.

Lyca Mobile uses a technical services provider which is based in India.

We use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see Standard Contractual Clauses (SCC) – European Commission

We will take steps to ensure your privacy rights are at least as compliant with the requirements of EU law, including requiring appropriate security measures from such third parties, set out in a contract between us, to protect your personal data.

Please contact the dedicated protection helpline if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

 

10. How secure do we keep your personal data? 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those staff members or other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a strict duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach where we are legally required to do so.

 

11. How long do we retain your personal data for?

Your personal data will be deleted at the latest at the end of the calendar year following the termination of the contractual relationship (Section 172 (6) TKG) unless other retention obligations apply. Details of retention periods for different aspects of your personal data are available in our Data Retention Policy which you can request from us by Contacting our Customer Services Department.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case, we may use this information indefinitely without further notice to you.

 

12. Pay Monthly Customers

It should be noted that, for customers who apply for and avail themselves of post-paid services from Lycamobile, we process additional personal data. This includes checking credit records and credit scores of prospective customers to enable us to complete our contract with you.

In order to process your application, we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace, and recover debts and prevent criminal activity.

We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants, or other financial associates.

In this connection, we may also perform checks for certain customers as and when it is necessary to protect our interests during the term of the contract.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at www.crif.de/en/privacy

Debt Collection Agencies (DCAs) may also be used by Lyca Mobile should accounts go into arrears and the Terms & Conditions are not met. In such situations personal data will be shared with the DCA in order to allow them to support Lyca Mobile in recovering debt.

 

13. What are your privacy rights?

You have rights under data protection laws in relation to your personal data which are as follows:

• Under certain conditions under the law, you have right to obtain information about your processed data and right to have access to your personal data (Art. 15 GDPR).
• Correction of your personal data – This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us (Art. 16 GDPR).
• Under certain conditions under the law, you have the right to ask us to delete your personal data (Art. 17 GDPR).
• Under certain conditions under the law, you have the right to object to the processing of your personal data if it is based on our legitimate interest (Art. 21 GDPR).
• Under certain conditions under the law, you have the right to ask us to suspend the processing of your personal data (Art. 18 GDPR).
• Right to transfer your personal data – This enables you to ask us to transfer your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format (Art. 20 GDPR).

Note, however, that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

• Right to revoke your consent to the processing of your personal data (Art. 7 (3) GDPR).

If you wish to exercise any of the rights set out above, please send your request to mydata@lycagroup.com

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to make a complaint at any time to the relevant data protection supervisory authority (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit, see https://www.bfdi.bund.de).

 

14. How to contact us

You may contact our Customer Services Department on 322 from any Lyca Mobile Account or 069 1200 7322 from another telephone.

You may also e-mail the Customer Services Department at cs@lycamobile.de or by completing the online enquiry form at https://www.lycamobile.de/en/contact-us.

For compliance questions in relation to this policy, we have appointed a data protection officer (DPO). So, if you have any questions about this privacy policy, please contact our data protection team including our data protection officer at DPO@Lycagroup.com.

We would, however, appreciate the chance to deal with your concerns first before you approach the supervisory authority, so please do contact us in the first instance.

Changes to the policy
We have updated our privacy policy to reflect the changes in data protection laws. Historic versions are archived here.

 

15. Specific privacy rights for telecommunications services

Special conditions and rights under the TTDSG apply, in particular:

• Protection of telecommunications secrecy according to TTDSG.
• Entry in a telephone directory, see § 17 TTDSG.
• If an invoice is issued, there is an option to issue an itemised bill, see § 11 TTDSG.
• Location data is processed only according to §§ 9 ff. TTDSG, § 13 TTDSG, §§ 170 ff. TKG.
• Notification of incoming calls to recognise abusive calls, § 14 TTDSG.
• Number Presenting and Reduction, see § 15 TTDSG.
• Automated call forwarding, see § 16 TTDSG.

16. Children’s privacy

Our website, app and services are not aimed at children. We do not target, intend to collect, or knowingly collect or otherwise process information from anyone under the age of 16.

If you are under the age of 16, we request that you do not provide us with your information and do not use our website and app.

If you are a parent or guardian of a child under 16, please contact us if you are aware that your child has used our website or app or otherwise provided their information to us without your consent. We will delete or otherwise cease processing your child’s personal information within a reasonable time to make sure that we do not contact you in the future.