Skip to main content
MATSIL Mobile

Privacy Policy

1. Who we are

1.1 MATSIL Mobile is the data controller for personal data processed through matsilmobile.com and MATSIL account and checkout features described here, under the Data Protection Act 2020 ("DPA 2020").

1.2 Privacy contact: [email protected] only (subject: Privacy Request).

2. Scope

2.1 This Policy covers:

  • guest browsing and checkout;
  • registered accounts, bookings, and support;
  • eSIM activation and device-related data;
  • tour and car-rental bookings you make through us;
  • communications and rights requests you send us.

2.2 Discontinued services (travel forms and airport transfers) are covered only for historical records still held for support, refunds, or legal compliance.

2.3 Payment processors, tour operators, rental companies, eSIM network partners, and analytics providers may process data under their own policies when you use their services.

3. What we collect

CategoryExamplesTypical context
Account & identityName, email, phone, account IDsRegistration, sign-in, support
Booking & travelDestination, dates, preferences, participant detailseSIM, tours, rentals
PaymentBilling details, transaction IDs (card data via Stripe)Checkout and refunds
eSIM & deviceDevice type, activation status, QR delivery metadataDigital connectivity
Rental & tourLicence details where required, pickup location, activity selectionsProvider fulfilment
Usage & deviceIP address, browser, pages viewed, languageSecurity and improvement
CommunicationsSupport mail, refund and dispute recordsCustomer and compliance
Cookies & similar techSession, preferences, analytics (where used)Site function and measurement

We collect only what each feature reasonably needs.

4. Lawful bases (DPA 2020)

We process personal data on one or more of:

  • Contract — to provide bookings, eSIM delivery, and features you request (section 23, performance of contract);
  • Legitimate interests — security, fraud prevention, service improvement, and operating a travel booking platform, balanced against your rights;
  • Consent — non-essential cookies, optional marketing, or other processing where consent is required;
  • Legal obligation — compliance, court orders, tax, and regulatory duties.

We maintain a processing record for accountability, including purposes, categories, recipients, transfers, and security measures as required by section 16(2) of the DPA 2020.

5. How we use personal data

  • provide and secure the Platform;
  • process payments and deliver eSIM products;
  • place and manage tour and car-rental bookings with partners;
  • authenticate users and send booking confirmations;
  • respond to support, refund, and privacy requests;
  • detect abuse and protect users and partners;
  • comply with law and enforce our Terms.

We do not sell personal data.

6. Sharing and processors

We may share data with:

  • eSIM network and provisioning partners to activate service;
  • tour operators (including via Viator) to fulfil bookings;
  • car rental providers to prepare reservations;
  • Stripe and other payment, hosting, email, and security providers under contract;
  • professional advisers where required;
  • authorities when law or court order requires;
  • successors in a merger or reorganisation, subject to this Policy.

Processors must implement appropriate technical and organisational measures and process only on our instructions.

7. International transfers

Data may be processed outside Jamaica (for example cloud hosting or partner fulfilment). Where Part VII of the DPA 2020 applies, we use appropriate safeguards (adequacy, standard contractual clauses, or other permitted mechanisms). Where you are in the EEA/UK, we apply equivalent transfer safeguards required by applicable local law.

8. Retention

We keep data only as long as needed for the purposes above, including legal, accounting, fraud-prevention, and complaint records. Account data is deleted or anonymised within a reasonable period after account closure, unless law requires longer retention.

9. Security and breaches

9.1 We use administrative, technical, and organisational measures appropriate to the risk, including encryption in transit, access controls, and secure payment processing. No system is completely secure.

9.2 If a personal data breach is likely to affect your rights, we will notify the Office of the Information Commissioner and affected individuals as required by section 27 of the DPA 2020, including where applicable within 72 hours of becoming aware of a notifiable breach.

10. Your rights

10.1 Jamaica (DPA 2020)

Subject to exceptions in the Act, you may request:

RightSection
Accesss.6
s.10
Objections.11

Email [email protected] with Privacy Request and enough detail to verify your identity. We respond within 30 days, extendable to 60 days where complex.

You may complain to the Office of the Information Commissioner if unsatisfied.

10.2 EEA/UK and other regions

Where GDPR or similar law applies to you, you may also have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. We will honour those rights as required by applicable law.

11. Cookies

11.1 Essential cookies support login, checkout, security, and core functions.

11.2 Non-essential analytics or preference cookies, where used, rely on consent via the site banner or settings.

11.3 You may control cookies through browser settings; blocking some cookies may limit features.

12. Children

The Platform is not directed at persons under 18. We do not knowingly collect children's personal data. Contact [email protected] to request deletion if you believe we have done so.

13. Changes

We may update this Policy. Material changes will be notified as in the Terms (registered email and/or on-site notice, 30 days where practicable). The effective date appears at the top.

14. Contact

MATSIL Mobile — [email protected] only (Privacy Request, Data Subject Access, Erasure, Complaint).

View Refund Policy
Return to Home