• Privacy Policy of Sunporter eMobility GmbH

    The protection of your personal data is very important to us at Sunporter eMobility GmbH. This privacy policy provides you with comprehensive information about what data we process when you use our services, how we handle this data, and what rights you have regarding your data.

    1. Data Controller

    The data controller for data processing on this website and within the scope of our carsharing services is: Sunporter eMobility GmbH Email: info@sunporter.de Phone: +49 171 9135539

    1. Types of Data Processed

    In providing our carsharing services, we process various types of personal data. These include: a) Personal data • Name, address, date of birth, email address, telephone number b) Driver’s license data • Driver’s license data for verifying driving authorization c) Payment information • Bank account details, credit card details, or other payment information for processing payment d) Usage data • Information on the use of our vehicles, including driving time, mileage, location data, and vehicle history (where necessary for service and contractual purposes) e) Communication data • Correspondence, inquiries, and feedback that you send to us

  1. Purposes of Data Processing

Your personal data is processed only for the following purposes and on the corresponding legal basis under the GDPR: • Registration and Contract Fulfillment: To manage your user account, verify your identity and driving authorization, and provide and bill for carsharing services. Legal basis: Art. 6 para. 1 lit. b GDPR. • Payment Processing: To process and settle payments, including obtaining credit information if necessary. Legal basis: Art. 6 para. 1 lit. b and f GDPR. • Optimization and Security Measures: To improve our service, ensure the technical security of the app, website, and infrastructure, and prevent misuse and fraud. Legal basis: Art. 6 para. 1 lit. f GDPR. • Marketing and Customer Care: We only use your contact details to send you newsletters or for targeted marketing purposes with your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time. • Compliance with legal requirements: To comply with tax, commercial, or other legal requirements, we store and process data in accordance with Article 6(1)(c) GDPR.

  1. Standortdaten

Für die Nutzung unserer Carsharing-Fahrzeuge ist die Erhebung von Standortdaten erforderlich. Diese Daten werden genutzt, um Ihnen das nächstgelegene verfügbare Fahrzeug anzuzeigen und den Standort des Fahrzeugs nach Ihrer Buchung aufzuzeichnen. Standortdaten werden nur für die Dauer der Buchung gespeichert und im Anschluss anonymisiert, sofern sie nicht für abrechnungsbezogene oder gesetzliche Zwecke erforderlich sind. Die Verarbeitung erfolgt auf Grundlage von Art. 6 Abs. 1 lit. b und f DSGVO.

  1. Data Transfer to Third Parties

Your personal data will only be transferred if this is necessary for the performance of the contract or if you have given your explicit consent. Possible recipients include: • Payment service providers: For payment processing and, if necessary, for obtaining credit reports. • Service companies: Providers of IT services, cloud services, and booking system providers acting on our behalf. • Authorities and courts: Data may be transferred to competent authorities and courts in accordance with legal obligations or for legal defense. Data is transferred exclusively within the framework of legal requirements.

  1. Data Retention Period

We retain personal data only for as long as necessary for the respective processing purposes or as required by law. The following retention periods apply, unless statutory retention obligations dictate otherwise: • Registration data: For the duration of the contractual relationship and beyond, within the framework of statutory limitation periods. • Payment data: In accordance with tax and commercial law regulations for at least 6 or 10 years. • Location and usage data: For the duration of vehicle use and for billing purposes. The data is then anonymized or deleted.

  1. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or misuse. Our security measures are regularly reviewed and adapted to technological developments.

  1. Your Rights

You have the right to: • Access the data we hold about you (Art. 15 GDPR) • Rectification of inaccurate or incomplete data (Art. 16 GDPR) • Erasure of your data, provided there is no legal obligation to retain it (Art. 17 GDPR) • Restriction of processing of your data (Art. 18 GDPR) • Data portability, i.e., the right to receive the data concerning you in a structured, commonly used, and machine-readable format (Art. 20 GDPR) • Withdraw your consent to data processing (Art. 7 para. 3 GDPR) • Lodge a complaint with a supervisory authority (Art. 77 GDPR) if you believe that the processing of your data violates the GDPR. To exercise these rights, you can contact us using the contact details provided above.

    1. Changes to the Privacy Policy

    This Privacy Policy may be amended due to technical developments or changes in legal requirements. The current version is available on our website.

    Last updated June 2026.