Privacy Policy

The following declaration about data protection applies to the use of the website and, hereinafter referred to as “Online Services”.

Trusted Carrier GmbH & Co. KG (from here on: “TC”) attaches great importance to privacy. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular with the General Data Protection Regulation (GDPR). We collect and process your personal data in order to offer you this Website. This Declaration describes how and for what purpose your personal data is collected and used, and what choices you have in connection with your data.

By using these Online Services, you consent to the collection, use and transfer of your data in accordance with this Data Protection Declaration. If you wish to object to our collection, processing or use of your data completely or with regard to individual measures in accordance with this Data Protection Regulation, you can address your objection to the controller.

1 General

1.1 Controller

The controller who is the body responsible for the collection, processing and use of your personal data within the meaning of GDPR is

Trusted Carrier GmbH & Co. KG
Breitenbachstraße 1
60487 Frankfurt am Main
Tel.: +49 (0) 89 89 05 69 – 280

Managing director: Hans Maier-Dech

1.2 Data protection officer

You can reach our data protection officer at:

Trusted Carrier GmbH & Co. KG
Breitenbachstraße 1
60487 Frankfurt am Main
Tel.: +49 (176) 6140 5111

1.3 Terminology

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘processing’ means any handling of personal data, such as collection, storage, transmission, receipt, deletion, etc.

‘restriction of processing’ means the future processing of personal data to new mandatory limited requirements. Only a very few employees within our company may further view and process the data. Beyond that any processing is blocked.

‘deletion’ of personal data means both the definitive and therefore irrevocable, complete removal of data (destruction) and of the personal reference to them (anonymisation). In any case, after the deletion process a reference to specific persons can no longer be established.

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2 Data processing

2.1 Types of processed data

- Name
- Address data (street, house number, postal code and city)
- Contact data (e. g. email, phone numbers)
- Birthday
- Content data (e.g. text entries, history)
- Usage data (e.g. visited websites, interest in contents, access times)
- Meta/communications data (e.g. device information, IP addresses)
- Identification numbers (e.g. driver ID, license plate)
- Signatures (e.g. certificates, technical documents)

2.2 Categories of Data Subjects

Visitors and users of the Online Services. Hereinafter, we will refer to the Data Subjects also as “user”.

2.3 Purpose of processing

2.3.1 Provision of the Online Services, their functions and contents

TC collects information about you when you use this Website. We automatically collect information about your user behavior and the interaction with us and register information about your computer or mobile device. We collect, store and use data about every access to our Online Services (so-called server log files). The access data includes the name and URL of the retrieved file, date and time of the retrieval, the amount of data transferred, the message about a successful retrieval (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider.

We use this protocol data – without assigning it to you personally or creating another profile – for statistical evaluations in order to operate, make secure and optimize our Online Services, but also to anonymously collect the number of visitors (traffic) on our Website and the extent and type of use of our Website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based contents and analyze the data traffic, search and remedy errors and improve our services. We reserve the right to check the log data retrospectively if, on the basis of concrete indications, the legitimate suspicion of unlawful use exists. We store IP addresses in the log files for a limited period, if necessary for security purposes or for the provision of services or the billing of a service, e.g. if you use one of our offers. We also store IP addresses, if we have a specific suspicion of a crime in connection with the use of our Website. In addition, we store the date of your last visit (e.g. when registering, logging in, clicking links, etc.) as part of your account.

The processing of personal data takes place here on the basis of our legitimate interests in an efficient and secure provision of these Online Services as well as on the basis of legal obligations according to Art. 6 sec. 1 lit. c and f GDPR.

2.3.2 Driver App Wallet

Within the Driver App Wallet you can enter, manage and edit various information, tasks and activities. This information includes in particular data for the execution of the transport order (driver registration, validation, check-in/out, billing) as well as of the use of the BGL-Brummi-Card services.

The Driver App wallet also requires the following authorizations.

Internet access: This is required to store your data on our servers.

Authentication via Face-ID or fingerprint: This is required to unlock the Driver App Wallet and protect it from unauthorized access.

Access to media files (optional): This is required to play sounds for incoming notifications.

Access to the camera: This is required to scan QR-codes and to enable the use of the BGL-Brummi-Card.

The Driver App Wallet does not have any other authorizations.

The processing and use of usage of personal data is necessary to provide the Driver Wallet App related services. This data processing is justified by the fact that the processing is necessary for the fulfillment of the business relationship (transport order) between you as the data subject and, if applicable, your client/employer and us as well as with the BGL for the use of their services in accordance with Art. 6 sec. 1 lit. b DSGVO.

2.3.3 Online Services Hosting

The hosting services of Amazon Web Services we use serves the purpose of providing the following services: infrastructure and platform services, computing capacity, storage space and database services, security and technical maintenance services which we use to operate these Online Services. Further information on privacy and IT security can be found at Amazon Web Services is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at

Here, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this Website based on our legitimate interests in an efficient and secure provision of these Online Services according to Art. 6 sec. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of the contract about the processing of commissioned data).

2.3.4 Registration

You can create a user account to use the Online Services. Your registration with voluntary provision of personal data serves us to offer you content or services which, due to the nature of things, can only be offered to registered users (central identification, administration and validation of drivers, transport partners, vehicle components and contact persons). During registration, you will be provided with the required mandatory data which is to be processed for the purposes of providing the user account according to Art. 6 sec. 1 lit. b GDPR. The processed data includes in particular the registration and login information (such as name, address, telephone number, e-mail address). The data entered during registration is also used for the purposes of using the user account and can also be viewed by other registered users of the Online Services for contact purposes, if necessary for the provision of the Online Services.

Furthermore, by registering on this website, your IP address assigned by your Internet Service Provider (ISP), the date and time of registration will be saved. The storage of this data is carried out in accordance with Art. 6 sec. 1 lit. c and f GDPR because this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of criminal offences.

You can also be informed by us about information relevant to your user account, such as technical changes via e-mail.

2.3.5 Business-/contract-related processing

In addition, we process your personal data (e.g. name, address, telephone number, e-mail address, conversation history, contract number, IMEI, IBAN, BIC) in order to fulfil both pre-contractual obligations in the initiation of the contract as well as contractual obligations of the contract in accordance with Art. 6 sec. 1 lit. b GDPR, which are related to the Online Offer and necessary for its implementation (e.g. online trade-in mobile device, for the creation and sending of the shipping label, sending of the deletion or disposal confirmation).

The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual relationship. In processing the data provided in this context, we act in accordance with your instructions and the instructions of its customers as well as the legal requirements. Your personal data may be passed on to business partners and service providers for the purpose of contractual performance and services, in accordance with Art. 6 sec. 1 lit. b GDPR, if this is necessary for the purpose of fulfilling the contract. You may also be notified by us via email of information of interest to their user account, such as technical changes, or surveys for the purpose of product improvement.

We do not process special categories of personal data.

2.3.6 Cookies

Cookies are used on some of our Websites. Cookies, a standard technology, are small text files that are stored on the device used by the User, enabling, among other things, to make the visit to a website more comfortable or safer. Cookies can also be used to better tailor the offerings on a website to the interests of the visitors or to generally improve the offer on the basis of statistical evaluations.

The User can decide for itself whether or not it allows cookies to the browser used. Users should keep in mind that the functionality of websites may be restricted or even suspended if the use of cookies has been objected to.

The processing of personal data by cookies that are absolutely necessary for the presentation and function of the Website is carried out in accordance with Art. 6 sec. 1 lit. f GDPR. All other cookies require your consent in accordance with Art. 6 sec. 1 lit. a GDPR. You can adjust your decision anytime.

2.3.7 HubSpot (Contact form & Newsletter)

We use HubSpot, a digital marketing tool, on our website. The service provider is the American company HubSpot, Inc, 25 First Street, 2nd Floor Cambridge, MA, USA. The company also has a registered office in Ireland at 1 Sir John Rogerson's Quay, Dublin 2, Ireland. HubSpot also processes your data in the USA, among other places.

HubSpot is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at

In addition, HubSpot uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, HubSpot undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others:

The Data Processing Agreement, which corresponds to the standard contractual clauses, can be found at You can find out more about the data that is processed through the use of HubSpot in the Privacy Policy at Replying to contact requests and communication with users

When you contact us (e.g. via contact form, agent bot or e-mail), we store your details (e.g. name, address, telephone number, e-mail address, conversation history) to process your enquiry in accordance with Art. 6 sec. 1 lit. a GDPR and in the event that follow-up questions arise in relation to a subsequent contractual or business relationship in accordance with Art. 6 sec. 1 lit. b GDPR. In addition, we only use your personal data if you consent to this or if this is permitted by law without consent. Newsletter

We offer you a newsletter in which we inform you about current events and offers. If you would like to subscribe to the newsletter, you must provide a valid e-mail address, which we store until you unsubscribe from the newsletter.

The processing of your name and your e-mail address is carried out in accordance with Art. 6 sec. 1 lit. a GDPR exclusively on the basis of your consent.

You can revoke your consent to receive the newsletter at any time and thus cancel the newsletter subscription. After your cancellation, your personal data will be deleted immediately. At the end of each newsletter you will also find a link for cancellation.

2.3.8 Application

When you apply for a job at TC, we store and process personal data you provide in order to check and process your application. The legal basis for the associated data processing is Art. 6 sec. 1 lit. b GDPR in conjunction with § 26 BDSG.

If your application is successful, we will continue to process your data for the purposes of your employment relationship. If your application is unsuccessful, your data will normally be deleted 6 months after the end of the application procedure at the latest. If you agree that we may use your data beyond this period in our pool of interested in further job advertisements, we ask for your consent via e-mail.

3 Legal bases and storage period

Unless specifically stated, we only store your personal data for as long as necessary to fulfil the purposes pursued in accordance with Art. 6 GDPR.

Furthermore, your data will be deleted if the data is no longer required to fulfil contractual or legal storage obligations in accordance with Art. 17 sec. 3 lit. b GDPR (e.g. tax and commercial law storage obligations) as well as dealing with possible warranty and comparable obligations.

In addition, we store your personal data for the purpose of asserting, exercising or defending legal claims according to Art. 17 sec. 3 lit. e GDPR.

If personal data may no longer be processed for the original purpose, but storage obligations still exist, the data will be archived from the productive processing or storage locations, completely deleted from the productive level and access restricted.

Once all storage obligations have been fulfilled, storage rights have lapsed and all deletion periods have expired, the corresponding data is routinely deleted.

4. Your rights as a Data Subject

Under applicable law, you have various rights regarding your personal data. If you wish to assert these rights, please send your request to the data protection officer by e-mail or by mail with a clear identification of your person (see Clause 1.2).

As a Data Subject, you have the following rights:

4.1 Right of access

According to Art. 12 and 13 you have the right to obtain from us a confirmation as to whether or not personal data concerning you is being processed. Where that is the case, you have the right to obtain free information from us about the personal data stored about you and a copy of this data.

4.2 Right to rectification

According to Art. 16 GDPR you have the right to obtain from us the immediate rectification of inaccurate personal data concerning you. In consideration of the purposes, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

4.3 Right to erasure (“Right to be forgotten”)

According to Art. 17 GDPR you have the right to obtain from us the immediate erasure of the personal data concerning you and we are obliged to erase your personal data immediately, unless there are legal or contractual obligations to keep records. In this case the further processing of your data will be restricted.

Where we have made personal data public and we are required to erase it, we will take appropriate measures, taking into account available technology and implementation costs, also of technical nature, to inform the controllers who process the personal data that you have requested the deletion of any personal data or of copies or replications of such personal data according to Art. 19 GDPR.

4.4 Right to restriction of processing

According to Art. 18 GDPR you have the right to obtain from us restriction of processing. For example, you can oblige us to process only those personal data that are absolutely necessary for the provision of our services.

4.5 Right to data portability

According to Art. 20 GDPR You have the right to receive the personal data concerning you provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us.

4.6 Right to object

According to Art. 21 GDPR you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 sec. 1 lit. e or f GDPR, including profiling based on those provisions. We do no longer process the personal data unless we can demonstrate compelling grounds, worthy of protection, for the processing which override your interests, rights and freedoms or the processing serves for the establishment, exercise or defense of legal claims.

4.7 Right of withdrawal of a declaration of consent given under data protection law

According to Art. 6 sec. 1 lit. a GDPR, you have the right to revoke the previously granted consent to data processing without giving reasons. If no other lawfulness of the processing within the meaning of Art. 6 sec. 1 GDPR justifies further data processing, your personal data must then be deleted immediately. Otherwise, the processing of the personal data of the data subject must be temporarily restricted (blocked).

4.8 Right to appeal to a supervisory authority

You have the right to appeal to a supervisory authority, in particular in the Member State of your home, work or at the place where the infringement has allegedly been committed, if you have the opinion that the processing of the data concerning you is unlawful.

For TC the competent supervisory authority is the Hessische Beauftragte für Datenschutz und Informationsfreiheit, Gustav-Stresemann-Ring 1, D-65189 Wiesbaden. e-mail:

5. Data security

We endeavor to ensure the security of your personal data under the scope of applicable data protection laws and technical options.

We implement the following technical, physical and organizational measures to protect the security of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized disclosure or access and against all other unlawful forms of processing.

We transmit your personal data in encrypted form. This applies to your orders and also to a customer login. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. It is not possible to protect such data completely against access by third parties.

When personal data is accessed by authorized personnel, access is only possible via an encrypted connection. When accessing data in a database, the IP number of the person accessing the data must also be pre-authorized to gain access.

All access to personal data is blocked by default. Access to personal data is restricted to individually authorized personnel. Our security and data protection officer issues authorizations and keeps a log of the authorizations granted. Authorized employees are granted only the minimum access they absolutely need for their tasks through our role and authorization concept.

Administrative processes, including system access, are logged to provide an audit trail when unauthorized or accidental changes are made.

System performance and availability is monitored by both internal and external monitoring services.

All data is stored on servers of Amazon Web Services in Frankfurt, Germany and Dublin, Ireland which are monitored by us. Databases are backed up continuously to enable recovery at any time within a 35-day retention period. Backups are stored in file storage in the same geographic location as the database.

To safeguard your data, we maintain technical and organizational security measures that we always adapt to state-of-the-art technology.

Furthermore, we do not warrant that our offer will be available at specific times; disturbances, interruptions or failures cannot be excluded.

In the event that your data is compromised, we will notify you and the relevant regulatory authorities by email within 72 hours of the extent of the breach, the data involved, any impact on the service and the plan of action to secure the data and limit any adverse effects on the data subject.

6. Automated decision-making

No automated decision-making will be done on the basis of the collected personal data.

7. Transfer of data to third parties, data transfer to non-EU/EEA countries

As a rule, we only use your personal data in our company.

In addition, your personal data will only be passed on if you have given your consent in accordance with Art. 6 sec. 1 lit. a GDPR, the transfer is necessary for the fulfilment of a contract in accordance with Art. 6 sec. 1 lit. b GDPR, we are subject to a legal obligation in accordance with Art. 6 sec. 1 lit. c GDPR (e.g. e.g. tax regulations, participation in the clarification of a criminal offence), or if this is necessary to protect our legitimate interests in accordance with Art. 6 sec. 1 lit. f GDPR, unless your interests or fundamental rights and freedoms that require the protection of personal data outweigh this.

If and insofar as we involve third parties in the fulfilment of contracts, these third parties will only receive personal data to the extent that the transmission is absolutely necessary for the corresponding service.

In the event that we outsource certain parts of data processing (“contract processing”), we contractually oblige our processors to use personal data only in accordance with the requirements of the data protection laws and this privacy policy and to ensure the protection of the rights of the data subject.

There currently is no data transfer to institutions or person outside the EU/EEA and outside the cases mentioned in this declaration. Furthermore, it is only permitted to transfer personal data to institutions or persons outside the EU/EEA under the conditions set out in Art. 44 following GDPR. In particular, adequate protection is then guaranteed by appropriate measures, such as standard contractual clauses of the EU Commission within the meaning of Art. 46 sec. 2 lit. d GDPR.

8. Data protection officer

Should you still have any questions relating to our data protection or to this Data Protection Declaration, or should you intend to exercise your rights named herein, kindly contact our data protection officer (contact details see point 1.2).

9. Changes to the Data Protection Declaration

TC reserves the right to change the Privacy Policy in order to adapt it to changed legal situations, or in the event of changes in the service and data processing. However, this only applies to declarations about the processing of data. If the consent of the user is required or elements of the Data Protection Declaration contain provisions of the contractual relationship with the User, the changes are only made with the approval of the User.

Users are asked to inform themselves regularly about the content of the Data Protection Declaration. You can save and print this Data Protection Declaration at any time.

(Last update: February 2024)