Book now
Book now

Privacy policy app

Privacy policy

At TravelByElectric, we deeply respect your privacy and appreciate the trust you place in us. That’s why we handle your personal data with the utmost care and responsibility whenever you use our TravelByElectric mobile application (the “App” or the “Application”). Through this Privacy Policy (the “Policy”), we aim to clearly explain what personal data we collect when you use the App, why we collect it, and what rights you have regarding your information. Our commitment is to keep you fully informed and confident that your data is handled securely and
transparently.


I. PERSONAL DATA CONTROLLER
The controller responsible for your personal data, as outlined in this Privacy Policy, is Travel by Electric Hub Ltd., UIC 207824097, with its seat and management address at 84 Kumata Str., Vitosha District, Sofia 1618, Bulgaria (referred to as the “Company,” “Administrator,” “we,” or “our,” as applicable).
If you have any questions or concerns regarding how we process your personal data, you are welcome to contact us directly by sending an email to legal@travelbyelectric.com or by mail to: 84 Kumata Str.,
Vitosha District, Sofia 1618, Bulgaria.


II. PERSONAL DATA


What is personal data?
Personal data is any information relating to an identified or identifiable natural person. Various pieces of information, put together that can lead to the identification of a specific individual, also constitute personal data.


What personal data do we collect?
i. Data provided through the registration form in the App
We collect the following information that you provide to us upon initial registration in the App:
• First and last name
• Email address
• Phone number


ii. Data contained in your Profile (Account)
• Company identification data, if you are part of a User-Organization (company, company number (UIC, BULSTAT, VAT number), seat and management address, representative, etc.)
• Vehicle registration number
• Associated Users to the User-Organization’s profile
• Billing address


iii. Data provided by registering for our newsletter
• Email address


iv. Data related to ordering and activating your RFID card (included in your Profile/Account after you execute a Subscription Agreement)
• First and last name of the recipient of the RFID card
• Company name, if the Account is part of a User-Organization’s account
• Delivery address
• Phone number
• RFID identification number (identifier)
• Payment information: billing address, preferred payment method, bank details (after payment is made)
• Any other information that you may provide through our filed “Notes” (as recipient)


v. Data collected when using your RFID card
• Data related to the management of your RFID card (RFID badge identifier (RFID UID), time stamp
• Data related to the terminal used and its use (location, charging session characteristics)
• Technical data (electrical charging characteristics)
• Data related to your Account (company name, company number, surname, first name, email address, bank details, rating and comment given for a charging session, vehicle registration number, etc.)

vi. Data provided through our contact and/or support form, which can be both written and by telephone
• First and last name
• Email address
• Phone number
• Any other information you provide to us through the contact and/or support form


vii. Data collected when using the App Map
• Geolocation


viii. Data collected when using the “Get Directions” feature
• Geolocation
• Technical data (electrical charge characteristics, type of electrical contact),
• Location request settings data (features, availability and specific location of charging stations),
• Route request settings data


III. PURPOSES AND BASIS FOR PROCESSING. RETENTION PERIODS
To the extent permitted by law, we use your personal data for the following purposes:
• Providing our Services for your benefit
This overall objective includes:
– entering a contract between you, the User-Organization you are associated with, or which you represent, and the Company for the use of the App and the provision of its Services;
– Account creation and management;
– creating and processing invoices, estimates, customer content, etc.;
– resolving problems related to the App and the services provided through it;
– execution of payments;
– provision of customer support, including answering your questions regarding our App and Services.
Grounds: performance of a contract to which the data subject, or organization, is a party, or to take steps at the request of the data subject prior to entering a contract (Art. 6, para. 1, item “b” GDPR), compliance with applicable law, including tax and accounting law (Art. 6, para. 1, item “c” GDPR).
Retention periods: for data processed based on Art. 6, para. 1, item “b” GDPR – 6 years, starting from the date of termination of the contractual relationship; for data containing tax and financial information – 10 years, starting from January 1st of the year following the year of issue/occurrence.
• Answering your requests
Grounds: your explicit consent to be contacted (Art. 6, para. 1, item “a” GDPR).
Retention period: When personal data is collected solely for the purpose of establishing contact, it is retained only until the communication is concluded, unless a longer retention period is required by applicable law. When communication is carried out in connection with a specific Account or
Subscription Agreement, the retention periods are as appropriate for the specific case, but in any case, not less than 5 years, counting from the date of termination of the relevant agreement.
• Improving our services
We strive to provide you with the best possible experience when using the App. To achieve this, we may process certain information related to your user behaviour — including data submitted via our support and contact forms — and invite you to participate in satisfaction surveys following your registration. These surveys may be conducted directly by us or through trusted partners as part of market research or usability studies. Additionally, we may send you educational emails designed to
help you get the most out of the App. Educational emails may include helpful instructions, usage tips, or information about advanced features. Their sole purpose is to improve your experience and optimize your use of the App — they
do not contain any marketing content.
Grounds: These activities are carried out based on our legitimate interests (Art. 6, para. 1, item “f” GDPR) in improving our services and ensuring a high-quality user experience, while always respecting and protecting your fundamental rights and freedoms. If we communicate with you by phone, you will always have the option to decline the recording of the call. Should you choose to opt out, we will only process the information manually recorded by our operators during the conversation.
Retention period: 12 months.
• Direct marketing
By choosing to receive marketing communications — where this option is available within the App — you provide your explicit consent to receive promotional messages related to our services.
You may change your mind and withdraw your consent at any time by:
– clicking the “Unsubscribe” link included in the marketing messages we send you; or
– contacting us directly using the contact details provided in this Privacy Policy.
Grounds: your explicit consent to receive such communication (Art. 6, para. 1, item “a” GDPR)
Retention period: until you withdraw your consent.
• Protecting our legitimate interests
There may be times when we use or share information to protect our rights and business. These may include:
– measures to protect the App and the App’s users against cyber-attacks;
– measures to prevent and detect fraud attempts, including the transmission of information to competent public authorities;
– measures to manage various other risks.
Grounds: The primary legal basis for these types of processing is our legitimate interest in safeguarding our commercial activities. We always ensure that any measures we take maintain a fair balance between our interests and your fundamental rights and freedoms. In certain cases, our processing may also be based on legal obligations, such as statutory requirements related to the protection of property and assets, as outlined in the applicable legislation.
Retention period: according to the relevant legal provisions.


IV. SENSITIVE DATA
The Company does not process any sensitive personal data of users of the App. We kindly ask that you do not send or disclose any sensitive information — such as data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, criminal records, or trade union membership — via the Application or through any other means of communication with us.


V. DATA OF MINORS AND JUVENILE PERSONS
Our Services and the App are not intended for use by individuals under the age of 18. We do not knowingly collect or process personal data of minors. If we become aware that we have inadvertently collected personal information from a minor without verified parental consent, we will take appropriate steps to delete such data as soon as possible. We kindly ask parents or legal guardians to contact us immediately if they believe their child has provided personal data through the Application.


VI. HOW WE MAY DISCLOSE YOUR PERSONAL DATA
Except as expressly described in this Policy, we do not intentionally disclose any personal data collected or stored through the App to third parties without the explicit consent of the individual concerned.
However, to the extent permitted by applicable law and strictly for the purposes for which the data was originally collected, your personal data may be disclosed to:
• third-party service providers – we may disclose your personal data to trusted external partners that help us operate and improve the Application. These service providers perform tasks such as hosting, infrastructure support, data analytics, IT services, and communications (e.g. email and SMS), payment processing services. These third parties process your data solely on our behalf, under strict contractual obligations and in compliance with applicable data protection laws.
The service providers we may work with include:
– Stripe – payment processing services provider;
– Microsoft Azure – hosting and cloud infrastructure provider (server locations in
Germany);
– Hetzner – hosting services and infrastructure (server locations in Germany);
– Twilio.com – communication platform for SMS delivery;
– SendGrid – email delivery service;
– Charging Station Operators – to enable and manage the provision of charging services through the App.
• To a third party in the context of corporate transactions – your personal data may be disclosed as part of a business reorganization, merger, acquisition, joint venture, sale, transfer, or other disposition of all or part of our business, assets, or equity interests. This includes disclosures made in connection with bankruptcy, insolvency, or similar proceedings, where permitted by applicable law.
• Where required or appropriate under the law – we may also disclose your personal data when we believe such disclosure is necessary or appropriate to:

a) comply with applicable laws or regulations, including those outside your country of residence;

b) comply with lawful requests and legal processes (e.g., subpoenas or court orders);

c) respond to requests from public and governmental authorities, including those outside your country of residence;

d) protect our operations, rights, privacy, safety, or property, and that of our affiliates, users, or others;

e)enforce our terms and pursue available legal remedies; or f) limit any potential damages orliability we may face.


VII. DATA SUBJECTS RIGHTS
1. Access to your personal data
You have the right to access, correct, or delete the personal data we hold about you. To exercise any of these rights, please contact us at legal@travelbyelectric.com. We will respond to your request free of charge and within one month, in accordance with applicable data protection laws. However, if a request is manifestly unfounded, excessive, or repetitive, we
reserve the right to charge a reasonable administrative fee or to refuse the request, as permitted by law.
2. Correction of personal data
If any of the information we hold about you is inaccurate or incomplete, you can ask us to correct or complete it at any time.
3. Your right to erasure or to be forgotten
You can ask us to delete your personal data, but only if:
– It is no longer necessary for the purposes for which it was collected; or
– you have withdrawn your consent (if the data processing is based solely on consent);

or
– you exercise a legitimate right to object; or
– it has been unlawfully processed; or
– there is a legal obligation in this regard.
We are not obliged to comply with your request to delete your personal data if the processing is required:
– to comply with a legal obligation; or
– to establish, exercise or defend a legal claim.
There are certain circumstances under applicable law where we may not be obligated to comply with your request to delete personal data. These situations are limited, but they represent the most common reasons why a deletion request might be lawfully denied.
If you wish to request the deletion of your personal data, please contact us at
legal@travelbyelectric.com, using the email address associated with your account or by otherwise verifying your identity.
Please note that deleting your data and your account within the App is a permanent and irreversible process, including the removal of all associated documents and records. Once deletion is complete, this information cannot be recovered, unless we are required to store it by law.


4. Restriction of data processing
You have the right to request that we restrict the processing of your personal data, but only in the following circumstances:
– you contest the accuracy of the data, in which case processing will be restricted until we verify its accuracy (see the section on data correction);
– the processing is unlawful, but you prefer restriction over deletion;
– we no longer need the data for the purposes for which it was collected, but you require it for the establishment, exercise, or defence of legal claims;
– you have objected to the processing and we are verifying whether our legitimate grounds override yours.
We may continue to process your personal data during the restriction period only:
– if we have your explicit consent;
– for the establishment, exercise, or defence of legal claims; or
– to protect the rights of the Application owner or another individual or legal entity.
5. Data portability
You have the right to request that we provide your personal data in a structured, commonly used, and machine-readable format, or that we transmit it directly to another data controller, where technically feasible. This right applies only if:
– the processing is based on your consent or on a contract with you; and
– the processing is carried out by automated means (i.e., not manual processing).
6. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data where such processing is based on our legitimate interests, if you believe that your fundamental rights and freedoms outweigh those interests.
Additionally, you may object at any time to the processing of your personal data for direct marketing purposes. You can do so by following the unsubscribe instructions included in our marketing emails or by contacting us directly at legal@travelbyelectric.com.
7. Making automatic decisions
The controller does not carry out profiling or automated individual decision-making. In the event of a change, you will be expressly notified of this before the change takes effect.
8. Right to file a complaint with the local supervisory authority
If you believe that we are processing your personal data in an unlawful manner, you may contact us at legal@travelbyelectric.com.
You have the right to file a complaint with your local supervisory authority regarding the processing of your personal data.
In Bulgaria, the contact details of the supervisory authority for personal data protection are as follows:
Personal Data Protection Commission
Bulgaria, Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
Phone: + 359 2 915 35 18
Email: kzld@cpdp.bg


VIII. OTHER INFORMATION
Other information we may collect
“Other information” is any information that does not reveal your specific identity, such as:
– browser and device information, operator, internet connection
– server log information and App logs
– information collected through cookies, pixel tags and other technologies
– demographic information and other information provided by you
– location information
We may use and disclose Other Information for any purpose, except as required to do otherwise by applicable law. If we are required to treat Other Information as personal data by applicable law, then we may use and disclose Other Information for all purposes for which we use and disclose personal data.


IX. DATA SECURITY METHODS
To protect user data from unauthorized or accidental disclosure, we implement reasonable and appropriate technical and organizational measures.
Technical measures: We employ technologies designed to prevent unauthorized third-party access to personal data. As part of our security protocols, we apply encryption to user and end-user data—this includes but is not limited to: communication within the App; all data stored on our servers. Organizational measures: We have adopted internal policies and procedures that govern how our
employees handle personal data. These are part of our internal regulations and are considered confidential for security reasons.
Where servers are hosted in data centres operated by third parties, we ensure that equivalent technical and organizational safeguards are in place and applied by those providers. Data Storage Location: All personal data is stored on servers located within the European Union, with two specific exceptions:
– Twilio.com – used for delivering SMS messages to App users;
– SendGrid – used for sending emails.
We currently engage the following data processors: Stripe, Microsoft Azure, Hetzner, Twilio.com, SendGrid, Charging Station Operators – who only have access to RFID card numbers used by App users.


X. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATION
All personal data is stored exclusively on servers located within the European Union, except for data processed by Twilio.com and SendGrid, which is used for sending SMS messages and emails, respectively.
The processing of data by these providers may involve data transfers outside the EU. Such transfers are conducted in full compliance with Article 46 of the GDPR, based on:
– the use of Standard Contractual Clauses (SCCs) adopted by the European Commission, and/or
– certification under the EU–US Data Privacy Framework, where applicable.
These safeguards are in place to ensure that your data receives an adequate level of protection, even when processed outside the European Economic Area (EEA).


XI. THIRD PARTY SITES
The App may contain links to websites, mobile applications, and other online services operated by third parties. Please note that this Privacy Policy does not apply to the privacy, data handling, or other practices of such third parties. We are not responsible for the content, security, or privacy practices of any third party, including those whose services are linked to or accessible from within the App. The inclusion of a link in the App should not be interpreted as an endorsement of the linked website or service by us.
We are also not responsible for the data collection, use, or disclosure practices (including data security measures) of other organizations or platforms—such as Facebook, Apple, Google, Microsoft, or any other application developers, service providers, social media platforms, operating system providers, wireless service providers, or device manufacturers. This includes any personal data you choose to
share with such organizations through or in connection with our presence on social media or thirdparty platforms.
All payments for Subscription Plans and other Services made through the Application are processed via external payment partners, such as Stripe. When selecting a payment method, you may be redirected to the website of the respective payment service provider (e.g., Stripe), where you will be
asked to enter the required payment information.
Please note that the processing of your payment data is carried out by these providers in accordance with their Terms of Service and Privacy Policies. TravelByElectric does not have access to, nor does it store, your payment card details or other sensitive financial information.


XII. COOKIE POLICY
1. What are cookies?
Cookies are small text files that are stored on your computer or mobile device. They are widely used to make websites work or work better and more efficiently. They can do this because websites can read and write these files, allowing them to recognize you and remember important information that will make your use of the website more convenient (for example, by remembering your preference
settings). The application automatically identifies the user’s IP address. An IP address is a number that is automatically assigned to the user’s computer after connecting to the Internet. All such information is recorded in an activity file by the server, which allows subsequent data processing.


2. What are scripts?
A script is a piece of programming code that is used to make our Application function properly and interactively. This code runs on our server or on your device.


3. What is a “web beacon”?
A web beacon (or “pixel tag”) is a small, invisible piece of text or image on a website that is used to monitor website traffic. To do this, various data about you is stored using web beacons.

4. What cookies do we use?
The App does not currently use cookies, scripts and/or web beacons.


XIII. CHANGES TO THE PRIVACY POLICY
We may update or modify this Privacy Policy at any time. The most current version will always be available within the App.
If we make any material changes to the way we process your personal data, we will notify you by displaying a prominent notice within the App before the changes take effect. We confirm that such changes will not apply retroactively.
We encourage you to review this Privacy Policy periodically while using the App, so that you remain informed about how your data is being protected.


Last updated on: 15.09.2025

Travel by electric logo (white big)
Rent an electric car – straightforward process, no hidden charges. Save time & effort while planning a road trip.
Facebook Instagram
Copyright © 2026 Travel By Electric Ltd. | Powered by JT Design
travelbyelectric.com