Privacy policy
This privacy policy explains what personal information Trailcar Mobility Ltd. ("Trailcar", "we", "us") collects when you visit trailcar.info or contact our dispatch desk via Telegram, why we collect it, how it is stored, and what rights you have over your data. It is written to satisfy the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK Data Protection Act 2018 and the California Consumer Privacy Act ("CCPA"), and the personal data protection laws of the UAE, Singapore and Hong Kong where applicable.
1. Who is the controller
The data controller is Trailcar Mobility Ltd., a company incorporated in the Republic of Cyprus, registration number HE 412 889, with its registered office at Themistokli Dervi 6, Office 22, 1066 Nicosia, Cyprus. You can reach our privacy contact at privacy@trailcar.info.
2. What we collect
We collect only the minimum information needed to provide you with a rental quote and to fulfil a confirmed booking. Specifically:
- Booking enquiry data submitted on this website: city, pick-up and return dates, vehicle category. These four data points are passed to our Telegram dispatch desk and are not stored in any database on this domain.
- Conversation data exchanged with our dispatcher inside Telegram: your name, contact details, delivery address, intended driver, and any other information you choose to share.
- Hand-over documents verified physically at vehicle hand-over: driving licence, passport or national ID, and a credit-card imprint for the security deposit. Documents are inspected at hand-over and a scanned copy is retained for the duration of the rental plus the statutory record-keeping period.
- Technical data: IP address, browser user-agent, referring URL, and pages viewed. Used in aggregated form only to measure site performance and detect abuse.
- Cookies: see our cookie policy for the full list.
3. Why we collect it
We process your data on the following legal bases:
- Performance of a contract (Art. 6(1)(b) GDPR) — to quote, schedule, deliver and reconcile your rental.
- Legal obligation (Art. 6(1)(c) GDPR) — to verify driver identity, comply with tax and anti-fraud regulations, and meet record-keeping rules in the country of operation.
- Legitimate interests (Art. 6(1)(f) GDPR) — to keep the website operational, secure, and reasonably useful, and to manage our advertising spend.
- Consent (Art. 6(1)(a) GDPR) — for analytics and advertising cookies, and only after you have actively accepted them in the cookie banner.
4. Who we share it with
We share strictly necessary data with the following processors and partners:
- Telegram Messenger Inc. — communications platform on which the dispatch conversation takes place. Messages are subject to Telegram's own privacy policy.
- Hetzner Online GmbH — hosting provider for trailcar.info. Servers are located in the European Union.
- Cloudflare, Inc. — content delivery, DDoS protection and DNS.
- Google LLC — Google Analytics 4 and Google Ads, only after analytics / advertising cookies have been accepted.
- Local fleet partners — vetted vehicle suppliers in each city of operation, who receive only the data needed to deliver the agreed car.
- Authorities — when we are legally required to disclose information by court order or by a regulator in the country of operation.
We do not sell personal data. We do not share data with advertising networks for any purpose other than measuring the effectiveness of our own campaigns.
5. International transfers
Some of our processors (notably Cloudflare and Google) are based in the United States. Transfers to the US take place under the EU–US Data Privacy Framework and Standard Contractual Clauses adopted by the European Commission. A copy of the safeguards is available on request.
6. How long we keep it
- Booking enquiries that do not result in a confirmed rental: deleted within 30 days.
- Confirmed-rental records, including scans of presented documents: retained for 7 years for tax purposes, then permanently deleted.
- Server access logs: 14 days.
- Analytics data: 14 months at aggregated level.
7. Your rights
Under GDPR, UK GDPR and CCPA you have the right to:
- access the personal data we hold about you;
- request rectification of inaccurate data;
- request erasure of data we no longer need to retain;
- restrict or object to processing;
- data portability — receive your data in a structured, machine-readable format;
- withdraw consent at any time, without affecting the lawfulness of prior processing;
- lodge a complaint with the Office of the Commissioner for Personal Data Protection of Cyprus (dataprotection.gov.cy) or your local supervisory authority.
California residents additionally have the right to know whether their personal information is sold or shared (it is not), and to opt out of such practices.
To exercise any of these rights, email privacy@trailcar.info. We respond within 30 days and may ask for proof of identity to prevent unauthorised disclosure.
8. Security
The website is served over HTTPS with HSTS enabled and an industry-standard TLS configuration. Internal access to booking and document data is restricted to dispatcher accounts protected by two-factor authentication. No system is perfectly secure, but we apply commercially reasonable measures and we promptly notify affected users of any incident that puts their personal data at material risk.
9. Children
Our service is not directed at children. The minimum driver age is 21 (Economy) or 25 (Premium / Luxury / SUV). We do not knowingly collect data from anyone under the age of 18.
10. Changes to this policy
If we update this policy, the "Last updated" date at the top will change and material amendments will be highlighted on the home page for at least 30 days. The current version always governs.
