Privacy Policy

1. Controller

The controller responsible for the processing of your personal data within the meaning of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) is:

Aleksandar Mijić (sole proprietor / Einzelunternehmer)
Berlin, Germany
E-Mail: privacy@tronic.io

2. Scope

This Policy describes how we process personal data when you visit our website, create an account, or use the Tronic service (the “Service”), including the carrier, customer, and supplier applications. It supplements our Terms of Service.

3. Categories of personal data we process

• Account data: name, business email, password hash, organisation, and role (carrier, customer, or supplier).
• Usage and log data: pages visited, features used, device and browser information, and an approximate location derived from your IP address.
• Order & logistics data: information you enter to request, place, route, or fulfil orders and deliveries, including addresses, materials, quantities, and scheduling.
• Communications data: messages you send to support and any feedback you provide.
• Billing data (where applicable): name, billing address, and VAT ID. Payment instrument data is handled by the relevant payment provider; we do not store full card numbers.

4. Purposes and lawful bases (Art. 6 GDPR)

• Providing the Service (account creation, authentication, core functionality): performance of a contract, Art. 6(1)(b).
• Securing the Service (abuse prevention, fraud detection, logging): legitimate interests, Art. 6(1)(f).
• Improving the Service (aggregate analytics, feature usage): legitimate interests, Art. 6(1)(f), or your consent where required.
• Analytics and non-essential cookies: your consent, Art. 6(1)(a) GDPR and § 25(1) TDDDG.
• Compliance with legal obligations (tax, accounting, lawful requests): Art. 6(1)(c).

5. Web analytics – Google Analytics

This website uses Google Analytics, a web-analytics service provided by Google Ireland Limited (“Google”). Google Analytics uses cookies and similar technologies to analyse how visitors use the site. The information generated (including a shortened IP address) is generally transmitted to and stored by Google.

Where required, analytics are only activated with your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG), which you can withdraw at any time with effect for the future. You can prevent collection by Google Analytics via the browser add-on at tools.google.com/dlpage/gaoptout. See also Google’s privacy policy at policies.google.com/privacy.

6. Google Fonts

To display fonts consistently, this site loads “Google Fonts” from Google’s servers. When a page loads, your browser connects to Google to download the required fonts, which means your IP address is transmitted to Google. This is based on our legitimate interest in a consistent presentation (Art. 6(1)(f) GDPR), or on your consent where requested. See developers.google.com/fonts/faq.

7. Hosting and server log files

This website is hosted by an external service provider. When you access the site, the provider automatically collects and stores information in server log files that your browser transmits, including browser type and version, operating system, referrer URL, host name, time of the request, and IP address. This processing is based on our legitimate interest in the secure and reliable provision of the site (Art. 6(1)(f) GDPR). We have concluded a data processing agreement (DPA) with our hosting provider where required.

8. Recipients and processors

We share personal data only with the following categories of recipients, each engaged under a written processing agreement where required:

• Cloud infrastructure and hosting providers (compute, storage, database).
• Analytics and error-monitoring providers.
• Email and customer-communication providers.
• Payment providers (where applicable).
• Professional advisors and authorities, where required by law.

9. International transfers

Where personal data is transferred outside the European Economic Area, we rely on an adequacy decision of the European Commission (e.g. the EU–U.S. Data Privacy Framework) or, where no adequacy decision applies, on Standard Contractual Clauses together with supplementary technical and organisational measures.

10. Retention

• Account data: for the lifetime of the account and a short period afterwards to allow recovery and dispute handling.
• Order & logistics data: while your account is active, then deleted unless longer retention is required by law.
• Security and access logs: typically up to 12 months.
• Billing and tax records: retained for the applicable statutory period under § 147 AO (typically up to 10 years).

11. Your rights

Subject to the conditions in the GDPR, you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object to processing based on legitimate interests (Art. 21), including direct marketing. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise your rights, contact privacy@tronic.io. You also have the right to lodge a complaint with a supervisory authority. The competent authority here is the Berlin Commissioner for Data Protection and Freedom of Information, datenschutz-berlin.de.

12. Cookies

We use cookies and similar technologies that are strictly necessary to provide the Service (e.g. authentication and security) on the basis of § 25(2) TDDDG. Any non-essential cookies, including analytics, are set only with your prior consent, which you can change or withdraw at any time. You can also manage cookies through your browser settings.

13. Children

The Service is intended for business users and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact privacy@tronic.io and we will delete it.

14. Security

We implement appropriate technical and organisational measures under Art. 32 GDPR to protect personal data, including encryption in transit and access controls. No method of transmission or storage is entirely secure; we will notify affected users and authorities of personal-data breaches as required by Arts. 33 and 34 GDPR.

15. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date at the top of this page reflects the latest revision. For material changes we will provide reasonable notice where appropriate.

16. Contact

For any privacy enquiry, contact privacy@tronic.io.