The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:
Voozaa GmbH
Rudolfplatz 3
50674 K?ln
Germany
Email: cs@voozaa.app
If you have any questions about this privacy policy or the processing of your personal data, you can contact us at any time using the contact details above.
(If appointed, please insert contact details of your Data Protection Officer here.)
This policy applies to the processing of personal data when you:
Data: IP address, date/time of request, requested URL, HTTP status, amount of data, referrer URL, browser type/version, operating system, device type.
Purpose: Provide the website/app, ensure stability and security, prevent misuse, debug errors.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation of our services).
Retention: Typically 7¨C30 days, longer only in case of security incidents or legal disputes.
Data: Name, email, phone number, password (hashed), language, country, account settings; optional profile information.
Purpose: Create and manage your account, provide app functions, display rental history, provide security and service messages.
Legal basis: Art. 6(1)(b) GDPR (performance of contract and precontractual measures).
Retention: For the duration of the account; thereafter, restricted and deleted/anonymised in line with statutory retention (see section 8).
Data: Account data (see 3.2), rental data (station/location, time of rental and return, duration, price, payment status), internal device IDs, battery status, error logs.
Purpose: Provide the rental service, billing, customer support, fraud prevention, fleet and station management, statistical evaluation (where possible, anonymised or pseudonymised).
Legal basis: Art. 6(1)(b) GDPR (performance of contract), Art. 6(1)(f) GDPR (legitimate interests in preventing misuse and optimising the service).
Retention: At least for the duration of the contractual relationship and, for invoices and accounting data, for 6¨C10 years under commercial and tax law.
Device-based location (smartphone): Processed only if you grant the app permission to access location services.
You can revoke this permission at any time in your device settings.
Station / powerbank location:
Data: Name (if required for payment), email, invoice data, amount, payment method, transaction ID, time stamps.
Purpose: Process payments and refunds, comply with tax and accounting laws, prevent fraud.
Legal basis: Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR (legal obligations), Art. 6(1)(f) GDPR (fraud prevention).
Payment service providers (e.g. Apple Pay, Google Pay, card acquirers) act as independent controllers or processors and process data under their own privacy policies.
Data: Contact data, content of your enquiry, metadata (time, possibly technical context and logs), account data where relevant.
Purpose: Answer enquiries, provide support, documentation for quality assurance and legal defence.
Legal basis: Art. 6(1)(b) GDPR (contract-related enquiries), Art. 6(1)(f) GDPR (legitimate interest in handling enquiries), Art. 6(1)(c) GDPR where statutory duties apply.
Data: Name, email address, language, country, consent status, interaction data (opens, clicks, unsubscribes), basic campaign performance data (e.g. which ad led to registration).
Purpose: Send newsletters and offers, measure and improve marketing campaigns (including via Meta Ads, Google Ads etc.).
Legal basis:
You can withdraw consent at any time via the unsubscribe link in emails, in the app settings or by contacting us.
We use cookies and similar technologies on our websites and in our apps.
Data: Session ID, login information, security tokens, language settings, basic technical IDs.
Purpose: Provide core functions such as login, security, cookie consent management.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functional website/app).
We use Google Analytics 4, a web and app analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Data: IP address (shortened where configured), device identifiers, app instance IDs, browser and device information, usage data (pages/screens viewed, clicks, session duration), approximate location.
Purpose: Analyse user behaviour, evaluate the effectiveness of our website/app and campaigns, improve our services.
Legal basis: Art. 6(1)(a) GDPR (consent via our cookie/SDK banner).
Google may process data on servers in the USA; Google LLC is certified under the EU-US Data Privacy Framework, and we additionally rely on Standard Contractual Clauses where necessary.
We use advertising services from Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland), e.g. Meta Pixel / SDK, to measure and optimise our advertising on Facebook and Instagram.
Data: Device and app IDs, IP address, pages/screens visited, events such as app installs, registrations, rentals, advertising IDs (e.g. IDFA/GAID), technical information.
Purpose: Measure reach and performance of our ads, retarget users with interest-based advertising, build custom and lookalike audiences.
Legal basis: Art. 6(1)(a) GDPR (consent for behavioural advertising).
Meta may process data in the USA. Transfers are based on the EU-US Data Privacy Framework and, where necessary, Standard Contractual Clauses.
We use advertising SDKs from Google (Google Mobile Ads / AdMob) and Apple (Apple Search Ads) to show in-app advertising and measure its performance.
Data: Advertising IDs (IDFA, GAID), device and app information, IP address, usage data, information about displayed ads and interactions.
Purpose: Show and optimise ads, measure campaigns, generate advertising revenue.
Legal basis: Art. 6(1)(a) GDPR (consent for personalised advertising and tracking in the EEA and UK).
We implement consent management according to the Google EU User Consent Policy and, where applicable, the IAB TCF v2 framework. Your consent status is passed to the ad networks as far as technically supported.
Opt-out/Withdrawal: You can adjust your preferences at any time in our cookie/consent banner and in your device settings (e.g. ¡°Limit Ad Tracking¡± / ¡°Personalised Ads¡± on iOS and Android).
Data: Name, company, position, email, address, phone, communication content, lead status in CRM.
Purpose: Handle franchise/partner enquiries, evaluate potential cooperation, administer ongoing B2B relationships.
Legal basis: Art. 6(1)(b) GDPR (precontractual measures and contract performance), Art. 6(1)(f) GDPR (legitimate interest in B2B sales).
Data: Application documents, contact data, interview notes and evaluation.
Purpose: Conduct the application process and decide on hiring.
Legal basis: Art. 6(1)(b) GDPR, ¡ì 26 BDSG; Art. 6(1)(a) GDPR for optional talent pool.
We share personal data only if legally permitted and necessary. Typical recipients:
We conclude data processing agreements with processors in accordance with Art. 28 GDPR.
Some recipients are located in countries outside the EU/EEA, particularly the United States.
Where personal data is transferred to such third countries, we ensure an adequate level of protection by:
You can request more information and copies of the relevant safeguards using the contact details in section 1.
We store personal data only for as long as necessary for the respective purposes or as required by law.
Examples:
After expiry of retention periods, data is deleted or anonymised.
You have the following rights:
To exercise these rights, contact us using the details in section 1.
You also have the right to lodge a complaint with a supervisory authority, in particular in your place of residence, place of work or the place of the alleged infringement. For Voozaa GmbH, this is typically the Landesbeauftragte f¨¹r Datenschutz und Informationsfreiheit NordrheinWestfalen (LDI NRW).
Certain data is required for account creation, rental of powerbanks and payment. Without this data, we cannot provide the service.
Providing data for analytics, marketing and personalised advertising is voluntary. If you do not consent, these functions may be limited, but the core service remains available.
We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR.
Our services may contain links to third-party websites or apps. We are not responsible for their content or data processing. Please check the respective privacy policies.
We may adjust this privacy policy from time to time. The current version is available on our website and in the app.
If changes materially affect your rights or the way we process data, we will inform you separately where appropriate (e.g. via email or in-app notice).
Last updated: January 2026