Privacy Policy

This notice explains how we process personal data in connection with our services (including our SMS API and related dashboards) in accordance with the EU General Data Protection Regulation (GDPR). Last updated: 2025-12-19.

Controller

MultiPro Vermietung & Überführungs GmbH
Mühlheimer Str. 87
51469 Bergisch Gladbach
Germany
E-mail: it@multipro.gmbh
Phone: +49 151 29021879
Managing Director: Justin Diekmann

Scope of this Notice

This policy applies to our websites, customer accounts and dashboards, and our SMS messaging API and related webhooks. It does not cover third-party services which are governed by their own policies.

Categories of Personal Data

• Account data: name, company, e-mail, phone number, login information.
• API usage data: recipient numbers (E.164), message content you submit, status events, message IDs, timestamps, idempotency keys, metadata.
• Billing data: plan/subscription information, payment tokens/identifiers from payment service providers, amounts and invoices.
• Technical data: IP address, user-agent, device info, log entries and error traces for security and reliability.

Purposes and Legal Bases (Art. 6 GDPR)

• Provide services and perform contracts (Art. 6(1)(b)): account management, authentication, sending SMS via API, webhooks, support.
• Security and fraud prevention (Art. 6(1)(f)): access logs, rate-limiting, abuse detection, incident response.
• Compliance (Art. 6(1)(c)): tax and commercial retention obligations, lawful requests.
• Communication/marketing (Art. 6(1)(a)) only with your consent where required; you may withdraw consent at any time.

Recipients and Processors

We use carefully selected service providers under data processing agreements (Art. 28 GDPR), including hosting/infrastructure, customer support, telecommunications carriers for SMS delivery, and payment processing. For payments we use Stripe (Stripe Payments Europe, Ltd., Dublin, IE). See their privacy information at stripe.com/privacy. Where required, providers may only process data on our documented instructions.

International Data Transfers

If personal data is transferred outside the EU/EEA, we ensure appropriate safeguards, e.g. adequacy decisions or the EU Standard Contractual Clauses (SCCs). Copies or summaries of safeguards can be requested from us.

Retention

• Account and contract data: for the duration of your account and for statutory limitation periods.
• Billing and tax-relevant records: retained in line with German law (typically up to 10 years).
• Technical/security logs: retained only as long as necessary for security and troubleshooting (usually between 7 and 90 days).
• Message content/metadata: retained as required to provide the service, ensure delivery, and comply with legal obligations; content retention can be minimized or avoided where your integration design permits.

Security

We implement technical and organizational measures appropriate to the risk, including access controls, encryption in transit, least-privilege principles, monitoring, and regular reviews of our systems.

Your Rights

Under the GDPR you have the right to access, rectification, erasure, restriction, portability, and to object to processing on grounds relating to your particular situation. Where processing is based on consent, you may withdraw consent at any time with effect for the future.

To exercise your rights, contact us at it@multipro.gmbh. We may need to verify your identity before acting on a request.

Complaints

You also have the right to lodge a complaint with a supervisory authority, in particular at your habitual residence, place of work, or the place of the alleged infringement. For our registered office, the competent authority is the data protection authority of North Rhine-Westphalia (Germany).

Children’s Data

Our services are not directed at children. We do not knowingly process personal data of children under the age required by law without appropriate consent.

Cookies and Similar Technologies

We use essential cookies or similar technologies where necessary for login sessions, security, and settings (e.g. language). Non-essential cookies, if any, are used only with your consent.

Changes to this Notice

We may update this policy from time to time. The version posted on this page is the current version indicated by the “Last updated” date above.

This document is provided for information and does not constitute legal advice.