Data Protection Information for the Website "www.Dolfi1920.de"

1. Contact Information of the Data Controller

   This website serves as the online presence of the Dolfi Group as a corporate presence for information as well as offers and services of the respective company. Depending on which project or service offer you inform yourself about on this website or which service you use, the data processing described below is carried out by.
   

   DOLFI 1920 GmbH
   Langer Kornweg 34C
   65451 Kelsterbach, Deutschland

   DOLFI 1920 sp. z o.o.
   Dzialkowa Strasse Nr. 33
   02-234 Warschau, Polen

   DOLFI 1920 Malas de Viagem Unipessoal, Lda.
   Estrada de Paco d’arcos Nr. 88, Armazém 33,
   2739-512 Cacém, Portugal

   DOLFI 1920 s.r.o.
   Toužimská 767-hala 3B,
   Letňany, 199 00 Praha 9, Tschechien

   Please direct any data protection enquiries to:
   Dolfi 1920 Datenschutz-Team
   Langer Kornweg 34c
   65451 Kelsterbach
   E-Mail: datenschutz@dolfi1920.de

   Data subject enquiries, in particular any assertion of data subject rights, are forwarded internally to the controller responsible for the processing in question. The website operators have concluded corresponding data protection agreements with each other to regulate joint responsibility.

2. Contact Information of the Data Protection Officer

   The Data Protection Officer of the Data Controller can be reached by post as follows:
   DOLFI 1920 GmbH, --To the Data Protection Officer--, Langer Kornweg 34C, 65451 Kelsterbach.
   You can contact our data protection team (DPO and Data Protection Coordinators) via E-Mail-at datenschutz@dolfi1920.de.

3. Processing of Personal Data When Using the Website

   • Server Log Files

     We collect data on each access to this website (so-called server log files). The access data includes the name of the accessed web pages and files, date and time of access, transmitted data volume, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider. The data is stored for a period of up to 30 days after the end of use.
     The processing is based on Art. 6 (1) lit. ff) GDPR due to our legitimate interest in improving the operation, security, and optimization of our website.

   • Cookies

     Our website uses cookies. Cookies are data sets that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require the calling browser to be identified even after a page change.

   • Cookie Consent Management (‘Cookie Banner’)

     We use a cookie consent management solution (‘cookie banner’) from the provider CCMP 19, through which users' consents for the use of cookies or technical services are obtained, managed, and revoked. For this purpose, the consent declaration may be stored to avoid repeated requests and, in particular, to allow us to demonstrate consent in accordance with legal obligations. The storage may occur server-side and/or in a cookie, enabling the consent to be assigned to a specific user or their device. Depending on the specific details of the cookie management services provided, we inform you that the storage duration of the consent may be up to three years. To the extent technically possible, personal data such as IP addresses, etc., will be pseudonymized. For further details, please refer to ‘Cookie Settings. ’

4. Google reCAPTCHA

   On this website, we also use the reCAPTCHA function provided by: Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function serves primarily to distinguish whether an input is made by a natural person or abusively by automated processing (so-called "bots"). The processed data may include IP addresses, information about operating systems, devices, or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on websites, previously visited websites, interactions with reCAPTCHA on other websites, potentially cookies, and results from manual identification processes (e.g., answering posed questions or selecting objects in images). The data processing is based on our legitimate interests in protecting our online offering from abusive automated crawling and spam. In the context of using Google reCAPTCHA, personal data may also be transmitted to Google LLC’s servers in the USA.
   Legal basis: Legitimate interests (Art. 6 (1) sentence 1 lit. ff.) GDPR);
   Website: https://www.google.com/recaptcha/;
   Privacy Policy: https://policies.google.com/privacy;
   Basis for data transfer to third countries: EU-US Data Privacy Framework (DPF).
   Opt-out options: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en,
   Settings for displaying advertisements: https://adssettings.google.com/authenticated.
   

5. Google Analytics

   If you provide us with your consent, we will use Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), to analyze and optimize our online offering. We use Google Analytics to measure and analyze the use of our online services based on a pseudonymous identification number. This ID does not contain any personally identifiable data, such as names or email addresses. The analysis information allows us to track which content users have accessed during one or multiple interactions, what search terms they have used, or how they have interacted with our online services, including the time and duration of use, as well as the sources of the users. The information generated by the cookie about users’ use of our online services is generally transferred to and stored on a Google server in Ireland. We have entered into data protection agreements with Google. Google uses this information to evaluate the use of our online services by users, compile reports on activities within our online offering, and provide further services related to the use of our online services and internet usage. Pseudonymous user profiles may be created from the processed data.
   We only use Google Analytics with IP anonymization enabled. This means that users' IP addresses are truncated by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user's browser will not be merged with other Google data.
   Service provider for Google services: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
   Website: https://marketingplatform.google.com/intl/en/about/analytics/
   For detailed privacy information from Google, please visit https://policies.google.com/privacy.
   We have entered into data protection agreements with this provider (Data Processing Agreement: https://business.safety.google/adsprocessorterms).
   Google is certified under the EU-US Data Privacy Framework (DPF) for third-country transfers and uses Standard Contractual Clauses ((https://business.safety.google/adsprocessorterms).

6. Registration and Reporting of Baggage Damage

   To report damage to your baggage, it is necessary to register on our website and create a user account. In the course of your registration and use of your user account, personal data will be collected. Registration (including activation) and use of your user account take place via the forms provided on the website. The personal data collected includes contact details (e.g., name, first name, telephone number, email address), reason for the damage, information about the damaged baggage (e.g., brand, model, age, price, purchase date, description of damage, serial number), images of the damaged baggage, damage report reference number, a copy of the warranty card, and proof of purchase.
   To fulfill your contract, we also work with transport and payment service providers. This data is collected for the purpose of processing the reported damage, fulfilling legal obligations, and protecting our legitimate interests.
   We explicitly point out that for the processing and review of a damage case, only files and documents necessary for this purpose are permitted. These include photos of the damaged baggage (baggage damage), scans or photos of receipts (proof of purchase), and, if applicable, the submission of flight tickets. Photos containing personal data, images of individuals, or other types of files are not required. If such files are sent to us, this is done at the sender's own responsibility and without any guarantee on our part.

7. Use of the Online Store (After Approval by Dolfi1920)

   In the event of total loss, Dolfi 1920 GmbH offers you the opportunity to purchase an equivalent replacement baggage item based on the determined residual value. If the price of the selected baggage exceeds the residual value of the damaged baggage, the customer must cover the difference.
   To fulfill your contract, we work with transport and payment service providers. The address and order data we collect are passed on to transport companies for the purpose of contract execution.

8. Recipients

   The aforementioned personal data may, in certain cases, be viewed by our service providers who are involved in the tailored optimization of the website, maintenance, and updates of the website. We enter into data protection agreements (data processing agreements according to Art. 28 GDPR) with data processors. Furthermore, we may transfer the aforementioned data to effectively design processes within the Dolfi1920 corporate group. This transfer is based on Art. 6 (1) lit. f) GDPR. Our legitimate interest in processing your data by data processors and companies within the Dolfi1920 corporate group lies in the cost- and resource-efficient implementation of the purposes mentioned in section 6. As part of fulfilling your contract, we also work with transport and payment service providers as described in section 6.

9. Export and Processing of Data in Non-EU Countries

   In principle, no export of personal data to countries outside the EEA takes place. The processing of personal data during visits to and use of the website in a so-called third country, i.e., outside the European Union (EU) or the European Economic Area (EEA), is not planned and does not occur.
   If the transfer of data occurs through the use of third-party services or the disclosure/transfer of data to other entities or companies, this is done only in accordance with legal requirements. This may be subject to the explicit consent of the website user to transfer data to third countries (e.g., the USA). Otherwise, we may commission service providers in third countries with recognized data protection levels, such as the Data Privacy Framework for US companies, or potentially conclude contractual obligations under the EU Commission's standard protection clauses, or ensure adequate certifications in compliance with GDPR for third-country data transfers.

10. Applicable Legal Bases

    We inform you of the legal bases of the GDPR under which we process personal data:
    

    • Consent (Art. 6 (1) sentence 1 lit. a GDPR)

      The data subject has given consent to the processing of their personal data for one or more specific purposes (e.g., subscribing to a newsletter).

    • Contract fulfillment and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b GDPR)

      The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject (e.g., course bookings, shop purchases).

    • Legal obligation (Art. 6 (1) sentence 1 lit. c GDPR)

      The processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., for tax purposes in payment transactions).

    • Legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR)

      The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our legitimate interests lie in the functionality of the website, IT security of the website (defense against spam, etc.), and, if necessary, the defense or enforcement of legal claims.

11. Data Deletion and Retention Period

    We will store your data only for as long as is necessary for the respective purposes. Personal data will be deleted or stored in a limited capacity once the last specific purpose has been fulfilled.
    To fulfill contractual obligations, the data collected from you can be processed during the contract period and for up to 6 or 10 years after the end of the contract, depending on the type of contract, to meet legal retention obligations and address any inquiries or claims after the contract expires. Data that we deem necessary to assess or defend against claims or to bring claims against you, us, or third parties may be retained as long as such a process remains possible.

12. Necessity of Data Collection

    The collection of your personal data is not legally required for the use of our website or for concluding a contract. However, it is necessary for the realization of the purposes described.

13. Rights of the Data Subject

    According to the GDPR, you have the following rights and claims against the data controller:
    • The right of access (Art. 15 GDPR)
    • The right to rectification (Art. 16 GDPR)
    • The right to erasure (Art. 17 GDPR)
    • The right to restriction of processing (Art. 18 GDPR)
    • The right to data portability (Art. 20 GDPR)

14. Revocation of Consents

    You may revoke any consent you have given for the processing of your personal data, in whole or in part, with effect for the future. The revocation does not affect the legality of the processing carried out before the revocation.

15. Right to Object According to Art. 21 GDPR

    You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data based on Article 6 (1) lit. f) GDPR. We will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims. If you wish to exercise your data subject rights, please send an email to datenschutz@dolfi1920.de.

16. Right to Lodge a Complaint with a Supervisory Authority

    You have tthe right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. Each data subject may lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the place of the alleged infringement, if the data subject believes that the processing of their personal data violates the GDPR.
    For any questions, complaints, or suggestions regarding our data protection policies, please contact the Dolfi1920 data protection team at datenschutz@dolfi1920.de.

Version: November 2024