. The contractual partners, contact persons and passengers can find the mandatory information for the processing operations related to the visit of our website www.dolfi1920.de in the privacy policy of this website. Contractual partners in the sense of this mandatory information are legal and natural persons with whom we have concluded or intend to conclude a contract, e.g. a natural person who concludes his own contract for work or purchase with us. Contact persons within the meaning of this mandatory information are natural persons who work for our contractual partners, e.g. employees of an airline or IT company with whom we have a contractual relationship. Passengers within the meaning of this mandatory information are natural persons who are not employees of our contractual partners and whose data we have received from our contractual partners, e.g. passengers whose suitcases we repair or replace on behalf of an air carrier. All together are hereinafter referred to as "persons concerned". II. Who is responsible for data processing? The five companies of the Dolfi1920 group are jointly responsible for processing the data of the persons concerned in accordance with Art. 26 GDPR. These companies are: Dolfi1920 GmbH, Langer Kornweg 34c, 65451 Kelsterbach, Deutschland, E-Mail: datenschutz@dolfi1920.de Dolfi 1920 sp. z o.o., Mineralna Street No 15/2, 02274 Warsaw, Poland, E-Mail: data-security@dolfi1920.de Dolfi 1920 Malas de Viagem Unipessoal, Lda., Estrada de Paco d’arcos Nr. 88, Armazém 33, 2739-512 Cacém, Portugal, E-Mail.: data-security@dolfi1920.pt Dolfi 1920 s.r.o., Toužimská 767-hala 3B, Letňany, 199 00 Praha 9, Czech Republic, E-Mail: data-security@dolfi1920.cz Our data protection team and our Chief Privacy Officer can be reached via the aforementioned contact methods. III. What does joint responsibility mean? Joint responsibility means that the five companies mentioned above jointly decide on the purposes and means of processing the data of the persons concerned. Joint responsibility also means that the companies conclude a contract between themselves in accordance with Art. 26 GDPR. We would like to inform the persons concerned about the essential obligations and distribution of tasks of this contract as follows: Data protection obligations within the Dolfi1920 group are fulfilled as follows: Dolfi1920 GmbH provides the persons concerned with the mandatory information according to Art. 13 and 14 and Art. 26 of the GDPR Dolfi1920 GmbH respects the rights of the persons concerned according to art. 15 ff. GDPR Dolfi1920 GmbH, in agreement with the company concerned, will report the potential violation of the protection of personal data according to Art. 33 GDPR to the supervisory authorities and, if necessary, will notify the persons concerned according to Art. 34 GDPR Dolfi1920 GmbH prepares and maintains the processing list according to Art. 30 GDPR concerning joint processing Companies of the Dolfi1920 group support each other The deletion of a date by a company may only be carried out after notification to the other companies of the Dolfi1920 group A processor may only be commissioned after prior written consent and only on behalf of all companies in the Dolfi1920 group Liability towards the persons concerned is not limited in the external relationship; however, in the internal relationship it is distributed according to the extent to which they must be represented The persons concerned can contact any company of the Dolfi1920 group for any request, in particular to exercise their individual data protection rights. The companies of the Dolfi1920 group have the following main responsibilities: A contract is executed by the company of the Dolfi1920 group that has conducted the negotiations with the contracting party The workshops are operated and managed by Dolfi1920 GmbH in Germany, DOLFI 1920 sp. z o.o. in Poland and DOLFI 1920 Malas de Viagem Unipessoal, Lda in Portugal Operation and management of the www.dolfi1920.de website and the International Call Center is carried out by DOLFI 1920 Services sp. z o.o. Operation and administration of the internal cross-company passenger management platform as well as controlling is carried out by Dolfi1920 GmbH IV. Which data and data categories of the persons concerned do we process? Contractual and contact person: Last name, first name, e-mail address, position, company, details of contracts concluded, transport and payment data, creditworthiness data, data added in the course of the contractual relationship (such as new contact data, contract lines provided) and similar data Passengers: Contact information such as last name, first name, telephone number, e-mail address, reason for the damage, information about the damaged baggage such as brand, model, age, price, date of purchase, description of the damage, serial number, pictures of the damaged baggage, reference number of the damage report, copy of the warranty card, proof of purchase as well as transport and payment data and similar data, data added in the course of order processing such as e.g. new contact details, contract services rendered, queries e.g. about the extent of damage to the suitcase or the transport route, payments received, invoices and similar data V. For what purposes and on what legal basis do we process the data? The processing is carried out for the purpose of performing the contract with the person concerned or for carrying out pre-contractual measures where such processing is initiated by the person concerned. In the case of passengers, processing shall be carried out for the purpose of performing the contract concluded by the passenger with the air carrier. The legal basis is Art. 6 para. 1 sentence 1 letter b) GDPR. Processing is carried out for the purpose of fulfilling our contractual and quasi-contractual obligations to our contractual partners. The legal basis is Art. 6 para. 1 sentence 1 letter f) GDPR. The fulfilment of these obligations is also our legitimate interest. The processing is carried out for the purpose of fulfilling legal obligations to which we are subject. The legal basis is Art. 6 para. 1 sentence 1 letter c) GDPR in conjunction with the respective Union or Member State legislation. These obligations include, in particular, the storage obligations under commercial law (§ 257 HGB) and tax law (§ 147 AO) as well as the notifications to authorities stipulated for us. Processing is carried out for the following additional purposes: control, administration and organization of group-wide processes, determination of economic risks such as payment defaults and risk management, assertion and defense of legal claims, prevention and investigation of criminal offenses, further development of our business activities as well as for cost-effective implementation of all the above-mentioned purposes by outsourcing services to IT service providers and companies of the Dolfi1920 group. The legal basis is Art. 6 para. 1 sentence 1 letter f) GDPR. These purposes are also our legitimate interests in the sense of Art. 6 para. 1 sentence 1 letter f) GDPR. Processing is carried out for the purpose for which the person concerned has given his consent. The legal basis is Art. 6 para. 1 sentence 1 letter a) GDPR. VI. Is there an obligation to provide the data? The persons concerned are under no legal or contractual obligation to provide their data before the establishment of a contractual relationship. However, this is necessary to fulfill the purposes mentioned under V. Without this, we cannot fulfill the purposes mentioned under V. After the establishment of the contractual relationship by a data subject, the data subject may be under an obligation to provide his or her data under the contract. Without such provision, we cannot fulfill the purposes stated under V. and possibly cannot fulfill the contractual relationship. VII. Who receives the data? The data of the persons concerned are processed within the Dolfi1920 group. The recipients are therefore first of all the other companies of the Dolfi1920 group and their employees. We have a strict authorization concept. Depending on the type of data processed, only individual companies, employees or departments receive the data. Other recipients are aviation companies, IT service providers and other contractual partners. In addition, law firms, authorities, public prosecutors' offices and courts receive the data of the persons concerned. VIII. What are the sources of the data? Unless we have collected the data directly from the person concerned, in the case of contractual partners the data originates from rating or credit rating agencies, in the case of contact persons the data originates from their employer and in the case of passengers the data originates from the air carrier that has concluded a contract with the respective passenger or from the SITA word tracer system. IX. Is data transferred to countries outside the EU or EEA? The data processing takes place almost exclusively within the EU or the European Economic Area. For the repair of the suitcase, we only forward the last name, first name and type of damage to Switzerland. For Switzerland, there is an appropriateness decision of the European Commission. For the persons concerned, this means that there is a level of protection for their data in Switzerland that is comparable to the GDPR. X. How long is the data stored? Data collected on the basis of consent: We store this data until the person concerned withdraws his or her consent. We archive the declaration of consent itself for a period of three years, starting on 1 January of the year following the year in which the consent was revoked. To determine the documentation or retention period, we use the following decision pattern: Is there a contractual relationship with the person concerned himself or were the data provided by our contractual partners? Does the contractual relationship still exist or has it already ended? Have the legal periods of limitation, which for example according to §§ 195 ff. of the German Civil Code (BGB) usually amount to three years, but in certain cases may also amount to ten or even thirty years (e.g. retention of enforceable titles), expired? Are there legal documentation and retention periods such as six or even ten years according to §§ 257 HGB, 147 AO? XI. What rights does a person concerned have? Revocation of consent: If we process the data based on the consent of the person concerned, the following applies: The data subject may revoke his or her consent at any time with effect for the future, e.g. by sending an e-mail or letter to the above-mentioned contact details of the person responsible or the Chief Privacy Officer. However, the revocation does not affect the lawfulness of the processing of the data up to the time of revocation. Right of appeal to a data protection supervisory authority: Under Art. 77 GDPR, the person concerned has the right to appeal to a supervisory authority: According to this provision, and without prejudice to any other administrative or judicial remedy, any person concerned may lodge a complaint with a supervisory authority, in particular in the Member State in which he or she is resident, at his or her place of work or at the place where the suspected infringement is committed, if he or she considers that the processing of data relating to him or her is contrary to the GDPR. Other rights of the persons concerned: Every person concerned has the right: to receive information, Art. 15 GDPR to correct incorrect or incomplete data, Art. 16 GDPR to delete the data, Art 17 GDPR to restrict processing, Art. 18 GDPR to transfer data, Art. 20 GDPR to object to the processing of data relating to them in accordance with Art. 6 para. 1 sentence 1 letter f) GDPR, Art. 21 GDPR. To exercise these rights, a person concerned can contact us or our Chief Privacy Officer at any time, e.g. by e-mail or post. Dolfi 1920 GmbH Langer Kornweg 34c, 65451 Kelsterbach Amtsgericht Darmstadt, HRB 95095 Gal David Zentner [ref:!00D3V0ubMl.!500Qt0ToKm3:ref]Your damaged luggage incident 01313279 [ref:!00D3V0ubMl.!500Qt0ToKm3:ref]Dolfi1920 undefined"hi@josie.lol" undefined