7.1. Our affiliates
Personal data we collect for the purposes defined in this policy may be transferred to, stored and processed by other RIMOWA affiliates to ensure the same quality of service wherever you interact with us around the world. You may obtain here a list of these countries and their associated RIMOWA’s affiliates.
This processing of your personal data is based on the legitimate interest of RIMOWA to optimize client experience.
7.2. Service providers
We partially use service providers, in observance of the statutory requirements, by means of data processor relationships, i.e. processing is performed on the basis of a respective contract pursuant to art. 28 GDPR, on our behalf, according to our instructions and subject to our control.
Data processors are, in particular:
- providers in charge of distributing communications (e.g. newsletters, invitations and other publications),
- providers in charge of customer relationship management (e.g. solutions helping us to improve customer service, personalize communications, and manage sales and marketing activities),
- providers of data analytics and statistical analysis for cookies and similar technologies,
- media agencies in charge of monitoring the social media performance of RIMOWA,
- providers of technical services (e.g. cloud hosting and IT infrastructure, software maintenance and development, cybersecurity and network security, AI and machine learning).
In such cases we remain responsible for the personal data processing; the transfer and processing of personal data to or by our data processors is made on the legal basis upon which we are permitted to process data in each case.
7.3. Third parties
We partially also transmit your personal data to third parties, i.e. partners with whom we collaborate outside of data processor relationships. Such third parties are considered to be data controllers. Their processing of your personal data is subject to their own policies, which you can obtain by contacting them directly. The rights you have under the applicable data protection legislation may be directly exercised with these third parties.
7.3.1. Payment and fraud prevention
In order to execute your orders, we share necessary payment information with payment service providers, including your credit institute and partners like Cybersource, a Visa solution, also in charge of automatic fraud detection for online transactions. For more information, please refer to the Visa Privacy Notice.
We may also offer other payment methods on our Website, such as Klarna, PayPal and Apple Pay. When you choose these options, your personal data is processed according to their respective privacy policies:
The legal basis for the transfer of your personal data is the performance of the contract with you (art. 6 (1) (b) GDPR) in case of payment processing; and our legitimate interest to make sure our transactions are secure (art. 6 (1) (f) GDPR) in case of fraud detection and prevention.
7.3.2. Logistic and transportation
In order to transport the goods related to your transactions with us, we provide your address and contact details, to the extent necessary, to parcel transportation providers, including the partners like UPS (Privacy Policy) or DHL (Privacy Policy).
The legal basis for the transfer of your personal data is the performance of the contract with you (art. 6 (1) (b) GDPR).
7.3.3. Online advertising and targeting
For the purposes of online advertising and targeting, as described in the Section 5 of this policy, your personal data may be shared with our partners in two different ways:
-
Through the sharing of your personal data: When you consent to marketing communications, we may share your personal data with our advertising partner, such as Meta (Privacy Center) and Google (Privacy Policy).
-
Through automatic data collection technologies: when you visit our Website and consent to the placement of cookies, our partners may access your personal data in accordance with our Cookie Policy.
The legal basis for the transfer of your personal data is your consent (art. 6 (1) (a) GDPR).
7.3.4. Legal process
We may disclose your personal data to third parties who help us protect our rights and property or when required by law or the legal process in response to subpoenas, warrants, court orders, investigations, government authorities, or as reasonably necessary to protect the rights or interests of our company, employees, affiliates or others.
The legal basis for the transfer of your personal data is art. 6 (1) (c) GDPR in case of a legal obligation, as well as art. 6 (1) (f) GDPR in case of our interest to protect our rights.
7.3.5. Restructuring
In the event of the restructuring of RIMOWA, including a total or partial asset transfer, merger, absorption, acquisition, demerger and in general any reorganization operation, your data may be shared, subject to appropriate legal, security and confidentiality measures.
The legal basis for the transfer of your personal data is art. 6 (1) (f) GDPR. We have a legitimate interest to adapt our internal corporate structures.