PRIVACY POLICY

PRIVACY POLICY

Last update: March 6, 2025


Ensuring personal data protection and security for its clients and prospects (hereinafter, “you” or “your”) is a top priority for RIMOWA (hereinafter, “RIMOWA”, “we”, “us” or “our”). We thus comply with applicable data protection legislation, notably the General Data Protection Regulation (hereinafter, “GDPR”). Terms used for the purposes of this policy have the meanings given to them by the GDPR.

This policy explains what personal data is collected and how it is processed when you visit RIMOWA’s stores or client care centers, contact our client service or use this website rimowa.com (hereinafter, the “Website”).

This policy does not address our data protection practices relating to job applicants, employees, and other employment-related individuals, nor data that is not subject to applicable data protection legislation. This policy is also not a contract and does not create any legal rights or obligations not otherwise provided by law.


1. DATA CONTROLLER

RIMOWA GmbH, a German company having its registered office at Richard-Byrd-Strasse 13, 50829 Cologne, Germany, which can be contacted at hello@rimowa.com, and/or its affiliates, each in the quality of data controller in accordance with the applicable data protection legislation, process personal data in order to provide you with the best possible service.

In this policy, reference to “RIMOWA” may target the group of companies as a whole or any individual company pertaining to RIMOWA.

You can consult here the name and address of the RIMOWA’s affiliate acting as data controller in the country of your interaction with us.


2. DATA PROTECTION OFFICER

RIMOWA has appointed a Data Protection Officer (hereinafter, “DPO”).

If you have any questions about the processing of your personal data by RIMOWA, please contact the DPO at the following email address: dataprotection@rimowa.com.


3. PROCESSED PERSONAL DATA

Depending on the provided services, your personal data processed by RIMOWA may include:

CATEGORIES OF PERSONAL DATA
EXAMPLES
Identity information
First and last names, title/salutation, gender, date of birth, client identifiers, information pertaining to your identity document etc.
Contact information
Billing and delivery address, e-mail address, telephone number, preferred communication method etc.
Transaction information
Shopping cart contents, order details, product returns, refunds or exchanges, payment related information, banking details etc.
Client relationship information
Purchase and repair history, client service records (history and details of your contacts and claims), your client satisfaction feedback etc.
Preferences, interests and inference information
Product related preferences, purchase patterns, demographics, interests and other information disclosed during the interactions with store advisors etc.
Online browsing information
Online browsing information from your use of cookies and other similar technologies, browsing patterns, interactions with online advertisements etc.
Technical and connection information
IP address and other technical identifiers, username and password, connection logs, browser information, general device location (such as city or region) etc.
Audio-visual information
Video footages in the stores equipped with the CCTV installations; recording of telephone calls with our client service etc.


It is our standard practice not to intentionally collect any of the special categories of personal data, or sensitive personal data. Sensitive personal data includes information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health-related information, or a person’s sex life or sexual orientation.

Despite this stance, certain Website features, in-store or repair services, as well as client service communications may include areas, such as survey forms or client inquiry sections, where you can share information freely. We urge you to exercise caution and refrain from sharing sensitive personal data in these cases to prevent its unintended processing.


4. PROCESSING OF CHILDRENS’ PERSONAL DATA

We do not intentionally collect personal data from children under the age of majority in accordance with local legislations in force. If you are under the minimum age requirement, please do not submit any personal data without the express consent and/or participation of your parent or legal guardian.

If you believe that we have collected personal data about a minor without such consent, please contact us at dataprotection@rimowa.com and we will delete it.


5. LEGAL BASES AND PURPOSES OF PROCESSING

Your personal data is processed either:

  • with your express consent (art. 6 (1) (a) GDPR) or 
  • where necessary for the performance of a contract with you (art. 6 (1) (b) GDPR) or
  • for compliance with our legal obligations (art. 6 (1) (c) GDPR) or
  • for the pursuance of our legitimate interests when the processing is required for the management of our daily business activities (art. 6 (1) (f) GDPR).

Your personal data can therefore be processed for the following purposes:

PURPOSES
LEGAL BASIS
COMMERCIAL RELATIONSHIP
To allow you to create your RIMOWA account (online on the Website or in-store through the digital form or when one of our store advisors sets up an account on your behalf) and to manage it. If you create it, you will automatically be allocated a personal ID linked to the e-mail address you have provided. Insofar, we will also send you essential information related to your account. These service updates include account notifications such as status updates and security alerts.
It is our legitimate interest to offer you with account creation feature.
To manage and process your purchases and orders, including delivery and return of RIMOWA products. Insofar, we may send you essential information related to your transactions. These service updates may include order confirmations, shipping updates, return and refund information.
Performance of a contract.
To manage the invoicing and payment of your transactions.
Performance of a contract.
To ensure the security of transactions, prevent fraud and/or payment incidents.
It is our legitimate interest to make sure our transactions are secure.
To monitor cash transactions in compliance with our legal obligations of preventing money laundering and terrorist financing. Insofar, in some cases, this may include verifying your identity, upon presentation of a government-issued ID.
Compliance with a legal obligation.
To facilitate tax-free shopping for the eligible clients.
Performance of a contract.
CLIENT CARE (REPAIR) AND CLIENT SERVICE
To manage our repair services in case you send your RIMOWA product to our client care centers or bring it into one of our stores for repair services.
Performance of a contract.
To answer and manage your queries sent via the “Contact us” form on the Website, per e-mail or via client service telephone. This data will be added to the information we keep on your RIMOWA account. If you do not have a RIMOWA account, a new contact will be created in our database.

It is our legitimate interest to respond to your queries.

Performance of a contract, if the request is aimed at the fulfilment of a contractual or pre-contractual measure.
To record your telephone conversations with our client service.
It is our legitimate interest to process personal data for the purposes of service quality improvement.
To collect and manage your feedback, if you participate in our email surveys. Insofar, we may also contact you by telephone to follow up on your feedback.
It is our legitimate interest to process personal data for the purposes of service quality improvement.
MARKETING ACTIVITIES
To send you personalized marketing material on our offers, products, latest news and events (newsletters, invitations to events organized by RIMOWA, including private sales and other news publications).
Your consent.
To manage our online advertising activities, including custom audience, “lookalike” audience, the delivery of interest-based advertising online and campaign effectiveness tracking. Insofar, your personal data will also be shared with our third-party partners, such as social media companies, online publishers and marketing companies.
Your consent.
To manage our centralized clients and prospects database and to compile statistics and analysis following your interactions with us, in order to improve our services, create segments and to implement an adapted relational marketing program.
It is our legitimate interest to ensure an optimized management of client experience.
To manage our pages on social networks (your interactions with us, content moderation and statistics).
It is our legitimate interest to manage our social network pages.
COOKIES AND SIMILAR TECHNOLOGIES
Consult our dedicated Cookie Policy.
OTHER
To secure and administer RIMOWA’s IT systems. It is our legitimate interest to make sure our IT infrastructure is secure.
To ensure security of goods and persons, in particular with the CCTV installations in certain stores.
It is our legitimate interest to ensure law enforcement, protect our properties, and exercise our domiciliary rights.
To comply with legal requirements in accordance with applicable legislation.
Compliance with a legal obligation.
To defend our rights and manage litigations.
It is our legitimate interest to defend our rights and manage litigations.
To process your requests for exercise of privacy rights.
Compliance with a legal obligation.


The personal data that is indispensable for us to fulfil the purposes that are described above is marked with an asterisk on the various forms of data collection. Should you not fill in these mandatory fields, we may not be able to process your requests and/or to provide you the requested products and services. Additional personal data is purely optional and allow us to know you better and to improve our communications and services accordingly.


6. PROCESSING METHODS

Your personal data will be processed using IT-based tools and/or manually.

In some specific cases, we may incorporate generative artificial intelligence (hereinafter, “AI”) solutions to assist in specific tasks, enhancing our operational efficiency and service quality. These AI tools are mainly used to facilitate our operations and/or support functions.

We ensure that any AI-driven processing of your personal data adheres to the data protection principles outlined in this policy and complies with the requirements of the applicable legislation.

In any event, we do not conduct any processing of personal data for the purposes of fully automated decision-making that has a legal or similarly significant effect on you. As a result, the rights to exercise control over such forms of automated decision-making do not apply.


7. RECIPIENTS OF PERSONAL DATA

7.1. Our affiliates

Personal data we collect for the purposes defined in this policy may be transferred to, stored and processed by other RIMOWA affiliates to ensure the same quality of service wherever you interact with us around the world. You may obtain here a list of these countries and their associated RIMOWA’s affiliates.

This processing of your personal data is based on the legitimate interest of RIMOWA to optimize client experience.

7.2. Service providers

We partially use service providers, in observance of the statutory requirements, by means of data processor relationships, i.e. processing is performed on the basis of a respective contract pursuant to art. 28 GDPR, on our behalf, according to our instructions and subject to our control.

Data processors are, in particular: 

  • providers in charge of distributing communications (e.g. newsletters, invitations and other publications),
  • providers in charge of customer relationship management (e.g. solutions helping us to improve customer service, personalize communications, and manage sales and marketing activities),
  • providers of data analytics and statistical analysis for cookies and similar technologies,
  • media agencies in charge of monitoring the social media performance of RIMOWA,
  • providers of technical services (e.g. cloud hosting and IT infrastructure, software maintenance and development, cybersecurity and network security, AI and machine learning).

In such cases we remain responsible for the personal data processing; the transfer and processing of personal data to or by our data processors is made on the legal basis upon which we are permitted to process data in each case.

7.3. Third parties

We partially also transmit your personal data to third parties, i.e. partners with whom we collaborate outside of data processor relationships. Such third parties are considered to be data controllers. Their processing of your personal data is subject to their own policies, which you can obtain by contacting them directly. The rights you have under the applicable data protection legislation may be directly exercised with these third parties.

7.3.1. Payment and fraud prevention

In order to execute your orders, we share necessary payment information with payment service providers, including your credit institute and partners like Cybersource, a Visa solution, also in charge of automatic fraud detection for online transactions. For more information, please refer to the Visa Privacy Notice.

We may also offer other payment methods on our Website, such as Klarna, PayPal and Apple Pay. When you choose these options, your personal data is processed according to their respective privacy policies:

The legal basis for the transfer of your personal data is the performance of the contract with you (art. 6 (1) (b) GDPR) in case of payment processing; and our legitimate interest to make sure our transactions are secure (art. 6 (1) (f) GDPR) in case of fraud detection and prevention.

7.3.2. Logistic and transportation

In order to transport the goods related to your transactions with us, we provide your address and contact details, to the extent necessary, to parcel transportation providers, including the partners like UPS (Privacy Policy) or DHL (Privacy Policy). 

The legal basis for the transfer of your personal data is the performance of the contract with you (art. 6 (1) (b) GDPR).

7.3.3. Online advertising and targeting

For the purposes of online advertising and targeting, as described in the Section 5 of this policy, your personal data may be shared with our partners in two different ways:

  • Through the sharing of your personal data: When you consent to marketing communications, we may share your personal data with our advertising partner, such as Meta (Privacy Center) and Google (Privacy Policy).
  • Through automatic data collection technologies: when you visit our Website and consent to the placement of cookies, our partners may access your personal data in accordance with our Cookie Policy.

The legal basis for the transfer of your personal data is your consent (art. 6 (1) (a) GDPR).

7.3.4. Legal process

We may disclose your personal data to third parties who help us protect our rights and property or when required by law or the legal process in response to subpoenas, warrants, court orders, investigations, government authorities, or as reasonably necessary to protect the rights or interests of our company, employees, affiliates or others.

The legal basis for the transfer of your personal data is art. 6 (1) (c) GDPR in case of a legal obligation, as well as art. 6 (1) (f) GDPR in case of our interest to protect our rights.

7.3.5. Restructuring

In the event of the restructuring of RIMOWA, including a total or partial asset transfer, merger, absorption, acquisition, demerger and in general any reorganization operation, your data may be shared, subject to appropriate legal, security and confidentiality measures.

The legal basis for the transfer of your personal data is art. 6 (1) (f) GDPR. We have a legitimate interest to adapt our internal corporate structures.


8. TRANSFERS OF PERSONAL DATA ABROAD

Since RIMOWA has subsidiaries, branches and affiliates located abroad and works with data processors located abroad, the recipients of your personal data may also be located abroad, including outside the European Union, respectively the European Economic Area (referred to hereinafter as the “EEA”), in countries/regions where RIMOWA runs its activities.

Any transfer of personal data outside the EEA, notably to a state for which no adequacy decision has been reached by the European Commission under art. 45 GDPR, will be governed by appropriate guarantees, notably contractual, in accordance with the regulations applying to the protection of personal data, such as standard data protection clauses under art. 46 (2) GDPR.


9. STORAGE DURATION

Your personal data will not be stored in a form that allows to identify you for any longer than is reasonably considered necessary for achieving the purposes for which it was collected or for a period that does not exceed the applicable statutory limitation periods.

Your personal data will be stored for a period of:

  • three (3) years since your last interaction with us if you are a prospect (i.e. you are not purchasing any RIMOWA’s product) or
  • your commercial relationship with RIMOWA and ten (10) years thereafter, if you are a client (i.e. you have made a purchase).

In some specific cases your personal data will be stored for shorter periods. For example, CCTV footage is stored according to in-store notice or client service recordings are kept for legally mandated durations.

Furthermore, your bank account information shall be kept secure for the duration that is needed for the confirmation of your purchase order and its payment and shall then be immediately deleted. In case of a payment default, your personal data shall be kept throughout the duration of the management of the incident.


10. YOUR RIGHTS

In accordance with applicable regulations, you have the following rights: 

  • Withdrawal of consent (art. 7 (3) GDPR): you can withdraw at any time your consent in respect of any processing of personal data based on consent, without affecting the lawfulness of processing carried out before this withdrawal.
  • Access (art. 15 GDPR): you can ask us to confirm whether we process your personal data and, as the case may be, inform you of the characteristics of such processing. You can also ask us to allow you to access such data and give you a copy of it.
  • Rectification (art. 16 GDPR): you can ask us to rectify or complete inaccurate or incomplete personal data.
  • Erasure (art. 17 GDPR): you can ask us to erase your personal data in the following cases: (i) where it is no longer necessary for the purposes for which it was collected; (ii) where you have withdrawn your consent for the data processing based exclusively on such consent; (iii) where you have objected to the processing of your personal data; (iv) where your personal data has been processed unlawfully; (v) where your personal data must be erased to comply with a legal obligation. We are not required to comply with your request in certain cases, notably if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
  • Restriction (art. 18 GDPR): you can ask us to restrict the processing of your personal data (i.e. keep but not use your personal data) in the following cases: (i) where the accuracy of your personal data is contested; (ii) where the processing is unlawful, but you do not want your personal data to be erased; (iii) where it is necessary to establish, exercise or defend legal claims, (iv) where it is necessary to verify the existence of overriding legitimate grounds following the exercise of your right to object. We can continue to process your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
  • Portability (art. 20 GDPR): you can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transmitted directly to another data controller, but only where the processing is based (i) on your consent or (ii) on the performance of a contract with you, and the processing is carried out by automated means.

You also have the right to object pursuant to art. 21 GDPR:

  • for reasons relating to your particular situation, to processing activities based on RIMOWA’s legitimate interest. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims.
  • to processing activities for the purpose of direct marketing. As such, you may at any time request to no longer receive communications regarding our offers, products, news and events by using the unsubscribe link provided for this purpose in each email we send you.

These rights may be exercised at any time by contacting RIMOWA’s DPO at dataprotection@rimowa.com.

You also have the right to contact any competent supervisory authority — in particular in the member state of your habitual residence, place of work or place of the alleged infringement — with any claims concerning how RIMOWA collects and processes your personal data. Contact information for supervisory authorities in the EEA can be found on the European Data Protection Board’s website here.


11. CHANGES TO THIS POLICY

This policy may change from time to time to reflect the necessary updates in our processing of your personal data. The latest version is available on the Website.

PRIVACY POLICY

Last update: March 6, 2025


Ensuring personal data protection and security for its clients and prospects (hereinafter, “you” or “your”) is a top priority for RIMOWA (hereinafter, “RIMOWA”, “we”, “us” or “our”). We thus comply with applicable data protection legislation, notably the General Data Protection Regulation (hereinafter, “GDPR”). Terms used for the purposes of this policy have the meanings given to them by the GDPR.

This policy explains what personal data is collected and how it is processed when you visit RIMOWA’s stores or client care centers, contact our client service or use this website rimowa.com (hereinafter, the “Website”).

This policy does not address our data protection practices relating to job applicants, employees, and other employment-related individuals, nor data that is not subject to applicable data protection legislation. This policy is also not a contract and does not create any legal rights or obligations not otherwise provided by law.


1. DATA CONTROLLER

RIMOWA GmbH, a German company having its registered office at Richard-Byrd-Strasse 13, 50829 Cologne, Germany, which can be contacted at hello@rimowa.com, and/or its affiliates, each in the quality of data controller in accordance with the applicable data protection legislation, process personal data in order to provide you with the best possible service.

In this policy, reference to “RIMOWA” may target the group of companies as a whole or any individual company pertaining to RIMOWA.

You can consult here the name and address of the RIMOWA’s affiliate acting as data controller in the country of your interaction with us.


2. DATA PROTECTION OFFICER

RIMOWA has appointed a Data Protection Officer (hereinafter, “DPO”).

If you have any questions about the processing of your personal data by RIMOWA, please contact the DPO at the following email address: dataprotection@rimowa.com.


3. PROCESSED PERSONAL DATA

Depending on the provided services, your personal data processed by RIMOWA may include:

CATEGORIES OF PERSONAL DATA
EXAMPLES
Identity information
First and last names, title/salutation, gender, date of birth, client identifiers, information pertaining to your identity document etc.
Contact information
Billing and delivery address, e-mail address, telephone number, preferred communication method etc.
Transaction information
Shopping cart contents, order details, product returns, refunds or exchanges, payment related information, banking details etc.
Client relationship information
Purchase and repair history, client service records (history and details of your contacts and claims), your client satisfaction feedback etc.
Preferences, interests and inference information
Product related preferences, purchase patterns, demographics, interests and other information disclosed during the interactions with store advisors etc.
Online browsing information
Online browsing information from your use of cookies and other similar technologies, browsing patterns, interactions with online advertisements etc.
Technical and connection information
IP address and other technical identifiers, username and password, connection logs, browser information, general device location (such as city or region) etc.
Audio-visual information
Video footages in the stores equipped with the CCTV installations; recording of telephone calls with our client service etc.


It is our standard practice not to intentionally collect any of the special categories of personal data, or sensitive personal data. Sensitive personal data includes information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health-related information, or a person’s sex life or sexual orientation.

Despite this stance, certain Website features, in-store or repair services, as well as client service communications may include areas, such as survey forms or client inquiry sections, where you can share information freely. We urge you to exercise caution and refrain from sharing sensitive personal data in these cases to prevent its unintended processing.


4. PROCESSING OF CHILDRENS’ PERSONAL DATA

We do not intentionally collect personal data from children under the age of majority in accordance with local legislations in force. If you are under the minimum age requirement, please do not submit any personal data without the express consent and/or participation of your parent or legal guardian.

If you believe that we have collected personal data about a minor without such consent, please contact us at dataprotection@rimowa.com and we will delete it.


5. LEGAL BASES AND PURPOSES OF PROCESSING

Your personal data is processed either:

  • with your express consent (art. 6 (1) (a) GDPR) or 
  • where necessary for the performance of a contract with you (art. 6 (1) (b) GDPR) or
  • for compliance with our legal obligations (art. 6 (1) (c) GDPR) or
  • for the pursuance of our legitimate interests when the processing is required for the management of our daily business activities (art. 6 (1) (f) GDPR).

Your personal data can therefore be processed for the following purposes:

PURPOSES
LEGAL BASIS
COMMERCIAL RELATIONSHIP
To allow you to create your RIMOWA account (online on the Website or in-store through the digital form or when one of our store advisors sets up an account on your behalf) and to manage it. If you create it, you will automatically be allocated a personal ID linked to the e-mail address you have provided. Insofar, we will also send you essential information related to your account. These service updates include account notifications such as status updates and security alerts.
It is our legitimate interest to offer you with account creation feature.
To manage and process your purchases and orders, including delivery and return of RIMOWA products. Insofar, we may send you essential information related to your transactions. These service updates may include order confirmations, shipping updates, return and refund information.
Performance of a contract.
To manage the invoicing and payment of your transactions.
Performance of a contract.
To ensure the security of transactions, prevent fraud and/or payment incidents.
It is our legitimate interest to make sure our transactions are secure.
To monitor cash transactions in compliance with our legal obligations of preventing money laundering and terrorist financing. Insofar, in some cases, this may include verifying your identity, upon presentation of a government-issued ID.
Compliance with a legal obligation.
To facilitate tax-free shopping for the eligible clients.
Performance of a contract.
CLIENT CARE (REPAIR) AND CLIENT SERVICE
To manage our repair services in case you send your RIMOWA product to our client care centers or bring it into one of our stores for repair services.
Performance of a contract.
To answer and manage your queries sent via the “Contact us” form on the Website, per e-mail or via client service telephone. This data will be added to the information we keep on your RIMOWA account. If you do not have a RIMOWA account, a new contact will be created in our database.

It is our legitimate interest to respond to your queries.

Performance of a contract, if the request is aimed at the fulfilment of a contractual or pre-contractual measure.
To record your telephone conversations with our client service.
It is our legitimate interest to process personal data for the purposes of service quality improvement.
To collect and manage your feedback, if you participate in our email surveys. Insofar, we may also contact you by telephone to follow up on your feedback.
It is our legitimate interest to process personal data for the purposes of service quality improvement.
MARKETING ACTIVITIES
To send you personalized marketing material on our offers, products, latest news and events (newsletters, invitations to events organized by RIMOWA, including private sales and other news publications).
Your consent.
To manage our online advertising activities, including custom audience, “lookalike” audience, the delivery of interest-based advertising online and campaign effectiveness tracking. Insofar, your personal data will also be shared with our third-party partners, such as social media companies, online publishers and marketing companies.
Your consent.
To manage our centralized clients and prospects database and to compile statistics and analysis following your interactions with us, in order to improve our services, create segments and to implement an adapted relational marketing program.
It is our legitimate interest to ensure an optimized management of client experience.
To manage our pages on social networks (your interactions with us, content moderation and statistics).
It is our legitimate interest to manage our social network pages.
COOKIES AND SIMILAR TECHNOLOGIES
Consult our dedicated Cookie Policy.
OTHER
To secure and administer RIMOWA’s IT systems. It is our legitimate interest to make sure our IT infrastructure is secure.
To ensure security of goods and persons, in particular with the CCTV installations in certain stores.
It is our legitimate interest to ensure law enforcement, protect our properties, and exercise our domiciliary rights.
To comply with legal requirements in accordance with applicable legislation.
Compliance with a legal obligation.
To defend our rights and manage litigations.
It is our legitimate interest to defend our rights and manage litigations.
To process your requests for exercise of privacy rights.
Compliance with a legal obligation.


The personal data that is indispensable for us to fulfil the purposes that are described above is marked with an asterisk on the various forms of data collection. Should you not fill in these mandatory fields, we may not be able to process your requests and/or to provide you the requested products and services. Additional personal data is purely optional and allow us to know you better and to improve our communications and services accordingly.


6. PROCESSING METHODS

Your personal data will be processed using IT-based tools and/or manually.

In some specific cases, we may incorporate generative artificial intelligence (hereinafter, “AI”) solutions to assist in specific tasks, enhancing our operational efficiency and service quality. These AI tools are mainly used to facilitate our operations and/or support functions.

We ensure that any AI-driven processing of your personal data adheres to the data protection principles outlined in this policy and complies with the requirements of the applicable legislation.

In any event, we do not conduct any processing of personal data for the purposes of fully automated decision-making that has a legal or similarly significant effect on you. As a result, the rights to exercise control over such forms of automated decision-making do not apply.


7. RECIPIENTS OF PERSONAL DATA

7.1. Our affiliates

Personal data we collect for the purposes defined in this policy may be transferred to, stored and processed by other RIMOWA affiliates to ensure the same quality of service wherever you interact with us around the world. You may obtain here a list of these countries and their associated RIMOWA’s affiliates.

This processing of your personal data is based on the legitimate interest of RIMOWA to optimize client experience.

7.2. Service providers

We partially use service providers, in observance of the statutory requirements, by means of data processor relationships, i.e. processing is performed on the basis of a respective contract pursuant to art. 28 GDPR, on our behalf, according to our instructions and subject to our control.

Data processors are, in particular: 

  • providers in charge of distributing communications (e.g. newsletters, invitations and other publications),
  • providers in charge of customer relationship management (e.g. solutions helping us to improve customer service, personalize communications, and manage sales and marketing activities),
  • providers of data analytics and statistical analysis for cookies and similar technologies,
  • media agencies in charge of monitoring the social media performance of RIMOWA,
  • providers of technical services (e.g. cloud hosting and IT infrastructure, software maintenance and development, cybersecurity and network security, AI and machine learning).

In such cases we remain responsible for the personal data processing; the transfer and processing of personal data to or by our data processors is made on the legal basis upon which we are permitted to process data in each case.

7.3. Third parties

We partially also transmit your personal data to third parties, i.e. partners with whom we collaborate outside of data processor relationships. Such third parties are considered to be data controllers. Their processing of your personal data is subject to their own policies, which you can obtain by contacting them directly. The rights you have under the applicable data protection legislation may be directly exercised with these third parties.

7.3.1. Payment and fraud prevention

In order to execute your orders, we share necessary payment information with payment service providers, including your credit institute and partners like Cybersource, a Visa solution, also in charge of automatic fraud detection for online transactions. For more information, please refer to the Visa Privacy Notice.

We may also offer other payment methods on our Website, such as Klarna, PayPal and Apple Pay. When you choose these options, your personal data is processed according to their respective privacy policies:

The legal basis for the transfer of your personal data is the performance of the contract with you (art. 6 (1) (b) GDPR) in case of payment processing; and our legitimate interest to make sure our transactions are secure (art. 6 (1) (f) GDPR) in case of fraud detection and prevention.

7.3.2. Logistic and transportation

In order to transport the goods related to your transactions with us, we provide your address and contact details, to the extent necessary, to parcel transportation providers, including the partners like UPS (Privacy Policy) or DHL (Privacy Policy). 

The legal basis for the transfer of your personal data is the performance of the contract with you (art. 6 (1) (b) GDPR).

7.3.3. Online advertising and targeting

For the purposes of online advertising and targeting, as described in the Section 5 of this policy, your personal data may be shared with our partners in two different ways:

  • Through the sharing of your personal data: When you consent to marketing communications, we may share your personal data with our advertising partner, such as Meta (Privacy Center) and Google (Privacy Policy).
  • Through automatic data collection technologies: when you visit our Website and consent to the placement of cookies, our partners may access your personal data in accordance with our Cookie Policy.

The legal basis for the transfer of your personal data is your consent (art. 6 (1) (a) GDPR).

7.3.4. Legal process

We may disclose your personal data to third parties who help us protect our rights and property or when required by law or the legal process in response to subpoenas, warrants, court orders, investigations, government authorities, or as reasonably necessary to protect the rights or interests of our company, employees, affiliates or others.

The legal basis for the transfer of your personal data is art. 6 (1) (c) GDPR in case of a legal obligation, as well as art. 6 (1) (f) GDPR in case of our interest to protect our rights.

7.3.5. Restructuring

In the event of the restructuring of RIMOWA, including a total or partial asset transfer, merger, absorption, acquisition, demerger and in general any reorganization operation, your data may be shared, subject to appropriate legal, security and confidentiality measures.

The legal basis for the transfer of your personal data is art. 6 (1) (f) GDPR. We have a legitimate interest to adapt our internal corporate structures.


8. TRANSFERS OF PERSONAL DATA ABROAD

Since RIMOWA has subsidiaries, branches and affiliates located abroad and works with data processors located abroad, the recipients of your personal data may also be located abroad, including outside the European Union, respectively the European Economic Area (referred to hereinafter as the “EEA”), in countries/regions where RIMOWA runs its activities.

Any transfer of personal data outside the EEA, notably to a state for which no adequacy decision has been reached by the European Commission under art. 45 GDPR, will be governed by appropriate guarantees, notably contractual, in accordance with the regulations applying to the protection of personal data, such as standard data protection clauses under art. 46 (2) GDPR.


9. STORAGE DURATION

Your personal data will not be stored in a form that allows to identify you for any longer than is reasonably considered necessary for achieving the purposes for which it was collected or for a period that does not exceed the applicable statutory limitation periods.

Your personal data will be stored for a period of:

  • three (3) years since your last interaction with us if you are a prospect (i.e. you are not purchasing any RIMOWA’s product) or
  • your commercial relationship with RIMOWA and ten (10) years thereafter, if you are a client (i.e. you have made a purchase).

In some specific cases your personal data will be stored for shorter periods. For example, CCTV footage is stored according to in-store notice or client service recordings are kept for legally mandated durations.

Furthermore, your bank account information shall be kept secure for the duration that is needed for the confirmation of your purchase order and its payment and shall then be immediately deleted. In case of a payment default, your personal data shall be kept throughout the duration of the management of the incident.


10. YOUR RIGHTS

In accordance with applicable regulations, you have the following rights: 

  • Withdrawal of consent (art. 7 (3) GDPR): you can withdraw at any time your consent in respect of any processing of personal data based on consent, without affecting the lawfulness of processing carried out before this withdrawal.
  • Access (art. 15 GDPR): you can ask us to confirm whether we process your personal data and, as the case may be, inform you of the characteristics of such processing. You can also ask us to allow you to access such data and give you a copy of it.
  • Rectification (art. 16 GDPR): you can ask us to rectify or complete inaccurate or incomplete personal data.
  • Erasure (art. 17 GDPR): you can ask us to erase your personal data in the following cases: (i) where it is no longer necessary for the purposes for which it was collected; (ii) where you have withdrawn your consent for the data processing based exclusively on such consent; (iii) where you have objected to the processing of your personal data; (iv) where your personal data has been processed unlawfully; (v) where your personal data must be erased to comply with a legal obligation. We are not required to comply with your request in certain cases, notably if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
  • Restriction (art. 18 GDPR): you can ask us to restrict the processing of your personal data (i.e. keep but not use your personal data) in the following cases: (i) where the accuracy of your personal data is contested; (ii) where the processing is unlawful, but you do not want your personal data to be erased; (iii) where it is necessary to establish, exercise or defend legal claims, (iv) where it is necessary to verify the existence of overriding legitimate grounds following the exercise of your right to object. We can continue to process your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
  • Portability (art. 20 GDPR): you can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transmitted directly to another data controller, but only where the processing is based (i) on your consent or (ii) on the performance of a contract with you, and the processing is carried out by automated means.

You also have the right to object pursuant to art. 21 GDPR:

  • for reasons relating to your particular situation, to processing activities based on RIMOWA’s legitimate interest. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims.
  • to processing activities for the purpose of direct marketing. As such, you may at any time request to no longer receive communications regarding our offers, products, news and events by using the unsubscribe link provided for this purpose in each email we send you.

These rights may be exercised at any time by contacting RIMOWA’s DPO at dataprotection@rimowa.com.

You also have the right to contact any competent supervisory authority — in particular in the member state of your habitual residence, place of work or place of the alleged infringement — with any claims concerning how RIMOWA collects and processes your personal data. Contact information for supervisory authorities in the EEA can be found on the European Data Protection Board’s website here.


11. CHANGES TO THIS POLICY

This policy may change from time to time to reflect the necessary updates in our processing of your personal data. The latest version is available on the Website.