Privacy Policy

Last updated: January 2026

We are pleased that you are visiting the Suitcase.Repair Warranty Portal and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1. Information on the Collection of Personal Data and Contact Details of the Controller

The controller in charge of data processing on the Suitcase.Repair Warranty Portal, within the meaning of the General Data Protection Regulation (GDPR), is:

Channel Penguin GmbH

Freisinger Str. 19, 85737 Ismaning, Germany

Email: contact@suitcase.repair

2. Data Collection When You Visit Our Website

2.1 Server Log Files

When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

Our visited website
Date and time at the moment of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

2.2 SSL/TLS Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content. You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.

3. Hosting

3.1 Hetzner

Our services are hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Data processing occurs within the European Union. We have concluded a data processing agreement with Hetzner. Processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in stable and secure hosting.

3.2 Amazon Web Services (AWS)

We also use services from Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg, for hosting and data storage. AWS processes data in accordance with GDPR requirements. We have concluded a data processing agreement with AWS. For data transfers to the USA, AWS participates in the EU-US Data Privacy Framework.

4. Content Delivery Network (CDN)

4.1 Cloudflare

We use a content delivery network offered by Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA. This service enables us to deliver content faster via a network of regionally distributed servers. Processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving website stability and functionality. We have concluded a data processing agreement with Cloudflare. For data transfers to the USA, Cloudflare participates in the EU-US Data Privacy Framework.

4.2 Amazon CloudFront

We also use Amazon CloudFront, a content delivery network service provided by Amazon Web Services. CloudFront distributes content via a worldwide network of data centers to provide faster access. Processing is carried out in accordance with Art. 6 (1) point f GDPR. For data transfers to the USA, AWS participates in the EU-US Data Privacy Framework.

5. Cookies

In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some cookies are automatically deleted after the browser is closed (session cookies), while others remain on your device longer (persistent cookies). If personal data is processed by cookies, the processing is carried out in accordance with Art. 6 (1) point a GDPR (consent) or Art. 6 (1) point f GDPR (legitimate interest). You can set your browser to inform you about cookies and decide individually about their acceptance.

5.1 Cookie Consent Tool

This website uses a cookie consent tool to obtain effective user consent for cookies and cookie-based applications that require consent. The tool displays an interactive user interface when accessing the page, allowing consent for specific cookies. Using this tool, cookies requiring consent are only loaded if you provide corresponding consent. This ensures legal compliance with Art. 6 (1) point a and Art. 7 GDPR.

6. Contact

6.1 Contact Form

When you contact us via contact form, personal data is collected. Which data is collected can be seen from the respective form. This data is stored and used exclusively for the purpose of responding to your request. The legal basis for processing is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis is Art. 6 (1) point b GDPR.

6.2 Email Communication

When you contact us by email, personal data (email address, content of the email, subject, date) is processed. This data is used exclusively for processing your inquiry. The legal basis is Art. 6 (1) point f GDPR (legitimate interest) or Art. 6 (1) point b GDPR if your inquiry relates to contract performance.

7. Customer Account

Pursuant to Art. 6 (1) point b GDPR, personal data will be collected and processed when you create an account. The data required for creating an account can be found in the registration form on our website. Deletion of your account is possible at any time by contacting us. After deletion, your data will be deleted unless required for contract fulfillment or legal retention periods apply.

7.1 Authentication

We use secure authentication methods including email-based verification (magic links). When you log in, we collect your email address and authentication tokens to verify your identity. This data is processed in accordance with Art. 6 (1) point b GDPR for contract performance.

8. Warranty Registration

When registering a warranty, we collect personal data such as name, email address, product information, and purchase details. This data is processed for the purpose of warranty administration and customer service in accordance with Art. 6 (1) point b GDPR (contract performance). Data is retained for the duration of the warranty period plus any applicable legal retention periods.

9. Processing of Data for Order Handling

Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned payment institution in accordance with Art. 6 (1) point b GDPR. We work together with the following service providers:

9.1 JTL

We use the following provider for order processing: JTL-Software-GmbH, Rheinstr. 7, 41836 Hückelhoven, Germany. Name, address and other personal data will be passed on in accordance with Art. 6 (1) point b GDPR exclusively for the purpose of processing orders. Your data will only be passed on insofar as necessary for order processing.

9.2 SendCloud

We use the following provider for shipping management: SendCloud GmbH, Kanalstr. 10, 80538 Munich, Germany. Name, address and other personal data will be passed on in accordance with Art. 6 (1) point b GDPR exclusively for the purpose of processing shipments. Your data will only be passed on insofar as necessary for shipping.

10. Shipping Providers

We use the following transport service providers for delivery: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany (including DHL); DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany. We pass on your email address and/or telephone number to the provider in accordance with Art. 6 (1) point a GDPR for delivery coordination if you have given consent. Otherwise, we only pass on recipient name and delivery address in accordance with Art. 6 (1) point b GDPR. You can revoke consent at any time.

11. Payment Processing

For payment processing, we work with payment service providers. Your payment data is transmitted securely and used exclusively for transaction processing in accordance with Art. 6 (1) point b GDPR.

11.1 Stripe

We use payment services from Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. When you select Stripe payment methods, your payment data (name, address, bank/card information, currency, transaction number) and order information will be passed on to Stripe in accordance with Art. 6 (1) point b GDPR for payment processing. We have concluded a data processing agreement with Stripe. For data transfers to the USA, Stripe participates in the EU-US Data Privacy Framework.

12. Web Analytics

12.1 Umami Analytics

We use Umami, a privacy-focused, open-source web analytics solution hosted on our own servers. Umami does not use cookies and does not collect personal data. The following anonymized data is collected: page URL, referrer, browser type, operating system, device type, and country (derived from IP, which is not stored). Processing is based on Art. 6 (1) point f GDPR (legitimate interest in website optimization).

13. Bot Protection

13.1 Cloudflare Turnstile

On this website, we use Cloudflare Turnstile for bot protection. The service checks whether an input is made by a natural person or by automated processing. Turnstile collects the IP address, browser recognition data, operating system type, and visit duration, transmitting this to Cloudflare servers for evaluation. This processing is based on Art. 6 (1) point f GDPR (legitimate interest in preventing abuse and spam). We have concluded a data processing agreement with Cloudflare. For data transfers to the USA, Cloudflare participates in the EU-US Data Privacy Framework.

14. Accounting

14.1 Lexoffice

For accounting purposes, we use the cloud-based accounting software of Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany. The provider processes incoming and outgoing invoices and bank transactions to automatically record invoices and create financial accounting. Insofar as personal data is processed, this is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in efficient business organization.

15. Newsletter

If you register for our newsletter, we will regularly send you information about our offers. The only mandatory data is your email address. We use the double opt-in procedure: we send a confirmation email asking you to confirm your subscription by clicking a link. By activating the confirmation link, you consent to the use of your personal data pursuant to Art. 6 (1) point a GDPR. We use Listmonk, a self-hosted newsletter solution, for managing subscriptions. Emails are delivered via Amazon Simple Email Service (SES). You can unsubscribe at any time via the link in the newsletter or by contacting us. After unsubscribing, your email will be deleted from our distribution list.

16. eCommerce Integration

For eCommerce functionality, we use services from Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Data may be transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, and Shopify Data Processing (USA) Inc. All data is processed in accordance with GDPR requirements. We have concluded a data processing agreement with Shopify. For data transfers to the USA, Shopify relies on standard contractual clauses. For data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

17. Maps and Location Services

17.1 Google Maps

This website may use Google Maps and Google Geocoding API from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to display interactive maps and location services. When using these services, data including your IP address may be transmitted to Google servers. Processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in providing location-based services. For data transfers to the USA, Google participates in the EU-US Data Privacy Framework. More information is available at: https://policies.google.com/privacy

18. Rights of the Data Subject

The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data:

Right of access by the data subject pursuant to Art. 15 GDPR
Right to rectification pursuant to Art. 16 GDPR
Right to erasure ("right to be forgotten") pursuant to Art. 17 GDPR
Right to restriction of processing pursuant to Art. 18 GDPR
Right to be informed pursuant to Art. 19 GDPR
Right to data portability pursuant to Art. 20 GDPR
Right to withdraw a given consent pursuant to Art. 7 (3) GDPR
Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

19. Right to Object

If, within the framework of a consideration of interests, we process your personal data on the basis of our predominant legitimate interest, you have the right at any time to object to this processing with effect for the future on grounds that arise from your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to further processing if we can prove compelling reasons worthy of protection for processing which outweigh your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data which is used for direct marketing purposes. You may exercise the objection as described above. If you exercise your right to object, we will stop processing the data concerned for direct advertising purposes.

20. Duration of Storage of Personal Data

The duration of storage of personal data is based on the respective legal basis, the purpose of processing and, if relevant, on the respective legal retention period (e.g. commercial and tax retention periods). If personal data is processed on the basis of express consent pursuant to Art. 6 (1) point a GDPR, this data is stored until the data subject revokes consent. If there are legal storage periods for data processed within the framework of legal or similar obligations on the basis of Art. 6 (1) point b GDPR, this data will be routinely deleted after expiry of the storage periods. When processing personal data on the basis of Art. 6 (1) point f GDPR, this data is stored until the data subject exercises the right of objection in accordance with Art. 21 (1) GDPR.

21. Changes to This Privacy Policy

We reserve the right to modify this privacy policy to always comply with current legal requirements or to implement changes to our services. The new privacy policy will apply to your next visit. We recommend reviewing this privacy policy regularly to stay informed about how we protect your data.

Channel Penguin GmbH | Freisinger Straße 19 | 85737 Ismaning | Germany
contact@suitcase.repair