Legal
Privacy Policy
Last updated: April 2026 · Applies to dr-zocchi.com
1. Who we are
Dr-Zocchi is a specialist retailer for Marzocchi fork spare parts. The data controller for this website is:
Dr-Zocchi
Contact: [email protected]
2. What data we collect and why
| Data | Why we collect it | Legal basis |
|---|---|---|
| Name, email, shipping address | Process and fulfil your order | Contract (Art. 6(1)(b) GDPR) |
| Payment information | Process payment — handled entirely by PayPal, we never see card numbers | Contract |
| Order history | Order management, invoicing, returns, legal record-keeping | Legal obligation (Art. 6(1)(c)) |
| Account credentials (email + hashed password) | Account login and security | Contract |
| Support ticket content | Answer your questions | Contract / Legitimate interest |
| Email address (newsletter) | Send product and shop news — only with your explicit consent | Consent (Art. 6(1)(a)) |
| Page visit log (logged-in users only) | Personalise your experience | Legitimate interest (Art. 6(1)(f)) |
| IP address, user agent (access log) | Security, abuse prevention, debugging | Legitimate interest |
3. Cookies
We use the minimum number of cookies needed to operate the site:
| Cookie | Purpose | Lifetime |
|---|---|---|
dz_auth | Session authentication — keeps you logged in | 30 days |
| PayPal cookies | Set by PayPal during checkout only — we do not control these | Varies |
We do not use Google Analytics, Meta Pixel, or any advertising/tracking cookies. Our anonymous page-view counter (GoatCounter) uses no cookies and collects no personal data.
4. Who we share your data with
We do not sell your data. We share the minimum necessary with these processors:
| Processor | Purpose | Location |
|---|---|---|
| PayPal | Payment processing | USA (SCC / adequacy) |
| DHL | Shipping — name, address forwarded for the parcel label | EU / Germany |
| Postmark (ActiveCampaign) | Transactional and newsletter email delivery | USA (DPA in place) |
5. Retention periods
- Orders and invoices — 10 years (German commercial law § 147 HGB)
- Support tickets — 3 years after closure
- Account data — until you delete your account
- Newsletter subscribers — until you unsubscribe
- Access logs — 90 days rolling
6. Your rights (GDPR)
Under GDPR you have the right to:
- Access — receive a copy of all personal data we hold about you
- Rectification — correct inaccurate data via your account profile
- Erasure — request deletion of your personal data (Art. 17)
- Portability — download your data in machine-readable format
- Restriction — ask us to stop processing your data in certain cases
- Object — object to processing based on legitimate interest
- Withdraw consent — unsubscribe from newsletters at any time
You also have the right to lodge a complaint with your national supervisory authority. In Germany: Bundesbeauftragte für den Datenschutz (BfDI).
7. Security
Passwords are stored as bcrypt hashes — we never see your plain-text password. All connections are encrypted (HTTPS/TLS). Access to production systems is restricted to authorised personnel only.
8. Changes to this policy
We will update this page if our practices change. The "Last updated" date at the top always reflects the current version. We will notify newsletter subscribers of material changes by email.
9. Contact
For any privacy-related questions: [email protected]
Or open a support ticket.