(As of: June 2019)
REWE-ZENTRALFINANZ eG (hereinafter referred to as “REWE Group”) operates the website www.rewe-group-nachhaltigkeitsbericht.de (hereinafter referred to as the “website”) where the REWE Group Sustainability Report can be viewed. REWE Group would therefore like to inform you in this Data Privacy Statement about the extent to which data is collected when you visit and use the website and for what purposes this data is used.
REWE would also like to present the rights to which you are entitled in this regard.
Responsible for the processing of your personal data when visiting the website and hence the Data Controller is:
REWE Zentralfinanz eG
Phone: +49 (0) 221 149-0
Our data protection practice is in line with the legal requirements for data protection.
The term “personal data” refers to specific information about the personal or material circumstances of an identified or identifiable natural person. This includes such information as your correct name, address and your telephone number. Statistical information that cannot be directly or indirectly connected to you – including the popularity of individual websites we offer or the number of visitors to a page – is not considered personal data.
To ensure system security, when you visit our website our web servers automatically and temporarily store the connection data of the inquiring computer, the websites that you are visiting, the date and duration of the visit, the identification data of the browser and the operating system you are using, and the website from which our site is accessed. The data processing is done in accordance with Section 6 (1) lit. f) of the General Data Protection Regulation (GDPR) and with the purpose of ensuring system security and of analysing the utilisation of the website. You have the right to object to this data processing. For more detailed information about this option, please see Section 11.5 of this Data Protection Declaration.
The collected data set consists of:
This data is stored in an anonymous form. It is not possible to create user profiles linked to specific individuals. This data will be deleted or rendered anonymous once the connection has ended.
Strictly Necessary Cookies:These cookies enable you to navigate around the website and use its functions, including access to password-protected pages. Without these cookies, we are unable to make certain services available that you have requested. We use these strictly necessary cookies for the definitive identification of registered users so they can be recognised while they are on the site and when they make subsequent visits.
The legal basis for the processing is provided in Section 6 (1) lit. f) of the GDPR. Our legitimate interests are the above mentioned purposes. You have the right to object to this data processing. For more detailed information about this option, please see Section 11.5 of this Data Protection Declaration.
Performance Cookies:These cookies collect information regarding how visitors use the website. This can include which pages they visit most frequently and whether they receive error messages from websites. These cookies gather no data that could be used to identify visitors. All information collected with the help of these cookies is anonymous and is used exclusively to improve the functionality and service of the website. We use performance cookies to compile statistics on how our website is used and to assess the effectiveness of our advertising campaigns.
Functional/Personalising Cookies:We do not use functional/personalising cookies.
Data processing by Matomo: On the other hand, Matomo offers you the opportunity to object the storage and use of your personal data at any time by mouse click. In this case, an opt-out cookie will be placed on your browser. As a result, Matomo will not collect any session data.
You may object to the creation of a pseudonymous profile at any time. This can be done in several ways:
Please note that REWE has no influence on the data processing on Matomo’s side.
You can use the contact form to get in touch with us. To use the contact form, you need to provide us with the following information:
You can also provide information such as your company name, address and telephone and fax numbers. However this is not obligatory. We will use your personal data to respond to your enquiry and, if applicable, to send you requested information. If necessary, we will forward your submitted information to our internal department that handles the particular topic addressed in your contact form. The data you enter will be transmitted via a secure https/SSL connection. The legal basis for the processing is provided in Section 6 (1) p. 1 lit. b) and lit. f) of the GDPR (pre-contractual measure, fulfilment of contract as well as the weighing of interests, based on the interest of REWE Group, to answer queries from readers, employees and other persons).
Your data will only be processed to answer your enquiry and will be deleted within 90 days of completion of processing, unless it must be stored for a longer period of time for reasons of verifiability, customer support or legally required retention periods.
On our website, you will find links to the social networking sites Facebook, Twitter, Xing, LinkedIn, Instagram and YouTube. The links are marked with the logos of the social media services. Clicking on one of these links will take you to REWE’s corporate page on the respective social media. And you will then be connected to the server of that particular site, which informs the server of the social media services that you have visited our website. Additional data is also transmitted to the provider of the social media services. The information includes:
If you were already logged into the social networking site when the link was activated, the transmitted data may enable the network to identify your user name and perhaps even your real name, and to connect that information to your personal account on the social networking site. You can prevent such assignment to your personal user account by logging out from your account beforehand.
The servers of the social media sites are located in the United States and other countries outside of the European Union. As a result, the data may be handled by providers of social media services in countries outside the European Union. Please remember that data protection laws governing companies in these countries generally provide less protection for personal data than do the laws in force in the European Union’s member states.
REWE uses service providers to perform services and to process your data (for example hosting your data in a secure computer centre, delivering requested goods, sending letters or e-mails, and maintaining and analysing databases – so called, contract data processing). These service providers process the data only as instructed by REWE, and they are obliged to adhere to the applicable data protection regulations. All contract processors are carefully selected and gain access to your data only to the extent and for the period of time required to perform the relevant services or only to the extent that you have consented to the processing and use of your data.
The servers of some service providers used by REWE are located in the United States and other countries outside the European Union. The data protection laws governing companies in these countries generally provide less protection for personal data than do the laws in force in the European Union’s member states. If your data is handled in a country in which data is not afforded the same level of protection as in the European Union, REWE makes contractual arrangements or uses other approved instruments to ensure that your personal data is appropriately protected by suitable safeguards.
On our website, neither automated decision making and nor profiling concerning your personal data are taking place.
We will store your data only as long as necessary for the specific processing purpose. If data are no longer needed for fulfilling the specific processing purposes mentioned in this data privacy statement, they are deleted unless their storage is necessary due to legal obligations to retain data.
Data on the usage behaviour of a user will be deleted after a maximum of 28 days.
Further details can be found in the previous sections.
We put in place technological and organisational security measures to protect your data as properly as possible against unauthorized access. Besides taking security steps in the operating environment, we employ encryption processes in some areas (including online applications, customer accounts and the contact form). The information submitted by you is transmitted in encrypted form via the SSL protocol (secure socket layer) to prevent misuse of the data by a third party. You can recognise this process in two ways: a closed lock will appear in the status bar of your browser, and the address line will begin with the letters “https”.
You can request information/ access about your personal data processed by us.
If your data is not correct (any more), you have the right to request the correction/ rectification of your data. If your data are incomplete, you have the right to request the completion of the data.
You have the right to have your data erased. Please note that the right to deletion depends on the existence of a legitimate reason. Moreover, regulations that oblige us to store your data must not exist or contradict your request.
You have the right to request the restriction of the processing of your data. Please note that the right to restriction of processing depends on the existence of a legitimate reason.
You have the right to object to the processing of your data in cases of our data processing due to legitimate interest, for reasons arising from your particular situation. In the event of a justified objection, we will no longer process your data. The data processing remains legal until the time of the effective objection.
Daten über das Nutzungsverhalten eines Nutzers werden max. nach 28 Tagen gelöscht.
You have the right to lodge a complaint with a data protection supervisory authority, if you do not agree to the processing of your data.
You have the right to receive the personal data you have submitted to us in an electronic format.
You have the right to revoke your consent for processing your data at any time. This also applies to revoking declarations of consent that you have given us before the GDPR has become applicable, i.e. before 25 May 2018. The easiest way to revoke your consent is to send your revocation to the contact address listed above (No. 1). The revocation of the consent does not affect the legality of data processing carried out before the revocation.
Questions regarding the processing of your data can be directed to the data protection officer at any time. The address is:
Data protection officer of the person responsible:
datenschutz nord GmbH
28217 Bremen, Germany
The responsible contact person for data protection is the person in charge:
REWE Zentralfinanz e.G.
50668 Cologne, Germany