As of December 2023
The REWE-ZENTRALFINANZ eG (hereinafter referred to as “REWE”) is the operator of the website www.rewe-group-nachhaltigkeitsbericht.de (hereinafter referred to as “website”), which provides access to the annual sustainability report of the REWE Group. Therefore, REWE would like to inform you in the following privacy statement about the extent to which personal data is collected when visiting and using the website as well as the purpose of this data’s use. Furthermore, REWE would like to point out which rights you are entitled to in this context.
Controller entity
REWE is responsible for the collection and processing of data in accordance with the applicable regulations of data protection.
Our data protection policy complies with the legal requirements.
Controller:
REWE-ZENTRALFINANZ eG
Domstraße 20
50668 Cologne, Germany
Telephone: +49 221 149-0
Contact details of the Data Protection Officer of REWE-ZENTRALFINANZ eG:
REWE-ZENTRALFINANZ eG
Datenschutzkoordinator
Domstraße 20
50668 Cologne
E-Mail: datenschutz@rewe-group.com
What is personal data?
Personal data is defined as information concerning personal or material circumstances to be attributed to an identified or identifiable individual. This includes information such as your real name, address, telephone number and your date of birth (as far as indicated). Statistical anonymous information that cannot be directly or indirectly linked to you – e.g. the popularity of individual web pages or the number of web page users – does not constitute personal data.
General information regarding the processing and use of personal data when visiting the website.
Whenever you visit our website, web servers save the connection data of the requesting computer by default to ensure the system’s security. Data processing is based on Sec. 6 (1) lit. b) and f) GDPR and aimed at ensuring the system’s security as well as to analyse the availability of the website.
The collected dataset comprises:
- the accessed web page
- the date and time of the query
- the quantity of the transferred data
- the IP address of the requesting computer
- the browser and the operating system used to access the web page
- the web page the visitor came from
- the status code of the page request
The data will be saved for 7 days and automatically deleted afterwards.
We will process the said data only as far as it is collected by us. The use of your data for advertising purposes is excluded.
Is there an obligation to provide the data?
There is no legal obligation for you to provide your data. However, some of the data is necessary for us to offer a secure and reliable service. The provision of other data is voluntary, however, it may be required for the use of certain services. We will inform you in any case if the provision of the data is required for the relevant service or function. This data will be marked as mandatory fields. Failure to provide required data will result in the service or function in question not being provided. In the case of optional data, failure to provide may mean that we cannot provide our services in the same form and to the same extent as usual.
Legal basis and purpose of data processing
Required technologies
These services, technologies and cookies are required to guarantee central functions of the website. The legal basis for their use is Sec. 25 (2) (2) of the German Telecommunications Telemedia Data Protection Act (TDDDG) in conjunction with. Sec. 6 (1) page 1, lit. b) (contract initiation or fulfilment) and/or lit. f) GDPR (overriding legitimate interests). The latter interests include the monitoring of the website’s technical performance. It relates to the following/subsequent services.
Basic web analysis:
The processing within this category will be used for the following purposes: non-personal traffic analysis, incident monitoring & alerting, fraud detection, IT management, reach measurement, further development and improvement of products and Matomo navigation tracking (http://www.matomo.org).
Cookie description
Cookie |
Storage duration |
Technology/data recipient |
Description |
_pk_id.16.5739 |
13 months |
https://stats.rewe-group-nachhaltigkeit.de/piwik/ |
For the storage of some user details, such as the unique visitor ID |
_pk_ses.16.5739 |
30 minutes |
https://stats.rewe-group-nachhaltigkeit.de/piwik/ |
Short-lived cookies are used to save the data temporarily for the visit |
_pk_ref.16.5739 |
6 months |
https://stats.rewe-group-nachhaltigkeit.de/piwik/ |
For the storage of the attribution information, i.e. the referrer that was originally used for the visit of the website |
Use of service providers / processing of data in countries outside the European Economic Area
The REWE Group uses service providers for the provision of services and the processing of your data (including the hosting of your data in a secure data centre or the administration and analysis of data bases, so-called order processing). The service providers process the data exclusively on the instructions of the REWE Group and have been obliged to comply with the applicable data protection regulations. All service providers have been carefully selected and are only granted access to your data to the extent and for the period of time required to provide the services or to the extent that you have consented to the processing and use of your data.
The servers of some of the service providers used by the REWE Group are located in the USA and other countries outside the European Union. Companies in these countries are subject to data protection acts that do not protect personal data to the same extent as in the member states of the European Union. If your data is processed in a country that does not have a recognised high level of data protection like the European Union, the REWE Group will ensure the adequate protection of your data by means of contractual regulations or other recognised tools.
Storage duration & deletion periods
The respective deletion periods can be found in the relevant sections of this Privacy Statement.
Automated decision-making & profiling
Your personal data will not be used for automated decision-making or profiling.
Data subject’s rights
Information
You may request information about your personal data processed by us.
Correction
If your personal information is not or no longer correct, you can request your data to be corrected. If your information is incomplete, you can request your data to be completed.
Deletion
You have the right to request your data to be deleted. Please note that a right to deletion depends on the existence of a legitimate reason. Furthermore, there must be no regulations that oblige us to retain your data.
Restriction of processing
You have the right to request the processing of your data to be restricted. Please note that a right to restriction of processing depends on the existence of a legitimate reason.
Objection
You have the right to object to the future processing of your data on grounds relating to your particular situation. In the event of a justified objection, we will no longer process your data. Until the effective objection, the processing of your personal data shall remain legitimate.
Right of appeal
You have the right to lodge a complaint with a data supervisory authority if you do not consent to the processing of your data.
Data transfer
You have the right to receive the personal data you have provided to us in electronic format.