I. Data Protection

1. General

REWE International AG (REWE) takes the protection of your personal data seriously and uses them in accordance with the statutory provisions, in particular the Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). In this Privacy Policy, REWE provides all information about the processing of your personal data concerning the website, in particular which personal data are collected and thus protected.

2. Controller

The operator of this website and thus responsible for the processing of your personal data is REWE International AG, which is responsible for compliance with the provisions of the 2018 Data Protection Act (DSG) and the GDPR. Your data will be processed by REWE International AG. We store and process your data exclusively in accordance with the statutory provisions. As a visitor to the website, you are informed about the processing activities within the scope of this Privacy Policy.

Below you will find out more about the careful handling of your personal data.

3. Handling of personal data

The term personal data refers to all information about data subjects with which the identity of the data subject is or can be determined. Information can be any information that is or can be associated with a person, such as your name, address, email address, or date of birth.

The user data collected from you through the website serves the purpose of providing the desired service:

  • Analytics: Google Analytics with IP anonymisation
    Personal data: Usage data; tracker

  • Tag management: Google Tag Manager
    Personal data: Usage data

  • Displaying external platform content: Font Awesome
    Personal data: Usage data

We review our data collection, storage and processing practices to ensure that we process only those data that are absolutely necessary (principle of economy of data).

4. Use of cookies

For information about the use of cookies on this website, see: Guideline of the Use of Cookies

5. Obligation to comply with data secrecy

Access to these statistical data is limited to employees of REWE International Dienstleistungsgesellschaft mbH. Needless to say, all employees are obliged to handle these data very carefully due to their tasks and are also obliged to maintain data secrecy.

6. Data Security

We secure our website and other systems by means of technical and organisational measures against loss, destruction, access, modification or dissemination of your data by unauthorised persons. Despite regular inspections, however, it is not possible to provide complete protection against all dangers.

7. Rights of data subjects

Following a written request to REWE International AG, IZ NÖ-Süd, Straße 3, Objekt 16, 2355 Wr. Neudorf, after successful identification, we would, of course, be pleased to provide you with information about your stored data free of charge or promptly comply with your other data protection rights (right to rectification, right to restriction of processing, right to data portability). Furthermore, you can request the erasure of your personal data. We will, of course, carry out the erasure, provided that there are no storage obligations to the contrary. If you wish to object to the processing of your personal data, you can do so at any time by writing to REWE International AG, IZ NÖ-Süd, Straße 3, Objekt 16, 2355 Wr. Neudorf.

In the case of manifestly unfounded enquiries or – in particular in the case of frequent repetition – we are entitled to demand appropriate remuneration.

8. Data protection contact

If you have any questions about data protection, you can contact our data protection officer at datenschutz@rewe-group.at or by post at REWE International AG, NÖ-Süd, Straße 3, Objekt 16, 2355 Wr. Neudorf. You are, of course, also free to contact the competent supervisory authority in the event of complaints.

II. Data protection information for business-related contact

The responsible company of the REWE Group Austria (hereinafter referred to as "REWE" or "we") processes your data in order to contact you.

This information therefore applies in particular to personal data provided to REWE in the course of its business or other activities by post, telephone, fax, email or online. With these data protection notices, we would like to inform you about the scope and purpose of the processing as well as your rights as a data subject. People who transmit personal data of others to us must ensure that the data subjects consent to this and that these data may be transmitted to us, as well as being informed about how personal data can be processed by us and what rights data subjects have.

1. Purposes and legal basis of the processing of personal data

1.1 Establishing contact within the framework of a business relationship

In order to initiate or carry out a business relationship, we will, in particular, process your contact details (name, address, telephone number and email address), communication details (e.g. correspondence by email) and, if necessary, location details (IP address).

The legal basis for this processing of your personal data is Art. 6 (1) (a) GDPR (your consent) and Art. 6 (1) (b) GDPR (pre-contractual measures, contract execution) if we receive the data directly from you or we enter into a contractual relationship with you directly. If you are not an existing or potential business partner, we will as a general rule have received your contact details from our business partner, who has named you as a contact person. In this case, the processing of your data takes place on the basis of Art. 6 (1) (f) GDPR (balancing of interests, based on our legitimate interest in contacting existing or potential business partners).

The provision of your personal data for the purpose of making contact in the context of a business relationship is voluntary. If your contact details are absolutely necessary for the initiation and fulfilment of a contract, you must disclose your contact details, otherwise the contract with you cannot be concluded.

1.2 Establishing contact as part of our public relations work

We also maintain databases with contact details of, among others, political, media and press representatives in order to be able to contact them in the context of our public relations work on relevant issues, events, etc.

The processing of your personal data takes place on the basis of your consent (Article 6 (1) (a) GDPR), which you can give us in personal contact (e.g. presentation of your business card or via online form). For your right to revoke your consent, please refer to point 5.8.

We also collect contact details from public sources and maintain them in our databases. The legal basis for the described data processing is Art. 6 (1) (f) GDPR. (Balancing of interests, based on our legitimate interest in contacting political, media and press representatives as part of our public relations work).

2. Recipients of the personal data

In some cases, however, we use service providers for the processing of personal data, including for the sending of emails, chats and video telephony. The storage of your data (contact data, communication data, possibly location data (IP address) takes place in secure data centres and databases.

All service providers have been carefully selected and are also subject to data protection agreements. The service providers will only have access to your data to the extent and for the required period of time that is necessary for the provision of the services or to the extent that you have consented to the data processing and use.

We also use service providers who are located in third countries outside the European Union to process your data. Countries outside the European Union handle the protection of personal data differently from countries within the European Union. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection. We have therefore taken special measures to ensure that your data are processed in third countries as securely as they are within the European Union. With service providers in third countries, we conclude the data protection contract provided by the Commission of the European Union for the processing of personal data in third countries (standard contractual clauses) or use other permissible safeguards. This provides suitable guarantees for the protection of your data with service providers in the third country. You can request a copy of these guarantees at the contact details provided above.

3. Retention period; erasure periods

We store the data processed by you as long as they are necessary for the purpose and there is a legal basis. Once they are no longer needed, your data will generally be deleted within 1 month. Your data will also be stored/not erased for as long as there are contractual or statutory retention periods.

4. Automated decision-making; profiling

We do not use your personal data for automated decision-making or profiling.

5. Your rights as a data subject

Insofar as REWE processes your personal data, you as the data subject have the following data subject rights under the data protection requirements.

5.1. Access

You can request access to information about your personal data processed by us (Art. 15 GDPR).

5.2. Rectification

If your information is not (or no longer) correct, you can request the correction of your data. If your data are incomplete, you can request their completion (Art. 16 GDPR).

5.3. Erasure

You have the right to request the erasure of your data. Please note that a claim to erasure depends on the existence of a legitimate purpose. In addition, there must be no regulations that oblige us to store your data (Art. 17 GDPR).

5.4. Restriction of processing

You have the right to request the restriction of the processing of your data. Please note that a claim to restriction of processing depends on the existence of a legitimate purpose (Art. 18 GDPR).

5.5. Objection

If data are collected on the basis of Art. 6 (1) (f) GDPR (data processing to safeguard overriding legitimate interests), you have the right to object to the processing of your data for reasons arising from your particular situation. In the event of an objection, we will no longer process your data, unless we can prove compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).

5.6. Right to lodge a complaint

You are entitled to lodge a complaint with the competent data protection supervisory authority if you do not consent to the processing of your data (Art. 77 GDPR).

5.7. Data portability

You have the right to receive personal data that you have provided to us in an electronic format (Art. 20 GDPR).

5.8. Revocation of consent

You have the right to revoke your consent (Art. 6 (1) (a) GDPR) to the processing of your data which you have provided to us, at any time. This also applies to the revocation of declarations of consent that you submitted to us before the GDPR became applicable, i.e. before 25 May 2018.

The easiest way to withdraw your consent is to send an email to the contact details below. The revocation of consent does not affect the lawfulness of the processing of your data carried out until the moment of revocation.

6. Contact details of the Data Protection Officer

The Data Protection Officer is available for all questions and information about data protection and can be reached by email at datenschutz@rewe-group.at and by post at: Data Protection Officer, c/o REWE International AG, IZ NÖ-Süd, Straße 3, Objekt 16, 2355 Wr. Neudorf.