I. Data Protection
1. General
REWE International AG (REWE) takes the protection of your personal data seriously and uses them in accordance with the statutory provisions, in particular the Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). In this Privacy Policy, REWE provides all information about the processing of your personal data concerning the website, in particular which personal data are collected and thus protected.
2. Controller
The operator of this website and thus responsible for the processing of your personal data is REWE International AG, which is responsible for compliance with the provisions of the 2018 Data Protection Act (DSG) and the GDPR. Your data will be processed by REWE International AG. We store and process your data exclusively in accordance with the statutory provisions. As a visitor to the website, you are informed about the processing activities within the scope of this Privacy Policy.
Below you will find out more about the careful handling of your personal data.
3. Handling of personal data
The term personal data refers to all information about data subjects with which the identity of the data subject is or can be determined. Information can be any information that is or can be associated with a person, such as your name, address, email address, or date of birth.
The user data collected from you through the website serves the purpose of providing the desired service:
Analytics: Google Analytics with IP anonymisation
Personal data: Usage data; trackerTag management: Google Tag Manager
Personal data: Usage dataDisplaying external platform content: Font Awesome
Personal data: Usage data
We review our data collection, storage and processing practices to ensure that we process only those data that are absolutely necessary (principle of economy of data).
4. Use of cookies
For information about the use of cookies on this website, see: Guideline of the Use of Cookies
5. Obligation to comply with data secrecy
Access to these statistical data is limited to employees of REWE International Dienstleistungsgesellschaft mbH. Needless to say, all employees are obliged to handle these data very carefully due to their tasks and are also obliged to maintain data secrecy.
6. Data Security
We secure our website and other systems by means of technical and organisational measures against loss, destruction, access, modification or dissemination of your data by unauthorised persons. Despite regular inspections, however, it is not possible to provide complete protection against all dangers.
7. Rights of data subjects
Following a written request to REWE International AG, IZ NÖ-Süd, Straße 3, Objekt 16, 2355 Wr. Neudorf, after successful identification, we would, of course, be pleased to provide you with information about your stored data free of charge or promptly comply with your other data protection rights (right to rectification, right to restriction of processing, right to data portability). Furthermore, you can request the erasure of your personal data. We will, of course, carry out the erasure, provided that there are no storage obligations to the contrary. If you wish to object to the processing of your personal data, you can do so at any time by writing to REWE International AG, IZ NÖ-Süd, Straße 3, Objekt 16, 2355 Wr. Neudorf.
In the case of manifestly unfounded enquiries or – in particular in the case of frequent repetition – we are entitled to demand appropriate remuneration.
8. Data protection contact
If you have any questions about data protection, you can contact our data protection officer at datenschutz@rewe-group.at or by post at REWE International AG, NÖ-Süd, Straße 3, Objekt 16, 2355 Wr. Neudorf. You are, of course, also free to contact the competent supervisory authority in the event of complaints.
II. Data protection information for business contact
The responsible company of REWE Group (hereinafter referred to as "REWE" or "we") processes your data in order to get in touch with you. With this data protection notice, we would like to inform you in particular about the scope and purpose of the processing as well as your rights as a data subject (as of March 2024).
1. Categories and purposes of the processing of personal data
1.1 Contact in the context of a business relationship
In order to initiate, carry out or terminate a business relationship, we will process in particular your contact details (e.g. company name, name, address, telephone number, e-mail address, signature and, if applicable, the data of the contact persons) as well as communication data (e.g. audio/video transmissions, recordings, e-mails). We use your above contact details in particular for the following purposes:
communication within the framework of the business relationship,
Signing of certificates of achievement and receipts,
Drafting contracts and powers of attorney,
Booking of meeting rooms incl. catering,
Visitor registration at the reception,
Business Partner Verification
for tax reasons
The legal basis for the processing of your personal data is therefore Article 6 (1) (a) and (b) of the EU General Data Protection Regulation (GDPR). Your consent or pre-contractual measures, performance of the contract, if we receive the data directly from you or if we enter into a contractual relationship with you directly.
If we carry out a business partner check on the basis of legal obligations or process data for tax reasons, we process your personal data on the legal basis of Art. 6 (1) (c) of the GDPR.
If you are not an existing or potential business partner yourself, we have usually received your contact details from our business partner, who has named you as a contact person. In this case, the processing of your data is carried out on the basis of Art. 6 para. 1 lit. f of the GDPR (balancing of interests, based on our legitimate interest in contacting existing or potential business partners). We usually process your data in electronic systems.
1.2 Contacting us as part of our public relations work
We also maintain databases with contact details of political, media and press representatives, among others, in order to be able to get in touch with them on relevant issues, events, etc. as part of our public relations work.
The processing of your personal data is based on your consent (Article 6 (1) (a) GDPR), which you can give us in personal contact (e.g. handing over your business card). For your right to withdraw consent, see point 5.
We also collect contact data from public sources and enter them into our databases. The legal basis for the described data processing is Art. 6 (1) (f) GDPR (balancing of interests, based on our legitimate interest in contacting political, media and press representatives, among others, in the context of our public relations work).
2. Recipients of personal data
As a matter of principle, your data collected by us will not be passed on to third parties.
However, in some cases, we use processors to process personal data, including sending emails, storing your data in a secure data centre, and maintaining and analysing databases.
All processors have been carefully selected, support REWE strictly in accordance with instructions and are only granted access to your data to the extent and for the period required for the provision of the services or to the extent that you have consented to the data processing and use.
For the processing of your data, we may also use processors located in third countries outside the European Union. With processors in third countries, we enter into the data protection agreement (standard data protection clauses) provided by the Commission of the European Union for the processing of personal data in third countries. This provides suitable guarantees for the protection of your data by service providers in the third country. You can request a copy of this Data Protection Agreement using the contact details provided above.
3. Storage period; Deletion deadlines
As a matter of principle, we only store the data processed by you as long as there is a legal basis. When it ceases to exist, your data will be deleted. Your data will also be stored/not deleted for as long as contractual or statutory retention periods exist for them.
4. Automated decision-making; Profiling
We do not use your personal data for automated decision-making or profiling.
5. Your rights as a data subject
Insofar as REWE processes your personal data, you as a data subject are entitled in particular to the following data subject rights under data protection law.
5.1. Information
You can request information about your personal data processed by us (Art. 15 GDPR).
5.2. Correction
If your information is not (or no longer) accurate, you can request that your data be corrected. If your data is incomplete, you can request that it be completed (Art. 16 GDPR).
5.3. Deletion
You have the right to request the deletion of your data. Please note that a claim for erasure depends on the existence of a legitimate reason. In addition, there must be no regulations that oblige us to store your data (Art. 17 GDPR).
5.4. Restriction of processing
You have the right to request the restriction of the processing of your data. Please note that a right to restriction of processing depends on the existence of a legitimate reason (Art. 18 GDPR).
5.5. Objection
If data is collected on the basis of Art. 6 (1) (f) GDPR (data processing for the purpose of safeguarding legitimate interests), you have the right to object to the processing of your data for reasons arising from your particular situation. In the event of an objection, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
5.6. Right to lodge a complaint
You have the right to lodge a complaint with the competent data protection supervisory authority if you do not agree to the processing of your data (Art. 77 GDPR).
5.7. Data portability
You have the right to receive personal data that you have shared with us in an electronic format (Art. 20 GDPR).
5.8. Revocation
You have the right to revoke your consent (Art. 6 para. 1 lit. a GDPR) to the processing of your data that you have given to us at any time. This also applies to the revocation of declarations of consent that you have given to us before the General Data Protection Regulation came into force, i.e. before 25.05.2018. The easiest way to withdraw any consent you have given is to contact us by email using the contact details above. The withdrawal of consent does not affect the lawfulness of the processing of your data carried out before the withdrawal.
6. Contact details of the Data Protection Officer
The Data Protection Officer is available for all questions and information about data protection and can be reached by email at datenschutz@rewe-group.at and by post at: Data Protection Officer, c/o REWE International AG, IZ NÖ-Süd, Straße 3, Objekt 16, 2355 Wr. Neudorf.