Data protection In 2018, with the entry into force of the EU General Data Protection Regulation (EU GDPR), the Board of Directors of REWE Group made the following commitment on data protection: "The goal of REWE Group as a Group of commercial and travel companies is to offer its customers outstanding complete products and services. To achieve this, it is necessary to look at the large amount of data available as an opportunity and use it in such a way that the range of services is designed to meet demand and processes become more efficient during digitalization. When using customer data, but also the data of employees or business partners, it is essential that the REWE Group complies with the legal provisions regarding the processing of personal data. This is important in order to secure and deepen existing trust and thus ensure the long-term success of the companies in the REWE Group." We align ourselves with this commitment and aim to ensure cybersecurity and protection of personal data under our management by using dedicated IT systems that ensure the highest degree of protection against cyber-attacks, such as firewalls, antiviruses, protection software. We document, verify, and process any requests from customers or supervisory authorities in relation to data protection. The team responsible for cybersecurity management has the role of ensuring the processing of personal data in accordance with the applicable rules. All the systems we implement are developed and implemented at the level of the REWE Group. These are complex systems that have strict back-up protocols and are deployed through several servers located worldwide. At Group level, we implement a complex back-up system for stored data by using a complex network of servers positioned at the level of the European Union. This system is necessary to ensure the security of our data. At the same time, to achieve our Group objective of processing data in a way that ensures its protection, so-called 'lessons learned workshops' are regularly organized on selected elements of the compliance management system (CMS) for data protection, such as roles, processes and tools relevant to data protection or aids in the form of templates and checklists. SUSTAINABILITY STEP BY STEP CORPORATE GOVERNANCE AND BUSINESS SUSTAINABLE ASSORTMENT ENERGY, CLIMATE AND RESOURCES EMPLOYEES AND SOCIETY GRI & SASB INDEX ASSURANCE OF SELECTED NON-FINANCIAL INDICATORS
RkJQdWJsaXNoZXIy MjUyMDg2Nw==