Data protection In 2018, with the entry into force of the EU General Data Protection Regulation (EU GDPR), the REWE Group Board of Directors made the following commitment on the topic of data protection: "The objective of REWE Group as a group of commercial and travel companies is to offer its customers complete products and outstanding services. To achieve this, it is necessary to look at the large amount of data available as an opportunity and use it in such a way that the range of services is designed to meet demand and processes become more efficient in the course of digitalization. When using customer data, as well as employee or business partner data, it is essential that REWE Group complies with the legal provisions on the processing of personal data. This is important to ensure and deepen the existing trust and thus ensure the longterm success of the REWE Group companies." We align ourselves with this commitment and aim to ensure cybersecurity and the protection of personal data under our management by using dedicated IT systems that ensure the highest degree of protection against cyber attacks, such as firewalls, antiviruses, protection software. We document, verify and process any request from customers or oversight authorities in relation to data protection. The team responsible for cybersecurity management has the role of ensuring the processing of personal data in accordance with the applicable rules. All the systems we implement are developed and implemented at the level of REWE Group. These are complex systems that have strict back-up protocols and are implemented through a series of servers located worldwide. At group level, we implement a complex system of back-up of stored data by using a complex network of servers positioned at the level of the European Union. This system is necessary to ensure the security of our data. At the same time, in order to achieve our group-set goal of processing data in a way that ensures its protection, so-called 'lessons learned' work are regularly organized on selected elements of the compliance management system (CMS) for data protection, such as roles, processes and tools relevant to data protection or aids in the form of templates and checklists. REWE Group's data protection organization, which was expanded in 2018, covers all responsibilities required under the EU GDPR, such as those related to accountability, data protection governance, implementation, advice, monitoring or coordination. The existing roles of the 'responsible persons', i.e. the management bodies, specialized departments and the data protection officer, were complemented by the roles of the data protection function, the data protection officer in the business segment and the data protection coordinator. Data protection officers report directly to the management of the companies or to the central data protection management of the REWE Group. It in turn reports regularly to the group's executive board and steering board. SUSTAINABILITY STEP-BY-STEP CORPORATE GOVERNANCE AND BUSINESS SUSTAINABLE ASSORTMENT ENERGY, CLIMATE AND RESOURCES EMPLOYEES AND SOCIETY INDEX GRI & SASB CORPORATE GOVERNANCE AND BUSINESS
RkJQdWJsaXNoZXIy MjUyMDg2Nw==