A plain-language description of what data we collect, why, and what your rights are.
Last updated: 19 May 2026
The controller responsible for the processing of personal data on this website, within the meaning of the General Data Protection Regulation (GDPR), is:
REWE-ZENTRALFINANZ eG
Domstraße 20, 50668 Köln, Germany
Email: [email protected]
Genossenschaftsregister: GnR 631
When you visit this website, our hosting provider's servers automatically record standard log information: your IP address (anonymised where technically possible), the requested page, date and time of the request, the referring page, and basic browser identification. This is necessary for the operation and security of the site (Art. 6 (1) (f) GDPR — legitimate interest in delivering and securing the service). Log records are retained for a maximum of fourteen days and then deleted.
If you complete the contact form, we process the name, email address, company name (if provided), topic and message you submit. The lawful basis is Art. 6 (1) (b) GDPR (taking steps at your request prior to entering into a contract) and, where applicable, Art. 6 (1) (a) GDPR (your consent). We use this data solely to respond to your enquiry and to follow up if relevant. We retain enquiry data for up to twenty-four months for record-keeping, and then delete it unless a longer retention period is required by law.
If you contact us by email, we process the email address and any content you choose to include. The lawful basis and retention are as for the contact form.
This website uses only strictly necessary cookies, in particular to remember that you have seen the cookie notice. We do not use advertising, analytics, or social-media tracking cookies on this domain. For full details, see our Cookie Policy.
This website is delivered through a standard commercial web host within the European Union. The host processes log and connection data on our behalf as a data processor under Art. 28 GDPR. We do not embed third-party tracking scripts (such as Google Analytics, Meta Pixel, or similar) on these pages.
For client work — that is, the consultancy services described elsewhere on this site — we may, with our clients, work inside their Google Ads, Google Merchant Center, Google Analytics and related platforms. Those services are operated by Google Ireland Limited (and, depending on the service, Google LLC) as separate controllers or joint controllers under their own terms; we do not transfer your personal data from this website to those services.
Under the GDPR you have the right to:
To exercise any of these rights, write to us at [email protected]. You also have the right to lodge a complaint with a supervisory authority — for North Rhine-Westphalia, this is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).
Our site is delivered over TLS (HTTPS). Personal data submitted through the contact form is transmitted in encrypted form to our server. We apply organisational measures appropriate to the scale of our processing to protect data against unauthorised access.
We may update this policy to reflect changes in the law or in how we operate. The current version is always available on this page, with the "last updated" date at the top.