Sie sind derzeit nicht angemeldet | Anmelden >
How do we handle personal data?
We attach great importance to protecting and
securing your personal data. We process your personal data in the context of
this website in accordance with the relevant legal data protection
stipulations. In particular, we are subject to the provisions of the European
Union General Data Protection Regulation (GDPR) and the German Federal Data
Protection Act (Bundesdatenschutzgesetz,
BDSG) where we process personal data.
Who controls the data’s processing and who can you contact?
The controller of data processing operations for the purposes of the GDPR and other privacy law provisions is:
MEWA Textil-Service AG & Co. Management OHG
65189 Wiesbaden, Germany
Switchboard: +49 (0)611 760 10
Fax: +49 (0)611 7601 361
Website contact form: https://www.mewa.de/sonstiges/kontakt/
MEWA Textil-Service AG & Co. Management OHG is part of the MEWA Group, with locations in Germany and other EU countries.
You can contact our company’s Privacy Officer at:
MEWA Textil-Service AG & Co. Management OHG
65189 Wiesbaden, Germany
What is personal data?
Personal data refers to any data or information relating to an identified or identifiable person (a ‘data subject’).
For what purposes do we process your personal data? What are the legal grounds for this?
We process personal data for set purposes that we will explain to you in detail for your own information in the following notice. In particular, the specific scope and nature for the processing of your data is based on the services, functionality and offerings on our website that you specifically utilise. We process data so that:
(1) Visiting our website
The above access data is stored in what are called server log files on our Web/application servers and is required for technological reasons so that we can provide you with a functioning website and assure system security. Other than for the purposes described above, we only use access data purely statistically for the needs-based design and optimisation of our Web offering and without tracing the data back to you personally.
If you visit our website to obtain information about our offering of goods and other services or to use it, we temporarily store access data and log files on the basis of GDPR art. 6(1)(b) (legal grounds), in particular, to take steps prior to entering into a contract. In this regard, GDPR art. 6(1)(f) also provides further legal grounds for the temporary storage of access data and log files. Our legitimate interest is in being able to provide you with a technologically functioning website with a user-friendly design and to safeguard the security of our systems.
The access data collected when you use our website is only stored for the length of time for which this data is required to achieve the above purposes. The regular length of time for which data is stored is six weeks, however your IP address is stored on our Web/application servers for a maximum of seven days. Your IP address is also made anonymous (through IP masking).
(2) Contact form/enquiries
We collect and store personal data if you enter it in the form provided on our website for contacting us and you send it to us or if you contact us in another way (e.g. by email). You are free to decide what information, if any, you pass on to us through corresponding enquiries. If you contact us by email, we store the data that you share in this email. When you use the contact form on our website, we collect the following data: title*, first name*, surname*, company*, physical address*, email address*, Internet URL, your role at your company and fax and phone numbers as well as the sector your company is active in*, your product offering* and your individual message/question. The pieces of data marked with an asterisk (*) are mandatory details that we require to respond to your enquiry properly. The other, voluntary details enable us to better categorise and process your enquiry. When you use the contact form on our website, the following, technological access data is also stored when you send your enquiry: the date and time your enquiry is sent as well as your IP address.
If you contact us about a matter relating to an existing contract or supply arrangement or are contacting us in advance to establish one, the data and information that you share is processed for the purpose of reviewing and responding to your enquiry in accordance with GDPR art. 6(1)(b) (legal grounds). We store the technological access data recorded when sending your enquiry for the purpose of enabling the technological provision of contact options and for the purpose of assuring system security on the basis of GDPR art. 6(1)(f) (legal grounds), which altogether serves to protect our legitimate interests.
We store the personal data collected in connection with your enquiry for the purpose of reviewing and responding to your enquiry, and store it for as long as that takes. The technological access data stored in this context is only stored for the length of time for which this data is required for technological reasons, including to provide functioning contact options and safeguard the security of our systems. However, your IP address is stored on our Web server for a maximum of seven days.
(3) Supplier Extranet
You can use our website to log in to our password-protected Supplier Extranet as a MEWA supplier. You will receive log-in data (username, password) for this separately as part of our existing supply arrangement. In your supplier account, you can manage the supplier profile for your company yourself, including modify your log-in data, edit your supplier data and notify us of other, company-specific supplier information voluntarily (Supplier Data Sheet). The data stored on the Supplier Extranet primarily consists of purely business-related data concerning your company’s supply operations and is required to design supply processes and provide us with an insight into your production procedures and processes for our own quality assurance. In terms of personal data, designated contacts and other individual contact persons may be stored on the Supplier Extranet.
Where we store and process personal data on the Supplier Extranet, we do so on the basis of our existing supply arrangement on the grounds provided in GDPR art. 6(1)(b) (legal grounds). We also process data in accordance with GDPR art. 6(1)(c) (legal grounds) so that we meet the legal obligations that are placed on us in conjunction with our supply arrangement. These include retention periods mandated under commercial, trade and tax laws. We also process data in accordance with GDPR art. 6(1)(f) (legal grounds) to preserve our legitimate interests in, where necessary, asserting our rights and legal claims and being able to defend ourselves against any legal claims.
We store your personal data where it is necessary to do so as part of our ongoing supply arrangement. If applicable, we additionally store your personal data until the expiry of any legal claims arising out of our business relationship with you so that we can use it as evidence if necessary. Claims usually expire within 12 to 36 months, though may also take up to 30 years. We erase your personal data when they expire, unless there is a statutory retention period for the data, e.g. as provided in the German Commercial Code (HGB ss. 238, 257(4)) or the German Tax Code (AO s. 147(3) – (4)). These retention obligations may last from 2 to 10 years
Cookies can be divided into the following categories/cookie types in particular:
|Cookies used to carry out specific website functions as required|
|Functional cookies||Cookies used to enable website services and futionality (e.g. video playback) and/or increase website usability|
Cookies used to measure the performance of our website and its content
|Analytics/tracking cookies||Cookies used to perform analyawa of data regarding locatin, visitor interess and similar topics so as obtain information about the visitors of our website and the content they seek.|
|Advertising/targeting cookies||Cookies used for the purpose of displaying advertising on websites across the Internet, in particular to deliver advertising reflecting the user's surfing habits and interests|
|Messaging cookies||Cookies for the use of messaging technology|
|Social media cookies||
Cookies for the use of social media funtions such as sharing, sending and recommending websites for other people
Some of the cookies that we use on our website come from third parties that help us analyse the effect of the content on our website and the interests of our visitors, measure the performance of our website, display needs-targeted advertising and other content on our or other websites or to communicate with you.On our website, we use both first-party cookies (only visible from the domain currently being visited) as well as third-party cookies (visible irrespective of domain and regularly set by third parties). In detail:
Description / explanations
|Required cookies||JSESSIONID||This cookie is created automatically by the|
application server (Tomcat) to store session status information. Information
stored includes, for example, whether a user is logged in, the permissions the
user has or what data he/she has entered on previous pages of a form. The
cookie is deleted when the browser is closed.
This website uses services provided by etracker GmbH, Hamburg, Germany (etracker) to analyse usage data. Cookies are set as part of this (see below) to enable a statistical analysis of the use of this website by its users and enable the display of usage-related content or advertisements.
The data generated through this is processed and stored by our contractor etracker exclusively in Germany, making it subject to strict German and European privacy laws and
standards. As regards privacy, etracker has been independently assessed, certified and awarded the e-Privacyseal data protection seal of approval.
Data is processed on the basis of the legal provisions of EU General Data Protection Regulation (EU GDPR) art. 6(1)(f) (legitimate interest). Our concern, for the purposes of the EU GDPR (legitimate interest), is the optimisation of our online offering and website.
Since the privacy of our visitors is important to us, the data that potentially allows a link to an individual person, such as IP addresses, log-in information or device identifiers, is made anonymous or pseudonymous as early as possible. The data is not used in any other way, combined with other etracker data or shared with third parties.
You may at any time object to the data processing described above, provided it is of a personal nature. Please click on the following opt-out link to do so:
|Cookie type||Cookie name||Description/explanations||
|Analytics/tracking cookies||_et_coid||etracker Analytics cookie recognition||2 years|
|Analytics/tracking cookies||et_id||etracker Analytics visitor recognition||2 years|
|Analytics/tracking cookies||etcnt_STATID||Recognition of returning visitors (only set if active)||28 days|
|Analytics/tracking cookies||noWS_<tracking code>ode>||Used to distinguish whether functionality needs to be|
provided for the etracker Optimiser
|Analytics/tracking cookies||BT_ctst||Used to assess whether cookies can be set for the|
|Analytics/tracking cookies||BT_pdc||Contains data about visitor history in Base64 format|
(visitor is a customer, visitor is subscribed to newsletter etc.) that is used
|Analytics/tracking cookies||BT_sdc||Contains Base64-encoded data about the current visitor|
session (referrer, number of PIs, session duration) for personalisation
|Analytics/tracking cookies||isSdEnabled||Permission for tracking visitor actions (set randomly)||24 hours|
Data is processed on the basis of cookies, as
described above, in accordance with GDPR art. 6(1)(f) (legal grounds) to preserve
our legitimate interests. Our legitimate interests consist, in particular, of
being able to provide you with an optimised website with a user-friendly and
needs-targeted design and to safeguard the security of our systems.
How do we protect your data?
We take every precaution to ensure the security of
your personal data and protect our website and other systems by implementing
appropriate technological and organisational measures. In particular, your data
is protected against loss, destruction, corruption, manipulation and modification
by unauthorised persons as well as against unauthorised access, disclosure or
dissemination. Furthermore, the data you share through our website is
transmitted over the Internet using an encrypted SSL connection.
Who receives your data and is it transferred to a non-EU country or international organisation?
Generally, the only people who are informed of your personal data initially are employees whose duties include technical, commercial or copywriting services. For these purposes, your data may also be forwarded to employees at other MEWA Group companies if it is required in order to render the corresponding service (e.g. respond to your enquiry).
Furthermore, we engage external service providers within the data processing framework explained above and, where necessary, contract them to provide corresponding processing services. Where external service providers receive your personal data when acting as contracted data processors, they are strictly bound to our instructions when handling your personal data. Below is a list of specific categories of external data recipients:
IT contractors, e.g. for the administration and hosting of our website or individual services/functions as well as for website analytics/measurement
Logistics contractors in order to send you any goods
or information brochures ordered
Payment providers and banks for payment processing
Debt collectors and legal consultants when exercising our claims
What rights do you have as an affected person?
In accordance with the legal requirements, you, as an affected person and data subject, have the following rights that you may exercise by contacting us at any time in writing or electronically, using the contact addresses provided (see ‘Who controls the data’s processing and who can you contact?’ above).
Right to information: in accordance with GDPR art. 15, data subjects are entitled at any time to obtain confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, GDPR art. 15 also entitles the data subject to obtain access to the personal data and certain other information (including the purposes of the processing, categories of personal data, categories of recipient, envisaged period of storage, their rights and information as to the data’s source) as well as a copy of the respective data. The restrictions provided in BDSG s. 34 apply.
Right to rectification: in accordance with GDPR art. 16, data subjects are entitled to obtain the rectification of stored personal data concerning them if it is inapplicable or incorrect.
Right to erasure: data subjects are entitled to obtain the immediate erasure of personal data concerning them where the requirements of GDPR art. 17 are met. The right to erasure does not apply in certain situations, including when the processing of the personal data is necessary, for example, for compliance with a legal obligation (e.g. statutory retention obligations) or for the establishment, exercise or defence of legal claims. Moreover, the restrictions provided in BDSG s. 35 apply.
Right to object as per GDPR art. 21:
Data subjects have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on GDPR art. 6(1)(e) (Performance of a Task in the Public Interest) or art. 6(1)(f) (Legitimate Interest of the Controller), including profiling based on those provisions. In the event of an objection, we will no longer process the personal data unless we demonstrate compelling, legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing serves for the establishment, exercise or defence of legal claims. This does not apply if we process data for direct marketing purposes based on the above provisions. If our processing of personal data for direct marketing purposes is objected to, the personal data concerned will no longer be processed for these purposes – unconditionally and regardless of a consideration of conflicting interests. Objections based on GDPR art. 21 may be sent to us or our Privacy Officer in writing or by email by using the contact addresses provided (see ‘Who controls the data’s processing and who can you contact?’ above).
Right to withdraw: data subjects have the right at any time to withdraw any given declaration of consent under privacy law with effect for the future.
Right to lodge a complaint with a supervisory authority: data subjects are entitled to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or place of the alleged infringement if they consider that the processing of personal data relating to them infringes this regulation and where the requirements of GDPR art. 77 are met. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy. The supervisory authority having jurisdiction over us is the Hesse Privacy Commissioner (Datenschutzbeauftragter), Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany.
Other matters: if you have other questions and discussion matters regarding privacy, our Privacy Officer is happy to discuss them with you via email at Datenschutzbeauftragter@MEWA.de.
Is there a requirement to provide data?
To be able to provide you our website and to enable usage of the corresponding services/functions (such as the contact form, online orders etc.), it is required to provide the personal data necessary for them. It is not possible to see the content of our website or use the corresponding services/functions without this data.
Is your data used for automated decision-making/profiling?
You generally have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for you or significantly affects you in a similar manner. In particular, these decisions may not be regularly based on special categories of personal data referred to in GDPR art. 9(1). We are happy to inform you that our website and the data processing operations associated with it do not use any relevant decision-making processes.
How do we otherwise handle customer data?