Privacy Policy
How do we handle personal data?
We attach great importance to protecting and
securing your personal data. We process your personal data in the context of
this website in accordance with the relevant legal data protection
stipulations. In particular, we are subject to the provisions of the European
Union General Data Protection Regulation (GDPR) and the German Federal Data
Protection Act (Bundesdatenschutzgesetz,
BDSG) where we process personal data.We are keen to increase user confidence in our services, and for this reason wish to be open about how we use personal data and to give you detailed information about the ways your data is processed and about your rights in accordance with GDPR art. 12, 13, 14 and 21. This website-specific privacy policy will tell you what personal data is collected when you use our website partners.mewa-service.com and how we handle this data and information.
Who controls the data’s processing and who can you contact?
The controller of data processing operations for the purposes of the GDPR and other privacy law provisions is:
MEWA Textil-Service AG & Co. Management OHG
John-F.-Kennedy-Strasse 4
65189 Wiesbaden, Germany
Switchboard: +49 (0)611 760 10
Fax: +49 (0)611 7601 361
Email: info@mewa.de
Website contact form: https://www.mewa.de/sonstiges/kontakt/MEWA Textil-Service AG & Co. Management OHG is part of the MEWA Group, with locations in Germany and other EU countries.
You can contact our company’s Privacy Officer at:
MEWA Textil-Service AG & Co. Management OHG
Privacy Officer
John-F.-Kennedy-Strasse 4
65189 Wiesbaden, Germany
Email: datenschutzbeauftragter@mewa.de
What is personal data?
Personal data refers to any data or information relating to an identified or identifiable person (a ‘data subject’).
For what purposes do we process your personal data? What are the legal grounds for this?
We process personal data for set purposes that we will explain to you in detail for your own information in the following notice. In particular, the specific scope and nature for the processing of your data is based on the services, functionality and offerings on our website that you specifically utilise. We process data so that:
- You can navigate to and visit our website and so that we can protect our website and other systems against security risks;
- You can contact us (contact form/email enquiries);
- You can use our Supplier Extranet;
- We can optimise the content of our website and make it user-friendly and targeted to user needs
Your personal data may be processed for purposes other than those described in this privacy policy only in cases where a legal regulation explicitly entitles or requires us to do so or where you have given your explicit consent to such processing of your data. We will provide you corresponding notice of any changes to the purposes for processing data, taking into account the legal requirements.
(1) Visiting our website
You can visit our website for purely informative purposes without having to share any data about yourself. The only data relating to your visit of our website that is automatically stored in this case is technological access data transferred by your browser, i.e. the name of your Internet service provider, page from which you have navigated to our website, date and time of your visit and identification data for the browser/operating system used. The Web server must also store your IP address as a matter of necessity, and this may possibly be able to be matched to you personally in some situations. In addition to this data, we store cookies so that we can provide you with a website that is optimised and targeted to your needs, even if your use of it is only for informative purposes (please see ‘Use of cookies and associated functions/technologies’ below for details about this and your options for accepting/rejecting cookies). We do not combine access data with other sources of data and we do not analyse data for marketing purposes.
The above access data is stored in what are called server log files on our Web/application servers and is required for technological reasons so that we can provide you with a functioning website and assure system security. Other than for the purposes described above, we only use access data purely statistically for the needs-based design and optimisation of our Web offering and without tracing the data back to you personally.
If you visit our website to obtain information about our offering of goods and other services or to use it, we temporarily store access data and log files on the basis of GDPR art. 6(1)(b) (legal grounds), in particular, to take steps prior to entering into a contract. In this regard, GDPR art. 6(1)(f) also provides further legal grounds for the temporary storage of access data and log files. Our legitimate interest is in being able to provide you with a technologically functioning website with a user-friendly design and to safeguard the security of our systems.
The access data collected when you use our website is only stored for the length of time for which this data is required to achieve the above purposes. The regular length of time for which data is stored is six weeks, however your IP address is stored on our Web/application servers for a maximum of seven days. Your IP address is also made anonymous (through IP masking).
(2) Contact form/enquiries
We collect and store personal data if you enter it in the form provided on our website for contacting us and you send it to us or if you contact us in another way (e.g. by email). You are free to decide what information, if any, you pass on to us through corresponding enquiries. If you contact us by email, we store the data that you share in this email. When you use the contact form on our website, we collect the following data: title*, first name*, surname*, company*, physical address*, email address*, Internet URL, your role at your company and fax and phone numbers as well as the sector your company is active in*, your product offering* and your individual message/question. The pieces of data marked with an asterisk (*) are mandatory details that we require to respond to your enquiry properly. The other, voluntary details enable us to better categorise and process your enquiry. When you use the contact form on our website, the following, technological access data is also stored when you send your enquiry: the date and time your enquiry is sent as well as your IP address.
If you contact us about a matter relating to an existing contract or supply arrangement or are contacting us in advance to establish one, the data and information that you share is processed for the purpose of reviewing and responding to your enquiry in accordance with GDPR art. 6(1)(b) (legal grounds). We store the technological access data recorded when sending your enquiry for the purpose of enabling the technological provision of contact options and for the purpose of assuring system security on the basis of GDPR art. 6(1)(f) (legal grounds), which altogether serves to protect our legitimate interests.
We store the personal data collected in connection with your enquiry for the purpose of reviewing and responding to your enquiry, and store it for as long as that takes. The technological access data stored in this context is only stored for the length of time for which this data is required for technological reasons, including to provide functioning contact options and safeguard the security of our systems. However, your IP address is stored on our Web server for a maximum of seven days.
(3) Supplier Extranet
You can use our website to log in to our password-protected Supplier Extranet as a MEWA supplier. You will receive log-in data (username, password) for this separately as part of our existing supply arrangement. In your supplier account, you can manage the supplier profile for your company yourself, including modify your log-in data, edit your supplier data and notify us of other, company-specific supplier information voluntarily (Supplier Data Sheet). The data stored on the Supplier Extranet primarily consists of purely business-related data concerning your company’s supply operations and is required to design supply processes and provide us with an insight into your production procedures and processes for our own quality assurance. In terms of personal data, designated contacts and other individual contact persons may be stored on the Supplier Extranet.
Where we store and process personal data on the Supplier Extranet, we do so on the basis of our existing supply arrangement on the grounds provided in GDPR art. 6(1)(b) (legal grounds). We also process data in accordance with GDPR art. 6(1)(c) (legal grounds) so that we meet the legal obligations that are placed on us in conjunction with our supply arrangement. These include retention periods mandated under commercial, trade and tax laws. We also process data in accordance with GDPR art. 6(1)(f) (legal grounds) to preserve our legitimate interests in, where necessary, asserting our rights and legal claims and being able to defend ourselves against any legal claims.
We store your personal data where it is necessary to do so as part of our ongoing supply arrangement. If applicable, we additionally store your personal data until the expiry of any legal claims arising out of our business relationship with you so that we can use it as evidence if necessary. Claims usually expire within 12 to 36 months, though may also take up to 30 years. We erase your personal data when they expire, unless there is a statutory retention period for the data, e.g. as provided in the German Commercial Code (HGB ss. 238, 257(4)) or the German Tax Code (AO s. 147(3) – (4)). These retention obligations may last from 2 to 10 years
(4) Use of cookies and associated functions/technologies
To make your visit of our website appealing and enable the usage of certain functionality, we use cookies in some areas. Cookies are files stored on your hard drive or in your Internet browser’s cache when you visit our website. Furthermore, our use of the term ‘cookies’ also refers to Web beacons and other, comparable storage technologies used to track user activities. Web beacons are usually transparent graphic/image elements not larger than 1 x 1 pixels that are integrated into the website and can be used to identify cookies on your devices.
Firstly, we use cookies to store information relevant to the session within the website. These cookies expire at the end of the session and are not saved permanently (i.e. transient cookies). Other cookies remain on your computer beyond the end of the session to enable us to identify your computer when you next visit our website (i.e. persistent cookies). Persistent cookies are automatically deleted after a prescribed length of time that varies depending on the type of cookie.
Cookies can be divided into the following categories/cookie types in particular:
Required cookies | Cookies used to carry out specific website functions as required |
| Functional cookies | Cookies used to enable website services and futionality (e.g. video playback) and/or increase website usability |
| Performance cookies | Cookies used to measure the performance of our website and its content |
| Analytics/tracking cookies | Cookies used to perform analyawa of data regarding locatin, visitor interess and similar topics so as obtain information about the visitors of our website and the content they seek. |
| Advertising/targeting cookies | Cookies used for the purpose of displaying advertising on websites across the Internet, in particular to deliver advertising reflecting the user's surfing habits and interests |
| Messaging cookies | Cookies for the use of messaging technology |
| Social media cookies | Cookies for the use of social media funtions such as sharing, sending and recommending websites for other people |
Of course you can always visit our website without using cookies. You can deactivate the use of cookies on your computer by changing your browser’s cookie settings. You can usually find out how to deactivate cookies by using your Web browser’s ‘Help’ function. However, please note that these settings may potentially have a negative impact on the full availability and functionality of our website. For further, cookie-specific options for settings and deactivation, please also see the following, individual explanations of the specific cookies and associated functions/technologies used when you visit our website.
Some of the cookies that we use on our website come from third parties that help us analyse the effect of the content on our website and the interests of our visitors, measure the performance of our website, display needs-targeted advertising and other content on our or other websites or to communicate with you.On our website, we use both first-party cookies (only visible from the domain currently being visited) as well as third-party cookies (visible irrespective of domain and regularly set by third parties). In detail:
↓ Tomcat
| Cookie-Type | Cookie-Name | Description / explanations | Valid for/until |
|---|---|---|---|
| Required cookies | JSESSIONID | This cookie is created automatically by the application server (Tomcat) to store session status information. Information stored includes, for example, whether a user is logged in, the permissions the user has or what data he/she has entered on previous pages of a form. The cookie is deleted when the browser is closed. | Session |
↓ eTracker
This website uses services provided by etracker GmbH, Hamburg, Germany (etracker) to analyse usage data. Cookies are set as part of this (see below) to enable a statistical analysis of the use of this website by its users and enable the display of usage-related content or advertisements.
The data generated through this is processed and stored by our contractor etracker exclusively in Germany, making it subject to strict German and European privacy laws and standards. As regards privacy, etracker has been independently assessed, certified and awarded the e-Privacyseal data protection seal of approval.
Data is processed on the basis of the legal provisions of EU General Data Protection Regulation (EU GDPR) art. 6(1)(f) (legitimate interest). Our concern, for the purposes of the EU GDPR (legitimate interest), is the optimisation of our online offering and website.
Since the privacy of our visitors is important to us, the data that potentially allows a link to an individual person, such as IP addresses, log-in information or device identifiers, is made anonymous or pseudonymous as early as possible. The data is not used in any other way, combined with other etracker data or shared with third parties.
You may at any time object to the data processing described above, provided it is of a personal nature. Please click on the following opt-out link to do so:
Deactivate Tracking |
| Cookie type | Cookie name | Description/explanations | Valid for/until |
|---|---|---|---|
| Analytics/tracking cookies | _et_coid | etracker Analytics cookie recognition | 2 years |
| Analytics/tracking cookies | et_id | etracker Analytics visitor recognition | 2 years |
| Analytics/tracking cookies | etcnt_STATID | Recognition of returning visitors (only set if active) | 28 days |
| Analytics/tracking cookies | noWS_<tracking code>ode> | Used to distinguish whether functionality needs to be provided for the etracker Optimiser | Session |
| Analytics/tracking cookies | BT_ctst | Used to assess whether cookies can be set for the visitor | Session |
| Analytics/tracking cookies | BT_pdc | Contains data about visitor history in Base64 format (visitor is a customer, visitor is subscribed to newsletter etc.) that is used for personalisation | 1 year |
| Analytics/tracking cookies | BT_sdc | Contains Base64-encoded data about the current visitor session (referrer, number of PIs, session duration) for personalisation | Session |
| Analytics/tracking cookies | isSdEnabled | Permission for tracking visitor actions (set randomly) | 24 hours |
Data is processed on the basis of cookies, as
described above, in accordance with GDPR art. 6(1)(f) (legal grounds) to preserve
our legitimate interests. Our legitimate interests consist, in particular, of
being able to provide you with an optimised website with a user-friendly and
needs-targeted design and to safeguard the security of our systems.
How do we protect your data?
We take every precaution to ensure the security of
your personal data and protect our website and other systems by implementing
appropriate technological and organisational measures. In particular, your data
is protected against loss, destruction, corruption, manipulation and modification
by unauthorised persons as well as against unauthorised access, disclosure or
dissemination. Furthermore, the data you share through our website is
transmitted over the Internet using an encrypted SSL connection.
Who receives your data and is it transferred to a non-EU country or international organisation?
Generally, the only people who are informed of your personal data initially are employees whose duties include technical, commercial or copywriting services. For these purposes, your data may also be forwarded to employees at other MEWA Group companies if it is required in order to render the corresponding service (e.g. respond to your enquiry).
Furthermore, we engage external service providers within the data processing framework explained above and, where necessary, contract them to provide corresponding processing services. Where external service providers receive your personal data when acting as contracted data processors, they are strictly bound to our instructions when handling your personal data. Below is a list of specific categories of external data recipients:
IT contractors, e.g. for the administration and hosting of our website or individual services/functions as well as for website analytics/measurement
Logistics contractors in order to send you any goods
or information brochures orderedPayment providers and banks for payment processing
Debt collectors and legal consultants when exercising our claims
As part of our use of the described analytics services, we may transfer your IP address to the United States of America (see ‘Use of cookies and associated functions/technologies’ above). IP addresses are only transferred after being abbreviated or masked. Each transfer of data is performed on the basis of Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 in accordance with Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield or based on other, appropriate protective precautions. Otherwise, we do not transfer your personal data to countries outside of the EU or EEA or to international organisations as defined in GDPR art. 4(26).
What rights do you have as an affected person?
In accordance with the legal requirements, you, as an affected person and data subject, have the following rights that you may exercise by contacting us at any time in writing or electronically, using the contact addresses provided (see ‘Who controls the data’s processing and who can you contact?’ above).
Right to information: in accordance with GDPR art. 15, data subjects are entitled at any time to obtain confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, GDPR art. 15 also entitles the data subject to obtain access to the personal data and certain other information (including the purposes of the processing, categories of personal data, categories of recipient, envisaged period of storage, their rights and information as to the data’s source) as well as a copy of the respective data. The restrictions provided in BDSG s. 34 apply.
Right to rectification: in accordance with GDPR art. 16, data subjects are entitled to obtain the rectification of stored personal data concerning them if it is inapplicable or incorrect.
Right to erasure: data subjects are entitled to obtain the immediate erasure of personal data concerning them where the requirements of GDPR art. 17 are met. The right to erasure does not apply in certain situations, including when the processing of the personal data is necessary, for example, for compliance with a legal obligation (e.g. statutory retention obligations) or for the establishment, exercise or defence of legal claims. Moreover, the restrictions provided in BDSG s. 35 apply.
- Right to restriction of processing: data
subjects are entitled to obtain the restriction of processing of personal data
where the requirements of GDPR art. 18 are met. - Right to data portability: data subjects are
entitled to receive the personal data concerning them that they have provided,
in a structured, commonly used and machine-readable format where the
requirements of GDPR art. 20 are met. Right to object as per GDPR art. 21:
Data subjects have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on GDPR art. 6(1)(e) (Performance of a Task in the Public Interest) or art. 6(1)(f) (Legitimate Interest of the Controller), including profiling based on those provisions. In the event of an objection, we will no longer process the personal data unless we demonstrate compelling, legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing serves for the establishment, exercise or defence of legal claims. This does not apply if we process data for direct marketing purposes based on the above provisions. If our processing of personal data for direct marketing purposes is objected to, the personal data concerned will no longer be processed for these purposes – unconditionally and regardless of a consideration of conflicting interests. Objections based on GDPR art. 21 may be sent to us or our Privacy Officer in writing or by email by using the contact addresses provided (see ‘Who controls the data’s processing and who can you contact?’ above).
Right to withdraw: data subjects have the right at any time to withdraw any given declaration of consent under privacy law with effect for the future.
Right to lodge a complaint with a supervisory authority: data subjects are entitled to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or place of the alleged infringement if they consider that the processing of personal data relating to them infringes this regulation and where the requirements of GDPR art. 77 are met. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy. The supervisory authority having jurisdiction over us is the Hesse Privacy Commissioner (Datenschutzbeauftragter), Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany.
Other matters: if you have other questions and discussion matters regarding privacy, our Privacy Officer is happy to discuss them with you via email at Datenschutzbeauftragter@MEWA.de.
Is there a requirement to provide data?
To be able to provide you our website and to enable usage of the corresponding services/functions (such as the contact form, online orders etc.), it is required to provide the personal data necessary for them. It is not possible to see the content of our website or use the corresponding services/functions without this data.
Is your data used for automated decision-making/profiling?
You generally have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for you or significantly affects you in a similar manner. In particular, these decisions may not be regularly based on special categories of personal data referred to in GDPR art. 9(1). We are happy to inform you that our website and the data processing operations associated with it do not use any relevant decision-making processes.
Is this privacy policy subject to change?
Further developments to the Internet and our website may have an impact on our privacy policy. We reserve the right to occasionally amend this website-specific privacy policy in the future so that it is up to date with current legal requirements or to reflect additions or changes to our Web presence. This privacy policy applies as amended to your visit, and you can view it on any page under the ‘Privacy’ link.
How do we otherwise handle customer data?
Please also refer to our general information on ‘Handling of Personal Customer Data’, also available digitally via the following link, which complements this website-specific privacy policy and governs the processing of personal customer data where it is not already covered here: Please click here.
Zugang für MEWA Lieferanten