The protection of your personal data is of paramount importance to us. We therefore process your person-related data (in short: “data”) exclusively within the framework of legal provisions. With the data protection statement, we wish to inform you in detail about the processing of your data in our company and the claims and rights to which you are entitled under data protection law.
1. Who is responsible for data processing and to whom can you turn?
Responsible party: RWA Raiffeisen Ware Austria Aktiengesellschaft (in short: “RWA AG”)
Address: Wienerbergstraße 3, 1100 Vienna
Telephone: +43/1/60 515-0
Email: datenschutz@rwa.at
2. What data will be processed and what are the sources of these data?
We process the data that we receive from you in the scope of initiating and conducting business deals. We also process data that we have received, in a legally permissible manner, from credit agencies, creditor protection associations, publicly accessible sources (e.g., corporate register, association register, land register, media), as well as from other businesses and warehouse cooperatives with whom we have permanent business relationships.
Person-related data include:
Your master/contact data such as:
- As a private customer: First and last name, address, contact data (email address, telephone number, fax), date of birth, data from submitted proof of identity (copy of identity document), bank data
- As a corporate customer: company, corporate register number, VAT ID number, company number, address, contact persons and contact information (email address, telephone number, fax), bank data
We also process the following miscellaneous person-related data:
- Information about the nature and content of our business relationship such as contract data, order data, sales and receipt data, customer and supplier history, consultation materials,
- Information on your financial status (e.g., data on credit worthiness),
- Advertising and sales data,
- Documentation data (e.g., consultation records), image data,
- Information from your electronic communications with us (e.g., IP address, login data),
- Miscellaneous data that we have received from you in the context of our business relationship (e.g., in conversations with customers),
- Data that we generate from master/contact data and from miscellaneous data, for example by means of customer needs and customer potential analyses.
3. For what purposes and within what legal framework are the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and with the Austrian Data Protection Act, as amended:
- for fulfilling (preliminary) contractual duties (Art. 6(1) lit. b GDPR):
Your data are processed for the sale and distribution of our goods and services, for procurement and logistics purposes, and for customer administration and analysis. Specifically, the data are processed for the initiation of business deals and for the performance of contracts with you.
- for fulfilling legal obligations (Art. 6(1) lit. c GDPR):
A processing of your data is required for fulfilling various legal obligations, for example ones arising from the Commercial Code (UGB) or the Federal Fiscal Code (BAO), money laundering provisions, product-specific regulations such as the Ordinance on Source Materials (AusgangsstoffVO), the Chemicals Act (Chemikaliengesetz), etc.
- for safeguarding legitimate interests (Art. 6(1) lit. f GDPR):
In the scope of balancing interests, a data processing beyond the actual performance of the contract may be necessary to safeguard our legitimate interests or those of third parties. At any rate, data will be processed to safeguard legitimate interests in the following cases:
– Consultation and data exchange with credit agencies and creditor protection associations for obtaining credit worthiness data;
– Advertising or marketing
– Measures for business management and further development of services and products;
– Measures (e.g., access controls, video monitoring) for protecting our company from behavior that is illegal or non-compliant with the contract;
– In the scope of legal proceedings.
- in the scope of your consent (Art 6(1) lit. a GDPR):
If you have given us your consent to the processing of your data, they will be processed only in accordance with the purposes and within the agreed-upon scope established in the declaration of consent. A given consent (to the sending of our newsletter or to the forwarding of data to other parties, for example) may be revoked with future effect at any time. The legitimate processing of your data prior to revocation shall remain unaffected thereby. Please use our email address provided in Item 1 for this purpose.
4. Who receives your data?
4.1 – If we engage the services of a processor, we will still be responsible for the protection of your data. All processors are contractually obligated to treat your data with confidentiality and only to process them in the scope of rendering the service. The processors engaged by us will receive your data should they need these data for providing their respective services. These processors are IT service providers, whom we need for the operation and security of our IT system, as well as commercial and directory publishers for our own advertising campaigns.
4.2 – For the purposes of company-related and customized advertising/customer care in the areas of Home & Garden, Technology, Farming, Energy, and Construction Materials, your data will be provided, with your consent, to our affiliated companies and to warehouses in permanent business relationships with RWA AG.
4.3 – When quotations/sales are made via producer portals, data disclosed by you will be processed directly in the portal of the producer.
4.4 – For creditor protection purposes, we will forward master data and information on your financial status to credit insurance companies (currently Acredia Versicherung AG), credit protection associations (currently KSV 1870 Information GmbH), and credit agencies (currently CRIF GmbH).
4.5 – Authorities, courts, and external auditors may be recipients of your data if a legal obligation exists and in the scope of legal proceedings.
4.6 – Insurance companies, banks, credit agencies, and service providers may also be recipients of your data for the purposes of contract initiation and performance.
4.7 – For a better understanding of the recipient categories mentioned under Item 4, you will find an assortment of individual businesses at: https://www.rwa.at/unternehmensliste-gemaess-datenschutzerklaerung+2500+1006355.
5. How long will your data be stored?
We will process your data until the end of the business relationship or until the expiration of the applicable guarantee, warranty, limitation, and legal retention periods (i.e., from the Commercial Code (UGB), the Federal Fiscal Code (BAO)), and also until any legal disputes in which the data are needed as evidence have been resolved.
6. What are your data protection rights?
You have, at any time, a right to demand information, correction, deletion, or limitation of the processing of your stored data, a right to object to the processing, as well as a right to data portability and to lodge a complaint according to the provisions of data protection law.
6.1 – Right to demand information:
You may demand information from us as to whether and if so, to what extent, we are processing your data.
6.2 – Right to demand correction:
If we are processing data from you that are incomplete or incorrect, you may demand, at any time, the correction or completion of these data by us.
6.3 – Right to demand deletion:
If we are processing your data in a wrongful manner or if the processing disproportionately impacts your legitimate protection interests, you may demand that we delete your data. Please note that there may be reasons that preclude an immediate deletion, for example in the case of legally regulated duties of retention.
6.4 – Right to demand limitation of processing:
You may demand the limitation of the processing of your data from us if
- You are disputing the correctness of the data, and you may demand such a limitation for a period that permits us to verify the correctness of the data.
- The processing of the data is wrongful, but you refuse a deletion and instead demand a limitation of the data use,
- We no longer need the data for the intended purpose, but you still need these data for the assertion or defense of legal claims, or
- You have lodged an objection to the processing of the data.
6.5 – Right to data portability:
You may demand that we make your data with which you have provided us available in a structured, conventional, and machine-readable format, and that you be allowed to send these data to another responsible party without any hindrance on our part, provided that
- we are processing these data with your revocable consent or for performing a contract between us, and
- this processing is being done using automated processes.
When technologically feasible, you may demand that we forward your data directly to another responsible party.
6.6 – Right of objection:
If we are processing your data out of legitimate interests, you may lodge, at any time, an objection to this data processing on grounds arising from your unique situation; this also applies to a profiling based on these provisions. We will then cease processing your data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights, and freedoms, or if the processing is necessary for the assertion, exercise, or defense of legal claims. You may object to the processing of your data for direct advertising purposes at any time, without having to give reasons.
6.7 – Right of complaint:
If you believe that we have violated Austrian or EU data protection law while processing your data, we request that you contact us in order that we may resolve any issues. Obviously, you also have the right to lodge a complaint before the Austrian data protection authority or before a regulatory authority within the EU.
7. With whom can you assert these rights?
If you wish to assert any of the rights mentioned above against us, please use the email address given in Item 1. In cases of doubt, we may demand additional information in order to confirm your identity. This is to protect your rights and your privacy.