The browser is not supported
To display the website correctly, please use one of the following browsers.CautionPlease update your browser, if you proceed with this browser, your shopping experience might not be successful!

Privacy Policy - Customer Support Evaluation

Thank you for your interest in participating in our survey on your experience with our customer care.

We take the protection of your personal data very seriously and therefore strive to guarantee your right to retain control over your personal information (informational self-determination). This privacy policy explains which personal data we collect, process and use, when and for what purpose.

Unless otherwise stated in the individual sections (designated as such by headings) of this privacy policy, the controller responsible for processing within the meaning of Article 4(7) of the EU General Data Protection Regulation (GDPR) is:

LIDL Cyprus

Industrial Area

Emporiou Street 19

CY- 7100 Aradippou - Larnaca

Use of the survey tool

2.1 Use of cookies and other similar technologies to process usage data

Purposes of the processing/legal bases:

We, Lidl Stiftung & Co. KG, are the controller with respect to data processing in connection with the use of "cookies" and other similar technologies to process usage data on all (sub-)domains at

Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any harm to your end device, nor do they contain any viruses, trojans or other malware. The cookie stores certain information that results in connection with the specific end device deployed. This does not, however, mean that we will immediately become aware of your identity.

Technically necessary cookies and other technically necessary technologies are used to process usage data in order to provide our survey.

For an overview of the cookies and other technologies we use, including the respective purposes of processing, storage periods and any third party providers involved, see our cookie list below.

Depending on the purpose, the use of technically necessary cookies and similar necessary technologies to process usage data involves processing the following types of personal data in particular:

  • user inputs, in order to remember inputs across multiple sub-pages (e.g., to save your cookie settings);
  • security-related events (Detection of fraudulent input behavior);

The legal basis for using technically necessary cookies is Article 6(1)(f) GDPR because we have a (shared) legitimate interest in providing our platform for collecting data to improve our store offerings.

force-streamSalesforceRequiredUsed to redirect server requests for sticky sessions.3 hours
force-proxy-streamSalesforceRequiredEnsure client requests hit the same proxy hosts and are more likely to retrieve content from cache.3 hours
instSalesforceRequiredUsed to redirect requests to an instance when bookmarks and hardcoded URLs send requests to a different instance. Session
instSalesforceRequiredThis type of redirect can happen after an org migration, a split, or after any URL update.Session
_gaSalesforceFunctionalA third-party cookie that’s used if the site admin chooses to track site users with a Google Analytics tracking ID.2 years
CookieConsentPolicySalesforceRequiredUsed to apply end-user cookie consent preferences set by our client-side utility.1 year
languageSalesforceRequiredIdentifies the language for custom components and flows, which support multiple languages. Without this cookie, translations for custom features can appear incorrectly.Session
BrowserID_secSalesforceRequiredUsed for security protections.1 year
sfdc-streamSalesforceRequiredUsed to properly route server requests within Salesforce infrastructure for sticky sessions.3 hours
BrowserIdSalesforceRequiredUsed for security protections.1 Year

Recipients/categories of recipient:

When using cookies and similar technologies to process usage data, we retain specialized service providers, particularly those specializing in customer surveys, to process data.

They process your data on our behalf as processors. Each has been carefully selected and bound by contract in accordance with Article 28 GDPR. All of the companies listed as service providers in our cookie list act as processors on our behalf.

Storage time/criteria for determining storage time:

For information on the duration of storage for cookies, see our cookie list above.

3. Customer Care experience survey

Purposes of the processing/legal bases:

We use our customer care survey to collect data on your subjective experience with our customer care so that we can continuously improve your service experience.

We ask you to provide no personal data during the survey. The survey is created in context of your submitted request to the customer care before. Therefore we are able to connect your survey results with your provided case for reporting purposes.

The legal basis for this is Article 6(1)(f) GDPR, i.e., our shared legitimate interest in improving your experience with our customer care.

Recipients/categories of recipient:

We retain specialized service providers, particularly those specializing in customer surveys, to process data. They process your data on our behalf as processors. Each has been carefully selected and bound by contract in accordance with Article 28 GDPR.

Storage time/criteria for determining storage time:

We delete or anonymize your personal data depending on the related submitted request to customer care. Find enclosed the list of deletion periods counting from closing date:

  • Critical requests are anonymized after 150 days. Critical requests are requests related to critical defective products like e.g. burning toaster, which can have impact on the health of customers.
  • Authority related cases will be anonymized after 720 days.
  • All other requests are anonymized between 45-90 days. 45 days are the minimum for standard requests. For cases that involve criticism we store up to 90 days in case further investigation is needed after final reply from customer care.

4. Data transfers to countries outside the EEA

If we transfer data to recipients in a third country (located outside of the European Economic Area), this will be evident in the information on the recipients/categories of recipient in the description of the respective data processing. Some third countries have been certified by the European Commission through so-called adequacy decisions as having a level of data protection comparable to that offered in the European Economic Area. A list of these countries is available at Where no comparable data protection standard exists in a given country, we take other measures to ensure that an adequate level of data protection is guaranteed by other means, such as binding corporate rules, the European Commission's standard contractual clauses on the protection of personal data, certificates or recognized codes of conduct. For further information, please contact our data protection officer (section 8).

7. Rights of the data subject

If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.

If the basis of processing is Article 6(1)(f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will no longer be processed thereafter, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject in the objection.

If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR.

If the data processing is carried out on the basis of consent granted under Article 6(1)(a) GDPR, you may revoke that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.

In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail the data protection officer.

You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.

8. Other questions

If you have any further questions regarding the collection, processing and use of your personal data, please contact our data protection officer:

LIDL Cyprus

Industrial Area

Emporiou Street 19

CY- 7100 Aradippou - Larnaca

Last updated: 9/21/2020