Data Protection Policy Lidl Plus

As of: October 2021

Thank you very much for your interest in Lidl Plus.

Lidl Plus is a customer service programme (hereinafter referred to as “Service” or “Lidl Plus”) of the Lidl Group that is operated by the Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74167 Neckarsulm, Germany (hereinafter referred to as “Lidl Stiftung”, “we”, “us”). The Lidl Stiftung processes the data required for the purposes of the service insofar as responsible entity as the data is raised, collected, analysed and forwarded to local entity Lidl Cyprus (hereinafter referred to with Lidl Stiftung as “Lidl Companies” or “Lidl”).

 

In the future, further organisations can be added to the list if SB Lidl KG has direct or indirect shares in the relevant organisation and they participate in the Lidl Plus offer.

Insofar as these Lidl organisations receive data through the service on the basis of your voluntary consent and inform you about current offers and specials by Lidl, they act themselves as responsible entity in relation to data protection law.

This Data Protection Policy applies to the processing activities done by Lidl Stiftung as the controller. The data protection officer of the Lidl Stiftung can be contacted at the above mentioned postal address or at: dataprotection@lidlplus.com.cy.

The service is aimed at consumers (hereinafter "users" or "you"), who wish to receive personalised information from Lidl Stiftung about offers and promotions from Lidl Plus and offers, products and services from selected partners and Lidl Companies, which correspond as closely as possible to your interests. The basis for determining the relevant interests is the purchasing and usage behaviour with regard to the products and services of the Lidl Companies, which is explained in more detail below.

With Lidl Plus you can enjoy a variety of services that are especially tailored to you. These include, among other things, offers specially tailored to your needs and desires, participation in competition games and exclusive discount and special offers. Depending on where and to what extent you are using the service, Lidl Stiftung forwards your details to certain Lidl Companies to be able to provide you with the relevant service.

  1. What data about your person do we collect and which communication channels do we use for this?

Registration for Lidl Plus

As part of the registration process, we request the following customer data: first name, second name, date of birth, e-mail address, mobile phone number and preferred Lidl store. It is optional to provide us: salutation, gender and your home address (street, house number, post code, city and country). To set the preferred store the geo localisation function of your mobile device can be used.

Data from My Lidl

If you have voluntarily provided certain information about your circumstances and interests in your My Lidl Account, we also collect this information within the framework of Lidl Plus.

Store Visits

When you identify yourself during your store visit at the cash register, we record the store you visited, the products purchased according to amount, type and price, the coupons used, the receipt total as well as time of payment process and payment type. With the allocation of your purchase to your customer account we pursue the purpose stated in paragraph 2, e.g. to be able to make you offers especially adapted to your preferences and interests as well as offer participation in specials.

At the till you can identify yourself with your digital customer card.

Customer Service

When you contact the customer service of Lidl Companies, we use the data that you supply in this context.

Use of the App

When using the Lidl Plus app we collect information about the store where you buy. In addition, we collect information about all contents viewed in the app such as activated coupons, your notification settings, the participation in lotteries, viewed articles and your selected main store. We also collect information about your interaction with the app such as visited sections, the screens seen during each session, the number of clicks and scrolls. Additionally, we process your customer Id (Loyalty ID), information about the operating system version you use, the device identification, the system language and the chosen country as well as the app version used by you.

Your login details are stored and used to carry out the login. So that you do not have to log in again every time you open the app, your login details are saved in the app (encrypted) until you log out of the account.

Purchase summaries can be saved to your end device or be forwarded directly by Messenger, insofar you permit the app access to your photos/ media. The camera of your mobile end device can be used for scanning QR coupons if you give the relevant permission.

As part of the app, we conduct In-App surveys and collect information about your purchasing behaviour, your app usage and personal circumstances as well as interests.

Partner Offers

Via Lidl Plus you also receive the option to avail of special offers from selected partners. To avail of some of these offers you must identify yourself as Lidl Plus customer with your digital customer card. In this case the relevant cooperation partner informs us about the utilisation of the relevant special offer including the information linked to it (e.g. time, amount, place) so that we can adapt our offers even more to your interests. In the event that a special offer shall be granted within Lidl Plus for contracting services of our cooperation partners, the latter will provide us with your contact details (email address and telephone number) so that we can correctly assign the offer to your account.

Analysis of User Behaviour / Cookies

When using the app, we create user segmentation profiles for the purposes of statistical analysis and assign these, if possible, to your person or your e-mail address or customer number. Unless this data is technically necessary to ensure the functionality of the app, we also collect and we use this data only if you have consented to our tracking technologies (see also paragraph 2 of this data protection policy). This also includes the following services or tracking service providers:

Adjust

The Lidl Plus app uses the analysis tool adjust, a product from the company adjust GmbH. When you install the Lidl Plus app, and have consented to the use of tracking technologies used by the app, adjust will analyse the following information on our behalf:

  • Clicks: whenever you click on a link provided by adjust. The clicks are measured to perform attribution analysis, which means understanding the location where you learnt about Lidl Plus app and proceeded to install it, which can be a link on a website, an email campaign or on social media, amongst others.
  • Installs: as soon as you grant your consent for tracking the Lidl Plus app communicates with adjust to indicate that a new install has been carried out. This install is then attributed to the click explained above, when performed by the same device.
  • Sessions: the amount of times Lidl Plus app was opened on your device.
  • Events: your interaction in the Lidl Plus app. Every time you register or log into the Lidl Plus app an event will be created. This is intended to measure the best performing advertising channels.

This information helps us to understand how you interact with our app. In addition, it helps us to analyse and improve our mobile advertising campaigns.

For this analysis of the above mentioned, adjust uses the following advertising identifiers: (i) IDFA (Identifier for Advertising = advertising identification for iOS devices) or (ii) the Android advertising ID or (iii) Huawei ID, the IP-/ MAC address, the HTTP header as well as a fingerprint of your end device (additionally: time of access, country, language, local settings, operating system and version as well as app version). In addition, adjust includes user device- and web activity information, as well as app and event tokens in this analysis. The processing of this data takes place exclusively on a pseudonymised basis. You can at any time deactivate or set back the IDFA, the Android advertising ID and the Huawei ID through your operating system. In the event that IDFA is not available, adjust uses SkAdNetwork, Apple's attribution API, to attribute installations of our app to an advertising campaign.

Adjust also shares this information with our service providers Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") and Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025 ("Facebook"). If Google and Facebook can use this information to identify you, they will provide adjust with information about the advertising campaign that brought you to the App Store/Google Play and how you acted on the App Store/Google Play (including whether you downloaded the app or cancelled it, for example, and similar information). Adjust uses this information to create anonymous statistics for us so that we can track the success of individual advertising campaigns.

Google Firebase

In the app A/B Testing, Analytics, Cloud Messaging, Crashlytics, Dynamic Links, In-App Messaging, Performance, Predictions and Remote Config, analytics services offered by Google ("Firebase"), which among other things are used to analyse app usage. When you install the Lidl Plus app, Firebase makes a record about when and for how long you use the app, what pages of the app are opened, what functions are clicked and what content is displayed. This helps us to understand how you interact with our app. In addition, we can continuously improve the app and offer you more relevant offers/ services based on your user behaviour. Also, we can carry out several app tests in parallel and based on data make further app developments.

For this analysis, Firebase accesses your customer number from the moment of completed registration. Further information about data protection in connection with Google Firebase can be found on the Google Firebase website.

Salesforce

Whilst using the “Help” section in our app our service provider salesforce.com Germany GmbH, Erika-Mann-Str. 31 , 80636 München („Salesforce“) will make use of cookies. Cookies are small text files that are stored on your device when you use the “Help” section. Salesforce will use two types of cookies: technically necessary cookies, without which the functionality of the referred would be limited, and analytical cookies.

Technically necessary cookies:

The following necessary cookies help to make the “Help” section in the app usable. This section cannot properly work without these cookies.

Name

Provider

Purpose

Duration

Type

renderCtx

 

Salesforce

Used to deliver requested pages and content based on a user's navigation.

Session -cookie. Will be automatically deleted after closing the section.

HTTP Cookie

 

pctrk

Salesforce

Used to count section views.

 

Session -cookie. Will be automatically deleted after closing the section.

HTTP Cookie

force-stream

Salesforce

Used to route server requests within Salesforce infrastructure for „sticky sessions“.

 

3 hours

HTTP Cookie

sfdc-stream

Salesforce

Used to route server requests within Salesforce infrastructure for „sticky sessions“.

3hours

HTTP Cookie

force-proxy-stream

Salesforce

Used to ensure client requests hit the same proxy hosts.

3hours

HTTP Cookie

CookieConsentPolicy

Salesforce

Used to correctly apply the user's consent.

 

1 year

HTTP Cookie

 

inst

Salesforce

Used to redirect requests to an instance when bookmarks and hardcoded URLs send requests to a different instance. These types of request can happen after an org migration, a split, or after any URL update.

 

Session -cookie. Will be automatically deleted after closing the section.

HTTP Cookie

 

1

Salesforce

Used for registering the navigation source to properly display the web style

Persistent

HTTP Cookie

 

LSSIndex:LOCAL{"namespace":"c"}

Salesforce

Used for registering the navigation source to properly display the web style

Persistent

HTTP Cookie

 

LSSNextSynthtic:LOCAL

Salesforce

Used for registering the navigation source to properly display the web style

Persistent

HTTP Cookie

source

Salesforce

Used for registering the navigation source to properly display the web style

Persistent

HTTP Cookie

 

 

Analytical cookies:

 

These analytical cookies enable our service provider statistics on the use of the “Help” section for the purpose of tailoring it to your needs. We use the following analytical cookies:

 

Name

Provider

Purpose

Duration

Type

BrowserId

 

Salesforce

Used to log browser sessions/visits for internal-only product analytics.

 

1 year

HTTP Cookie

 

 

Salesforce cookies do not store information that directly identifies an individual. However, they use a unique identification of your device (including other technical details, such as IP address, operating system, internet service provider, etc.). All the data processing whilst using the " Help” section in the app is done on Salesforce servers located in the European Union.

Opt-Out

If you would like to withdraw your tracking consent during your use of Lidl Plus, you can do so at any time with effect for the future and manage the tracking after completing registration via the opt out within the app under “More” à “Legal information” à “Share data in Lidl Plus”.

Map services

In this app you have the possibility to use the map service of the operating system of your mobile device. Thus, interactive maps can be displayed directly in the app and you have the possibility to use the map function comfortably to find e.g. Lidl stores in your area.

In order to use the functions of the map services, it is necessary to process your IP address within the framework of Internet communication. This is usually processed on a server of the respective operating systems. We have no influence on the concrete data processing by providers of the operating systems. Further information on the purpose and scope of data processing can be found in the provider's privacy policy. There you will also find further information about your rights and settings to protect your privacy.

Addresses and privacy policies of the providers:

Links to other websites and apps

Our app includes links to other websites and apps that are operated by one of the Lidl Companies, or of our selected partners described above or from other third parties. When you click on one of the in-app banners of the featured products you will be redirected to the website/app or to your respective app store. The links may also include special tracking technologies which will allow the operators of said websites/apps to understand and to measure where the user learnt about them. We encourage you to review the corresponding privacy policy of each website/app you will be redirected to in order to understand what information will be processed about you by the operator. When redirecting you to any of these website/apps, we process your personal data in order to comply with your (technical) request to visit the respective app or website (Art. 6 Par. 1 b) GDPR), as well as based on the operator’s legitimate interest in carrying out advertising (Art. 6 Par. 1 f) GDPR).

Newsletter/ Push Notifications/ SMS

In addition, we collect information about your user behaviour in relation to the newsletter and other information that we send you as push messages or SMS, store and if possible, assign it to you or your e-mail address or customer number. In relation to this we collect information about time of opening the message and the links or areas clicked by you, selected products, time, duration, and frequency of usage.

We also collect and use this data only if you have consented to this (see also paragraph 2 of this data protection policy).

Special categories of personal data

Not included in the analysis of your above listed personal data are special categories of personal data in the sense of Article 9 Paragraph 1 GDPR (e.g. information about your health or religion). 

2. For what Purpose and on what legal Basis do we process your Personal Data?

We collect the data listed under paragraph 1 to be able to offer you the relevant services of Lidl Plus.

Purpose of Communication, Identification and Protection of your Customer Profile

The customer master data collected as part of the registration serves the communication with you as well as the clear assignation of your shopping and user behaviour to your customer profile.  

If, as part of using our app or in the settings of your mobile end device, you consented to the so-called geo-localisation per dialogue “allow permissions”, we use this function to be able to offer you individual services related to your location. We especially process your location and network based as part of the function “store search” to be able to display the closest stores to you. Geolocation data are not stored permanently by us.

As part of your registration, we ask for your birth date (see paragraph 1 above). Firstly, your participation presupposes that you are at least 18 years old (see paragraph 2 of terms of conditions). Secondly, for reasons of protecting children, there are age limits for advertising certain products (i.e. advertising for alcoholic drinks will not be directed towards children).

Especially we use your e-mail address to protect you from unauthorised access of third parties, by sending you an e-mail alert e.g. when there is access to your account by a strange device, i.e. a device that has not previously been used to access the Lidl Plus app.

Processing of this kind takes place based on legal regulations that allow us to process personal data insofar as it is required for using a service or fulfilling a contract (Art. 6 Par. 1 b) GDPR), and because we have a primary legitimate interest in making the use of the app as easy and efficient as possible (Art. 6 Par. 1 f) GDPR).

Purpose of Optimising the Distribution Areas and the store network

When your address details are available to us, we use these for and optimisation of our leaflet distribution areas, whereby we can limit divergence loss of leaflets and can attempt a more targeted advertising as well as to optimize our store network in order to be able to determine suitable branch locations. Providing details of your address is voluntary. This data is processed based on our legitimate interest in the optimisation of sales channels (Art. 6 Par. 1 f) GDPR).

Purpose of Determining your Product Interests and the optimization of our online offers

To grant you the advantages of the Lidl Plus membership and present you with the best possible individual offers and carry out targeted customer surveys, we would like to get to know you better. For this we first determine which products, specials and services could be interesting and relevant to you. Using this information, we can draw your attention to e.g. discount specials for your favourite products, offer you special advantageous prices and inform you about attractive offers as part of assortment specials.

For this reason, we collect, process and use a number of personal details about your shopping behaviour as well as other behaviour as described under paragraph 1.

The collected personal data could be suitable to make a statement about your product interests. This includes all details listed under paragraph 1.

But the other above listed details could also provide meaningful information about your potential product interests. For this we determine a possible relationship between one or more personal details and product interests. For the determination of this relationship we use mathematical statistical methods. Your personal data is compared with the data from other customers for this. Using this comparison, we can derive what further products and specials have been of interest to customers with similar interests and could also be of interest to you.

These processing operations are carried out on the basis of statutory provisions that allow us to process personal data insofar as it is necessary for the use of a service or the performance of a contract (Art. 6 Par. 1 b) GDPR) and because we have an overriding legitimate interest in aligning our offers as closely as possible with your product interests (Art. 6 Par. 1 f) GDPR).

Provided you have given the appropriate consent, information that we have read from your terminal device can also be included in this profile. In these cases, we process your personal data on the basis of Art. 6 Par. 1 a) GDPR. This applies to the data processing described above under "Online Shop", "Analysis of User Behaviour" and "Newsletter/ Push Notifications/ SMS".

In addition to increasing the informative value of the profile, we also use these findings to optimise the Lidl Plus app and our other online services, provided that this is covered by your consent. The legal basis for this is also Art. 6 Par. 1 a) GDPR.

Purpose of receiving marketing communications

Insofar as you have given the relevant consent, we transmit the data described in paragraph 1 to the companies from the Lidl Companies so that they can inform you per electronic communication (e.g. by e-mail or SMS) and/ or by post about specials, offers and about their relevant products and services and invite you to participate in customer surveys. 

This direct address takes place because you have given us the corresponding consent (Art. 6 Par. 1 a) GDPR).

Purpose of location and time-based Coordination

We process and use your personal data in relation to the location and time of your shopping to be able to provide you with time- and location-based advertising, e.g. by push messaging to your mobile or by SMS. If your preferred shopping day is for example the Saturday, we can especially inform you about the existing sales specials for this weekday. In addition, we can present you with a regional specific offer, if we are informed about in which region you prefer to do your shopping.

Push notifications are messages that are sent from the app to your device and are prioritized there. The app uses push notifications if you have agreed to receive push notifications when installing the app or at any time during use of the app in your device settings. You can deactivate the reception of push notifications at any time.

If we analyse place and time of your shopping, this serves the usage of a service or fulfilment of a contract (Art. 6 Par. 1 b) GDPR) and because we have a primary legitimate interest in adapting our offers as best as possible to the conditions of time and place (Art. 6 Par. 1 f) GDPR).

Purpose of processing customer requests

Personal data that you provide us with when you contact customer service, e.g. via our contact form, will of course be treated confidentially. We use your data exclusively for the purpose of processing your inquiry and to handle and answer your privacy right requests.

In order to be able to process your customer service inquiries in the best possible way, we also make the data provided above available to other Lidl Companies. This means that it is not necessary to record and store this data again in order to process your inquiries. The Lidl Companies use your data exclusively for the purpose of verifying you as a customer or user and processing your inquiry.

The legal basis for processing your data is Art. 6 Par. 1 b) GDPR, as this is necessary to process your request, as well as Art. 6 Par. 1 f) GDPR.

Our and your concurrent (legitimate) interest in this data processing results from the goal of answering your inquiries, solving any problems that may arise and thus maintaining and promoting your satisfaction as a customer or user of our service or those of other Lidl Companies.

The legal basis for processing your requests under data protection law is Art. 6 Par. 1 c) GDPR, as this is necessary to comply with our legal obligation to process your request.

Purpose of providing the app

We process the data collected in the course of using the app so that our app can function properly.  In particular, we need this information so that the app can save your preferred settings, such as country and language, so that we can quickly solve technical problems and so that you can access certain areas. This data is not used to create user profiles.

The use of maps services is based on our contractual relationship with you, Art. 6 Par. 1 b) GDPR as well as on our legitimate interest of an appealing presentation of our offers and making it easy to find the locations we have indicated in the App. This constitutes a legitimate interest within the meaning of Art. 6 Par. 1 f) GDPR.

3. To whom do we forward your personal Data?

We also make your personal data available to third parties as follows:

Disclosure to service providers

In part we use service providers to process your data. The companies working for us in this way are carefully selected and contracted in writing. They are bound by our instructions and are controlled before starting data processing and subsequently on a regular basis. These companies never pursue their own purposes with your personal data within the scope of their activities for us.  

In connection with this we forward your details to receivers who:

  • provide storage capacity, databank systems or similar things,
  • provide technical support,
  • consult in marketing-technical matters.

Disclosure to operators of the connected Lidl services

Within the Lidl Companies (see paragraph 1 above) we forward the following data to the relevant national company under the conditions described above:

 

  • Your product preferences determined for the targeted presentation of content relevant to you.
  • Your customer number if you are taking part in a competition organized by the national company, as well as your first and last name and telephone number if you have been drawn as a winner.

If the data provided by you is required to process an inquiry via our customer service, your data can be forwarded to Lidl Companies. We also pass on the above-mentioned data to those Lidl Companies with whom you contact in the context of customer service inquiries. Furthermore, it may be necessary that we send extracts from your inquiry to contractual partners (e.g., suppliers for product specific requests) for the processing of your inquiry.

Under no circumstances do we make your data available to other companies outside of the Lidl Companies, who may want to use it for direct marketing purposes.

If we transfer personal data to recipients in the third-party countries (countries outside of the European Economic Area) you can derive that from the information regarding data processing by our service providers described in the present data protection policy. Through the adoption of adequacy decisions, the European Commission determined whether such third-party country offers an adequate level of data protection. The exact list of the country with an adequacy decision can be found here. If for a third-party country no adequate protection level has been determined by the European Commission, we ensue that the adequate level of data protection is provided by other measures such as: binding corporate rules, standard contractual clauses, certifications mechanism or recognised codes of conduct. Please contact our data protection officer (Page 1) in case that you would like to obtain further information.

4. How do we guarantee Confidentiality for your personal Data?

To guarantee confidentiality of your personal data, it is prohibited to our employees working in data processing to collect, process or use personal data in any unauthorised way. Our carefully recruited employees are highly aware of data protection issues and are contractually committed to data secrecy before the start of their employment contract and this obligation continues to exist after termination of the employment relationship.

5. How do we guarantee the Safety of your personal Data?

The safety of your data is very important to us. Therefore, we maintain technical and organisational measures to protect your personal data especially from dangers in data transmission and from falling into the hands of unauthorised third parties. These measures are regularly adjusted and updated to modern technology.

6. How long do we store your personal Data?

We delete or anonymise your personal data as soon as it is no longer required for the purposes for which we process it according to the paragraphs above. Generally, we store your personal data for the duration of your participation in the service Lidl Plus. If you are inactive for 24 months, we will inform you about the pending deletion. In this case you can object to the deletion by opening or logging into the app again.

We store your mobile phone number for a duration of 6 months from termination of your participation for the purpose of preventing abuse of re-registration. Otherwise the data is deleted after 72 hours from cancelling Lidl Plus. Within these initial 72 hours you have the option to re-instate your customer account by logging in again. The deletion process is then cancelled. If your data is required longer due to legal storage periods or to secure, assertion or enforcement of legal claims, we store your data corresponding with data protection regulations after the cancellation of Lidl Plus, as long as required in each case by law or required to fulfil the purposes.

All personal data that you send us when you contact customer service will be deleted or anonymised by us at the latest 90 days after the final reply has been given. Experience has shown that, as a rule, queries regarding our answers do not occur after 90 days. If you assert your rights as a data subject your personal data will be stored for 3 years after the final reply has been given to you as proof that we have provided you with comprehensive information and that the legal requirements have been met.

7. What Rights do you have in relation to the Processing of your Data?

Naturally, on request, we disclose the information according to Art. 15 GDPR (especially the data stored about your person, the receiver or the categories of receivers to whom it is forwarded, the purpose of data storage etc.). This information is free of charge.

In addition, under the relevant legal conditions you have the right to have incorrect data corrected; or you can have your personal data deleted and restrict the processing or transmission.  

Further, you have the right to lodge a complaint with the responsible supervisory authority.

In the cases where the data processing is based on Art. 6 Par. 1 e) or f) GDPR, or takes place for the purpose of direct marketing, you have the right to object to the processing.

If you gave consent, you can at any time revoke it with effect for the future, e.g., within the app under “Help” à “Contact us” or (if you would like to directly deselect individual notification channels) under “Settings” à “Notifications” or by sending an e-mail to: info@lidl.com.cy.

If you wish to withdraw your consent to the analysis of the use of this app/ My Lidl Account, you can make the appropriate setting within the app under “More” à “Legal information” à “Share data in Lidl Plus”.

8. No Obligation to provide Data

If you provide these details yourself, you do not have the obligation to give the previously mentioned voluntary details. However, without these details we are not able to make the full Lidl Plus services based on these details available to you. Only optional data fields are marked as such.

9. Can we change the Data Protection Policy?

Changes to this in data protection policy can become necessary due to changes in legal position or conditions of data processing of Lidl Plus. If, for example, the purposes for collection, processing or usage of your personal data, or the identity of the responsible identity and categories of receiver’s change, you will be informed and insofar as required we will ask for your consent.

10. Creation and use of My Lidl Account 

My Lidl Account is a service (hereinafter the "Service" or "My Lidl") of the Lidl group of companies (hereinafter referred to as "Lidl") operated by Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74167 Neckarsulm ("Lidl Stiftung", "we", "us"). Lidl Stiftung processes the data required for the purposes of the Service as the responsible party insofar as it collects, aggregates, evaluates and transmits the data to other companies of the Lidl group of companies for the performance of the Service.

This data protection notice applies to the processing activities of Lidl Stiftung as the data controller. The data protection officer can be reached at the above postal address.

The password-protected My Lidl account is a single sign-on service that allows you to register and/or log in to several Lidl online services such as online stores, click and collect service, apps, etc. with a single user name and password. (hereinafter referred to as "Target Service") without having to use separate login data in each case. The target service within the scope of this data protection notice is Lidl Plus. My Lidl stores the customer master data described in section 1 as well as the customer master data that you provided when registering/logging in to other Lidl online services.

If you register with the target service without having previously registered with other Lidl online services, you will automatically set up the My Lidl account. If you have previously registered with another online service integrated with My Lidl Account, you can simply register with the Target Service using your existing credentials. If Lidl offers new online services in the future, you can use them via your My Lidl account.

10.1 What personal data do we collect?

Registration for My Lidl account

If you register with the target service without having previously registered with another Lidl online service and thus set up the My Lidl account for the first time, we ask for the following customer master data as part of the registration process: First name, last name, date of birth, e-mail address, mobile phone number and preferred Lidl store. Optionally, salutation, gender, and address (street, house number, postal code, city and country) can be specified. The geolocation function of your mobile device can also be used to optionally determine the preferred branch. If you log in to the target service with an already existing My Lidl account, we will only ask for the above-mentioned customer master data that you have not already provided for other Lidl online services.

We also collect data such as: Your IP address, the duration of your stay on My Lidl, online identifiers such as device ID, browser details, i.e. browser name and version, name and version of the operating system of the device on which the browser is installed and network-based location data of your device when logging in.

About me

If you voluntarily enter certain information about your circumstances and interests in the "About Me" section, we will store this data for your overview in My Lidl.

Analysis of user behavior / cookies

Cookies are used when you use My Lidl. We use two types of cookies: technically necessary, without which the functionality of My Lidl would be limited, and optional statistics cookies. An overview of the cookies used with further information (e.g. on storage duration) can be found in our Cookie Terms.

10.2 For what purposes and on what legal basis do we process your personal data?

Purpose of registration, login and account management

In order to provide you with the greatest possible convenience in your user experience, we store your personal data in My Lidl. After setting up this customer account, you do not need to enter your personal data again for the usage process.

On the contrary, your My Lidl account can henceforth be used for the use of all connected online services of Lidl without the need for a separate registration or a renewed entry of detailed user data in each case. After registration, you also have the option to unsubscribe from individual services. In addition, you can view and change your personal data stored in My Lidl at any time.

To set up a My Lidl account, you must enter a password of your own choice. This is used together with your e-mail address or mobile phone number to access My Lidl. The registration process is completed when the telephone number provided by the user has been validated and registration has been finally confirmed by the operator.

The legal basis for this is Article 6(1)(b) GDPR, i.e. you provide us with the data on the basis of the contractual relationship between you and us.

Purpose of securing your customer profile

In the context of registration and/or login, we use Google reCaptcha, a service provided by Google, on the basis of Article 6(1)(f) GDPR. Our legitimate interest here lies in the protection of your data and our systems. In this context, an analysis of various information is used to determine whether the data entry is made by a human or by an automated program. This analysis begins automatically as soon as you open My Lidl. For the analysis, Google reCaptcha evaluates various information (e.g. IP address, your time spent on the page or mouse movements made by the user). The information generated is transferred to a Google server in the USA and processed there. The collection and analysis do not enable us or Google to identify you. In particular, the information will not be merged by Google with personal data of you. For more information on Google reCaptcha, please visit https://policies.google.com/privacy?hl=en or https://policies.google.com/terms?hl=en.

In addition, we use your IP address as well as the online identifiers described above and network-based your location to prevent abuse and prevent and detect any security breaches and other prohibited or unlawful activities. For example, if you login from a new/unknown device, we may notify you of such a login attempt. The processing of this data is based on our legitimate interest in monitoring and improving the information security of our service (Art. 6 (1) (f) GDPR).

10.3 To whom do we disclose your personal data?

Recipients/categories of recipients

Your data may be passed on to the operator of the respective target service for the purpose of processing purchase contracts or other services that have been ordered via the online services covered by My Lidl. The latter receives those data that are required for the provision of the service ordered in each case, insofar as these have been stored by you in My Lidl, i.e. depending on the offer:

- Verification of log-in data (e-mail address, password, telephone number if applicable).

- Master data (name, address, date of birth)

In addition, we use service providers to process your data. The companies acting on our behalf are carefully selected and commissioned in writing. They are bound by our instructions and are inspected by us before the start of data processing and regularly thereafter. These companies never pursue their own purposes with your personal data. In this context, we forward your data to recipients who provide us with

- provide us with storage capacity, database systems or similar,

- provide technical support and

- provide us with marketing advice

as well as to support us in the processing of user inquiries regarding the functionality of the "About Me" area. We exclude any further transfer of your data to third parties.

If we transfer personal data to recipients in third countries (countries outside the European Economic Area), you can infer this from the information on data processing by our service providers described in this privacy notice. By adopting adequacy decisions, the European Commission has determined whether such a third country provides an adequate level of data protection. The exact list of countries with an adequacy decision can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. If an adequate level of protection has not been determined by the European Commission for a third country, we will ensure that the adequate level of data protection is provided through other measures, such as: binding internal data protection rules, standard contractual clauses, certification mechanisms or recognized codes of conduct. Please contact our Data Protection Officer (see above) if you would like more information.

10.4 How do we ensure the confidentiality of your personal data?

To ensure the confidentiality of your personal data, our employees involved in data processing are prohibited from collecting, processing or using personal data without authorization. Our carefully selected employees, who are sensitive to data protection law, are contractually obligated to maintain data secrecy at the beginning of their employment. This obligation continues after termination of the employment relationship.

10.5 How long do we store your personal data?

If you have only registered with the Target Service via My Lidl, your data will be deleted accordingly as soon as you request the deletion of your account with the Target Service. Please note, however, that if you have registered with several Lidl online services via My Lidl, your My Lidl account and all personal data stored by us will only be deleted once all online services linked to My Lidl have been deleted. The retention periods described in the data protection notices of the target service apply accordingly. If you modify or remove information about your circumstances or interests in "About me", the modified or removed information will be deleted immediately.  

Incidentally, the processing and storage of data is the responsibility of the respective operator of the service used, who uses the data required to provide the service ordered for this purpose and then archives it in accordance with the statutory retention periods (the retention periods described in the data protection information of the target service apply accordingly).

Data Protection Information for Download

application/pdf | 304KB