Privacy Policy for Business Partners

PRIVACY IS IMPORTANT TO US

We are committed to the protection of your personal information and want you to understand how we use personal information received in the context of our relationships with business partners.

Lidl Ireland GmbH (“Lidl”) uses personal information is only in accordance with the law, including the General Data Protection Regulation and the Data Protection Acts 1988 to 2018. We may use personal information in the course of entering or continuing contractual relationships with our partners. The type of information we use will depend largely on the type of services involved and it may be the case that some categories in this policy will not apply in all instances.

WHAT DATA IS COLLECTED AND HOW?

Lidl will usually collect personal information directly from you in the course of business (i.e. name, phone number, email address etc.) however in some instances this may be collected from other companies, government agencies, or other parties. Personal information collected may in include that received through whistleblower channels. This may include Information obtained in connection with our whistleblower channels.

Lidl may use the following types of personal information:

•    Name;
•    Address;
•    Email Address;
•    Phone Number;
•    Date of Birth;
•    Place of Birth;
•    Nationality;
•    Extracts from Commercial Registers;
•    Subscriptions;
•    Payment Data;
•    Data on Orders;
•    Credit Data;
•    Corporate Structures and Ownership;
•    Photo and Video Recordings;
•    Other Similar Categories of Data.

You have the choice whether you would like to communicate with us by e-mail or by post. Communication by e-mail may be unencrypted for technical reasons.

PURPOSES AND LEGAL BASIS FOR PROCESSING

Processing takes place for the following reasons:

•    Performance of a contract;
•    Compliance with a legal obligation;
•    Necessary for Lidl’s legitimate interests.

Lidl may use personal data in the administration of its business relationships with its partners to allow staff to communicate freely. Occasionally additional data is collected when entering business relationships, such as credit data collected from credit reporting agencies. In most cases, Lidl will only receive data relating to corporate bodies, but is some circumstances personal data may be processed, including names, dates of birth, address, and payment information. This information is already readily obtainable by business partners from credit reporting agencies directly.

Processing for the purpose of legal obligations may include storage and identification requirements (i.e. anti-money laundering, tax, or reporting requirements etc.).

In some cases it may be necessary to use personal information provided by our partners before contractual relations have been formally established or beyond the performance of such contracts. Lidl may process this data in pursuit of its legitimate interests, which may include, but will not be limited to, tendering processes, responding to or asserting legal claims, maintaining access controls, loss mitigation and prevention of criminal activities, whistleblowing, and compliance processes.

WHO WILL HAVE ACCESS TO YOUR DATA?

Lidl will not share your personal information with any members of staff or departments that do not require access for the essential purposes set out in this policy. Internally, only those members of Lidl’s staff that require your data to administer our relationships with our business partners, to comply with legal or contractual obligations, or to perform other related functions will have access to your data. All Lidl staff that have access to personal data are under contractual and legal obligations of confidentiality.

Lidl may retain contractors or other service providers who may be permitted to access and process your personal information. Any such activity will be governed by contract to ensure compliance with data protection law. Lidl may also share personal information within its Group companies, the Schwarz Group, in order to fulfil its contractual obligations. 

HOW LONG WILL WE KEEP YOUR DATA?

Lidl will keep personal information for as long as it is required for the above stated purposes. More specific retention times may vary depending on the business partner involved and requirements of Lidl’s contractual relationships. Lidl at all times will retain personal information in accordance with the law for no longer than is necessary.

WHY IS YOUR DATA REQUIRED?

You may be asked to provide your personal information as part of our business relationship. This is so that you and Lidl can begin, conduct, and terminate a business relationship. Although Lidl contracts with companies in many cases, contact information for their principals and representatives is required to continue the business relationship and for necessary communication in that context. This allows you, your company, and Lidl to conduct our business relationship efficiently. Without this, our business relationships would not be possible.

WILL MY DATA BE TRASFERRED TO ANOTHER COUNTRY?

Lidl stores any personal information it holds within the European Economic Area (EEA). Transfers outside of the EEA will take place only in the event that the EU Commission has confirmed that the recipient country ensures an adequate level of protection of personal data by reason of its domestic law or international commitments or where appropriate and approved safeguards have been put in place (i.e. standard contractual clauses). Transfers may also be made where you have given your explicit consent to such transfer.

WHAT ARE THE AFFECTED RIGHTS YOU HAVE?

You have the right to access your personal information held by Lidl and, in some instances where Lidl is not required to hold your information legally or under contract, to have it deleted. You may also object to Lidl’s processing of your information or apply to us to restrict such processing. If we hold your data solely on the basis of your consent, you have the right to revoke your consent at any time. You also have the right to contact the Data Protection Commission if Lidl is unable to address your concerns.
 
RESPONSIBLE PARTY

While Lidl may process personal data received from its business partners in the course of our business relationships, in most cases the controller of your personal data will be the company you are engaging on behalf of.

QUESTIONS OR COMMENTS?

You can contact us at

Data Controller
Lidl Ireland GmbH
Main Road
Tallaght
Dublin 24

data.controller@lidl.ie