Data Protection Policy
Status: January 2021
Thank you very much for your interest in Lidl Plus.
Lidl Plus is a customer service (hereinafter “Service”) programme of the Lidl Group that is operated by Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74167 Neckarsulm, Germany (“Lidl Stiftung”, “we”, “us”), which processes the data required for the purposes of the Service as responsible entity as the data is raised, collected, analysed and forwarded to other organisations within the Lidl Group. Part of the Lidl group are also various national and regional centres, which are individually listed here.
The list contains only the relevant and current Lidl national companies. In the future, further organisations can be added to the list if SB Lidl KG has direct or indirect shares in the relevant organisation and they participate in the Lidl Plus offer.
This Data Protection Policy applies to the processing activities done by Lidl Stiftung as data controller. The data protection officer of the Lidl Stiftung can be contacted at at the above mentioned postal address or at: email@example.com.
The service is aimed at consumers (hereinafter "users" or "you"), who wish to receive personalised information from Lidl Stiftung about offers and promotions from Lidl Plus and offers, products and services from selected partners and Lidl Companies, which correspond as closely as possible to your interests and your purchase history.
With Lidl Plus you can enjoy a variety of services that are especially tailored to you. These include among other things offers especially adapted to your needs and desires, the participation in competition games and exclusive discounts and specials offers. Depending on where and to what extent you are using the Services, Lidl Stiftung forwards your details to certain Lidl organisations to be able to provide you with the relevant Service.
1. What data about your person do we collect and which communication channels do we use for this?
Registration for Lidl Plus
As part of the registration process we request the following customer data: first name, second name, date of birth, e-mail address, salutation, mobile phone number and preferred Lidl store. It is optional to provide us your: address (street, house number, post code, city and country) and gender. To set the preferred store the geo localisation function of your mobile device can be used.
Data from My Lidl
If you have voluntarily provided certain information about your circumstances and interests in your My Lidl Account, we also collect this information within the framework of Lidl Plus.
When you identify at the till, we record the store visited by you, the products purchased according to amount, type and price, the coupons used, the receipt total as well as time of payment process and payment type. With the allocation of your purchase to your customer account we pursue the purpose stated in paragraph 2, e.g. to be able to make you offers especially adapted to your preferences and interests as well as offer participation in specials.
At the till you can identify yourself either with your digital customer card or with the mobile phone number provided at registration.
When you contact our customer service of any company of the Lidl Group, we use the data that you supply in this context.
Use of the App
When using the Lidl Plus App we collect information about the store where you buy. In addition, we collect information about all contents viewed in the app such as activated coupons, your notification settings, your selected main store and viewed articles. We also collect information about your interaction with the app such as visited sections, the screens seen during each session, the number of clicks and scrolls. Additionally, we process your customer Id (Loyalty ID), information about the operating system version you use, the device identification, the system language and the chosen country as well as the app version used by you. As part of the app, we conduct In-App surveys and collect information about your purchasing behaviour, your app usage and personal circumstances as well as interests.
Your login details are stored and used to carry out the login. So that you do not have to log in again every time you open the app, your login details are saved in the app (encrypted) until you log out of the account.
Digital till receipts can be saved to your end device or be forwarded directly by Messenger, insofar you permit the app access to your photos/ media. The camera of your mobile end device can be used for scanning QR coupons if you give the relevant permission.
Analysis of User Behaviour / Cookies
When using the app, we create user segmentation profiles, for purposes of statistical analysis and assign these, if possible, to your person or your e-mail address or customer number. We also collect and use this data only if you have consented to our tracking technologies (see also section 2 of this data protection notice). This also includes the following services or tracking service providers:
The Lidl Plus app uses the analysis tool Adjust, a product from the company Adjust GmbH. When you install the Lidl Plus app, Adjust saves amongst other things, installation and event data from your Lidl Plus app (e.g. app usage or interaction in customer account). This information helps us to understand how you interact with our app. In addition, it helps us to analyse and improve our mobile advertising campaigns. For this analysis, Adjust uses the IDFA (Identifier for Advertising = advertising identification for iOS devices) or the Android advertising ID, the IP-/ MAC address, the HTTP header as well as a fingerprint of your end device (additionally: time of access, country, language, local settings, operating system and version as well as app version). In addition, user device- and web activity information, as well as app and event tokens. The processing of this data takes place exclusively on a pseudonymised basis. You can at any time deactivate or set back the IDFA and Android advertising ID through your operating system.
Adjust also shares this information with our service providers Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") and Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025 ("Facebook"). If Google and Facebook can use this information to identify you, they will provide adjust with information about the advertising campaign that brought you to the App Store/Google Play and how you acted on the App Store/Google Play (including whether you downloaded the app or cancelled it, for example, and similar information). Adjust uses this information to create anonymous statistics so that we can track the success of individual advertising campaigns.
In the app A/B Testing, Analytics, Cloud Messaging, Crashlytics, Dynamic Links, In-App Messaging, Performance, Predictions and Remote Config are used, analysis services offered by Google ("Firebase"), which among other things are used to analyse app usage. When you install the Lidl Plus app, Firebase makes a record about when and for how long you use the app, what pages of the app are opened, what functions are clicked and what content is displayed. This helps us to understand how you interact with our app. In addition, we can continuously improve the app and offer you more relevant offers/ services based on your user behaviour. Also, we can carry out several app tests in parallel and based on data make further app developments.
For this analysis, Firebase accesses your customer number from the moment of completed registration. Further information about data protection in connection with Google Firebase can be found on the Google Firebase website.
Technically necessary cookies:
The following necessary cookies help to make the “FAQ” section in the app usable. This section cannot work properly without these cookies.
|renderCtx||Salesforce||Used to deliver requested pages and content based on a user's navigation.||Session -cookie. Will be automatically deleted after closing the section.|
|pctrk||Salesforce||Used to count section views.||Session -cookie. Will be automatically deleted after closing the section.|
Used to route server requests within Salesforce infrastructure for „sticky sessions“.
|sfdc-stream||Salesforce||Used to route server requests within Salesforce infrastructure for „sticky sessions“.||3 hours|
|force-proxy-stream||Salesforce||Used to ensure client requests hit the same proxy hosts.||3 hours|
These analytical cookies enable our service provider statistics on the use of the “FAQ” section for the purpose of tailoring it to your needs. We use the following analytical cookies:
Used to log browser sessions/visits for internal-only product analytics.
Salesforce cookies do not store information that directly identifies an individual. However, they use a unique identification of your device (including other technical details, such as IP address, operating system, internet service provider, etc.). All the data processing whilst using the "FAQ” section in the app is done on Salesforce servers located in the European Union.
If you would like to withdraw your tracking consent during your use of Lidl Plus, you can do so at any time with effect for the future and manage the tracking after completed registration via the opt out within the app under “More” > “Legal information” > “App Analytics”.
In case that you use a device with Android operating system, you will have a possibility to use in this app functions and contents of Google Maps. Thus interactive maps can be displayed directly in the app and you have the possibility to use the map function comfortably to find e.g. Lidl stores in your area.
Links to other websites and apps
Newsletter/ Push Notifications/ SMS
In addition, we collect information about your user behaviour in relation to the newsletter and other information that we send you as push messages or SMS, store and if possible, assign it to you or your e-mail address or customer number. In relation to this we collect information about time of opening the message and the links or areas clicked by you, selected products, time, duration and frequency of usage.
We also collect and use this data only if you have consented to this (see also point 2 of this data protection information).
Special categories of personal data
Not included in the analysis of your above listed personal data are special categories of personal data in the sense of Art. 9 Par. 1 of the GDPR (e.g. information about your health or religion).
2. For what Purpose and on what legal basis do we process your Personal Data?
We collect the data listed under paragraph 1 to be able to offer you the relevant services of Lidl Plus.
Purpose of Communication, Identification and Protection of your Customer Profile
The customer master data collected as part of the registration serves the communication with you as well as the clear assignation of your shopping and user behaviour to your customer profile.
If, as part of using our app or in the settings of your mobile end device, you consented to the so-called geo-localisation per dialogue “allow permissions”, we use this function to be able to offer you individual services related to your location. We especially process your location and network based as part of the function “store search” to be able to display the closest stores to you. Geolocation data are not stored by us.
As part of your registration we ask for your birth date (see paragraph 1 above). Firstly, your participation presupposes that you are at least 18 years old (see paragraph 2 of terms of conditions). Secondly, for reasons of protecting children, there are age limits for advertising certain products (i.e. advertising for alcoholic drinks will not be directed towards children)
Especially we use your e-mail address to protect you from unauthorised access of third parties, by sending you an e-mail alert e.g. when there is access to your account by a strange device, i.e. a device that has not previously been used to access the Lidl Plus app.
Processing of this kind takes place based on legal regulations that allow us to process personal data insofar as it is required for using a service or fulfilling a contract (Art. 6 Par. 1 b) GDPR), and because we have a primary legitimate interest in making the use of the app as easy and efficient as possible (Art. 6 Par. 1 f) GDPR).
If you use the contact form within the app, we save and use the information provided by you in the form to process your request as best as possible. The processing of your details transmitted in your message takes place based on Art. 6 Par. 1 b) GDPR.
Purpose of Optimising the Distribution Areas
When your address details are available to us, we use these for identification and optimisation of our flyer distribution areas, whereby we can limit divergence loss of flyers and can attempt a more targeted advertising. Providing details of your address is voluntary. This data is processed based on our legitimate interest in the optimisation of sales channels (Art. 6 Par. 1 f) GDPR).
Purpose of Determining your Product Interests and the optimisation of our online offers
To grant you the advantages of the Lidl Plus membership and present you with the best possible individual offers and carry out targeted customer surveys, we would like to get to know you better. For this we first determine which products, specials and services could be interesting and relevant to you. Using this information, we can draw your attention to e.g. discount specials for your favourite products, offer you special advantageous prices and inform you about attractive offers as part of assortment specials.
For this reason, we collect, process and use a number of personal details about your shopping behaviour.
The collected personal data could be suitable to make a statement about your product interests. This includes all details listed under point 1.
But the other above listed details could also provide meaningful information about your potential product interests. For this we determine a possible relationship between one or more personal details and product interests. For the determination of this relationship we use mathematical statistical methods. Your personal data is compared with the data from other customers for this. Using this comparison, we can derive what further products and specials have been of interest to customers with similar interests and could also be of interest to you.
Processing takes place based on legal regulations that allow us to process personal data insofar as this is required for the usage of a service or fulfilment of a contract (Art. 6 Par. 1 b) GDPR) and because we have a primary legitimate interest in adapting our offers as best as possible to your product interests (Art. 6 Par. 1 f) GDPR).
Provided you have given the appropriate consent, information that we have read from your terminal device can also be included in this profile. In these cases, we process your personal data on the basis of Art. 6 Par. 1 lit. a GDPR. This applies to the data processing described above under "Analysis of User Behaviour" and "Newsletter/ Push Notifications/ SMS".
In addition to increasing the informative value of the profile, we also use these findings to optimise the Lidl Plus app and our other online services, provided that this is covered by your consent. The legal basis for this is also Art. 6 para. 1 lit. a GDPR.
Purpose of receiving marketing communications
Insofar as you have given the relevant consent, companies from the Lidl Group inform you per electronic communication (e.g. by e-mail or SMS) and/ or by post about specials and offers from your relevant assortment and invite to participate in customer surveys.
This direct address takes place because you gave us the relevant consent (Art. 6 Par. 1 a) GDPR).
Purpose of location and time-based Coordination
We process and use your personal data in relation to place and time of your shopping to be able to provide you with time and location-based advertising, e.g. by push messaging to your mobile or by SMS. If your preferred shopping day is for example the Saturday, we can especially inform you about the existing sales specials for this weekday. In addition, we can present you with a regional specific offer, if we are informed about in which region you prefer to do your shopping.
Push notifications are messages that are sent from the app to your device and are prioritised there. The app uses push notifications if you have agreed to receive push notifications when installing the app or at any time during use of the app in your device settings. You can deactivate the reception of push notifications at any time.
If we analyse place and time of your shopping, this serves the usage of a service or fulfilment of a contract (Art. 6 Par. 1 b) GDPR) and because we have a primary legitimate interest in adapting our offers as best as possible to the conditions of time and place (Art. 6 Par. 1 f) GDPR).
Purpose of processing customer requests
Personal data that you provide us with when you contact customer service will of course be treated confidentially. We use your data exclusively for the purpose of processing your inquiry.
The legal basis for data processing is Art. 6 para. 1 f) or b) GDPR. Our and your concurrent (legitimate) interest in this data processing results from the goal of answering your inquiries, solving any problems that may arise and thus maintaining and promoting your satisfaction as a customer or user of our service.
Purpose of providing the app
We process the data collected in the course of using the app so that our app can function properly. In particular, we need this information so that the App can save your preferred settings, such as country and language, so that we can quickly solve technical problems and so that you can access certain areas. This data is not used to create user profiles. The legal basis for the use of the technologies required for this purpose is Art. 6 para. 1 b) EU-GDPR, i.e. we process your data for the provision of our services while processing the contract.
The use of Google Maps on the devices with Android operating system and of Apple Maps for iOS users is based on our legitimate interest of an appealing presentation of our offers and an easy findability of the locations we have indicated in the App. This constitutes a legitimate interest within the meaning of Article 6 paragraph 1 letter f) GDPR.
3. To whom do we forward your personal data?
We make your personal data available to third parties as follows:
In part we use service provider to process your data. The companies working for us in this way are carefully selected and contracted in writing. They are bound by our instructions and are controlled before starting data processing and subsequently on a regular basis. These companies never pursue their own targets with your personal data.
In connection with this we forward your details to receivers who provide storage capacity, databank systems or similar things to us, provide technical support and consult us in marketing-technical matters.
If the data provided by you is required to process a request via our customer service department, your data can be forwarded to companies within the Lidl Group. Furthermore, it may be necessary that we send excerpts from your request to contract partners (e.g. suppliers for product specific requests) for the processing of your request.
Under no circumstances do we make your data available to other companies outside of the Lidl Group, who may want to use it for direct marketing purposes.
4. How do we guarantee Confidentiality for your personal Data?
To guarantee confidentiality for your personal data, it is prohibited to our employees working in data processing to collect, process or use personal data in any unauthorised way. Our carefully recruited employees are highly aware of data protection issues and are contractually committed to data secrecy before the start of their employment contract and this obligation continues to exist after termination of the employment relationship.
5. How do we guarantee the Safety of your personal Data?
The safety of your data is very important to us. Therefore, we maintain technical and organisational measures to protect your personal data especially from dangers in data transmission and from falling into the hands of unauthorised third parties. These measures are regularly adjusted and updated to modern technology.
6. How long do we store your personal Data?
We delete or anonymise your personal data as soon as it is no longer required for the purposes for which we process it according to the paragraphs above. Generally, we store your personal data for the duration of your participation in the Lidl Plus Service. If you are inactive for 24 months, we will inform you about the pending deletion. In this case you can object to the deletion by opening or logging into the app again. We store your mobile phone number for a duration of 6 months from termination of your participation for the purpose of preventing abuse of re-registration. Otherwise the data is deleted after 72 hours from cancelling Lidl Plus. Within these initial 72 hours you have the option to re-instate your customer account by logging in again. The deletion process is then cancelled. If your data is required longer due to legal storage periods or to secure, assertion or enforcement of legal claims, we store your data corresponding with data protection regulations after the cancellation of Lidl Plus, as long as required in each case by law or required to fulfil the purposes.
All personal data that you send us when you contact customer service will be deleted or anonymised by us at the latest 90 days after the final reply has been given. Experience has shown that, as a rule, queries regarding our answers do not occur after 90 days. If you assert your rights as a data subject your personal data will be stored for 3 years after the final reply has been given to you as proof that we have provided you with comprehensive information and that the legal requirements have been met.
7. What Rights do you have in relation to the Processing of your Data?
Naturally, on request we disclose the information according to Art. 15 GDPR (especially the data stored about your person, the receiver or the categories of receivers to whom it is forwarded, the purpose of data storage etc.). This information is gratis.
In addition, under the relevant legal conditions you have the right to have incorrect data corrected; or you can have your personal data deleted and restrict the processing or transmission.
Further, you have the right to lodge a complaint with the responsible supervisory authority.
In the cases where the data processing is based on Art. 6 Par. 1 lit. e or lit. f GDPR, or takes place for the purpose of direct marketing, you have the right to object to the processing.
If you gave consent, you can at any time revoke it with effect for the future, e.g. within the app under “Help”-> “Contact us” or (if you would like to directly deselect individual notification channels) under “Settings” -> “Notifications” or by sending an e-mail to: firstname.lastname@example.org. Please consider that you will not be able to use the advantages of Lidl Plus to their full extent after revoking your consent.
If you wish to withdraw your consent to the analysis of the use of this App/ My Lidl customer account, you can make the appropriate setting within the app under “More” -> “Legal information” -> “App Analytics”. If you revoke your consent to the analysis of your use of this App/ My Lidl customer account, you can only use our service in its basic version. In this case you will still be able to view information about our products, but you will not be able to participate in discounts and special promotions or redeem coupons.
8. No Obligation to provide Data
If you provide these details yourself, you do not have the obligation to give the previously mentioned voluntary details. However, without these details we are not able to make the Lidl Plus services based on these details available to you.
9. Can Lidl Plus change the Data Protection Policy?
Changes to this data protection policy can become necessary due to changes in legal position or conditions of data processing of Lidl Plus. Should the purposes for collection, processing or usage of your personal data, or the identity of the responsible identity and categories of receivers’ change, you will be informed and insofar as required we will ask for your consent.
10. Special features when using My Lidl Account
When you create a Lidl Plus account, you are also setting up a password protected My Lidl Account. My Lidl Account is a single sign on system which allows you to register and/or login to several online platforms of the Lidl Group such as online shops, click & collect services, apps. etc. by using one unique username and password. Should the Lidl Group offer new online services in the future, you will be able to access these using your My Lidl Account.
Purposes of data processing / legal bases
In order to provide you with the greatest possible convenience during your user experience, we store your personal data in the My Lidl Account. Once this customer account has been set up, no further entry of your personal data is required for the usage process.
From now on, your My Lidl Account can rather be used for the use of all affiliated online platformsof the Lidl Group, without the need for separate registration or re-entry of detailed user data. After registration, you also have the option of unsubscribing from individual services. In addition, you can view and change your personal data stored in your My Lidl Account at any time.
To set up a customer account, you must enter a password of your choice. This password, together with your e-mail address or mobile phone number, is used to access your My Lidl customer account.
If you voluntarily provide certain information about your circumstances and interests in the "About Me" section, we will store this data in your My Lidl Account for your overview. If you have also registered to use the Lidl Plus service, we also use this information for the purpose of personalised advertising within the Lidl Plus service.
The legal basis for this is Article 6 paragraph 1 letter b) GDPR, i.e. you provide us with the data on the basis of the contractual relationship between you and us.
Cookies are used when using My Lidl Account. We use two types of cookies: technically necessary cookies, without which the functionality of the My Lidl Accountwould be limited, and optional analytical cookies.
Technically necessary cookies:
The following necessary cookies help to make My Lidl Accountwebsite usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
|.AspNetCore.Identity.Application||Lidl||Required cookie that is set by the identity server application to use the Asp.Net identity||Session -cookie. Will be automatically deleted after closing the section.||HTTP Cookie|
|Lidl||Ensuring that the legal terms of the relevant platform are displayed in the correct language||Session -cookie. Will be automatically deleted after closing the section.||HTTP Cookie|
|idsrv.session||Lidl||Cookie that is used by the Identity Server framework to use client-side session monitoring to ensure that a user's session has not changed when they log on.||Session -cookie. Will be automatically deleted after closing the section.|
|.AspNetCore.Antiforgery.#||Ldil||Required cookie set by the identity server application to prevent CSRF attacks.||Session -cookie. Will be automatically deleted after closing the section.||HTTP Cookie|
These analytical cookies enable us to compile statistics on the use of our service for the purpose of tailoring it to your needs. We use the following analytical cookies:
|_dc_gtm_UA-# [x2]||Is used by Google Tag Manager to control the loading of the Google Analytics script tag.||Session-cookie. Will be automatically deleted after closing the section.|
|_ga [x4]||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 Day|
|gat [x4]||Is used by Google Analytics to limit the request rate.||1 Day|
|gid [x4]||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 Day|
|collect||Is used to send data to Google Analytics about the device and the behaviour of the visitor. Captures the visitor across devices and marketing channels.||Session-cookie. Will be automatically deleted after closing the section.|
Technologies from third party service providers (Trusted partners):
My Lidl account uses Google Analytics, a service of Google, to analyse usage behaviour. Google Analytics uses the above described analytical cookies to processes the following information about your visit to the website My Lidl account:
• the mobile device on which you start our app
• browser type and version
• operating system used
• IP address
• time of the server request.
The information is used to:
• evaluate the use of our app
• compile reports about app activities
• to provide additional services associated with the use of the app and the internet for the purposes of market research and the design of these websites in accordance with requirements.
Processing of personal data proceeding from the technically necessary cookies used at My Lidl Account is required to fulfil our contract with you (Art 6.1.b GDPR) and proceeding from the analytical cookies is based on your consent (Art 6.1.a GDPR).
Recipients/ categories of recipients
If necessary, your data will be passed on to the operator of the respective offer for the processing of purchase contracts or other services which have been commissioned via the offers covered by My Lidl. The operator will receive the data required for the provision of the service ordered in each case, insofar as you have deposited this data in your My Lidl customer account, i.e. depending on the offer:
- Verification of log-in data (e-mail address, telephone number if applicable)
- Master data (name, address, date of birth)
In addition, we use service providers bounded by instructions, who support us in certain technical areas, such as in the processing of user inquiries regarding the functionality of the "About Me" area.
Any further transfer of this data to third parties is excluded.
The information generated by Google Analytics about your usage is usually transferred to a server of Google in the USA and stored there. Under no circumstances will your IP address be associated with other data from Google.
Storage duration/ Criteria for determining the storage duration:
If you use My Lidl Account to login only to Lidl Plus as soon as you request the deletion of your My Lidl Account, your data will be deleted accordingly. Please note however that if you use My Lidl Account to login to several online platforms/services of Lidl Group, your My Lidl Account and all personal data we store will be deleted only after deletion of all of them the last of the online services linked to My Lidl Account. The retention periods described in point 6 apply accordingly
If you change or remove information about your circumstances or interests, the changed or removed information will be deleted immediately.
The statistically processed data will be erased in Google Analytics after 26 months. There will be no longer be any personal reference in reports created on the basis of Google Analytics.
The processing and storage of data is otherwise the responsibility of the respective operator of the service used, who uses the data required for the provision of the service ordered for this purpose and then archives it in accordance with the statutory retention periods (cf. for this see above point 6).