Privacy Policy for My Lidl Shop App

Thank you for using our My Lidl Shop App and your interest in our privacy policy. The following privacy policy is intended to inform you about how we handle the collection, processing and use of your personal information in line with the use of this app.

1.     Party Responsible for Article 4, paragraph 7 of GDPR

The party responsible for data processing in relation to Article 4, paragraph 7 of GDPR is:

Lidl Digital International GmbH & Co. KG


Stiftsbergstraße 1

74172 Neckarsulm


2.     Usage data whilst using the App

a)     Purpose of data processing and legislative basis
We process information about your use of our app in the form of log files in order to:
• Enable and enhance the features of the app,
• Improve our offer, protect our systems and prevent abusive or fraudulent behaviour.
The corresponding log files consist of:
• the mobile device from which you start our app;
• the IP address;
• the access date and the access time;
• the request of the client;
• the http response code;
• the amount of data transferred;
• the version of the app used.
Personal user profiles will not be created. The legal basis of this data processing is paragraph 15, subparagraph 1 of the Telemedia Act (TMG).
b)     Recipients / Categories of Recipients
There is no access to the log files stored in your system for these purposes. The query of the log files occurs automatically each time you visit our app.
c)      Storage duration / Criteria for determining the storage duration of the log files

The log files are automatically deleted after 14 days.
3.     Access to the functions and sensors of your mobile device
a)  Purpose of data processing and legislative basis
We access the following device functions or device sensors via the interfaces of your terminal:
Only with your explicit consent in accordance with Article 6, paragraph 1 (a) of GDPR via the "Permit Permission" dialog will we be granted access to the camera of your device. The camera of your mobile device is used for scanning product barcodes. By scanning real products in the store additional assets can be unlocked in the app.
Our app retrieves content such as text and images for in-game features (such as the "Barcode Detective" function) from the Internet.
Wireless connection information
Our app uses the wireless connection of your mobile device to establish a connection to the internet and to allow you to use the app in full (paragraph 15, subparagraph 1 of TMG).
Only with your explicit consent in accordance with Article 6, paragraph 1 (a) of GDPR via
b)  Recipients / Categories of Recipients
Fundamentally no one has access to camera data.
c)  Storage duration / Criteria for determining the storage duration
The data will only be processed whilst you are playing the in the app. Additional storage does not take place.
4.     Usage Analysis
a)     Purpose of data processing and legislative basis

In order to improve the functionality of our app and our offer, we create pseudonymised usage profiles in accordance with paragraph 15, subparagraph 3 of the TMG. Details on this and on your options to opt-out can be found in this section.
This app uses Google Analytics, an analytics service provided by Google Inc. (Google), to analyse user behaviour. Google will use this information on behalf of the operator to evaluate your use of the app, compile reports on activity within the app and to provide other services related to the use to the operator. Google will never associate your IP address with other Google data. You may opt-out of using Google Analytics in this app in the future at any time. To do this, open the menu, click on the "More" tab and scroll to the bottom of the privacy policy where there is a button to deactivate the tracking.
The My Lidl Shop App uses the analysis tool adjust, a product of adjust GmbH. When you install the Lidl app, adjust will save installation and event data from your My Lidl Shop App (for example, use of the app or interactions in the customer account). This will help us to understand how you interact with our app. It also allows us to analyse and improve our mobile advertising campaigns. For this analysis, adjust uses the IDFA (Identifier for Advertising) or the Android Advertising ID, the IP / MAC address, the HTTP header and a fingerprint of your device (as well as: time of access, country, language, local settings, operating system and version, and the app version). This data is anonymised, as such, neither we nor adjust will be able to identify you using this data. The IDFA and the Android Advertising ID can be reset or deactivated at any time via your operating system. If you do not want tracking by adjust, you can opt out of it for future use at any time by pressing the button below.
b)      Recipients / Categories of Recipients
Google Analytics usually transmits the information generated about your use of the app to a Google server in the United States where it is stored. IP anonymisation has been activated in this app so that the IP address of Google users within member states of the European Union or in other states contracted to the European Economic Area is shortened beforehand. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
The adjust GmbH servers, on the other hand, are located exclusively in the European Union.
In addition to these two service providers, nobody has access to your personal data processed during the usage analysis.
c)       Storage duration / Criteria for determining the storage duration
The personal data processed as part of the use of the analysis tools will be anonymised immediately after collection.
5.     Your rights and contact with the Data Protection officer

Upon request you have the right to obtain information about the personal data stored about you in accordance with Article 15, paragraph 1 of GDPR free of charge. In addition, if the legal prerequisites exist, you are entitled to a correction (Article 16 of GDPR), cancellation (Article 17 of GDPR) and limitation of processing (Article 18 of GDPR) of your personal data.
If the data processing is based on Article 6, paragraph 1 e) or f) of GDPR, you have a right of objection under Article 21 of GDPR. If you object to data processing, it will not be used in the future, unless the person responsible can prove that there are compelling grounds for further processing that are worthy of protection outweighing the interest of the person concerned in the objection.
If you have provided the processed data yourself, you are entitled to transfer data according to Article 20 of GDPR.
If the data processing is based on a consent pursuant to Article 6, paragraph 1a) or Article 9, paragraph 2a) of GDPR, you can revoke the consent at any time with future effect, without affecting the legality of the previous processing.
Should you have any open questions regarding the above, or if you wish to make a complaint, please contact our Data Protection Officer in writing or by e-mail. You also have the right to complain to a data protection supervisory authority. This is the data protection supervisory authority of the area in which you live or that where the party responsible is based.
If you have any further questions regarding the collection, processing and use of your personal data, please contact our Data Protection Officer:
Lidl Digital International GmbH & Co. KG
data protection
Stiftsbergstraße 1
74172 Neckarsulm
Last update May 2018