Data Protection Information
Status: August 2020
Thank you very much for your interest in Lidl Plus.
Lidl Plus is a customer service (hereinafter “Service”) programme of the Lidl Group that is operated by Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74167 Neckarsulm, Germany (“Lidl Stiftung”, “we”, “us”), which processes the data required for the purposes of the Service as responsible entity as the data is raised, collected, analysed and forwarded to other organisations within the Lidl Group. Part of the Lidl company group are also various national and regional centres, which are individually listed here.
The list contains only the relevant current composition of Lidl regional development centres. In future, further organisations can be added to the list if SB Lidl KG has direct or indirect shares in the relevant organisation and they participate in the Lidl Plus offer.
The data protection officer in Lidl Stiftung can be contacted at: email@example.com.
The service is aimed at consumers (hereinafter "users" or "you"), who wish to receive personalised information from Lidl Stiftung about offers and promotions from Lidl Plus and offers, products and services from selected partners and Lidl Companies , which correspond as closely as possible to the interests of the person concerned.
With Lidl Plus you can enjoy a variety of services that are especially tailored to you. These include among other things offers especially adapted to your needs and desires, the participation in competition games and exclusive discounts and specials offers. Depending on where and to what extent you are using the Services, Lidl Stiftung forwards your details to certain Lidl organisations to be able to provide you with the relevant Service.
1. What data about your person do we collect and which communication channels do we use for this?
With the help of a relevant search function you can determine whether the stores in your region already participate in the Lidl Plus programme. Should Lidl Plus not be available to you yet, you can give us your e-mail address and we will contact you as soon as the advantages of Lidl Plus become available in the selected region.
Registration for Lidl Plus
As part of the registration process we request the following customer data: first name, second name, birth date, e-mail address, mobile phone number and preferred Lidl store. Optional and voluntary stated: form of address, gender and address (street, house number, post code, city and country). To set the preferred store the geo localisation function of your mobile device can be used.
When you identify at the till, we record the store visited by you, the products purchased according to amount, type and price, the coupons used, the receipt total as well as time of payment process and payment type. With the allocation of your purchase to your customer account we pursue the purpose stated in paragraph 2, e.g. to be able to make you offers especially adapted to your preferences and interests as well as offer participation in specials.
At the till you identify either with your digital customer card or with the mobile phone number provided at registration.
When you contact our customer service of any company of the Lidl Group, we use the data that you supply in this context outlined here.
Use of the App
When using the Lidl Plus App we collect information about the store where you buy. In addition, we collect information about viewed and activated coupons, your notification settings and your selected main store. Additionally, we process your customer Id (Loyalty ID), information about the operating system version you use, the device identification, the system language and the chosen country as well as the app version used by you. As part of the app, we conduct In-App surveys and collect information about your purchasing behaviour, your app usage and personal circumstances as well as interests.
Your login details are stored and used to carry out the login. So that you do not have to log in again every time you open the app, your login details are saved in the app (encrypted) until you log out of the account.
Digital till receipts can be saved to your end device or be forwarded directly by Messenger, insofar you permit the app access to your photos/ media. The camera of your mobile end device can be used for scanning QR coupons if you give the relevant permission.
Analysis of User Behaviour / Cookies
When using the app, we create, for purposes of statistical analysis and needs adapted design, user profiles and assign these, if possible, to your person or your e-mail address or customer number. We also collect and use this data only if you have consented to this (see also section 2 of this data protection notice). This also includes the following services or service providers:
The Lidl Plus app uses the analysis tool Adjust, a product from the company Adjust GmbH. When you install the Lidl Plus app, Adjust saves amongst other things, installation and event data from your Lidl Plus app (e.g. app usage or interaction in customer account). This information helps us to understand how you interact with our app. In addition, it helps us to analyse and improve our mobile advertising campaigns. For this analysis, Adjust uses the IDFA (Identifier for Advertising = advertising identification for iOS devices) or the Android advertising ID, the IP-/ MAC address, the HTTP header as well as a fingerprint of your end device (additionally: time of access, country, language, local settings, operating system and version as well as app version). In addition, user device- and web activity information, as well as app and event tokens. The processing of this data takes place exclusively on a pseudonymised basis. You can at any time deactivate or set back the IDFA and Android advertising ID through our operating system.
Adjust also shares this information with our service providers Google LLC , 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") and Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025 ("Facebook"). If Google and Facebook can use this information to identify you, they will provide adjust with information about the advertising campaign that brought you to the App Store and how you acted on the App Store (including whether you downloaded the app or cancelled it, for example, and similar information). Adjust uses this information to create anonymous statistics so that we can track the success of individual advertising campaigns.
In the app A/B Testing, Analytics, Cloud Messaging, Crashlytics, Dynamic Links, In-App Messaging, Performance, Predictions and Remote Config are used, analysis services offered by Google LLC ("Firebase"), which among other things are used to analyse app usage. When you install the Lidl Plus app, Firebase makes a record about when and for how long you use the app, what pages of the app are opened, what functions are clicked and what content is displayed. This helps us to understand how you interact with our app. In addition, we can continuously improve the app and offer you more relevant offers/ services based on your user behaviour. Also, we can carry out several app tests in parallel and based on data make further app developments.
For this analysis, Firebase accesses your customer number from the moment of completed registration. Further information about data protection in connection with Google Firebase can be found on the Google Firebase website.
In case that you use a device with Android operating system, you will have a possibility to use in this app functions and contents of Google Maps. Thus interactive maps can be displayed directly in the app and you have the possibility to use the map function to find e.g. Lidl stores in your area. The use of Google Maps is in the legitimate interest of an appealing presentation of our offers and an easy method of finding the locations of our stores which we have indicated in the app. This constitutes a legitimate interest within the meaning of Article 6 paragraph 1 letter f) GDPR.
Technically necessary cookies:
The following necessary cookies help to make the “FAQ” section in the app usable. This section cannot work properly without these cookies.
|renderCtx||Salesforce||Used to deliver requested pages and content based on a user's navigation.||Session -cookie. Will be automatically deleted after closing the section.|
|pctrk||Salesforce||Used to count section views.||Session -cookie. Will be automatically deleted after closing the section.|
Used to route server requests within Salesforce infrastructure for „sticky sessions“.
|sfdc-stream||Salesforce||Used to route server requests within Salesforce infrastructure for „sticky sessions“.||3 hours|
|force-proxy-stream||Salesforce||Used to ensure client requests hit the same proxy hosts.||3 hours|
These analytical cookies enable our service provider statistics on the use of the “FAQ” section for the purpose of tailoring it to your needs. We use the following analytical cookies:
Used to log browser sessions/visits for internal-only product analytics.
Salesforce cookies do not store information that directly identifies an individual. However, they use a unique identification of your device (including other technical details, such as IP address, operating system, internet service provider, etc.). All the data processing whilst using the "FAQ” section in the app is done on Salesforce servers located in the European Union.
If you would like to withdraw your tracking consent to tracking during your use of Lidl Plus, you can do so it at any time with effect for the future and manage the tracking after completed registration via the opt out at the end of the data protection information (Android) or at the start (iOS) or, alternatively if you do not want tracking during your use of Lidl Plus, you can also object to and manage future tracking at any time via the opt out within the app itself under “More” then “Legal Information” then “Sharing data”.
Newsletter/ Push Notifications/ SMS
In addition, we collect information about your user behaviour in relation to the newsletter and other information that we send you as push messages or SMS, store and if possible, assign it to you or your e-mail address or customer number. In relation to this we collect information about time of opening the message and the links or areas clicked by you, selected products, time, duration and frequency of usage.
We also collect and use this data only if you have consented to this (see also point 2 of this data protection information).
Special categories of personal data
Not included in the analysis of your above listed personal data are special categories of personal data in the sense of Art. 9 Par. 1 of the GDPR (e.g. information about your health or religion).
2. For what Purpose and on what legal basis do we process your Personal Data?
We collect the data listed under No. 1 to be able to offer you the relevant services of Lidl Plus.
Purpose of Communication, Identification and Protection of your Customer Profile
The customer master data collected as part of the registration serves the communication with you as well as the clear assignation of your shopping and user behaviour to your customer profile.
If, as part of using our app or in the settings of your mobile end device, you consented to the so-called geo-localisation per dialogue “allow permissions”, we use this function to be able to offer you individual services related to your location. We especially process your location and network based as part of the function “store search” to be able to display the closest stores to you. Geolocation data are not stored by us.
As part of your registration we ask for your birth date (see No.1 above). Firstly, your participation presupposes that you are at least 18 years old (see No.2 of terms of conditions). Secondly, for reasons of protecting children, there are age limits for advertising certain products (i.e. advertising for alcoholic drinks will not be directed towards children).
Especially we use your e-mail address to protect you from unauthorised access of third parties, by sending you an e-mail alert e.g. when there is access to your account by a strange device, i.e. a device that has not previously been used to access the Lidl Plus app.
Processing of this kind takes place based on legal regulations that allow us to process personal data insofar as it is required for using a service or fulfilling a contract (Art. 6 Par. 1 b) GDPR), and because we have a primary legitimate interest in making the use of the app as easy and efficient as possible (Art. 6 Par. 1 f) GDPR).
If you use the contact form within the app, we save and use the information provided by you in the form to process your request as best as possible. The processing of your details transmitted in your message takes place based on Art. 6 Par. 1 b) GDPR.
Purpose of Optimising the Distribution Areas
When your address details are available to us, we use these for identification and optimisation of our flyer distribution areas, whereby we can limit divergence loss of flyers and can attempt a more targeted advertising. Providing details of your address is voluntary. This data is processed based on our legitimate interest in the optimisation of sales channels (Art. 6 Par. 1 f) GDPR).
Purpose of Determining your Product Interests and the optimisation of our online offers
To grant you the advantages of the Lidl Plus membership and present you with the best possible individual offers and carry out targeted customer surveys, we would like to get to know you better. For this we first determine which products, specials and services could be interesting and relevant to you. Using this information, we can draw your attention to e.g. discount specials for your favourite products, offer you special advantageous prices and inform you about attractive offers as part of assortment specials.
For this reason, we collect, process and use a number of personal details about your shopping behaviour.
The collected personal data could be suited to make a statement about your product interests. This includes all details listed under point 1.
But the other above listed details could also provide meaningful information about your potential product interests. For this we determine a possible relationship between one or more personal details and product interests. For the determination of this relationship we use mathematical statistical methods. Your personal data is compared with the data from other customers for this. Using this comparison, we can derive what further products and specials have been of interest to customers with similar interests and could also be of interest to you.
Processing takes place based on legal regulations that allow us to process personal data insofar as this is required for the usage of a service or fulfilment of a contract (Art. 6 Par. 1 b) GDPR) and because we have a primary legitimate interest in adapting our offers as best as possible to your product interests (Art. 6 Par. 1 f) GDPR).
Provided you have given the appropriate consent, information that we have read from your terminal device can also be included in this profile. In these cases, we process your personal data on the basis of Art. 6 Par. 1 lit. a GDPR. This applies to the data processing described above under "Online Shop", "Analysis of User Behaviour" and "Newsletter/ Push Notifications/ SMS".
In addition to increasing the informative value of the profile, we also use these findings to optimise the Lidl Plus app and our other online services, provided that this is covered by your consent. The legal basis for this is also Art. 6 para. 1 lit. a GDPR.
Purpose of Information and advertising Address
Insofar as you have given the relevant consent, companies from the Lidl company Group inform you per electronic communication (e.g. by e-mail or SMS) and/ or by post about specials and offers from your relevant assortment and invite to participate in customer surveys.
This direct address takes place because you gave us the relevant consent (Art. 6 Par. 1 a) GDPR).
Purpose of location and time-based Coordination
We process and use your personal data in relation to place and time of your shopping to be able to provide you with time and location-based advertising, e.g. by push messaging to your mobile or by SMS. If your preferred shopping day is for example the Saturday, we can especially inform you about the existing sales specials for this weekday. In addition, we can present you with a regional specific offer, if we are informed about in which region you prefer to do your shopping.
Push notifications are messages that are sent from the app to your device and are prioritised there. The app uses push notifications if you have agreed to receive push notifications when installing the app or at any time during use of the app in your device settings. You can deactivate the reception of push notifications at any time.
If we analyse place and time of your shopping, this serves the usage of a service or fulfilment of a contract (Art. 6 Par. 1 b) GDPR) and because we have a primary legitimate interest in adapting our offers as best as possible to the conditions of time and place (Art. 6 Par. 1 f) GDPR).
Purpose of processing customer requests
Personal data that you provide us with when you contact customer service will of course be treated confidentially. We use your data exclusively for the purpose of processing your inquiry.
The legal basis for data processing is Art. 6 para. 1 f) or b) GDPR. Our and your concurrent (legitimate) interest in this data processing results from the goal of answering your inquiries, solving any problems that may arise and thus maintaining and promoting your satisfaction as a customer or user of our service.
Purpose of providing the app
We process the data collected in the course of using the app so that our app can function properly. In particular, we need this information so that the App can save your preferred settings, such as country and language, so that we can quickly solve technical problems and so that you can access certain areas. This data is not used to create user profiles. The legal basis for the use of the technologies required for this purpose is Art. 6 para. 1 b) EU-GDPR, i.e. we process your data for the provision of our services in the course of processing the contract.
3. To whom do we forward your personal data?
We make your personal data available to third parties as follows:
In part we use service provider to process your data. The companies working for us in this way are carefully selected and contracted in writing. They are bound by our instructions and are controlled before starting data processing and subsequently on a regular basis. These companies never pursue their own targets with your personal data.
In connection with this we forward your details to receivers who provide storage capacity, databank systems or similar things to us, provide technical support and consult us in marketing-technical matters.
Within the Lidl Group (see No.1 above) we forward your product preferences determined for the targeted presentation of content relevant to you to the corresponding national region.
If the data provided by you is required to process a request via our customer service department, your data can be forwarded to companies within the Lidl Group. Furthermore, it may be necessary that we send excerpts from your request to contract partners (e.g. suppliers for product specific requests) for the processing of your request.
Under no circumstances do we make your data available to other companies outside of the Lidl Group, who may want to use it for direct marketing purposes.
Due to the previously listed forwarding of data it may happen that such data is processed in countries outside of the European Economic Community (third-party country). Each data transmission to a third-party country takes place under consideration of the applicable data protection law. If for such a third-party country no satisfactory protection levels have been determined by the European Commission, we provide appropriate guarantees to ensure the adequate protection of your data. This can be affected e.g. by using data processing contracts that contain EU standard protection clauses and offer adequate guarantees according to relevant decisions by the European Commission see here https://ec.europa.eu/info/law/law-topic/data-protection_en).
The data processing described in paragraph 1., " Analysis of User Behaviour / Cookies” above and below in paragraph 10., “Cookies" result in a data transfer to servers of Google and Facebook. Some of these servers are located in the United States. Regarding the US, the European Commission has decided on 12.7.2016 that there is an adequate level of data protection under the EU-U.S. Privacy Shield rules (so-called "Adequacy Decision" under Article 45 GDPR). Google and Facebook are certified according to the EU-U.S. Privacy Shield.
4. How do we guarantee Confidentiality for your personal Data?
To guarantee confidentiality for your personal data, it is prohibited to our employees working in data processing to collect, process or use personal data in any unauthorised way. Our carefully recruited employees are highly aware of data protection issues and are contractually committed to data secrecy before the start of their employment contract and this obligation continues to exist after termination of the employment relationship.
5. How do we guarantee the Safety of your personal Data?
The safety of your data is very important to us. Therefore, we maintain technical and organisational measures to protect your personal data especially from dangers in data transmission and from falling into the hands of unauthorised third parties. These measures are regularly adjusted and updated to modern technology.
6. How long do we store your personal Data?
We delete or anonymise your personal data as soon as it is no longer required for the purposes for which we process it according to the paragraphs above. Generally, we store your personal data for the duration of your participation in the Lidl Plus Service. After 36 months, however, we will automatically anonymise your usage and purchasing behaviour such as redeemed coupons and click behaviour. The receipt is excluded from this. If you are inactive for 24 months, we will inform you about the pending deletion. In this case you can object to the deletion by opening the app again. We store your mobile phone number for a duration of 6 months from termination of your participation for the purpose of preventing re-registration. Otherwise the data is deleted within 72 hours from cancelling Lidl Plus. Within these 72 hours you have the option to re-instate your customer account by logging in again. The deletion process is then cancelled. If your data is required longer due to legal storage periods or to secure, assertion or enforcement of legal claims, we store your data corresponding with data protection regulations after the cancellation of Lidl Plus, as long as required in each case by law or required to fulfil the purposes.
All personal data that you send us when you contact customer service will be deleted or anonymised by us at the latest 90 days after the final reply has been given. Experience has shown that, as a rule, queries regarding our answers do not occur after 90 days. If you assert your rights as a data subject your personal data will be stored for 3 years after the final reply has been given to you as proof that we have provided you with comprehensive information and that the legal requirements have been met.
7. What Rights do you have in relation to the Processing of your Data?
Naturally, on request we disclose the information according to Art. 15 GDPR (especially the data stored about your person, the receiver or the categories of receivers to whom it is forwarded, the purpose of data storage etc.). This information is gratis.
In addition, under the relevant legal conditions you have the right to have incorrect data corrected; or you can have your personal data deleted and restrict the processing or transmission.
Further, you have the right to lodge a complaint with the responsible supervisory authority.
In the cases where the data processing is based on Art. 6 Par. 1 lit. e or lit. f GDPR, or takes place for the purpose of direct marketing, you have the right to object to the processing.
If you gave consent, you can at any time revoke it with effect for the future, e.g. within the app under “Help”--> “Contact us” or (if you would like to directly deselect individual notification channels) under “Settings” --> “Notifications” or by sending an e-mail to: firstname.lastname@example.org. Please consider that you will not be able to use the advantages of Lidl Plus to their full extent after revoking your consent.
If you wish to withdraw your consent to the analysis of the use of this App/ My Lidl customer account, you can make the appropriate setting within the app under “More” --> “Legal information” --> “App Analytics”. If you revoke your consent to the analysis of your use of this App/ My Lidl customer account, you can only use our service in its basic version. In this case you will still be able to view information about our products, but you will not be able to participate in discounts and special promotions or redeem coupons.
8. No Obligation to provide Data
If you provide these details yourself, you do not have the obligation to give the previously mentioned voluntary details. However, without these details we are not able to make the Lidl Plus services based on these details available to you.
9. Can Lidl Plus change the Data Protection Information?
A change in data protection information can become necessary due to changes in legal position or conditions of data processing of LIDL Plus. Should the purposes for collection, processing or usage of your personal data, or the identity of the responsible identity and categories of receivers change, you will be informed and insofar as required we will ask for your consent.
10. Special features when using My Lidl Account
Purposes of data processing / legal bases:
In order to provide you with the greatest possible convenience during your user experience, we store your personal data permanently in a password-protected My Lidl customer account for online offers of the Lidl Group of Companies. Once this customer account has been set up, no further entry of your personal data is required for the usage process.
From now on, your My Lidl customer account can rather be used for the use of all affiliated online offers of the Lidl Group of Companies, without the need for separate registration or re-entry of detailed user data. After registration, you also have the option of unsubscribing from individual services. In addition, you can view and change your personal data stored in your customer account at any time.
To set up a customer account, you must enter a password of your choice. This password, together with your e-mail address or mobile phone number, is used to access your My Lidl customer account.
The legal basis for this is Article 6 paragraph 1 letter b) GDPR, i.e. you provide us with the data on the basis of the contractual relationship between you and us.
Cookies are used when using My Lidl account. We use two types of cookies: technically necessary cookies, without which the functionality of the My Lidl account would be limited, and optional analytical cookies.
Technically necessary cookies:
The following necessary cookies help to make My Lidl account website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
|.AspNetCore.Identity.Application||Lidl||Required cookie that is set by the identity server application to use the Asp.Net identity||Session -cookie. Will be automatically deleted after closing the section.||HTTP Cookie|
|Lidl||Ensuring that the legal terms of the relevant platform are displayed in the correct language||Session -cookie. Will be automatically deleted after closing the section.||HTTP Cookie|
|idsrv.session||Lidl||Cookie that is used by the Identity Server framework to use client-side session monitoring to ensure that a user's session has not changed when they log on.||Session -cookie. Will be automatically deleted after closing the section.|
|.AspNetCore.Antiforgery.#||Ldil||Required cookie set by the identity server application to prevent CSRF attacks.||Session -cookie. Will be automatically deleted after closing the section.||HTTP Cookie|
These analytical cookies enable us to compile statistics on the use of our service for the purpose of tailoring it to your needs. We use the following analytical cookies:
|_dc_gtm_UA-# [x2]||Is used by Google Tag Manager to control the loading of the Google Analytics script tag.||Session-cookie. Will be automatically deleted after closing the section.|
|_ga [x4]||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 Day|
|gat [x4]||Is used by Google Analytics to limit the request rate.||1 Day|
|gid [x4]||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 Day|
|collect||Is used to send data to Google Analytics about the device and the behaviour of the visitor. Captures the visitor across devices and marketing channels.||Session-cookie. Will be automatically deleted after closing the section.|
Technologies from third party service providers (Trusted partners):
My Lidl account uses Google Analytics, a service of Google , to analyse usage behaviour. Google Analytics uses the above described analytical cookies to processes the following information about your visit to the website My Lidl account:
• the mobile device on which you start our app
• browser type and version
• operating system used
• IP address
• time of the server request.
The information is used to:
• evaluate the use of our app
• compile reports about app activities
• to provide additional services associated with the use of the app and the internet for the purposes of market research and the design of these websites in accordance with requirements.
Recipients/ categories of recipients:
If necessary, your data will be passed on to the operator of the respective offer for the processing of purchase contracts or other services which have been commissioned via the offers covered by My Lidl. The operator will receive the data required for the provision of the service ordered in each case, insofar as you have deposited this data in your My Lidl customer account, i.e. depending on the offer:
- Verification of log-in data (e-mail address, telephone number if applicable)
- Master data (name, address, date of birth)
Any further transfer of this data to third parties is excluded.
The information generated by Google Analytics about your usage is usually transferred to a server of Google in the USA and stored there. Under no circumstances will your IP address be associated with other data from Google.
Storage duration/ Criteria for determining the storage duration:
If you request the deletion of your My Lidl customer account, your data will be deleted accordingly.
The statistically processed data will be erased in Google Analytics after 26 months. There will be no longer be any personal reference in reports created on the basis of Google Analytics.
The processing and storage of data is otherwise the responsibility of the respective operator of the service used, who uses the data required for the provision of the service ordered for this purpose and then archives it in accordance with the statutory retention periods (cf. for this see above point 6).