Data Protection Policy Lidl Plus
Status August 2020
Thank you very much for your interest in Lidl Plus.
Lidl Plus is a customer service programme of the Lidl Group (hereinafter ‘’Service’’) that is operated by the Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74167 Neckarsulm, Germany (“Lidl Stiftung”, “we”, “us”), which processes the data required for the purposes of the service insofar as responsible entity as the data is raised, collected, analysed and forwarded to other organisations within the Lidl Group. Part of the Lidl group are also various national and regional companies, which are individually listed here.
The list contains only the relevant and current Lidl national companies. In the future, further organisations can be added to the list if SB Lidl KG has direct or indirect shares in the relevant organisation and they participate in the Lidl Plus offer.
Insofar as these Lidl organisations receive data through the Service and inform you about current offers and specials by Lidl, they act themselves as responsible entity in relation to data protection law.
The data protection officer in Lidl Stiftung can be contacted under: Datenschutz@lidl.com.
The service is aimed at consumers (hereinafter "users" or "you"), who wish to receive personalised information from Lidl Stiftung about offers and promotions from Lidl Plus and offers, products and services from selected partners and Lidl Companies , which relates to your interests and your purchase history.
With Lidl Plus you can enjoy a variety of services that are especially tailored to you. These include among other things offers especially adapted to your needs and desires, the participation in competition games and exclusive discount and special offers. Depending on where and to what extent you are using the service, Lidl Stiftung forwards your details to certain Lidl organisations to be able to provide you with the relevant service.
1. What data about you do we collect and which communication channels do we use for this?
Registration for Lidl Plus
As part of the registration process, we require the following customer data: first name, second name, date of birth, e-mail address, mobile phone number and preferred Lidl store. In addition to the mandatory data, to help us provide you with a more personalised experience, it is optional for you to provide your home address (house number, street, town and postcode). To set the address and the preferred store the geo location function of your mobile device can be used.
When you use Lidl Plus at a participating store, we record the store visited by you, the products purchased, type and price, the coupons used, the receipt total as well as time of payment process and payment type. With the allocation of your purchase to your customer account we pursue the purpose stated in paragraph 2, e.g. to be able to make you offers especially adapted to your preferences and interests as well as offer participation in specials.
At the till you can identify yourself by scanning the digital customer card.
When you contact our customer service of any company of the Lidl Group, we use the data that you supply in this context.
Use of the App
When using the Lidl Plus App we collect data about the store where you purchase items. In addition, we collect data about viewed and activated coupons, your notification settings, the participation of lotteries and your selected main store. Additionally, we process your customer ID (your unique Lidl Plus ID), information about the operating system , the device unique identification number , the system language and your chosen country as well as the app version used by you.
Your login details are stored and used to carry out the login. So that you do not have to log in again every time you open the app, your login details are saved in the app (encrypted) until you log out of the account.
Digital till receipts can be saved to your device or be forwarded directly by Messenger, if you allow the app permission to your photos/ media. The camera of your mobile device can be used for scanning QR coupons if you give the relevant permission.
As part of the app, we conduct In-App surveys and collect information about your purchasing behaviour, your app usage and personal circumstances as well as interests.
Lidl Plus allows you to receive special offers from selected partners. Some of these offers may require you to present your Lidl Plus digital customer card to the selected partner. In this case the relevant selected partner will share data with us to confirm the usage of the relevant offer (e.g. the time, quantity and location) so that we can adapt our offers even more to your interests.
Analysis of User Behaviour / Cookies
When using the app we create customer segmentation profiles for purposes of statistical analysis. If possible, we assign you a customer segmentation profile linked to you, your e-mail address or Customer ID. We only collect ad use this data if you have provided your consent to do so (see also section 2 of this Data Protection Policy). This also includes the following services or service providers;
The Lidl Plus app uses the analysis tool adjust, a product from the company adjust GmbH. When you install the Lidl Plus app, adjust saves amongst others things installation and event data from your Lidl Plus app (e.g. app usage or interaction in within the service). This information helps us to understand how you interact with our app. In addition, it helps us to analyse and improve our advertising campaigns. For this analysis adjust uses the IDFA (Identifier for Advertising = advertising identification for iOS devices) or the Android advertising ID, the IP-/ MAC address, the HTTP header as well as a fingerprint of your end device (additionally: time of access, country, language, local settings, operating system and version as well as app version). In addition, user device- and web activity information, as well as app and event tokens. The processing of this data takes place exclusively on a pseudonymised (de-personalised) basis. You can at any time deactivate or set back the IDFA and Android advertising ID through your operating system.
Adjust also shares this information with our service providers Google LLC ("Google") 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and Facebook, Inc 1 Hacker Way, Menlo Park, CA 94025 ("Facebook"). If Google and Facebook can use this information to identify you, they will provide adjust with information about the advertising campaign that brought you to the App Store and how you acted on the App Store (including whether you downloaded the App or cancelled it, for example, and similar information). Adjust uses this information to create anonymous statistics so that we can track the success of individual advertising campaigns.
In the app A/B Testing, Analytics, Cloud Messaging, Crashlytics, Dynamic Links, In-App Messaging, Performance, Predictions and Remote Config are used, analysis services offered by Google LLC ("Firebase"), which among other things are used to analyse app usage. When you install the Lidl Plus app, Firebase makes a record about when and for how long you use the app, what pages of the app are opened, what functions are clicked and what content is displayed. This helps us to understand how you interact with our app. In addition, we can continuously improve the app and offer you more relevant offers/ services based on your user behaviour. Also, we can carry out several app tests in parallel and based on data make further app developments.
For this analysis, Firebase accesses your customer number from the moment of completed registration. Further information about data protection in connection with Google Firebase can be found on the Google Firebase website.
If you use a device with Android operating system, you will be able to use Google Maps. This interactive maps can be displayed directly in the app and you have the possibility to use the map function to find Lidl stores in your area. We have a legitimate interest in helping you find the locations of our stores and offers (Art 6.1.f GDPR).
Technically necessary cookies:
The following necessary cookies help to make the “FAQ” section in the app usable. This section cannot properly work without these cookies.
Used to deliver requested pages and content based on a user's navigation.
Session -cookie. Will be automatically deleted after closing the section.
Used to count section views.
Session -cookie. Will be automatically deleted after closing the section.
Used to route server requests within Salesforce infrastructure for „sticky sessions“.
Used to route server requests within Salesforce infrastructure for „sticky sessions“.
Used to ensure client requests hit the same proxy hosts.
These analytical cookies enable our service provider statistics on the use of the “FAQ” section for the purpose of tailoring it to your needs. We use the following analytical cookies:
Used to log browser sessions/visits for internal-only product analytics.
Salesforce cookies do not store information that directly identifies an individual. However, they use a unique identification of your device (including other technical details, such as IP address, operating system, internet service provider, etc.). All the data processing whilst using the "FAQ” section in the app is done on Salesforce servers located in the European Union.
If you would like to withdraw your consent to this type of tracking during your use of Lidl Plus, you can do so at any time which will prevent any future tracking via the opt out within the app under “More” “Legal information” ‘’Data sharing’’.
Newsletter/ Push Notifications/ SMS
In addition, we collect information about your user behaviour in relation to the newsletter and other information that we send you as push messages or SMS. We store and if possible, assign this data to your e-mail address or customer ID . In relation to this we collect information about time of opening the message and the links or areas clicked by you, selected products, time, duration and frequency of usage.
We also collect and use this data only if you have consented to this (see point 2 of this Data Protection Policy)
Special categories of personal data
We will not process or analyse special categories of personal data (e.g. information about your health or religion) described in Art. 9.1 GDPR.
2. Purpose of processing and legal basis:
We collect the data listed under paragraph 1 to be able to offer you the relevant services of Lidl Plus.
Purpose of Communication, Identification and Protection of your Customer Profile
The customer data collected as part of the registration is what we will use to communicate with you and assign your shopping and user behaviour to your customer profile.
If, as part of using our app or in the settings of your mobile device, you consented to use geo-location, we use this function to be able to offer you individual services related to your location. We especially process your location based as part of the function “store search” to be able to display the closest stores to you. Geolocation data are not stored by us.
As part of your registration we ask for your date of birth(see No.1 above). Firstly, your participation requires that you are at 18 years or older (see No.2 of terms of conditions). Secondly, for reasons of protecting children, there are age limits for advertising certain products (i.e. advertising for alcoholic drinks will not be directed towards children).
We use your e-mail address to protect you from unauthorised access of third parties, by sending you an e-mail alert e.g. when there is access to your account by a strange device, i.e. a device that has not previously been used to access the Lidl Plus app.
This processing is required to enable you to use our services and for us to fulfil our contract with you (Art 6.1.b GDPR). We also have a legitimate interest in making the use of the app as easy and efficient as possible (Art 6.1.f GDPR).
If you use the contact form within the app, we save and use the information provided by you in the form to process your request in the best possible way. This processing is required to enable you to use our services and for us to fulfil our contract with you (Art 6.1.b GDPR).
Purpose of Optimising the Distribution Areas
When your address details are available to us, we use these for identification and optimisation of our flyer distribution areas, so we can target our advertising. Providing details of your address is voluntary. This data is processed based on our legitimate interest to optimise our sales (Art 6.1.f GDPR).
Purpose of Determining your Product Interests and optimising our online offering
To enable the advantages of the Lidl Plus membership and present you with the best possible individual offers and carry out targeted customer surveys, we would like to get to know you better. For this we first determine which products, specials and services could be interesting and relevant to you. Using this information, we can draw your attention to e.g. discount specials for your favourite products, offer you special advantageous prices and inform you about attractive offers as part of our specials.
For this reason, we collect, process and use a number of personal details about your shopping behaviour.
The collected personal data could be suitable to make a statement about your product interests. This includes all details listed under point 1.
But the other above listed details could also provide meaningful information about your potential product interests. For this we determine a possible connection between one or more personal details and product interests. For the determination of this relationship we use mathematical statistical methods. Your personal data is compared with the data from other customers for this. Using this comparison, we can derive what further products and specials have been of interest to customers with similar interests and could also be of interest to you.
This processing is required to enable you to use our services and for us to fulfil our contract with you (Art 6.1.b GDPR). We also have a legitimate interest in adapting our offers as best as possible to your product interests (Art 6.1.f GDPR).
Provided you have given the appropriate consent, information that we have collected from your device can also be included in this profile. This applies to the data processing described above under "Analysis of User Behaviour" and "Newsletter/ Push Notifications/ SMS".
In addition to increasing the informative value of the profile, we also use these findings to optimise the Lidl Plus app and our other online services, provided that this is covered by your consent (Art 6.1.a GDPR).
Receiving marketing communication
If you have given consent, companies from the Lidl Group will inform you by electronic communication, e.g. by e-mail, SMS, telephone or by post about specials and offers from your relevant interests and invite to participate in customer surveys.
This processing takes place because you have given us your consent (Art 6.1.GDPR).
You have the option to opt-out of receiving marketing communication at any time.
Purpose of location and time-based communication
We process and use your personal data in relation to place and time of your shopping to be able to provide you with time and location-based advertising, e.g. by push messaging to your mobile or by SMS. If your preferred shopping day is for example Saturday, we can specifically inform you about the existing sales specials for this weekday. In addition, we can present you with a regional specific offer, if we are informed about in which region you prefer to do your shopping.
Push notifications are messages that are sent from the app to your device. The app uses push notifications if you have agreed to receive push notifications when installing the app or at any time during use of the app in your device settings. You can deactivate push notifications at any time.
This processing is required to enable you to use our services and for us to fulfil our contract with you (Art 6.1.b GDPR). We also have a legitimate interest in adapting our offering and to present them at the best possible time and place of where our offers are most effective (Art 6.1.f GDPR).
Purpose of processing customer enquiries
Personal data that you provide us with when you contact customer service will of course be treated confidentially. We use your data exclusively for the purpose of processing your enquiry.
This processing is required to enable you to use our services and for us to fulfil our contract with you (Art 6.1.b GDPR). We also have a legitimate interest in answering your inquiries, solving any problems that may arise to help maintain your satisfaction as our customer (Art 6.1.f GDPR).
Purpose of providing the app
We process the data collected in the course of using the app so that our app can function properly. In particular, we need this information so that the App can save your preferred settings, such as country and language, so that we can quickly solve technical problems and so that you can access certain areas. This data is not used to create user profiles.
The use of such technologies is required to enable you to use our services and for us to fulfil our contract with you (Art 6.1.b GDPR).
3. To whom do we forward your personal Data?
We make your personal data available to third parties as follows:
In part, we use service provider to process your data. The companies working for us in this way are carefully selected and contracted in writing. They are bound by our instructions and are checked before the start of data processing and subsequently on a regular basis. These companies never use your personal data for their own purposes.
In connection with this we forward your details to receivers who
- provide storage capacity, databank systems or similar services to us,
- provide technical support and
- consult us in marketing-technical matters.
Within the Lidl Group (see No.1 above) we forward your product preferences determined for the targeted presentation of content relevant to you to the corresponding national company.
If the data provided by you is required to process a request via our customer service department, your data can be forwarded to companies within the Lidl Group. Furthermore, it may be necessary that we send data from your request to contract partners (e.g. suppliers for product specific requests) for the processing of your request.
Under no circumstances do we make your data available to other companies outside of the Lidl Group, who may want to use it for direct marketing purposes.
Due to the previously listed forwarding of data it may happen that such data is processed in countries outside of the European Economic Community (third-party country). Each data transmission to a third-party country takes place under consideration of the applicable data protection law. If for such a third-party country no satisfactory protection levels have been determined by the European Commission, we provide appropriate guarantees to ensure the adequate protection of your data. This can be affected e.g. by using data processing contracts that contain EU standard protection clauses and offer adequate guarantees according to relevant decisions by the European Commission.
The data processing described in paragraph 1., " Analysis of User Behaviour / Cookies” above and below in paragraph 10., "Cookies" result in a data transfer to servers of Google and Facebook. Some of these servers are located in the United States. In regard to the US, the European Commission has decided on 12.7.2016 that there is an adequate level of data protection under the EU-U.S. Privacy Shield rules (so-called "Adequacy Decision" under Article 45 GDPR). Google and Facebook are certified according to the EU-U.S. Privacy Shield.
4. How do we guarantee Confidentiality of your personal Data?
To guarantee confidentiality of your personal data, it is prohibited to our employees working in data processing to collect, process or use personal data in any unauthorised way. Our carefully recruited employees are highly aware of data protection and are contractually committed to data secrecy before the start of their employment contract and this obligation continues to exist after termination of the employment relationship.
5. How do we guarantee the security of your personal Data?
The security of your data is very important to us. Therefore, we maintain technical and organisational measures to protect your personal data especially from risks occurring during data transmission and from falling into the hands of unauthorised third parties. These measures are regularly adjusted and updated to modern technology.
6. How long do we store your personal Data?
We delete or anonymise your personal data as soon as it is no longer required for the purposes for which we process it according to the paragraphs above. Generally, we store your personal data for the duration of your participation of Lidl Plus. After 36 months, however, we will automatically anonymise your usage and purchasing behaviour such as redeemed coupons and click behaviour. The receipt is excluded from this. If you are inactive for 24 months, we will inform you about the pending deletion. In this case you can object to the deletion by opening the app again. We store your mobile phone number for 6 months from termination of your participation for the purpose of preventing abuse of re-registration. Otherwise the data is deleted within 72 hours from cancelling Lidl Plus. Within these 72 hours you have the option to re-instate your customer account by logging in again. The deletion process is then cancelled. If your data is required longer due to legal storage periods or to secure, assertion or enforcement of legal claims, we store your data corresponding with data protection regulations after the cancellation of Lidl Plus, as long as required in each case by law or required to fulfil the purposes. All personal data that you send us when you contact customer service will be deleted or anonymised by us at the latest 90 days after the final reply has been given. Experience has shown that, as a rule, queries regarding our answers do not occur after 90 days. If you assert your rights as a data subject your personal data will be stored for 3 years after the final reply has been given to you as proof that we have provided you with comprehensive information and that the legal requirements have been met.
7. What Rights do you have in relation to the Processing of your Data?
You have the right to receive, upon request, information about the personal data stored with us about you, free of charge in accordance with Art. 15 GDPR. This includes in particular, the purpose, the categories of personal data that we process, the recipients or the categories of recipients to whom the personal data concerned have been disclosed.
In addition, you have the right to have incorrect data corrected; or you can have your personal data deleted and restrict the processing or transmission.
Further, you have the right to lodge a complaint with the responsible supervisory authority.
In the cases where the data processing is based on your consent, our legitimate interest (Art. 6.1.e or f GDPR), or for direct marketing, you have the right to object to the processing.
If you gave consent, you can at any time withdraw it with effect for the future, e.g. within the app under “Help”--> “Contact us”. You can also choose to change what channels you would like to directly opt-out under “Settings” --> “Communication preferences”. You can also contact our Customer Service team here. Please consider that you will not be able to use the advantages of Lidl Plus to their full extent after withdraw your consent.
If you wish to withdraw your consent to the analysis of the use of this App, you can change the appropriate setting within the app under “More” “Legal information” “Data sharing”. If you withdraw your consent to the analysis of your use of this App, you can only use our service in its basic version. In this case you will still be able to view information about our products, but you will not be able to participate in discounts and special promotions or redeem coupons.
8. No Obligation to provide Data
You are under no obligation to provide the above mentioned personal data. However, without these details we are not able to make the Lidl Plus services based on these details available to you.
9. Can Lidl Plus make changes to this Data Protection Policy?
Changes to this data protection policy can become necessary due to changes in legal position or conditions of data processing of Lidl Plus. Should the purposes for collection, processing or usage of your personal data, or the identity of the responsible identity and categories of receivers change, you will be informed and if required, we will ask for your consent.
10. Special features when using My Lidl Account
When you create a Lidl Plus Account, you are also setting up a My Lidl Account. Should Lidl offer new online services in the future, you will be able to access these using your My Lidl Account, creating one account for all of our online services.
Purposes of data processing / legal bases:
In order to provide you with the greatest possible user experience, we store your personal data in a password-protected My Lidl customer account for online offers of the Lidl Group of Companies. Once this customer account has been set up, no further entry of your personal data is required for the usage process.
From now on, your My Lidl customer account can rather be used for all affiliated online offers of the Lidl Group of Companies, without the need for separate registration or re-entry of detailed user data. After registration, you also have the option of unsubscribing from individual services. In addition, you can view and change your personal data stored in your customer account at any time.
To set up a customer account, you must enter a password of your choice. This password, together with your e-mail address or mobile phone number, is used to access your My Lidl customer account.
This processing is required to enable you to use our services and for us to fulfil our contract with you (Art 6.1.b GDPR).
Cookies are used when using My Lidl account. We use two types of cookies: technically necessary cookies, without which the functionality of the My Lidl account would be limited, and optional analytical cookies.
Technically necessary cookies:
The following necessary cookies help to make My Lidl account website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
|.AspNetCore.Identity.Application||Lidl||Required cookie that is set by the identity server application to use the Asp.Net identity||Session -cookie. Will be automatically deleted after closing the section.||HTTP Cookie|
|culturelidlplusclient||Lidl||Ensuring that the legal terms of the relevant platform are displayed in the correct language||Session -cookie. Will be automatically deleted after closing the section.||HTTP Cookie|
|idsrv.session||Lidl||Cookie that is used by the Identity Server framework to use client-side session monitoring to ensure that a user's session has not changed when they log on.||Session -cookie. Will be automatically deleted after closing the section.||HTTP Cookie|
|.AspNetCore.Antiforgery.#||Lidl||Required cookie set by the identity server application to prevent CSRF attacks.||Session -cookie. Will be automatically deleted after closing the section.||HTTP Cookie|
These analytical cookies enable us to compile statistics on the use of our service for the purpose of tailoring it to your needs. We use the following analytical cookies:
|_dc_gtm_UA-# [x2]||Google Is used by Google Tag Manager to control the loading of the Google Analytics script tag.||Session-cookie. Will be automatically deleted after closing the section.||HTTP Cookie|
|_ga [x4]||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 Day||HTTP Cookie|
|gat [x4]||Google Is used by Google Analytics to limit the request rate.||1 Day||HTTP Cookie|
|gid [x4]||Google Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 Day||HTTP Cookie|
|collect||Is used to send data to Google Analytics about the device and the behaviour of the visitor. Captures the visitor across devices and marketing channels.||Session-cookie. Will be automatically deleted after closing the section.||Pixel Tracker|
Technologies from third party service providers (Trusted partners):
My Lidl account uses Google Analytics, a service of Google, to analyse usage behaviour. Google Analytics uses the above described analytical cookies to processes the following information about your visit to the website My Lidl account:
• the mobile device on which you start our app
• browser type and version
• operating system used
• IP address
• time of the server request.
The information is used to:
• evaluate the use of our app
• compile reports about app activities
• to provide additional services associated with the use of the app and the internet for the purposes of market research and the design of these websites in accordance with requirements.
Processing of personal data proceeding from the technically necessary cookies used at My Lidl Account is required to fulfil our contract with you (Art 6.1.b GDPR) and proceeding from the analytical cookies is based on your consent (Art 6.1.a GDPR).
Recipients/ categories of recipients:
If necessary, your data will be passed on to the operator of the respective offer for the processing of purchase contracts or other services which have been commissioned via the offers covered by My Lidl. The operator will receive the data required for the provision of the service ordered in each case, insofar as you have deposited this data in your My Lidl customer account, i.e. depending on the offer:
- Verification of log-in data (e-mail address, telephone number if applicable)
- Master data (name, address, date of birth)
Any further transfer of this data to third parties is excluded.
The information generated by Google Analytics about your usage is usually transferred to a server of Google in the USA and stored there. Under no circumstances will your IP address be associated with other data from Google.
Storage duration/ Criteria for determining the storage duration:
If you request the deletion of your My Lidl customer account, your data will be deleted accordingly.
The statistically processed data will be erased in Google Analytics after 26 months. There will no longer be any personal reference in reports created on the basis of Google Analytics.
The processing and storage of data is otherwise the responsibility of the respective operator of the service used, who uses the data required for the provision of the service ordered for this purpose and then archives it in accordance with the statutory retention periods (cf. for this see above point 6).
How to contact the Supervisory Authority
The Supervisory Authority is the German entity: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit, with address at Königstrasse 10 a, 70173 Stuttgart ( Germany) and e-mail address: firstname.lastname@example.org.
Data Protection Policy for Download
You can find the Data Protection Policy for the app "Lidl Plus" for download as PDF here.