(Version 1.1, Date 29th April 2020)
Many thanks for using our Lidl app (hereafter referred to as ‘the app’) and your interest in our privacy notice. The following content will inform you about the nature and scope of the processing of your personal data by Lidl U.K. GmbH (also referred to in this data protection statement as “Lidl, “we” or “us”). Personal data are is data that is or can be directly or indirectly attributed to your person. The General Data Protection Regulation (GDPR) serves in particular as the legal basis for data protection.
Contents
1. Overview
Data processing by Lidl U.K. GmbH within the scope of your use of our app can be divided into three categories:
2. Downloading our app from the respective App Store
When you download our app, the following data in particular will be automatically processed by the respective operator of the App Store (Apple App Store or Google Play):
We have no influence on the collection of this data and are not responsible for it. You can find further information on this data processing in the relevant App Store operator’s privacy policy:
3. Using our app
Purpose of data processing / legal basis:
When you use our app, we will automatically and without any action on your part transmit
to our servers, where this information is temporarily stored in a so-called log file for the following purposes:
The legal basis for the processing of the IP address is Article 6 paragraph 1 let. f) GDPR. Our legitimate interest follows from the above-listed purposes of data processing.
Storage duration / criteria for specifying the storage duration:
The data is stored for a period of fourteen days and afterwards automatically erased.
4. Access to functions on your mobile device
Purpose of data processing / legal basis:
Location data
If you have consented to so-called geolocalisation when using our app or in the settings of your mobile device via the “Allow permission” dialogue, we will use this function in order to be able to offer you individual services related to your current location. We will process your location in this way, particularly as part of the “Search for store” function, based on GPS and your network, in order to be able to show the stores nearest to you.
Photos / media / files on your mobile device / USB memory content (read, modify, delete)
If you create a shopping list using our app, depending on the installation location of the app and the available memory, these will be stored directly in the memory of your mobile device or stored on a connected storage medium.
Camera (recording images and videos)
The camera on your mobile device will be used for the scanning of QR codes.
WiFi connection information
Our app uses the Wi-Fi connection on your mobile device in order to set up a connection to the Internet.
Other device functions
Accessing the other functions of your mobile device allows our app in particular to retrieve data from the Internet and error messages to be processed. In addition, it also enables our app to run on start-up and to deactivate the idle state of the device. Finally, as long as you have given your consent, our app can also send you so-called push messages, to keep you informed about current offers and promotions.
The legal basis for the processing of your location data is your consent pursuant to Article 6 para. 1 let. a) GDPR.
Storage duration / criteria for specifying the storage duration:
Your location data will be deleted after closing our app.
5. Usage analysis and advertising
Purposes of data processing/legal bases:
In order to improve the features of our app as well as our services and the marketing of them, we create pseudonymised user profiles to determine usage behaviour, provided that your gave your consent.The legal basis for this is your given consent. We use the following services for usage analysis and advertising:
Google Analytics
Subject to your consent, this app uses Google Analytics, a service of Google LLC (“Google”), to analyse usage behaviour. Google processes the following information:
The information is used to
The IP addresses are anonymised so that no association is possible (“IP masking”). You can withdraw your consent to the use of Google Analytics in the “Legal Notice/Tracking” menu item of this app at any time with effect for the future.
Google Firebase
Subject to your consent, A/B Testing, Analytics, Cloud Messaging, Crashlytics, Dynamic Links, In-App Messaging, Performance, Predictions and Remote Config – analytic services from Google LLC ("Firebase"), used among other things to analyse usage of the app – are used within this app. When you install the app, Firebase records when and how long the app is used, which app sites are visited, which functions are clicked on and which contents are displayed. That allows us to understand how you interact with our app. Based on your user behaviour, we can also constantly improve the app and provide you with more relevant offers/services. In addition, we can carry out several app tests in parallel and develop other data-based apps.
For this analysis, starting from when registration has been completed, Firebase accesses your customer number, information from Google Signals (if the Google advertising function is enabled in your Google account (for more information, click here), Google can process certain information with your consent) or device information. More information about data protection in connection with Firebase can be found on the Google Firebase website.
You can withdraw your consent to the use of Google Firebase under the menu item "Legal information/Tracking" in this app at any time with future effect.
Adjust
Subject to your consent, our app also uses the Adjust analysis service, a product of adjust GmbH. When you install our app, adjust stores installation and event data (e.g. usage of the app). This allows us to understand how you interact with our app. It also allows us to analyse and improve our mobile advertising campaigns. For this analysis, adjust uses
Adjust transfers this data to our service providers Google LLC (“Google”) and Facebook, Inc (“Facebook”). If Google and Facebook can use this information to identify you, they will provide information to adjust about the advertising campaign that led you to the app store and the way you acted there (especially whether you completed or cancelled the download or along with similar information). adjust uses this information to create anonymous statistics so that we can track the success of individual advertising campaigns.
You can reset or disable the IDFA and the Android Advertising ID at any time on your device.
If you no longer wish to be tracked by adjust, you can withdraw your consent at any time in the “Legal Notice/Tracking” menu of this app with effect for the future.
Push notification via Accengage
If you have enabled the relevant feature in our app or on yourmobile device, we will send you push notifications (messages on your mobile device that are displayed on the lock screen, the home screen and when other apps are running without opening our app). A click/tap on the push message will open our app, if it is not yet open, and display the message in the app. Showing push notifications is based on our legitimate interest in carrying out direct advertising.. We use the Accengage tool from Accengage SAS to create and show these push notifications. This tool creates – subject to your given consent – pseudonymised usage profiles based on the following data and assigns them to unique identification numbers:
This information is analysed by Accengage using an algorithm to provide targeted product recommendations as push notifications.. Under no circumstances will this data be used to personally identify you. By default, no user profiles are created with your personal data.
You can reset or disable the IDFA and the Android Advertising ID at any time on your device
Should you no longer wish to receive push notifications from us, you can stop receiving our push notifications by disabling them
If you do not want Accengage to create profiles of push notifications, you can withdraw your consent at any time in the “Legal Notice/Tracking” menu item of this app with effect for the future.
Personalised usage profiles
With your consent, we combine the pseudonymised usage profiles created as part of this app with your personal data from your Lidl customer account and evaluate your usage behaviour on the websites, mobile apps and newsletters of Lidl for advertising purposes.
After registering or logging in to your customer account using our app, the usage profiles from our app are processed , associating them with the data stored in your Lidl customer account and combining them with the other usage data mentioned above.
This personalised usage profile , helps us to tailor a promotional approach to your personal interests and further improve our web services for you, especially in the form of newsletters, on-site advertising and print advertising.
The legal basis for this data processing is your given consent..
You may withdraw your consent to the creation of personalised usage profiles in the “Legal Notice/Tracking” menu item of this app at any time with effect for the future.
Recipients/categories of recipients:
The information generated by Google Analytics about your usage is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 in the USA and stored there. Under no circumstances will your IP address be aggregated with other data from Google. The information generated by adjust about your usage is transferred to and stored on the servers of adjust GmbH, Saarbrücker Str. 38a, 10405 Berlin. The information generated by Accengage about your usage is transferred to and stored on the servers of Accengage SAS, 31 Rue du 4 Septembre F-75002 Paris, France. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us in accordance with our instructions.
Storage period/criteria for determining the storage period:
After the anonymisation of your personal data, it is no longer possible to identify you personally. The statistically processed data will be deleted in Google Analytics, adjust and Accengage after 26 months. There will no longer be any personal reference in reports created on the basis of Google Analytics, adjust or Accengage.
6. Re-targeting/ interest-based online advertising
Purposes of data processing/legal bases:
Subject to your consent, we use re-targeting technologies from a variety of providers. This enables us to make our online services more interesting for you.
Our app processes the following advertising IDs:
For “re-targeting”, information about your internet usage (e.g. articles viewed) is collected for marketing purposes, stored with reference to the advertising ID and analysed using an algorithm. Subsequently, targeted product recommendations can be shown as personalised advertising banners for our products on our partners’ websites and mobile apps.
Under no circumstances can this data be used to personally identify the user of our mobile app. No personal data is processed and no usage profiles are aggregated with personal data.
This data processing is carried out on the basis of your given consent. With the targeting measures we use, we want to make sure that you only receive advertising focused on your interests.
Please also note that some third-party mobile applications use a technical feature called “webview” that allows developers to display web applications or web pages directly in their application – without leaving the app and opening a browser. A webview can be independent to both your browser and app settings. We therefore recommend that you also disable re-targeting services in this specific setting if you do not want to receive re-targeting ads.
Recipients/categories of recipients:
Subject to your consent, we use the Criteo service (Criteo DPO – 32 Rue Blanche – 75009 Paris – France, email: dpo@criteo.com, Privacy Policy: http://www.criteo.com/de/privacy) for the purpose of personalising advertisements.
Storage period/criteria for determining the storage period:
The information processed for re-targeting purposes is automatically deleted or anonymised after 13 months.
You may withdraw your consent to the creation of personalised usage profiles in the “Legal Notice/Tracking” menu item of this app at any time with effect for the future.
7. Other functions
7.1 Websites you can access via the in-app browser
If you run another function using our app such as selecting special offers via the in-app browser (iOS: Safari / Android: Chrome) you will reach the appropriate sub-pages of our website www.lidl.co.uk or the partner websites located there. Our app offer and our online content that is accessible via the in-app browser may under certain circumstances also contain links to other websites.
If you access websites from the in-app browser (e.g. via links), your personal data will be processed on these websites in deviation from this privacy policy. This privacy policy only applies to our app. Please note the privacy policies of the linked websites. We assume no responsibility for external contents which are provided through links and are specially highlighted and we do not adopt their content as our own. The provider of the website who is referred to is alone responsible for illegal, incorrect or incomplete content and for damages resulting from the use or non-use of the data.
8. Recipients outside the EU
With the exception of the processing by Google Analytics described in Section 5, we will not pass your data to recipients established outside the European Union or the European Economic Area. The processing mentioned causes the data to be transmitted to the servers of Google Inc. in the USA. In a decision of 12 July 2016, the European Commission decided for the USA that an adequate level of data protection exists under the regulations of the EU-U.S. Privacy Shield (so-called “Adequacy Decision” pursuant to Art. 45 GDPR). We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which is certified in accordance with the EU-U.S. Privacy Shield.
9. Your affected rights
9.1 Overview Besides the right to revoke the consent you have given us, you have the following further rights if the respective legal requirements are met:
9.2 Right to information as referred to in Article 15 GDPR
You have the right as referred to in Art.15 paragraph 1 GDPR to receive upon request information about the personal data stored with us about you, free of charge. This includes in particular:
If personal data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate guarantees as referred to in Article 46 GDPR in connection with the transfer.
9.3 Right to rectification as referred to in Article 16 GDPR
You have the right to seek the immediate rectification by us of inaccuracies in your personal data. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
9.4 Right to erasure as referred to in Article 17 GDPR
You have the right to request from us that personal data concerning yourself is immediately erased, if one of the following grounds applies:
Insofar as we have made the personal data public and are obliged to erase them, we will take appropriate measures taking into account the available technology and the costs of implementation, in order to inform the third parties who are processing your data that you also request from them that they delete all links to these personal data and copies or replications of these personal data.
9.5 Right to restriction of processing pursuant to Article 18 GDPR
You have the right to request from us a restriction of the processing, if one of the following requirements exist:
9.6 Right to data portability as referred to in Article 20 GDPR
You have the right to receive the personal data that concern you, which you have provided to us, in a structured, common and machine-readable format, and you have the right to transfer these data to another data controller without hindrance by us, insofar as
When exercising your right to data portability, you have the right to ensure that the personal data are transferred directly by us to another data controller, insofar as this is technically feasible.
9.7 Right to object as referred to in Article 21 GDPR
Under the conditions laid down in Article 21 paragraph 1 GDPR, you may object to data processing for reasons arising from your particular situation.
The above general right of objection applies to all processing purposes described in this privacy policy, which are processed on the basis of Article 6 paragraph 1 (f) GDPR. Unlike the special right to object oriented towards data processing for advertising purposes (compare above in particular Sections 9 and 11.6), we are only obliged by the GDPR to implement such a general objection, if you give us reasons of paramount importance for this, e.g. a possible risk to life or health. Furthermore, there is the possibility to contact the supervisory authority responsible for Lidl U.K. GmbH.
10. Point of contact
10.1 Point of contact in case of questions or to exercise your data protection rights
In the case of questions on the website or the Lidl online shop or to exercise your rights with regard to the processing of your data (data protection rights) you can contact our customer service.
10.2 Point of contact in case of questions regarding data protection
If you have further questions regarding the processing of your data, you can contact Lidl’s company data protection officer (see Section 11).
10.3 Right of complaint to the supervisory data protection authority
In addition, you have the right to complain at any time to the responsible supervisory data protection authority. For this, you can contact the Information Commissioner’s Office (ICO).
11. Name and contact details of the controller of the processing and contact details of the company Data Protection Officer
This privacy notice applies to data processing by Lidl U.K. GmbH and Lidl Great Britain Limited, 19 Worple Road, Wimbledon, London, SW19 4JS (“Data Controller”) and the Lidl App. The Company Data Protection Officer of Lidl U.K. GmbH can be contacted at the above-mentioned address, c/o the Data Protection Officer or at Data.Protection@lidl.co.uk.