Customer Service Survey Privacy Policy

Thank you for your interest in participating in our survey on your experience with our customer service. When you visit our website we want you to feel safe and comfortable and for you to see our implementation of data protection as a customer-oriented quality feature.

The following privacy policy will inform you of how and to what extent Lidl Malta Limited (hereinafter also ‘Lidl’), having registered office in Vassallo Business Park, Burmarrad Road, Naxxar NXR 6345, Malta (as a Data Controller), processes your personal data. ‘Personal data’ refers to information that can be directly or indirectly attributable to or assigned to you (as a Data Subject).

The processing of personal data in this context is carried out in accordance with the Regulation (EU) 2016/679 (hereinafter ‘GDPR’) and the national legislation on data protection namely, the Maltese Data Protection Act (Chapter 586 of the Laws of Malta) and any subsidiary legislation issued under the same as may be amended from time to time.

1. Data Controller

Unless otherwise stated in the individual sections (designated as such by headings) of this privacy policy, the Data Controller pursuant to Article 4, paragraph 1, number (7) of the GDPR is:

Lidl Malta Ltd.

Vassallo Business Park, Burmarrad Road,

Naxxar NXR 6345, Malta

e-mail: privacymt@lidl.com.mt

2. Visiting our survey

Purpose of data processing and legal basis:

When you visit our website, the browser used on your device sends the following information automatically and without any action on your part to our website’s server:

the IP address of the requesting web-enabled device;
the date and time of access;
the name and URL of the viewed file;
the website/application from which access is made (referrer URL);
the browser you are using and, if applicable, the operating system of your Internet-enabled; computer and the name of your access provider;
in general your browsing data in accordance with the Cookie Policy available at section 3 of this privacy policy.

and stores it temporarily in log files for the following purposes:

to browse the website;
to ensure a smooth connection and that our website is easy to use;
to evaluate system security and stability;
to comply with legal obligations.

The processing of the aforementioned personal data is necessary as essential in order to provide the service requested by you through the features available on our website (article 6, paragraph 1, letter b) GDPR) and fulfil the obligation to comply with the applicable legislation (article 6, paragraph 1, letter c) GDPR).

Recipients/Categories of recipients:

For the aforementioned purposes, your personal data may be transferred to the following categories of recipients: (i) third-party suppliers of assistance and advice for Lidl with reference (e.g.) to the following sectors: technological, accounting, administrative, legal, insurance, IT; (ii) companies of the group to which Lidl belongs; (iii) subjects and authorities which right of access to personal data is recognized by law, regulations or provisions issued by the competent authorities. Depending on the specific case, these recipients will process such personal data as data controllers or processors.

Storage period / Criteria for determining the storage period:

The data described in this section will be stored for 7 days. However, data may be stored for a further period if required for any claims, requests from the competent authorities or for compliance with a legal obligation.

3. Use of cookies and other similar technologies to process usage data

Data Controller, purpose of data processing and legal basis:

Lidl Malta Ltd., with registered office in Vassallo Business Park, Burmarrad Road, Naxxar NXR 6345, Malta, as Data Controller, makes use of the so-called cookies and other similar technologies for processing usage data on all (sub-) domains under https://lidleu.my.site.com/LidlSurvey/s/.

Cookies are small text files that are placed on your device (laptop, tablet, smartphone or similar) when you visit our websites. Cookies do not cause any damage to your device, do not contain viruses, trojans or other types of malware. In the cookie, information is stored which is related to the specific device you use. This does not mean though, that we are directly informed about your identity.

This website only uses technically necessary cookies and similar technologies, without which you cannot use our services (e.g. to display our website/functions you have requested correctly) and processes, depending on the purpose, the following categories of personal data:

User entries to remember the input over several sub-pages (e.g. save cookie settings);
Security-relevant incidents (e.g. detection of multiple failed login attempts);
Data to play multimedia content (e.g. playback of (product) videos selected by the user).

Here below you can find an overview of the cookies and other similar technologies used, including the respective processing purpose, the storage period and any third-party provider involved.

List of cookies:

Category	Name	Provider	Purpose	Expiry
Required	BrowserId	Salesforce	Used for security protections.	1 Year
Required	BrowserID_sec	Salesforce	Used for security protections.	1 Year
Required	CookieConsentPolicy	Salesforce	Used to apply end-user cookie consent preferences set by our client-side utility.	1 Year
Required	LSKey-c$CookieConsentPolicy	Salesforce	Used to apply end-user cookie consent preferences set by our client-side utility.	1 Year
Required	renderCtx (2x)	Salesforce	Used to store site parameters in the session for reuse across requests by a single client for functionality and performance reasons.	Session
Required	sfdc-stream	Salesforce	Used to properly route server requests within Salesforce infrastructure for sticky sessions.	3 hours
Required	ak_bmsc	Salesforce	Used to distinguish between humans and bots.	1 day
Required	bm_sv	Salesforce	Used in conjunction with the website's BotManager feature - This feature detects, categorizes and generates reports on potential bots attempting to access the website for the website operator.	1 day

The legal basis for the use of technically necessary cookies and similar technologies is article 6, paragraph 1, letter b) GDPR, i.e. we process your data to provide our services in the course of initiation or performance of the contract.

Cookies can be blocked at a general level. However, this block would have an impact on the use of the website and the services offered therein. All the latest browsers allow you to change the settings on cookies that are usually found in the menu of your browser under 'options' or 'preferences'. To understand how to set them up, you can consult the following links:

For information on how to manage cookies through other browsers, it is useful to consult the online help files. If this information is not sufficient, we advise you to consult the ‘Help’ section of the browser for more details.

Recipients / Categories of recipients:

Within the scope of data processing by means of cookies and similar technologies, we use specialised service providers, especially from the sector of customer care survey.

These service providers have been carefully selected and contractually obliged to process your data on our behalf as processors in accordance with article 28 GDPR. All the companies identified as service providers within the above list of cookies act as data processors.

Storage period / Criteria to determine the storage period:

The storage period of each cookie and other similar technology is available the above cookie list.

4. Customer Care experience survey

Purpose of data processing and legal basis:

Whenever you contact our customer service, you are given the opportunity to take part in a satisfaction survey. You can partecipat by phone or by e-mail depending on you choice. If you take the survey by email, we will send a questionnaire to the e-mail address you provide us. The objective of the survey is to improve the services we provide to customers such as yourself.

Within the survey we collect the answers volounterely provided by yourself to the survey and we keep the data anonymous that is without personal reference.

For such specific processing activity, the legal basis for this specific processing is article 6, paragraph 1, letter b) GDPR since the processing of the personal data collected and then made anonymous is carried out in order to provide the service requested by you by volountierely participating in the survey.

Recipients / Categories of recipients:

Storage period / Criteria for determining the storage period:

Answers provided to the survey will be kept anonymous that is without personal reference (e.g. e-mail address and/or phone number).

5. Transfers of personal data to third countries

The recipients / categories of recipients, including those located in a third country, outside the European Union (EU) or the European Economic Area (EEA), are indicated in correspondence with each type of processing activity described in this privacy policy. Some third countries are certified by the European Commission through the so-called adequacy decisions, when they guarantee a level of protection of personal data comparable to that within the EU and the EEA. The list of these third countries is available at the following link https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. If a comparable level of protection is not guaranteed in a third country, it will be our concern to verify that the level of protection of personal data is adequately guaranteed through other measures. These are for example binding corporate rules, standard data protection clauses adopted by the Commission, certificates, or codes of conduct. For more information, please contact our Data Protection Officer.

6. Your rights as Data Subject

Pursuant to article 15, paragraph 1 of the GDPR you have the right to request, free of charge, the disclosure of various information regarding the personal data being processed by the Data Controller.

Furthermore, where legal requirements are met, you also have the right of rectification (article 16 GDPR), erasure (article 17 GDPR) and to restriction of processing (article 18 GDPR) of your personal data.

Where the processing of personal data is based on article 6, paragraph 1, letter e) (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority) or on article 6, paragraph 1, letter f) (processing is necessary for the purposes of the legitimate interests) of the GDPR or if the processing is carried out for direct marketing purpose, you have the right to object in accordance with article 21 of the GDPR. Where an objection is entered, the processing of data ceases, unless we as Data Controller provide compelling and legitimate grounds requiring the continuation of the data processing, which outweigh the objections raised.

If you have personally provided the data processed, you have the right to data portability pursuant to article 20 of the RGPD.

Insofar as the data processing is based on consent pursuant to article 6, paragraph 1, letter a) or article 9, paragraph 2, letter a) of the GDPR, you have the right to withdraw consent at any time with future effect, without affecting the lawfulness of processing based on consent before its withdrawal.

In the aforementioned cases, for any queries or complaints, please contact the Data Controller in writing or by e-mail at the e-mail address privacymt@lidl.com.mt or to the further contact details indicated below.

Additionally, you have the right to lodge complaints with the appropriate Data Protection Supervisory Authority (Information and Data Protection Commissioner).

7. Further questions

If you have any further questions concerning the processing of your data, you can contact our Data Protection Officer at the following address:

Lidl Malta Ltd.

Vassallo Business Park,

Burmarrad Road, Naxxar NXR 6345, Malta

e-mail address: privacymt@lidl.com.mt

Last updated: 09/06/2023