Customer Service Survey Privacy Policy
Thank you for your interest in participating in our survey on your experience with our customer care.
The protection of your personal data is very important to us. We therefore strive to ensure your right to informational self-determination.
The following privacy policy will inform you of how and to what extent Lidl Malta Limited (hereinafter also ‘Lidl’), having registered office in Triq il-Karmnu, Luqa LQA 1311, Malta (as a Data Controller), processes your personal data. ‘Personal data’ refers to information that can be directly or indirectly attributable to or assigned to you (as a Data Subject).
The processing of personal data in this context is carried out in accordance with the Regulation (EU) 2016/679 (hereinafter ‘GDPR’) and the national legislation on data protection namely, the Maltese Data Protection Act (Chapter 586 of the Laws of Malta) and any subsidiary legislation issued under the same as may be amended from time to time.
1. Data Controller
Unless otherwise stated in the individual sections (designated as such by headings) of this privacy policy, the Data Controller pursuant to Article 4, paragraph 1, number (7) of the GDPR is:
Lidl Malta Ltd.
Triq il-Karmnu
Luqa LQA 1311, Malta
e-mail: privacymt@lidl.com.mt
2. Use of the survey tool
2.1 Use of cookies and other similar technologies to process usage data
Data Controller, purpose of data processing and legal basis:
Lidl Malta Ltd., with registered office in Triq il-Karmnu, Luqa LQA 1311, Malta, as Data Controller, makes use of the so-called cookies and other similar technologies for processing usage data on all (sub-) domains under: www.lidl.com.mt.
Cookies are small text files that are placed on your device (laptop, tablet, smartphone or similar) when you visit our websites. Cookies do not cause any damage to your device, do not contain viruses, trojans or other types of malware. In the cookie, information is stored which is related to the specific device you use. This does not mean though, that we are directly informed about your identity.
The use of cookies and other technologies serves the following purposes, depending on the category of the cookie or other technology:
- Technically necessary: These are cookies and similar technologies, without which you cannot use our services (e.g. to display our website/functions you have requested correctly).
- Convenience: These technologies allow us to take into account your actual or assumed preferences for the convenient use of our websites. For example, your preferences allow us to display our web pages in a language that is appropriate for you.
- Statistics: These technologies enable us to compile anonymous statistics on the use of our services in order to tailor them to your needs. This enables us to determine, for instance, how we can adapt our websites even better to the habits of the users.
- Marketing: These technologies enable us to display advertising content that is suitable for you, based on the analysis of your pattern of use. In this context, your pattern of use can also be tracked via different websites, browsers or terminal devices using a User ID (unique identifier).
Within the scope of the use of cookies and similar technologies, depending on the purpose, the following categories of personal data are processed:
Technically necessary:
- User entries to remember the input over several sub-pages (e.g. to select your preferred store in the section “store finder”);
- Security-relevant incidents (e.g. detection of multiple failed login attempts);
- Data to play multimedia content (e.g. playback of (product) videos selected by the user).
Convenience:
- User interface customization settings that are not linked to a permanent identifier (e.g. the active language selection or the specific display of search queries or maps in the section “store finder”).
Statistics:
- Pseudonymized User profiles with information about the use of our websites. These include in particular:
- browser-typ/ -version,
- the operating system used,
- referrer URL (the previously visited website),
- host name of the accessing computer (IP address),
- time of the server request,
- individual user ID and
- triggered events on the website (browsing patterns).
- The IP address is anonymized, so that it cannot be traced back to your person.
- We only combine the user ID with other data from you (e.g. name, email address, etc.) with your express consent (see e.g. section 7 of this privacy policy). Based solely on the user ID itself, we cannot draw any conclusions about your person.
Marketing:
- Pseudonymized user profiles with information about the use of our website. These include in particular:
- IP address,
- individual user ID,
- potential product interest and
- triggered events on the website (browsing patterns).
- The IP address is anonymized, so that it cannot be traced back to your person.
- We only combine the user ID with other data from you (e.g. name, email address, etc.) with your express consent (see e.g. section 7 of this privacy policy). Based solely on the user ID itself, we cannot draw any conclusions about your person. Where appropriate, we share the user ID and the associated usage profiles with third parties via providers of advertising networks.
Here below you can find an overview of the cookies and other similar technologies used, including the respective processing purpose, the storage period and any third-party provider involved.
List of cookies:
| Category | Name | Provider | Type | Purpose | Expiry |
|---|---|---|---|---|---|
| Necessary | force-stream | Salesforce | Necessary | Used to redirect server requests for sticky sessions. | 3 hours |
| Necessary | force-proxy-stream | Salesforce | Necessary | Ensure client requests hit the same proxy hosts and are more likely to retrieve content from cache. | 3 hours |
| Necessary | inst | Salesforce | Necessary | Used to redirect requests to an instance when bookmarks and hardcoded URLs send requests to a different instance. This type of redirect can happen after an org migration, a split, or after any URL update. | Session |
| _ga | Salesforce | Convenience | A third-party cookie that’s used if the site admin chooses to track site users with a Google Analytics tracking ID. | 2 Year | |
| Necessary | CookieConsentPolicy | Salesforce | Necessary | Used to apply end-user cookie consent preferences set by our client-side utility. | 1 Year |
| Convenience | language | Salesforce | Convenience | Identifies the language for custom components and flows, which support multiple languages. Without this cookie, translations for custom features can appear incorrectly. | Session |
| Necessary | BrowserID_sec | Salesforce | Necessary | Used for security protections. | 1 Year |
| Necessary | sfdc-stream | Salesforce | Necessary | Used to properly route server requests within Salesforce infrastructure for sticky sessions. | 3 hours |
| Necessary | BrowserId | Salesforce | Necessary | Used for security protections. | 1 Year |
The legal basis for the use of convenience, statistical and marketing cookies and of similar technologies is your consent in accordance with article 6, paragraph 1, letter a) GDPR. The legal basis for the use of technically necessary cookies and similar technologies is article 6, paragraph 1, letter b) GDPR, i.e. we process your data to provide our services in the course of initiation or performance of the contract.
You can withdraw / adjust your consent for future processing at any point, without impacting the lawfulness of the processing based on the consent until the moment of withdraw. Simply click here and make your selection. By removing the corresponding check marks, you can easily withdraw your consent to the respective processing purposes.
Cookies can be blocked at a general level. However, this block would have an impact on the use of the website and the services offered therein. All the latest browsers allow you to change the settings on cookies that are usually found in the menu of your browser under 'options' or 'preferences'. To understand how to set them up, you can consult the following links:
- https://support.google.com/chrome/answer/95647
- https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
- https://support.microsoft.com/it-it/help/278835/how-to-delete-cookie-files-in-internet-explorer
- https://support.apple.com/it-it/guide/safari/sfri11471/machttps://support.apple.com/it-it/guide/safari/sfri11471/mac
This information is not sufficient, we advise you to consult the "Help" section of the browser for more details.
Recipients / Categories of recipients:
Within the scope of data processing by means of cookies and similar technologies, we use specialised service providers, especially from the sector of customer care survey.
These service providers have been carefully selected and contractually obliged to process your data on our behalf as processors in accordance with article 28 GDPR. All the companies identified as service providers within the above list of cookies act as data processors.
Storage period / Criteria to determine the storage period:
The storage period of each cookie and other similar technology is available the above list of cookies.
3. Customer Care experience survey
Purpose of data processing and legal basis:
We use our customer care survey to collect data on your subjective experience with our customer care so that we can continuously improve your service experience.
We ask you to provide no personal data during the survey. The survey is created in the context of the request submitted by yourself to the customer care. Therefore we might are able to connect your survey results with your request for reporting purposes.
The legal basis for this specific processing is article 6, paragraph 1, letter b) GDPR.
Recipients / Categories of recipients:
For the aforementioned purposes, your personal data may be transferred to the following categories of recipients: (i) third-party suppliers of assistance and advice for Lidl with reference (e.g.) to the following sectors: technological, accounting, administrative, legal, insurance, IT; (ii) companies of the group to which Lidl belongs; (iii) subjects and authorities which right of access to personal data is recognized by law, regulations or provisions issued by the competent authorities. Depending on the specific case, these recipients will process such personal data as data controllers or processors.
Storage period / Criteria for determining the storage period:
Your personal data will be deleted, no later than 90 days after the final response is sent, or anonymized, excepting for the case in which storage for a further period is required for any claims, requests by the competent authorities or for compliance with a legal obligation.
4. Transfers of personal data to third countries
The recipients / categories of recipients, including those located in a third country, outside the European Union (EU) or the European Economic Area (EEA), are indicated in correspondence with each type of processing activity described in this privacy policy. Some third countries are certified by the European Commission through the so-called adequacy decisions, when they guarantee a level of protection of personal data comparable to that within the EU and the EEA. The list of these third countries is available at the following link https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. If a comparable level of protection is not guaranteed in a third country, it will be our concern to verify that the level of protection of personal data is adequately guaranteed through other measures. These are for example binding corporate rules, standard data protection clauses adopted by the Commission, certificates, or codes of conduct. For more information, please contact our Data Protection Officer.
5. Your rights as Data Subject
Pursuant to article 15, paragraph 1 of the GDPR you have the right to request, free of charge, the disclosure of various information regarding the personal data being processed by the Data Controller.
Furthermore, where legal requirements are met, you also have the right of rectification (article 16 GDPR), erasure (article 17 GDPR) and to restriction of processing (article 18 GDPR) of your personal data.
Where the processing of personal data is based on article 6, paragraph 1, letter e) (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority) or on article 6, paragraph 1, letter f) (processing is necessary for the purposes of the legitimate interests) of the GDPR or if the processing is carried out for direct marketing purpose, you have the right to object in accordance with article 21 of the GDPR. Where an objection is entered, the processing of data ceases, unless we as Data Controller provide compelling and legitimate grounds requiring the continuation of the data processing, which outweigh the objections raised.
If you have personally provided the data processed, you have the right to data portability pursuant to article 20 of the RGPD.
Insofar as the data processing is based on consent pursuant to article 6, paragraph 1, letter a) or article 9, paragraph 2, letter a) of the GDPR, you have the right to withdraw consent at any time with future effect, without affecting the lawfulness of processing based on consent before its withdrawal.
In the aforementioned cases, for any queries or complaints, please contact the Data Controller in writing or by e-mail at the e-mail address privacymt@lidl.com.mt or to the further contact details indicated below.
Additionally, you have the right to lodge complaints with the appropriate Data Protection Supervisory Authority (Information and Data Protection Commissioner).
6. Further questions
If you have any further questions concerning the processing of your data, you can contact our Data Protection Officer at the following address:
Lidl Malta Ltd.
Triq il-Karmnu
Luqa LQA 1311, Malta
e-mail address: privacymt@lidl.com.mt
Last updated: 01/02/2022