Privacy policy

Lidl Malta Limited as your employer informs you pursuant to art. 13 of the Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act (Chapt. 586 of the Laws of Malta) about the purposes for which your personal data, in particular your name, surname, company or private e-mail address, user-ID and security question, are processed in the context of the authentication procedure via IAS (Identity Authentication Service) on Success Factors Learning.

1. Data Controller and Data Protection Officer

The data controller pursuant to article 4, paragraph 1, number 7) GDPR is Lidl Malta Limited, having registered office in Vassallo Business Park, Burmarrad Road, Naxxar NXR 6345, Malta. The Data Protection Officer can be contacted by sending an e-mail to the following address

2. Data processing purposes and legal base

Your personal data are processed to activate your access ("account") to our LMS (Learning Management System) and/or to allow you to manage your access credentials, for example in case of forgotten password or changings. Furthermore, your private email address is used to send you communications generated automatically by the system when your training plan is updated or modified. For this purposes your personal data are processed pursuant to article 6, paragraph 1, letter b) GDPR.

3. Manner of the processing

Your personal data will be processed on paper and IT tools suitable to guarantee their security and confidentiality, thanks to the implementation of appropriate technical, physical and organizational security measures aimed at avoiding unauthorized access, modification or theft of data.

4. Storage period

Your personal data will be stored for XX years from the termination of the employment contract, except in cases in which retention for a subsequent period is required for any disputes, requests from the competent authorities or pursuant to applicable legislation. In any case, you have the right to request the deletion of your private contact details at any time.

5. Rights of the data subjects

According to article 15 GDPR, the data subject has the right to receive, free of charge and upon request, the disclosure of information regarding the personal data being processed by the data controller. Furthermore, where the legal requirements are met, he has the right to rectification of information (art. 16 GDPR), to erasure (art. 17 GDPR), to restriction of processing (art. 18 GDPR) and to portability (art. 20 GDPR) of his personal data as well as the right to lodge a complaint with a supervisory authority.

If the data processing is based on article 6, paragraph 1, letter f) GDPR, the data subject also has the right to object pursuant to article 21 GDPR. In this case, the data will no longer be processed, unless the data controller demonstrates a compelling legitimate ground for the processing which override the interest of the data subject in the opposition. To exercise the aforementioned rights, you may contact the Personnel Administration Office by sending an e-mail to the following address